Another month almost over, and it is time for us to once again round up some of the most interesting stories. In our regular feature, Cyber Security News March 2021 saw…

Supply-Chain Cyber-attack Breaches Airlines

At the start of the month, Threatpost ran this story about a security incident in the travel industry. Our team works with many clients in travel and so we’re always monitoring such incidents. On this occasion, the airline service provider SITA was targeted by a sophisticated attack which compromised customer data stored on their US servers. Singapore Airlines and Malaysia Air were both affected, with the former reporting an impact upon close to 600,000 customers.

Airlines have long been the focus of cyber-criminal activity. Post-Covid, they have been targeted with greater intensity, and this latest breach demonstrates how much help they will need moving forwards.

Top Tip

As part of theICEway, our experts have amassed many years’ worth of experience in the travel sector. In fact, along with healthcare, we see it as one of our specialist areas. Our cyber security professionals are always happy to offer guidance and support, so if you need help, do not hesitate to reach out. Here are a few security ‘pointers’ in the meantime:

  • The SITA incident provides another example of the risks involved when working with third-party vendors. Such connections must be properly monitored and protected.
  • Your IT team must conduct assessments of each partner’s security controls to evaluate your ‘supplier security risk’.
  • Ensure that your IT team request a ‘software bill of materials’ before using any third-party solution.

NHS boss has Twitter accounts hacked

This article on BBC News revealed how an NHS Executive saw her two Twitter accounts hijacked. Her circa 140,000 followers were then hit with messages promoting fake PlayStation 5 sales. Subsequent to discovering the hack, Helen Bevan also enlisted the help of somebody offering to help. This turned out to be another scam, however, resulting in Ms Bevan losing £110.

Patrick Carolan, from CRIBB Cyber Security, echoed the words of another cyber security specialist in the BBC’s piece. “It is certainly true that you should enable all security settings on social media accounts”, he said. “Definitely adopt complex passwords with a combination of different cases plus numbers and symbols. 2FA is also well worth putting in place”.

New iOS 14.4.2 Update Warning for iPhone Users

This Forbes report revealed details on an urgent new security update for Apple users. Once installed, the update should then solve an issue in the WebKit browser engine. Apple discovered a vulnerability in iOS 14.4.2 that could allow malicious websites to perform cross-site scripting. This would essentially give would-be attackers multiple attacking options, such as performing actions on a site on your behalf or obtaining information from your browsing session.

So there you have it, our cyber security news March 2021 selections. If you think we missed an interesting story, do let us know in the comments section. Otherwise, feel free to contact us if you wish to discuss your own security requirements…