"Moving to E5 has been really good from a security point of view... Now we can get a holistic view of whatโs going on, which helps us to make changes and recommendations for future plans."
IT Service Manager
Ian Harkess
Trusted by industry leaders
Are You Eligible For Free Funding?
Fill out the short form below to express your interest in our funded Microsoft security engagements, and weโll be in touch soon.
Please note: A minimum of 300 Microsoft 365 enterprise licenses are required to meet basic eligibility requirements.
"Moving to E5 has been really good from a security point of view... Now we can get a holistic view of whatโs going on, which helps us to make changes and recommendations for future plans."
IT Service Manager
Ian Harkess
Trusted by industry leaders
Kickstart Your FastTrack Journey
Fill out the short form below to express your interest in our FastTrack programme, and weโll be in touch soon.
Please note: A minimum of 150 enterprise licenses is required for FastTrack eligibility.
โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
IT Operations Manager
Simon Darley
Trusted by industry leaders
Let's Talk
Call us on one of the numbers below, we cover the whole of the UK, so call the nearest office.
โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
This intel covers the recent cyber attacks the NHS, Santander, and Ticketmaster, providing a detailed look into the tactics and techniques used by cyber criminal groups like Qilin and Shiny Hunters. Youโll learn how these attacks were executed and uncover practical steps that could potentially enhance your organisations internal cyber security measures.
Consider the far-reaching impact of these attacks: hospitals canceling critical operations, millions of banking details exposed, and personal data sold on the dark web. These arenโt just numbersโthey represent real people facing life-altering consequences. By understanding the methods behind these attacks and implementing robust cyber security practices, you can protect your organisation from similar threats.
As you may have heard, there have been a number of high-profile Cyber Attacks covered in the media recently – Santander, Ticketmaster, and a selection of NHS trusts in London have all experienced large scale, targeted cyber attacks.
Naturally, weโve had a fair amount of people asking for advice and as such, I wanted to collate some information for those that want to understand more, and potentially help a few of those that want to know what they should be doing to avoid falling victim.
First, letโs explore the attacks that have taken place on the NHS.
Cyber Attacks on the NHS
THE BACKGROUND
Two NHS trusts have had to cancel non-emergency operations after a ransomware gang targeted Synnovis, a third-party company that provides testing services for multiple hospitals.
Synnovisโ IT systems were completely locked out. It was theorised that Russian cyber-criminal gang โQilin (Agenda)โ were behind the attack, though initial access and a root cause has yet to be disclosed – see Synnovis Statement / The Standard – NCSC Statement.
Qilin target a large variety of industries, โฏManufacturing, Construction, News and Entertainment, Healthcare and more.
THE TTPS
Their focus is generally on phishing emails that contain malicious links, after gaining initial access the threat group will move laterally through an environment searching for sensitive data locations to mark for encryption.
During the encryption stage, the threat group places a ransomware note in each infected directory. This double extortion method causes mass disruption by locking data, providing more leverage when trying to extort victims for financial gain. See Source.
This particular strain of ransomware targets VMware Esxi servers, which are used by many corporations for virtual machine hosting. A full analysis can be found here.
high-level overview of the attack path:
WHat could you do, to avoid falling victim?
Assess your VM infrastructure, even if you donโt use VMware, targeting virtual machines is becoming more prolific amongst ransomware operators.
Continuous phishing awareness training across your organisation.
Offsite immutable backups โ by securely backing up your data elsewhere, you remove the leverage of ransomware operators encrypting your data.
cyber Attacks on Santander & Ticketmaster
Santander background
A group known as โShiny Huntersโ posted information on the dark web stating that they had collected data from 30 million individual bank accounts, which included account numbers, balances, credit card numbers and HR information for staff. See Source.
Ticketmaster Background
Again, โShiny Huntersโ have claimed to have stolen data including names, addresses, phone numbers and partial credit card details from end users. There is estimated to be around 1.3TB of data stolen, and the threat group is reportedly attempting to sell this information for $500,000 on breach forums. See Source.
Both data breaches have been highlighted as having been from the same source, a cloud platform known as โSnowflakeโ which is widely used for data storage, processing, and analytics.
Snowflake, and their cyber security providers CrowdStrike and
Mandiant released the following statement regarding the breach:
“We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflakeโs platform.
We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel.
This appears to be a targeted campaign directed at users with single factor authentication.
As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through info stealing malware.”
“Credentials leveraged in the attack were previously purchased or obtained through info stealing malware, adding that Snowflake did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former employee.“
Whilst we wonโt know the exact attack vector until official reports are made available, based on public information itโs likely that the data breach followed the following path:
What could you do to avoid falling victim?
Continued enforcement of MFA for ALL user accounts. It should be Mandatory. SMS MFA is okay and better than nothing, but number / geo matching should be the standard and enforced.
Ongoing training regarding Phishing, Credential harvesting and Social Engineering, across your business.
Robust third-party onboarding checks โ DPIAs, TPRAs. Set a high standard of information governance and data protection to understand what data you are sharing and whether you are confident that the supplier can keep this data secure. Whilst this wonโt stop a breach from occurring, itโll help reduce organisational risk and hold suppliers to account regarding their security posture and data processing standards.
Looking for support?
So how exactly can th be done?
In light of the recent high-profile cyber attacks, it’s clear that robust cyber security measures are more critical than ever. At Stripe OLT, our Security Operations Center (SOC) operates 24/7 to ensure our clients are protected from these types of evolving threat.
Using advanced threat intelligence and proactive threat hunting techniques, we block harmful content and intercept phishing attempts to safeguard our clients’ data. And crucially, our team continuously monitor identity assets to detect and respond to potential breaches as and when they happen.
This website uses cookies. By using this site you agree to our use of cookies. We use cookies to enhance your experience. To understand the specific cookies we use and how we handle your data, see our Cookie Policy, Privacy Policy and Terms & Conditions. Manage your preferences at any time by clicking the 'View Preferences' button.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
This website uses cookies. By using this site you agree to our use of cookies. We use cookies to enhance your experience. To understand the specific cookies we use and how we handle your data, see our Cookie Policy, Privacy Policy and Terms & Conditions. Manag your preferences at any time by clicking the 'View Preferences' button.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.