Lessons from the Ministry of Defence Hack – by ? China

Posted by Chris2 on May 23rd, 2024

UK Cyber Security Group was delighted to be invited to comment on the Ministry of Defence hack on GB News.

The interview was with Jacob Rees-Mogg – Conservative MP for North East Somerset.

Chris’s Cyber Sailing News is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

I also noticed that Philip Ingram was interviewed by the Times Frontline on this and other matters.

By the time of my interview it had been announced that the victim of the attack was Shared Services Connected Limited ( SSCL ) who were ” the largest provider of critical services to the Government, MoD and Police. ”

SSCL was also found by us to hold the Cyber Essentials Plus Certification which a supplier of this nature should have.

Grant Shapps had made a statement that the attack was by a ” malign actor ” and it could not be ruled out that it was a ” state actor “.

There were indications in a number of news reports that it was likely to be China or a proxy for China.

Also there was a report that SSCL had been in trouble of this nature before – putting prison staff data at risk in 2019.

The matter had been reported to the Information Commissioners Office ( ico ) and there will be an investigation and a verdict. ( Grant Shapps ordered a ” specialist investigation ” ).

We have previously reported on and discussed the ico investigation of construction company Interserve which resulted in a £4.4 Million fine for failing to get the fundamental Cyber Security defences in place.

So the picture is not looking good for SSCL but again let’s focus on the attackers and not the victim.

As Philip Ingram says we are being attacked by Russia, China, Iran and North Korea continuously and we need to direct our attention to defending against them and also appropriate responses.

One of the reasons that UK Cyber Security Group works closely with a number of Ukrainian companies is that Ukraine is on the frontline of kinetic and simultaneous cyber attacks.

In regards to Interserve the ico said that they and all companies need to pay attention to:

  • Cyber Essentials
  • Training of staff
  • Having an appropriate detection and remediation system
  • Keeping software up to date with the latest releases and patches

Cyber Security is not just about Technical solutions, it is also about People ( Training ), the right Processes AND Leadership from senior management – ensuring the cyber awareness culture is embedded in the organisation.

We talk about Cyber Essentials, Insurance, Assurance ( People and Processes ) and increasingly, Cyber Compliance.

As we are on a war footing we must cyber secure each and every element in the supply chain.

This particularly means the 99% or so of UK Businesses that are SME’s but supply Government, MoD and Police and other business’s.

We are only as strong as the weakest link in the supply chain.

We therefore say, in summary:

  • China, Russia, Iran and North Korea are attacking us and they are our enemies we must defend against them in every way including attacking them where necessary.
  • We must get the fundamentals right as described above and as reiterated by GCHQ, NCSC and the ico.
  • We must learn from Ukrainians – who are battling Russians every day and have the necessary battlefield Knowledge and experience.

Oleksandr Usyk – the Ukrainian Cossack

Posted by Chris2 on May 23rd, 2024

 

 

 

Obsessed with Oleksandr Usyk’s outfit from the fight? Me too! Here is some background on a traditional Hetman of the Cossacks warrior outfit which holds both cultural and historical significance. ◦???????????????????????????? ????????????????????????????????:

by Slavie @yarochenko on twitter

 

◦The Cossacks were a group of fiercely independent warriors who originated in Eastern Europe, particularly Ukraine. ◦They played a crucial role in defending their lands against invaders, including Ottoman Turks, Tatars, and other hostile forces. ◦Usyk’s outfit pays homage to this warrior tradition, symbolizing his Ukrainian roots and pride in his heritage. ◦The Warrior Attire: ◦The Cossack outfit typically includes a long coat adorned with intricate details and contrasting trim. It’s often paired with gloves and patterned pants. ◦Usyk’s attire reflects this historical style, emphasizing strength, resilience, and fearlessness—the very qualities associated with Cossack warriors. ◦Proof of Lineage: ◦In an interview, Usyk explained that the earrings he wears are not merely a fashion statement. They represent his Cossack lineage. ◦He stated, “It’s Ukrainian warrior, Cossack. They were the people who defended my country from our enemies for many years. This is just the proof of my Cossack lineage.” ◦For Usyk, it’s not about aesthetics; it’s a connection to his ancestors who never lost to anyone in battle. ◦Origins and Emergence: ◦The story of the Cossacks begins in the 15th century. ◦They originated from the Slavic people and emerged along the Dnieper River in what is now Ukraine. ◦These early Cossacks were a mix of runaway serfs, adventurers, and others seeking freedom from the rigid structures of Eastern European societies. ◦Semi-Nomadic and Semi-Militarized Lifestyle: ◦While nominally under the suzerainty of various Eastern European states, they enjoyed a great degree of self-governance in exchange for military service. ◦Their way of life persisted through direct descendants and acquired ideals, shaping both Ukraine and parts of Russia. ◦Organizational Structure: ◦Cossack groups were organized along military lines, with large autonomous units called “hosts.” ◦Each host had a territory consisting of affiliated villages known as “stanitsas.” ◦They inhabited sparsely populated areas in river basins such as the Dnieper, Don, Terek, and Ural. ◦Enduring Influence: ◦Despite societal changes during the Russian Revolution, Cossack traditions persisted into the 20th century. ◦Many Cossacks migrated to other parts of Europe after the Soviet Union’s establishment, while others assimilated into the Communist state. ◦Cossack Woman is King -Leadership within the Family: ◦Historically, Cossack men often fought in wars far from home, leaving women to take on significant responsibilities. ◦When men were away, women stepped into leadership roles within the family, making crucial decisions and managing household affairs. ◦This unique arrangement allowed Cossack women to wield considerable influence and authority. ◦Defenders of Villages and Towns: ◦Women were not merely passive caretakers. They actively defended their villages and towns from enemy attacks. ◦When threats arose, Cossack women picked up arms, stood alongside their male counterparts, and protected their communities. ◦This contrasted sharply with many other societies where women were excluded from military and leadership roles. ◦Marriage Practices: ◦During earlier periods, Cossacks often married women from diverse backgrounds—Turkish, Persian, and Circassian—captured as spoils of war. ◦These marriages contributed to the rich cultural tapestry of Cossack society. ◦The Cossack way of life embraced this diversity, allowing for intermarriage and integration. In summary, Usyk’s choice to wear the #Cossack warrior outfit is a powerful statement—a fusion of history, pride, determination and #Ukrainian identity on the world

How to avoid being hacked like the Ministry of Defence Contractor was

Posted by Chris2 on May 23rd, 2024

You will probably be aware of the recent state actor hack of an MoD contractor.

This has had immediate implications for all Government, MoD and Police supply chains.

 

 

It is likely that all contractors have Cyber Essentials or Cyber Essentials Plus.

However suppliers to these contractors may not.

We have seen an immediate reaction whereby contractors supplying one or more of the above are checking their existing suppliers and insisting that they have CE or CE Plus and any people becoming  suppliers must as well.

Obviously this is all very appropriate however it is not enough.

Cyber Essentials is the technical element of Cyber Security, Risk Minimisation and Compliance but we also recommend that Cyber Assurance ( for People and Processes ) is also attained.

Cyber Insurance comes free with Cyber Essentials and can be topped up to required levels.

However companies also need something like our Customised, Virtual Security Operations Centre ( SOC ) and also regular Pen Testing and team training.

STOP PRESS !! Get a FREE 2 week trial of our SOC !!

Typically companies need to get CE or CE Plus rapidly.

We are set up to do this and also to keep costs low and the time involved as short as possible.

We have produced a Cyber Security Roadmap to help guide all sizes and types of companies and we also have self service or assisted CE and CE Plus attainment options.

Please contact us if you or anyone you know needs CE, CE Plus or improved Cyber Security, reduced risk or increased compliance.

Contact me on chris@UKCyberSecurity.co.uk +447881 500002

STOP PRESS !! Hear what Ciaran Martin ex Chief Exec of the NCSC has to say about China’s attacks on the UK.


Copyright © 2007 M & A Rainmaker. All rights reserved.