Reading Time: 7 minutes

The recent cybercrime wave: why are NHS, Ticketmaster & Santander vulnerable?

3rd July 2024 | Modified: 2nd July 2024

Categories: Security

Reading Time: 7 minutes

“June was a black month with some of the worst cyber hacks perpetrated in 2024 so far.”

June was a black month with some of the worst cyber hacks perpetrated in 2024 so far. Ticketmaster, the NHS and Santander were all in the national press, with news of them being hacked by cyber terrorists. Ticketmaster, where millions buy their event tickets, has seen 560 million records stolen from their IT systems. The ShinyHunters Group have threatened to release all the information, that is unless a $500,000 ransom is paid.

A black month for cyber hacks

Cyber criminals broke into Santander Bank, stole the personal details of 30 million customers, and threatened to sell that information on the dark web. The bank confirmed in a statement that their security had indeed been breached.

We recently became aware of an unauthorised access to a Santander database hosted by a third-party provider. We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers.

Santander Corporate Website

Why is this happening, and how can it be stopped?"

Life-threatening consequences of a cyber hack

However, the most heinous of cyber-crimes was committed upon Guys and St Thomas’s hospitals in London, as they faced the real-life threatening consequences of a ransom attack. Cyber criminals broke into their networks causing the cancellation of operations and the loss of blood transfusions across the capital.

So, what is happening? How are these companies and institutions with all their financial resources falling foul to hackers? The disruption, the financial loss, and the reputational damage caused are monumental. But, why is this happening, and how can it be stopped? Surely they have the defences to stop such attacks?

Why are large organisations so vulnerable to attack?

There are several reasons as to why large organisations get hacked. Hackers, when they attack a business or an institution, do not only want to steal money or cause havoc. They are also after a reputation, they do it to show what they are capable of. It’s a really sad thing to try and understand why an obviously computer-skilled person would sit in a darkened room with a keyboard, and hack into big world organisations, or healthcare services.

It’s all about getting kudos within the hacking community. Look at me, look at what I did, I hacked into the NHS. It’s also a sad fact to report that the data stolen from the NHS is so valuable. Healthcare data can be sold on the Dark Web for £1000 a record. Whereas data stolen from a credit card company is only worth £5 a record.

That’s because the data is so personal to us, we can’t change our DNA that quickly. Whereas credit card data can be changed quite easily, and a new credit card is sent out to replace it.

Healthcare data can be sold on the Dark Web for a £1000 a record"

Exploiting common weaknesses in large business IT infrastructure

There’s also the fact that large organisations share a commonality in vulnerabilities that hackers can often exploit.

Equally, it’s often about the sheer size of an organisation that attracts cybercriminals. Ticketmaster has 6000+ employees, Santander has 18,000, and working for the NHS is some 1.27 million. So, as you can see, keeping everyone informed about your cyber security policies is a mammoth job for these organisations.

Worse still, it can be difficult for companies to keep updating their software with critical security patches. Unsecured networks, unencrypted Wi-Fi and, lax access controls can all provide entry points for cybercriminals to enter the network.

For instance, take a new software that hasn’t been out long, the developer has not had time to fix any potential vulnerabilities that it may have. As a result, cyber hackers will exploit these early weaknesses and try and launch malware onto the new software before the creator knows how to patch them. These are called Zero Day cyberattacks.

Human error is high up on the list of how companies leave themselves vulnerable"

Poor password management

It can be difficult to maintain effective passwords and to stop staff from using weak passwords. Password reuse is a common problem as it makes it easier to breach a network when a user has the same password across multiple systems.

Phishing attacks. Deceptive emails or websites are some of the most common techniques used to trick employees into giving up login credentials. Hackers will go onto professional business websites and find out who is new to a company. The hackers will send them an email pretending to be someone important within the company.

The hacker will demand that they need some particularly important information very quickly. The new starter, in a hurry to impress and is naturally keen to help, passes over the information.

That’s why it’s so important to train new starters on the correct procedure for dealing with sensitive information and not to be taken in by these methods. Human error is high on the list of how companies leave themselves vulnerable.

Hackers learn to adapt

The bigger problem however with cyber criminals is their ability to constantly adapt to the digital landscape. As soon as you have locked down one area of attack, hackers will simply look to use other methods to gain entry.

Ransomware emails are a common device that they use. Hackers, having gained entry onto your network will then quietly sit on the network for several weeks, or months if they have to. The cyber-criminal will then watch and learn about how your company operates.

Once they know when your bank coffers are full, or that you’re working on a special project, then they lock down your network with an encryption code, that they will only unlock when you have paid the ransom. Hence the name, Ransomware.

Supply Chain Attacks

One of the deadliest attacks, however, is the supply chain attack, otherwise known as a 3^rd party attack. Cybercriminals look to gain entry into the network of your supplier and through them, gain access to your system.

Case Studies: how they were hacked

The NHS:

Use a 3^rd party company Synnovis, to process blood tests primarily in the southeast of London. On the 3^{rd of} June 2024, a cyber-attack was launched at the pathology lab. More than 800 planned operations, and some 700 outpatient appointments across Kings College Hospital, and Guys and St Thomas’s NHS Foundation Trust were cancelled and had to be rearranged because of the hack.

Ticketmaster:

Is one of the world’s largest online ticket sales platforms. It was reported on the day after the NHS hack that cyber criminals had breached the company and that the records of some 560 million customers had had their data stolen. The data is said to include, names, partial credit card details, addresses, and phone numbers.

A hacker group, calling themselves the ShinyHunters claimed responsibility for the attack and was demanding a ransom of $500,000 to restore the stolen data.

Santander:

Whilst the hack didn’t bother the banks’ banking system. Hackers were able to steal 30 million customer details and 28 million credit card records, as well as personal information about the staff from Santander Bank.

Prevention & mitigation strategies

We’re not going to see the end of cyber hackers anytime soon. The ability to sit quietly somewhere with a laptop and break into an organisation’s infrastructure to steal or hold it for ransom is going to continue. But there are some things that you can do to stop your business from being hacked. First of all, you will need a plan, that will detail what you are going to do and when it will be done, as you need to be consistent with cyber security. It’s also very important that everyone in your organisation should know about the plan.

Make sure you are up to date with any software that you may use, with the necessary security patches. Use best practices when it comes to the implementation of strong password policies. Keep away from simple and overused passwords, especially ones that you use in your personal life, keep the two separate.

Use a password manager to help you remember your passwords, it only takes two seconds to do, but make sure you have two-factor authentication installed right across your network. And last but not least, make sure that you know who has, those that should not, have access privileges across your network.

Stay vigilant. Develop a cyber defence plan be proactive in monitoring your network for strange anomalies"

Conclusion

Stay vigilant. Develop a cyber defence plan, be proactive in monitoring your network for strange anomalies, and deal with it as safely and quickly.

Cyber security does take investment; in both time and attitude to cyber security. But it’s worth it. Most important of all, absolutely keep your staff informed and aware of best practices in cyber security protection. Investing in your staff is your first line of defence.

To find out more about how CNC can protect your business, contact the team at: sales@cnc-ltd.co.uk or call us on 01273 384 100.

By Gary Jowett

Gary has always focused on making sure the most appropriate solution is provided to help customers, not just what's new and shiny. With over 30 years in the IT industry Gary has the experience to tell the difference between something that's game-changing or is just a passing fad!

READ GARY'S POSTS

LET'S TALK

We’re always open for a chat, so get in touch to find out how we can help

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_20840989_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.