[BreachExchange] FatFace warned by police that it was at greater risk from cyber hackers NINE MONTHS before ransomware attack which cost customers their details

[Destry Winant]

https://www.dailymail.co.uk/money/beatthescammers/article-9444777/FatFace-cyber-attack-Firm-warned-police-nine-months-earlier.html

FatFace was warned by police about vulnerabilities within its IT
systems which put it more at risk from cyber-criminals nine months
before it was hit by a £1.45million ransomware attack in January, This
is Money can reveal.

A detective from Hampshire Constabulary contacted the clothing chain,
which is headquartered in the county, in April 2020 about it having a
vulnerable IP address.

The detective, who is also handling the investigation into the
'sophisticated criminal attack' on 17 January after it was reported to
Action Fraud, asked to be put in contact with the head of IT over the
vulnerability, This is Money understands.

FatFace was contacted by a detective from Hampshire Constabulary
(inset) in April 2020 about vulnerabilities within its IT systems

Cybersecurity experts said an exposed IP address could 'greatly
increase the risk of successful phishing attacks' against a company
like FatFace.

The policeman refused to discuss the ongoing investigation and any
events preceding the January attack, and referred us to FatFace's
press office, which did not respond to multiple requests for comment.

High Street favourite FatFace warns it could struggle to...FatFace
paid £1.45m ransom to cyber hackers who put customer...FatFace
fallout: Cyber-attack also puts employee bank...FatFace customer
details at risk as clothing chain is hit by...


The 200-store clothing chain confirmed to This is Money last week it
had been hit by a ransomware attack in mid-January which harvested
data, including the bank details and National Insurance numbers of
current and former employees and the names and addresses of customers.

It did not deny a report from Computer Weekly which said the chain
paid out £1.45million to the ransomware attackers and that the attack
was caused by a member of staff clicking on a dodgy email.

However, if attackers were able to exploit vulnerabilities within
FatFace's IT systems it could mean a phishing email which would
otherwise have been blocked could have gotten through, cybersecurity
experts said.

'When someone has control of an IP address, they can bypass the
security measures that are already in place within an organisation',
Jake Moore, a specialist at anti-virus company ESET and a former
cyber-crime investigator at Dorset Police, told This is Money.

'This means it is much easier to install malware on a target's
network, and potentially cause all manner of damage.

'Usually, cybercriminals try to gain access to a network through
phishing emails that originate externally, and are therefore much
easier to filter and block.

'If an internal IP address, however, is used for this communication,
then security protocols can be bypassed – such as those that ensure
emails are scanned before they are opened.

'This greatly increases the risk of successful phishing attacks.'

Every computer connected to a network or the internet has its own IP
address, in the same way a house has a physical address.

They are needed to send information from one device to another, like
how a sender would need a postal address to send a parcel.

They can be hidden using a virtual private network and can be
discovered through social engineering scams or taking advantage of
existing vulnerabilities.

While described as 'only a cog in the attack machine', attackers can
target individuals and companies if they are aware of their IP
address.

One of the most popular is where a network is overloaded by multiple
computers or IP addresses and the internet shut down in what is known
as a distributed denial of service attack.

'Without adequate security, IP addresses can be open for everyone to
see – and can therefore be attractive targets for bad actors looking
to gain access to internal networks', Moore said.

The cybersecurity company Kaspersky also noted that cybercriminals
could exploit vulnerabilities to 'get their hands on your files and
steal confidential information to sell for blackmail.

FatFace was hit by a ransomware attack which put 200GB of customer and
employee data at risk. It was caused by someone clicking on a phishing
email

'Attackers can also change your internet access settings, for example,
forcing the router to feed you phishing websites where they can pinch
your login credentials.' Phishing emails and websites are also a
common way in which criminals deploy ransomware.

But, Moore said, 'a vulnerable IP address is not an easy problem to fix.'

He added: 'Being notified of the issue is just the beginning.
Anti-malware programmes and other security infrastructures are built
to trust internal sources, so it is difficult to quarantine
communications from an internal IP address.'

The clothing chain, headquartered in Havant, near Portsmouth, has
continued to face criticism from customers for not telling them
sooner.

It was hit by the ransomware attack on 17 January and informed the
police and the Information Commissioner's Office but did not tell
customers until an email sent on 24 March, which had the subject line
'strictly private and confidential'.

'I cannot believe they have sent their customers an email marked
private and confidential for a hack that took place in January', one
customer wrote on the review website Trustpilot at the end of last
month.

It previously told This is Money it 'wanted to get as much as clarity
on events and the data concerned before providing those involved with
details of what had happened'.