The UK's Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were found to have been left vulnerable to hackers and unauthorised access for years.
Read more in my article on the Hot for Security blog.
Category: Sellafield
The UK's Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to years of alleged cybersecurity breaches.
Read more in my article on the Hot for Security blog.
Hacking fears are raised at Western Europe's most hazardous building, why porn sites might soon be scanning your face, and our guest narrowly avoids a Facebook Marketplace scammer.
All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.
Reports confirm that Sellafield, a prominent nuclear site, has fallen victim to a recent malware attack, with initial investigations suggesting the infiltration of malicious software dating as far back as 2015. Cybersecurity experts are actively engaged in probing the incident, and while much of the specific details remain undisclosed, it is evident that a comprehensive analysis is underway.
Although no official statement has explicitly attributed the attack to a foreign nation, emerging evidence implies that foreign involvement cannot be dismissed. Experts speculate that hackers may have accessed sensitive information by deploying spyware within the computer network of Sellafield, a government organization responsible for nuclear waste management in the United Kingdom. The Guardian, an internationally recognized news outlet, was the first to break this news concerning the cyber assault on a UK nuclear site.
Notably absent from the information is how the malware was contained or eradicated. However, an insider from the radioactive waste management site suggests that confidential data pertaining to activities within the 6-square-kilometer facility on the Cumbrian coast may have been compromised.
The intrusion of foreign hackers into the servers at Sellafield raises concerns, particularly given the site’s notoriety over the past two years for its toxic work culture and its handling of radioactive waste, including significant deposits of plutonium used in the manufacture of nuclear weapons.
The potential exposure of such information to the wrong hands could pose serious risks for Britain and Europe as a whole. The implications for the future remain uncertain, and only time will reveal the extent of the fallout from this cyber incident.
The post Britain Nuclear site Sellafield experiences malware cyber attack appeared first on Cybersecurity Insiders.
Well, it cannot be termed exactly as an insider threat. But surely, an innocent mistake of an employee could have/might have leaked sensitive details to the outside world such as hackers.
An IT worker of Sellafield Ltd,UK, accidentally forgot her bag in the parking lot and when she got to know about it and went to pick it up, the USB containing sensitive files fell from the bag into the car park leaving the worker in a state of shock.
The incident took place in the year 2018 when she attended a meeting related to an employment tribunal over a security matter. And during this time, the black bag with a mesh pocket went missing. After a while she found the bag, but without the USB stick, as some things fell off from the bag during the search. And after some hours of search the USB stick containing data related to Thorp Primary Domain Controller (PDC) was recovered.
Evidentially, such the smallest information spill often leads to a bigger espionage program that can turn into a serious national threat at any moment.
And this made the tribunal launch a damage control program in which the employee was a kind of prosecuted.
Despite having 20 years’ experience working for Sellafield, she forgot to follow basic cyber hygiene principles that could have resulted in a kind of info leak from an insider.
Interestingly, the USB was also being used by the employee on her computer at her home and office network. And she was about to use the same pen drive at her another project site related to a game developer.
What if the USB was induced with spyware that could have leaked to the office network, damaging the network or the software forever?
As the employee operated in the field where national security and safety ought to be of paramount significance, the incident was termed to be extremely serious.
And so, the panel dismissed her from the duty as her laxity could have deeply affected nuclear safety and could have offered classified info to terrorists and state funded actors.
Despite of her explanation that she was not at fault and faced many health issues because of the work schedule & environment, the disciplinary committee fired her from duty and ordered the IT engineers of the multi-function nuclear site to look for any misuse of info in the past and the future.
The post Nuclear secrets leak through USB via Insider appeared first on Cybersecurity Insiders.