Angling Direct, one of the largest fishing tackle specialists, has announced that it is currently managing a cyber security incident. Links on their website were replaced with links to adult content, and the company’s Facebook and Twitter accounts were compromised by the hackers. Given that both the website and the social media pages were compromised, it seems likely that the hackers have gained access to admin passwords, or possibly just a single password if the company was reusing it across multiple websites.
At this early stage, we do not know whether customer data has been compromised, or whether a ransomware attack has been conducted. However, the hackers have pinned a tweet on the hacked Twitter account saying “We will return the information and access to you. Otherwise we will automatically remove from our system in 31 days”, which implies that the company may have been the victim of a ransomware attack. Either way, the hack will cost Angling Direct a lot of money as they have been unable to take or fulfil orders. The company’s hacked Twitter profile also mentions to contact firstname.lastname@example.org, implying that the hackers have control of email accounts. This could easily have already been used to target fishing tackle manufacturers or customers, as any emails would appear to be from genuine Angling Direct accounts and therefore it is more likely that malicious links or attachments would be opened.
The key message here is that although Angling Direct were the victim, this could happen to anyone. Smaller companies often have difficulty finding the budget to invest in cyber security controls beyond the standard anti-virus software and firewalls, and even if a company does choose to invest more in their security, there are so many options and no easy way to know how best to spend it to help make you secure. So what do you do? How do you defend yourself against cyber attacks?
This is where Falanx Cyber are the specialists – we use our f:CEL service (Falanx Cyber Exposure Level) to quickly and cheaply assess your overall security, focusing on the areas that really make a difference. You simply provide your website name, the internet address of your web server, and answer a few simple questions and we will give you a cyber security score, show you what vulnerabilities you have, and most importantly, what to do to address them. This last step allows you to see what defensive steps you should take in order to make the most of your limited time and budget.
To use f:CEL for yourself, visit https://falanxcyber.com/fcel/ and contact us.