Manchester United working with infosec experts to 'minimize ongoing IT disruption' caused by 'cyber attack'

Saturday 21st November 2020 17:12 GMT Disgusted Of Tunbridge Wells

> As such, today's game against West Bromwich Albion took place as scheduled.

Took place? It better not have, I'm watching it at 8pm tonight.

5 0 Reply
1. Saturday 21st November 2020 17:22 GMT Martin Summers
  
  Your username would suggest that you know exactly what to do if it did get changed without notice.
  
  12 0 Reply
  1. Monday 23rd November 2020 12:57 GMT Disgusted Of Tunbridge Wells
    
    Is Royal Tunbridge Wells known for its bonfires?
    
    0 0 Reply
    1. Monday 23rd November 2020 19:38 GMT Martin Summers
      
      Well, providing the fuel for one I guess.
      
      0 0 Reply
      1. Tuesday 24th November 2020 08:37 GMT Disgusted Of Tunbridge Wells
        
        My comment was a reference to a Man Utd fan chant about the (hated) CEO and owners.
        
        Build a bonfire, build a bonfire, put the Glazers on the top, put Ed Woodward in the middle and burn the f*cking lot.
        
        0 0 Reply
Saturday 21st November 2020 17:36 GMT Doctor Syntax

Why just stop at one of them?

No, not a fan, why do you ask?

3 1 Reply
Saturday 21st November 2020 17:56 GMT Anonymous Coward

Rehearsed?

That sounds like the kind of line to come out of a manager that rewrote what he heard from another manager who asked the IT guy what to say.

1 0 Reply
Saturday 21st November 2020 20:17 GMT Khaptain

High tech attacks

""While details of this incident are unclear, since the outbreak of COVID-19 we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems."

After a deep analysis and audit it was found that there were at least three emails recivzd by upper management that contained confidential information from Nigerians offering large sums of money in return for a simple task. The audit did not successfully manage to determine who actually opened the attachment but is was noted that the high end laptop was used by someonz at the CEO level or above.

3 0 Reply
1. Sunday 22nd November 2020 13:40 GMT FlamingDeath
  
  Re: High tech attacks
  
  So basically your average garden variety sociopath
  
  Apparently they’re supposed to have above average IQ
  
  BWaahahahaaa
  
  1 0 Reply
2. Sunday 22nd November 2020 23:47 GMT Anonymous Coward
  
  Re: High tech attacks
  
  Your average Internet user can spot a Nigerian scam a mile off because the amounts of money involved are so ridiculously high.
  
  The average football club manager or agent can spot a Nigerian scam a mile off because the amounts of money involved are so ridiculously low.
  
  11 0 Reply
3. Monday 23rd November 2020 12:59 GMT Disgusted Of Tunbridge Wells
  
  Re: High tech attacks
  
  The only reason Ed Woodward didn't send them any money is because he was still negotiating it upwards.
  
  £1m you say? We've got loadsamoney! How about £5m?
  
  0 0 Reply
Saturday 21st November 2020 23:12 GMT Anonymous Coward

Why inform the Information Commissioner’s Office if no information has been taken? They aren't the Police, they don't investigate these things until there is an actual breach. Why even announce it at all?

5 0 Reply
1. Saturday 21st November 2020 23:50 GMT Doctor Syntax
  
  Because they're local and they seem to have something to do with this cyber attack stuff.
  
  0 0 Reply
2. Sunday 22nd November 2020 01:49 GMT Anonymous Coward
  
  My thoughts exactly... you don't need to talk to the ICO unless there is thought to be a breach affecting the sort of data the ICO worries about - personal. And even then there are cases when it doesn't have to be notified.
  
  "we are not currently aware of any breach of personal data associated with our fans or customers"
  
  No need to call the ICO then...
  
  Telling fibs or the experts they have brought in are umm not very expert?
  
  1 0 Reply
  1. Sunday 22nd November 2020 08:55 GMT MJB7
    
    Why call the ICO?
    
    Probably because they can't yet *prove* that no information has leaked. There is no downside to telling the ICO the outlines of what they know, and considerable upside if it turns out they are wrong and information *has* leaked.
    
    7 0 Reply
    1. Sunday 22nd November 2020 13:35 GMT FlamingDeath
      
      Re: Why call the ICO?
      
      The question in my mind, did the callers manage to catch the ICO in-between their golf sessions?
      
      1 0 Reply
    2. Sunday 22nd November 2020 14:50 GMT Anonymous Coward
      
      Re: Why call the ICO?
      
      It's possible I suppose for a well set up organisation with a clear definition of what they do and how they achieve the aims set out but this is the ICO.
      
      1 0 Reply
3. Monday 23rd November 2020 12:12 GMT Anonymous Coward
  
  GDPR
  
  If there is a breach, breach reporting rules are set out in article 19. You do not need to report every incident relating to a lapse in security or integrity of a trust service. However, where you have reason to believe that an incident has or is likely to have a significant (more than minimal) impact on the trust service or the personal data you hold, you need to:
  
  - notify the ICO;
  
  - consider whether to notify your users; and
  
  - consider whether to inform anyone else who might be affected.
  
  If you are not sure about whether the impact of an incident is significant or not, it is safer to report the breach.
  
  You must notify the ICO within 24 hours of becoming aware of the breach, or sooner if it’s reasonable to do so.
  
  0 0 Reply
Sunday 22nd November 2020 13:28 GMT FlamingDeath

Social engineering techniques

Click here for the chance to win a free iPad”

Technique you say?

No amount of technical mitigations can save someone from themselves

2FA you say?

Yeah the fucking dumb muppets will provide that as well

I had to pass several tests before being allowed to be in control of a potentially dangerous weapon, the car

Meanwhile, Mike from sales and Jill from Marketing already use a computer at home so of course they know what they’re doing....

2 0 Reply
1. Sunday 22nd November 2020 18:40 GMT Doctor Syntax
  
  Re: Social engineering techniques
  
  Provide a separate lan with its own separate internet connection for them then ~~even if~~ when someone gets control of one of their PCs they can only get at the rest of them so no damage done.
  
  0 1 Reply
  1. Monday 23rd November 2020 10:48 GMT NightFox
    
    Re: Social engineering techniques
    
    Is an 'Ian' an IT version of a Karen?
    
    3 0 Reply
Monday 23rd November 2020 07:32 GMT Aussie Doc

Wow

That was a lot of cybering in one article.

Might grab a glass of cyber, erm, cider myself -------------------------->

1 0 Reply
Monday 23rd November 2020 09:48 GMT Anonymous Coward

"In its Annual Report for fiscal year 2000, Man U said that as a high profile business its IT systems are at risk of attack."

You'd have though they would have plenty of time to prepare then!

0 0 Reply
Monday 23rd November 2020 09:51 GMT Ian Johnston

"All critical systems required for matches to take place at Old Trafford remain secure and operational," it added. As such, today's game against West Bromwich Albion took place as scheduled.

A spokesman for the club said there was nothing further to add at this stage and as such would not answer questions we asked about the variant of threat the club was forced to defend itself against.

If there is one group which needs to be shunned by society even more than people who refer to "myself", it's people who use "as such" when they mean "therefore".

0 0 Reply
Monday 23rd November 2020 09:53 GMT Anonymous Coward

"In its Annual Report for fiscal year 2000, Man U said its IT systems are at risk of attack."

Incredible foresight! :D

0 0 Reply
Monday 23rd November 2020 10:18 GMT Anonymous Coward

People are idiots

It'll be ransomware and it'll be a dumb as a rock email that got them. However I await the standard declaration of it being, "a sophisticated cyber attack" and that "we take the protection of our customer's personal data very seriously".

I have the senior members of staff (the board) being phished for their credentials regularly. Will they undergo even the most basic of training for 30min? No, of course they won't; but they all take cyber security 'very seriously' and are happy for it to sit right up high on the risk register as long as nothing about it ever bothers them.

1 0 Reply
1. Monday 23rd November 2020 14:50 GMT Falmari
  
  The set piece
  
  Ransomware via an email that's the problem, United's defence are notoriously weak to the the set piece.
  
  3 0 Reply
This post has been deleted by its author
Monday 23rd November 2020 17:54 GMT Danny 2

VAR realtime deepfake

"The handball rule you can discuss over and over but we get into the box and the ball into feet - so with VAR, a touch can be enough and it's different to when I was playing when you had to be hacked down." ~ Ole Gunnar Solskjaer

0 0 Reply