Infosec Round-Up: April 16th

Play Video

Nuclear Cyber Attack, Capcom Hack & Ransomware Food Shortage

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Capcom Hack Update

Japanese game developer Capcom has released an update regarding a ransomware attack that occurred back in November 2020, detailing the theft of personal information belonging to thousands of individuals.

Struck by the Ragnar Locker strain of ransomware late last year, the company had at the time stated there was “no indication that any customer information was breached”, a statement which has been revised, with it now understood that data belonging to 15,649 individuals’ was breached.

Having stolen around 1TB of sensitive data and demanded $11 million in ransom, the attackers reportedly gained access to Capcom networks by targeting an old VPN backup device located in North America, then pivoting the attack to offices in Japan.

Having decided to not engage, or indeed pay the attackers, Capcom data was as a result leaked online a few weeks after the attack, though now has systems ‘near to completely restored’.

In the latest statement, the company noted, “With the newly established Information Technology Security Oversight Committee, the company will work toward continuously strengthening both security and the protection of personal information going forward.”

Ransomware Cheese Shortage

Following a ransomware attack against a Netherlands food logistics company, the country briefly suffered from a shortage of pre-packaged cheese.

Transport company Bakker Logistiek confirmed the attack late last week, noting that the disruption to automated systems would not cause a complete stoppage of services but a reduction.

Thought to have come as a result of a Microsoft Exchange server vulnerability, the company is the latest victim involving the group of Microsoft security bugs that were disclosed in March.

Referred to by Dutch supermarket chain Albert Heijn as a “technical malfunction”, deliveries to over 1,000 locations around the country were disrupted for around 3 days, though services are now operational.

Declining to say whether any ransom was paid, director of the logistics company, Toon Verhoeven told a Netherlands publication, “We've filed a report and it's now up to the Justice Department, we're not making any further statements about that. We have worked hard over the last six days to get our information systems back up and running.”

Cyber Attack on Nuclear Facility

The state of Iran has announced that the newest of the country’s nuclear facilities has been taken offline on its second day, following what many are reporting to be a cyber-attack.

Reminiscent of the 2010 ‘Stuxnet’ incident, in which centrifuges used in the process of nuclear enrichment were destroyed by a highly sophisticated computer worm, Iranian officials have referred to this latest incident as an act of “nuclear terrorism.”

Reportedly damaging thousands of machines and eliminating Iran’s capacity for uranium enrichment, some outlets have also reported explosions at the facility, though officials have provided little in the way of details regarding the incident.

With Iran’s nuclear capabilities obviously a great source of tension within the region, given some previous incidents, many suspect Israel’s involvement with the attack.

Speaking on Sunday, Israeli Prime Minister Benjamin Netanyahu did note, “the struggle against Iran and its proxies and the Iranian armament efforts is a huge mission”. Adding, “The situation that exists today will not necessarily be the situation that will exist tomorrow.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Preventing Human Error in Information Security

Human Error in Information Security

When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.

Security Awareness - Return on Investment

Investing in Information Security Awareness Training

Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021

Microsoft Teams Security

How Secure is Microsoft Teams?

How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security

Enterprise Data Regulation

Best Ways To Ensure Enterprise Data Regulation

Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.

Disaster Recovery Plan

Writing a Disaster Recovery Plan

Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.

Security Program Policies for 2021

What Policies Do I Need for a Security Program?

Security program policies blog by information security awareness training provider Hut Six Security.

Security Awareness Training for Cyber Essentials

Preparing for Cyber Essentials with Information Security Awareness Training

Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.

Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021

Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

ISO 27001 Security Awareness Training

Preparing for ISO 27001 with Information Security Awareness Training

Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security

Speak to us about your Cyber Awareness