InfoSec Round-Up : April 20th - 30th
NCSC Campaign, Warwick University Breach, and Kinomap
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends and industry news from across the world of information security.
The NCSC’s Cyber Aware Campaign
With the apparent uptick in online scams since the coronavirus pandemic, the UK’s National Cyber Security Centre launched this April their Suspicious Email Reporting Service, or SERS:
In the first twenty-four hours of the campaign, the service received an enormous 5,151 reports of suspicious emails, and as of the 24th April, the NCSC announced around 220 scams had brought down as a result of the campaign.
The NCSC’s Chief Executive Officer Ciaran Martin noted that they hope that the Suspicious Email Reporting Service will “deter criminals from such scams”, adding the coronavirus is the current top lure for conducting cybercrime.
Unsurprisingly, the Covid-19 crisis has been exploited by cyber criminals across the world, with Google blocking tens of million virus-related emails and Action Fraud, a fraud watchdog, reporting a known cost of coronavirus related scams of well over £2 million.
If you are in the UK and spot a suspicious email, take advantage of the service by forwarding the message to the following address:
In other news, it has also been reported that the University of Warwick has failed to alert affected individuals about a breach of their administrative network.
The attack, which took place last year, occurred as a result of a member of staff installing remote viewing software, possibly infected with malware, leading to individuals’ data likely being stolen.
The university was also making “widespread” us of software known for vulnerabilities and overall poor security.
To make matters worse, according to a leaked internal audit of the university’s IT systems, cyber security practices at the Russell Group institution were so poor that it was impossible to identify the extent of the data breach or identify individuals affected.
A separate audit completed by the UK’s Information Commissioner’s Office, published in March, contained over 60 recommendations for ways in which the university could improve its practices, 15 of which were rated as urgent, whilst also rating the University’s level of ‘Training and Awareness’ as ‘Very Limited’.
The records of 42 million users has reportedly been left on an unsecure online database by fitness tech company, Kinomap.
Containing the personal data of many of their users, the French firm was first alerted to the security flaw by researchers at vpnMentor who discovered the security issue as part of a web mapping project.
The 40GB database, containing information from users across the world, was left exposed for almost a month due to a misconfiguration. Though the flaw was eventually fixed on April 12th following the French data protection regulator, the CNIL, being informed.
Full names, email addresses, usernames, gender and fitness data were amongst the unsecure information found. Should hackers have discovered the data base, this information would have undoubtedly been used to orchestrate phishing attacks and other malicious scams.
A member of vnpMentor noted: “With millions of people across the globe now under quarantine at home due to the Coronavirus pandemic, the impact of a leak like this grows exponentially”. Adding, “by not having more robust data security in place, Kinomap made its users vulnerable to a wide range of frauds.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Are There Any Exemptions to the Data Protection Act?
Are there any exemptions to the Dta Protection Act? Blog by Information Security Awareness Training provider Hut Six Security.
Hut Six Staff Snippets: Assessing your Risk - Hut Six
Simon Fraser, our Managing Director, talks about his favourite tutorial, Assessing your Risk, which explains how businesses can assess the likelihood of a security risk occurring
Hut Six Announces Tech Nation Cyber Membership
Hut Six are pleased to announce membership to Tech nation Cyber, the UK's national scale-up program for all things cyber and tech. Blog by Hut Six Security.
Hut Six Staff Snippets: Encryption - Hut Six
Pratteek Bathula, our Product Director, talks about his favourite tutorial, Encryption, which explains the principle of encryption and how it is used to keep your information safe.
Hut Six Staff Snippets: Password Security - Hut Six
Technical Director Dan walks us through the password security tutorial. New video from Information Security Awareness Training Provider Hut Six Security
How Many Data Protection Principles are There?
How Many Data Protection Principles are There? And what do they all mean? Blog by Information Security Awareness Training provider Hut Six Security
DCMS Releases Cyber Security Breaches Survey 2020
The Cyber Security Breaches Survey 2020 provides many insights into the current state of cyber security. Blog by Hut Six Security
What is the Punishment for Breaking the Data Protection Act?
What is the Punishment for Breaking the Data Protection Act? Blog by Information Security Awareness Training provider Hut Six Security
How Cyber Criminals are Exploiting the Coronavirus
How Cyber Criminals are Exploiting the Coronavirus - From Critical Infrastructure to Leaked Video Conferences. Blog by Hut Six Security
Morrisons Found Not Liable for Insider Threat Breach
UK supermarket Morrisons found not guilty for insider threat data breach. Blog by information security awareness training provider Hut Six Security