InfoSec Round-up: April 23rd
TikTok Data Lawsuit, Apple Attack & Spy Warning
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
TikTok Data Lawsuit
“A data collection service that is thinly veiled as a social network”Anne Longfield - Former Children's Commissioner for England
The popular video sharing app, TikTok is being sued for billions of pounds over the collection and use of personal data belonging to millions of children across the UK and EU.
Launched by former children’s commissioner for England Anne Longfield on behalf of an anonymous 12-year-old girl, lawyers allege that children’s data, including phone numbers, videos, location and biometric data is collected without sufficient transparency, warning or the necessary consent required by law.
With over 800 million users worldwide, a reported 18 million of which are aged 14 years or younger, if the class action lawsuit proves successful, affected children could receive thousands of pounds in compensation.
Responding to the legal challenge, TikTok has dismissed the claims stating that the case is without merit and that they intend to ‘vigorously defend’ against the action.
Having pointed to TikTok as one of the worst offenders for data privacy, Ms Longfield referred to the company as “a data collection service that is thinly veiled as a social network”, further stating “behind the fun songs, dance challenges and lip-sync trends lies something far more sinister."
British Officials Targeted
Intelligence agency MI5 has warned that over 10,000 British officials have been targeted by international spies via social media platforms, including LinkedIn.
Having launched the Think Before You Link campaign, warning British officials about the deluge of nefarious accounts looking for state secrets, Ken McCallum, head of the spy agency, described the problem as one of “industrial scale”.
With Russia and China noted as being amongst those deploying fake profiles on various networking sites, targets have included military and security officials, civil servants and defence contractors, as well as experts within the pharmaceutical sector.
The awareness campaign, launched by the Centre for the Protection of National Infrastructure (CPNI), an offshoot of MI5, is in cooperation with the rest of the Five Eyes intelligence alliance, and seeks to highlight the scale of this international problem.
The CPNI notes, “Criminals and hostile actors may act anonymously or dishonestly online in an attempt to connect with people who have access to valuable and sensitive information. They often do this by posing as recruiters or talent agents who will approach individuals with enticing opportunities.
Adding, “The consequences of engaging with these profiles can damage individual careers, as well as the interests of your organisation, and the interests of UK national security and prosperity”
Apple Supplier Cyber Attack
One of Apple’s major suppliers, Taiwanese manufacturer Quanta Computer, has been hit with a cyber-attack in which stolen designs schematics are being held to a ransom of $50 million.
Perpetrated by international ransomware syndicate REvil, along with “gigabytes of personal data” the gang claim to have confidential blueprints of unreleased Apple products, some of which have reportedly already been leaked online.
Although it is not clear how the attackers obtained the documents, the leak was deliberately timed to coincide with Apple’s recent ‘Spring Loaded’ event.
With the Taiwanese company reportedly expressing no interest in paying the ransom, the criminals have given Apple until the beginning of May to meet their demands for 123,028 of the cryptocurrency Monero.
In a public statement, a representative of Quanta Computer noted, “We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the company’s business operation.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.