InfoSec Round-Up: February 12th

Play Video

Cyberpunk 2077 Attack, North Korean Crypto Theft & SIM Swaps

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Cyberpunk 2077 Cyber Attack

CD Projeckt Red, the Polish game developer, has this week revealed it has fallen victim to a cyber-attack in which company systems were encrypted and confidential data stolen.

The game studio, behind such hits as Cyberpunk 2077 and The Witcher 3, has had source code for several of their games, as well as documents relating to accounting, administration, legal, HR and investor relations stolen by the unknown attackers.

Posting the ransom note to social media, the company publicly stated that they would not yield to demands or negotiate with the criminals, despite threats from the hackers that they would sell or leak the information.

Now reportedly being auctioned online, the information has been listed at a starting bid of $1 million, with a ‘buy it now’ option of $7 million.

In a statement, the company announced, “An unidentified actor gained unauthorised access to our internal network, collected certain data belonging to CD PROJECT capital group… We have already secured our IT infrastructure and begun restoring data.”

Adding, “We are still investigating the incident, however at this time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data.”

North Korean Hackers Net $316m

According to a report from a Japanese financial publication, North Korean attacks on cryptocurrency exchanges have netted an estimated $316 million between 2019 and 2020.

Reported as evidence that the rogue nation continues to try and sidestep international sanctions, the data reportedly comes from the United Nations (UN); a document which notes that in September of last year, around $218 million worth of cryptocurrency was stolen from a single exchange.

With stolen crypto profits believed to amount to around an astonishing $2 billion, the stolen currency is thought, according to the UN, to be being used to help finance North Korea’s nuclear program, against international sanctions.

With Pyongyang, North Korea’s political capital, denying any involvement, the country is thought to be behind many significant cyber attacks of recent years, including the 2014 Sony hack and the 2017 WannaCry virus, which cost the UK NHS around £92 million.

SIM Swap Criminals Arrested

As part of a Europol operation, ten hackers have been arrested for a series of alleged sim swapping attacks which targeted high-profile victims in the United States. Attacks which are believed to have netted the criminals around $100 million in profits.

With arrests made in Malta, Belgium and the UK, the victims of the attacks, which occurred throughout 2020, include famous internet influencers, sports stars, musicians and other celebrities.

Following a year long investigation conducted by law enforcement authorities from the UK, US, Belgium, Malta and Canada, the attackers also posted content, sent messages, and masqueraded as their victims.

This form of attack, known as ‘sim swapping ’, involves cybercriminals reallocating a victim’s phone number to a SIM belonging to the criminal gang, allowing them to bypass security protocols and access sensitive accounts or information.

In the announcement, Europol shared measures of how to avoid falling victim to this form of attack, specifically advising users to: “Keep your devices’ software up to date, do not reply to suspicious emails or engage over the phone with callers that request your personal information, limit the amount of personal data you share online, use two-factor authentication, and, when possible, do not associate your phone number with sensitive online accounts.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

ISO 27001 Security Awareness Training

Preparing for ISO 27001 with Information Security Awareness Training

Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security

Information Security Focus for 2021

Information Security Resolutions for the New Year: Part Two

Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.

Information Security Resolutions 2021

10 Information Security Resolutions for the New Year: Part One

Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.

ISO 27001 vs SOC 2: What is the difference?

ISO 27001 vs SOC 2 Certification - Hut Six

Find out the key differences between ISO 27001 and SOC 2 and which one is best for your business. Learn about both security standards, focus areas, and the benefits of each one to make an informed decision.

Top 5 Breaches 2020

The Five Biggest Breaches and Hacks of 2020

The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.

SOC 2 Compliance Security Awareness Requirements

Preparing for SOC 2 Compliance - Hut Six

Preparing for SOC 2 Compliance. What are the 5 Trust Service Principles? Security · Availability · Processing Integrity · Confidentiality · Privacy

Securing Work from Home

Top 10 Security Tips for Remote Work

Top 10 Security Tips for Remote Work. Securing Work from Home blog image by Information Security Awareness Training provider Hut Six Security.

Business Case for Security Awareness Training

Building a Business Case for Information Security Awareness Training

Building a Business Case for Information Security Awareness Training blog by Information Security Awareness Training provider Hut Six.

Zero Trust Security

How Zero Trust Works

How Zero Trust Works - Zero Trust Security blog by Information Security Awareness Training provider Hut Six Security.

Speak to us about your Cyber Awareness