InfoSec Round-Up: February 19th

Play Video

NK Hackers Charged, Yandex Insider Attack & ICO Fines

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

North Koreans Charged Over $1.3bn Theft

Three North Korean hackers have been charged by the US over a plot to steal over $1.3bn from various banks and businesses around the world.

As well as being accused of criminal conspiracy, conspiracy to commit wire fraud and bank fraud, the three men are additionally accused of deploying malicious cryptocurrency programs.

Not in custody, the cyber criminals are thought to remain in North Korea, and as such are unlikely to face the US Justice system any time soon.

One of the accused, Park Jin Hyok, had previously been charged in 2019 for his involvement in the 2014 Sony Entertainment hack, with all three accused of being involved with the extremely destructive 2017 Wannacry virus.

Assistant Attorney General for National Security, John Demers, said on the matter, "North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers". Adding that the country “has become a criminal syndicate with a flag”.

Yandex Insider Breach

Prominent Russian search engine, Yandex has revealed that around 5,000 of its users have had their accounts compromised following a malicious insider attack.

Publishing a statement online, the search giant announced that following a routine screening by Yandex’s security team, it was discovered that an employee has been providing unauthorised access to users’ mailboxes for “personal gain.”

As one of three systems administrators with the necessary access rights to provide technical support for the service, as a result of the employee’s actions, 4,887 mailboxes were illegally accessed.

With the technology company contacting law enforcement authorities about the incident, insider attacks such as this are often difficult to detect, as well as being more often than not, down to negligence rather than malice.

In the statement, the company noted, “A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures. This will help minimize the potential for individuals to compromise the security of user data in future.” Adding, “We apologize to the users who have been affected by this incident.”

ICO Fines Nuisance Callers £270,000

The UK’s data watchdog, the Information Commissioner’s Office (ICO) has issued fines totalling almost £300,000 to two companies for making unlawful marketing calls.

Contravening regulation 21 of the Privacy and Electronic Communications Regulation, the company should not have been making market calls to individuals registered to the Telephone Preference Service (TPS).

Call Centre Ops and House Guard, the companies behind the communications, were both found to have made around a total of 800,000 illegal calls, with some employees claiming ‘not to be a sales call’ despite attempting to sell life insurance.

Andy Curry, ICO Head of Investigations stated on the fines, “If you sign up to the TPS, you should not expect to get nuisance calls. It’s as simple as that. Companies that have no respect for their customers’ wishes and choose to flout the law, can expect to face consequences – for their reputation and to their bottom line.”

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021

Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security

InfoSec Round-Up: February 12th

InfoSec Round-Up: February 12th - Hut Six

Cyberpunk 2077 Attack, North Korean Crypto Theft & SIM Swaps - InfoSec Round-Up Feb 12th

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

InfoSec Round-Up: February 5th

InfoSec Round-Up: February 5th - Hut Six

SolarWinds Flaws, Ransomware Attack & Oxfam Breach - InfoSec Round-Up Feb 5th

ISO 27001 Security Awareness Training

Preparing for ISO 27001 with Information Security Awareness Training

Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security

InfoSec Round-Up: Jan 29th

InfoSec Round-Up: Jan 29th - Hut Six

TikTok Flaws, Broken Botnet & Ransomware Gang Takedown - InfoSec Round-Up Jan 29th

Information Security Focus for 2021

Information Security Resolutions for the New Year: Part Two

Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.

InfoSec Round-Up: Jan 22nd

InfoSec Round-Up: Jan 22nd - Hut Six

INTERPOL Warning, Leaked Pixlr Records & App Flaws - InfoSec Round-Up Jan 22nd

Information Security Resolutions 2021

10 Information Security Resolutions for the New Year: Part One

Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.

InfoSec Round-Up: January 17th

InfoSec Round-Up: January 17th - Hut Six

Ryuk Ransomware Gang, Cryptocurrency Fortunes & SolarWinds - InfoSec Round-Up Jan 17th