InfoSec Round-Up: February 19th
NK Hackers Charged, Yandex Insider Attack & ICO Fines
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
North Koreans Charged Over $1.3bn Theft
Three North Korean hackers have been charged by the US over a plot to steal over $1.3bn from various banks and businesses around the world.
As well as being accused of criminal conspiracy, conspiracy to commit wire fraud and bank fraud, the three men are additionally accused of deploying malicious cryptocurrency programs.
Not in custody, the cyber criminals are thought to remain in North Korea, and as such are unlikely to face the US Justice system any time soon.
One of the accused, Park Jin Hyok, had previously been charged in 2019 for his involvement in the 2014 Sony Entertainment hack, with all three accused of being involved with the extremely destructive 2017 Wannacry virus.
Assistant Attorney General for National Security, John Demers, said on the matter, "North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers". Adding that the country “has become a criminal syndicate with a flag”.
Yandex Insider Breach
Prominent Russian search engine, Yandex has revealed that around 5,000 of its users have had their accounts compromised following a malicious insider attack.
Publishing a statement online, the search giant announced that following a routine screening by Yandex’s security team, it was discovered that an employee has been providing unauthorised access to users’ mailboxes for “personal gain.”
As one of three systems administrators with the necessary access rights to provide technical support for the service, as a result of the employee’s actions, 4,887 mailboxes were illegally accessed.
With the technology company contacting law enforcement authorities about the incident, insider attacks such as this are often difficult to detect, as well as being more often than not, down to negligence rather than malice.
In the statement, the company noted, “A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures. This will help minimize the potential for individuals to compromise the security of user data in future.” Adding, “We apologize to the users who have been affected by this incident.”
ICO Fines Nuisance Callers £270,000
The UK’s data watchdog, the Information Commissioner’s Office (ICO) has issued fines totalling almost £300,000 to two companies for making unlawful marketing calls.
Contravening regulation 21 of the Privacy and Electronic Communications Regulation, the company should not have been making market calls to individuals registered to the Telephone Preference Service (TPS).
Call Centre Ops and House Guard, the companies behind the communications, were both found to have made around a total of 800,000 illegal calls, with some employees claiming ‘not to be a sales call’ despite attempting to sell life insurance.
Andy Curry, ICO Head of Investigations stated on the fines, “If you sign up to the TPS, you should not expect to get nuisance calls. It’s as simple as that. Companies that have no respect for their customers’ wishes and choose to flout the law, can expect to face consequences – for their reputation and to their bottom line.”
Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.
Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security
Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.
Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.
ISO 27001 vs SOC 2 Certifications - what's the difference? SOC 2 is a type of audit report focusing on security controls. ISO27001 is a compliance standard focused on high level information security.
The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.
Preparing for SOC 2 Compliance. What are the 5 Trust Service Principles? Security · Availability · Processing Integrity · Confidentiality · Privacy
Top 10 Security Tips for Remote Work. Securing Work from Home blog image by Information Security Awareness Training provider Hut Six Security.
Building a Business Case for Information Security Awareness Training blog by Information Security Awareness Training provider Hut Six.