InfoSec Round-Up: February 19th

Play Video

NK Hackers Charged, Yandex Insider Attack & ICO Fines

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

North Koreans Charged Over $1.3bn Theft

Three North Korean hackers have been charged by the US over a plot to steal over $1.3bn from various banks and businesses around the world.

As well as being accused of criminal conspiracy, conspiracy to commit wire fraud and bank fraud, the three men are additionally accused of deploying malicious cryptocurrency programs.

Not in custody, the cyber criminals are thought to remain in North Korea, and as such are unlikely to face the US Justice system any time soon.

One of the accused, Park Jin Hyok, had previously been charged in 2019 for his involvement in the 2014 Sony Entertainment hack, with all three accused of being involved with the extremely destructive 2017 Wannacry virus.

Assistant Attorney General for National Security, John Demers, said on the matter, "North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers". Adding that the country “has become a criminal syndicate with a flag”.

Yandex Insider Breach

Prominent Russian search engine, Yandex has revealed that around 5,000 of its users have had their accounts compromised following a malicious insider attack.

Publishing a statement online, the search giant announced that following a routine screening by Yandex’s security team, it was discovered that an employee has been providing unauthorised access to users’ mailboxes for “personal gain.”

As one of three systems administrators with the necessary access rights to provide technical support for the service, as a result of the employee’s actions, 4,887 mailboxes were illegally accessed.

With the technology company contacting law enforcement authorities about the incident, insider attacks such as this are often difficult to detect, as well as being more often than not, down to negligence rather than malice.

In the statement, the company noted, “A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures. This will help minimize the potential for individuals to compromise the security of user data in future.” Adding, “We apologize to the users who have been affected by this incident.”

ICO Fines Nuisance Callers £270,000

The UK’s data watchdog, the Information Commissioner’s Office (ICO) has issued fines totalling almost £300,000 to two companies for making unlawful marketing calls.

Contravening regulation 21 of the Privacy and Electronic Communications Regulation, the company should not have been making market calls to individuals registered to the Telephone Preference Service (TPS).

Call Centre Ops and House Guard, the companies behind the communications, were both found to have made around a total of 800,000 illegal calls, with some employees claiming ‘not to be a sales call’ despite attempting to sell life insurance.

Andy Curry, ICO Head of Investigations stated on the fines, “If you sign up to the TPS, you should not expect to get nuisance calls. It’s as simple as that. Companies that have no respect for their customers’ wishes and choose to flout the law, can expect to face consequences – for their reputation and to their bottom line.”

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021

Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

ISO 27001 Security Awareness Training

Preparing for ISO 27001 with Information Security Awareness Training

Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security

Information Security Focus for 2021

Information Security Resolutions for the New Year: Part Two

Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.

Information Security Resolutions 2021

10 Information Security Resolutions for the New Year: Part One

Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.

ISO 27001 vs SOC 2: What is the difference?

ISO 27001 vs SOC 2 Certification - Hut Six

Find out the key differences between ISO 27001 and SOC 2 and which one is best for your business. Learn about both security standards, focus areas, and the benefits of each one to make an informed decision.

Top 5 Breaches 2020

The Five Biggest Breaches and Hacks of 2020

The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.

SOC 2 Compliance Security Awareness Requirements

Preparing for SOC 2 Compliance - Hut Six

Preparing for SOC 2 Compliance. What are the 5 Trust Service Principles? Security · Availability · Processing Integrity · Confidentiality · Privacy

Securing Work from Home

Top 10 Security Tips for Remote Work

Top 10 Security Tips for Remote Work. Securing Work from Home blog image by Information Security Awareness Training provider Hut Six Security.

Business Case for Security Awareness Training

Building a Business Case for Information Security Awareness Training

Building a Business Case for Information Security Awareness Training blog by Information Security Awareness Training provider Hut Six.

Speak to us about your Cyber Awareness