InfoSec Round-Up: February 5th
SolarWinds Flaws, Ransomware Attack & Oxfam Breach
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
UK Research and Innovation Ransomware
UK Research and Innovation (UKRI), a national science and research funding agency, has been hit with an apparent ransomware attack against its Brussels-based UK Research Office (UKRO) and its BBSRC extranet.
Noting that they cannot confirm whether any data was extracted from their systems, the organisation has not explicitly mentioned ‘ransomware’, with the UKRI simply describing the incident as a “cyber attack [resulting] in data being encrypted by a third party.”
Having temporarily switched off some of its web-facing services, the UKRO is a subscription service used by around 13,000 academics to find funding opportunities and share information regarding EU-funded research projects, though reportedly does not contain any sensitive personal data.
Regarding the affected extranet, the organisation noted that data potentially compromised does contain information relating to peer review activity and grant applications, and in some instances contains data relating to expense claims.
In an announcement, the UKRI stated, “We do not yet know whether any financial details have been taken, but we will endeavour to contact panel members to advise on personal protection against possible fraud in this situation.” Adding, “If we do identify individuals whose data has been taken, we will contact [them] as soon as possible.”
Further SolarWinds Vulnerabilities
Following one of the most significant supply chain attacks in history, security researchers have discovered several more vulnerabilities in SolarWinds products.
The three vulnerabilities discovered range in their seriousness, with the most severe of which allowing a remote, unprivileged actor to take control of the company’s Orion platform.
Discovered by security researchers at Trustwave, the flaws are not believed to have been exploited by malicious actors or reported “in the wild”.
With these three vulnerabilities being swiftly patched, users now being urged to update their software prior to the exploits being made public on the 9th of February.
The infamous initial attack, which was described by Microsoft President Brad Smith as a “mass indiscriminate global assault”, was allegedly concocted by Russian state hackers and was designed to infiltrate organisations networks, including many government agencies across the world.
In a summary of their research, Security Research Manager Martin Rakhmanov noted, “Trustwave reported all three findings to SolarWinds, and patches were released in a very timely manner. We want to thank SolarWinds for their partnership during the disclosure process. We recommend that administrators upgrade as soon as possible.”
Oxfam Database for Sale
Following a suspected data breach, Oxfam Australia is investigating the claim that a hacker is selling a database stolen from the charity.
Reportedly containing information relating to 1.7 million people, the database contains names, email addresses, phone numbers and donation amounts given to the Oxfam International affiliate.
Purportedly being put up for sale on a hacker forum some time last week, the details of how the attack occurred have yet to be confirmed.
Having reported the suspected breach to the Australian Cyber Security Centre (ACSC) and the relevant data authority, Oxfam Australia has yet to confirm what data was potentially accessed and how many people have been affected.
In a statement, the charity noted, “Launching the investigation and ascertaining key facts have been our priorities, but this is a complex issue and inquiries are in their early stages”, adding “We are committed to communicating quickly to our supporters once the facts have been established, and we will provide updates as we learn more.”
Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security
TikTok Flaws, Broken Botnet & Ransomware Gang Takedown - InfoSec Round-Up Jan 29th
Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.
INTERPOL Warning, Leaked Pixlr Records & App Flaws - InfoSec Round-Up Jan 22nd
Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.
Ryuk Ransomware Gang, Cryptocurrency Fortunes & SolarWinds - InfoSec Round-Up Jan 17th
ISO 27001 vs SOC 2 Certifications - what's the difference? SOC 2 is a type of audit report focusing on security controls. ISO27001 is a compliance standard focused on high level information security.
Assange Extradition, Vaccine Scams, App Bans & SolarWinds Hack - InfoSec Round-Up Jan 10th
Inside Attacker Jailed, GDPR Fines Twitter & Trump’s Twitter Password - InfoSec Round-Up Dec 20th
The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.