InfoSec Round-Up: February 5th

SolarWinds Flaws, Ransomware Attack & Oxfam Breach

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

UK Research and Innovation Ransomware

UK Research and Innovation (UKRI), a national science and research funding agency, has been hit with an apparent ransomware attack against its Brussels-based UK Research Office (UKRO) and its BBSRC extranet.

Noting that they cannot confirm whether any data was extracted from their systems, the organisation has not explicitly mentioned ‘ransomware’, with the UKRI simply describing the incident as a “cyber attack [resulting] in data being encrypted by a third party.”

Having temporarily switched off some of its web-facing services, the UKRO is a subscription service used by around 13,000 academics to find funding opportunities and share information regarding EU-funded research projects, though reportedly does not contain any sensitive personal data.

Regarding the affected extranet, the organisation noted that data potentially compromised does contain information relating to peer review activity and grant applications, and in some instances contains data relating to expense claims.

In an announcement, the UKRI stated, “We do not yet know whether any financial details have been taken, but we will endeavour to contact panel members to advise on personal protection against possible fraud in this situation.” Adding, “If we do identify individuals whose data has been taken, we will contact [them] as soon as possible.”

Further SolarWinds Vulnerabilities

Following one of the most significant supply chain attacks in history, security researchers have discovered several more vulnerabilities in SolarWinds products.

The three vulnerabilities discovered range in their seriousness, with the most severe of which allowing a remote, unprivileged actor to take control of the company’s Orion platform.

Discovered by security researchers at Trustwave, the flaws are not believed to have been exploited by malicious actors or reported “in the wild”.

With these three vulnerabilities being swiftly patched, users now being urged to update their software prior to the exploits being made public on the 9th of February.

The infamous initial attack, which was described by Microsoft President Brad Smith as a “mass indiscriminate global assault”, was allegedly concocted by Russian state hackers and was designed to infiltrate organisations networks, including many government agencies across the world.

In a summary of their research, Security Research Manager Martin Rakhmanov noted, “Trustwave reported all three findings to SolarWinds, and patches were released in a very timely manner. We want to thank SolarWinds for their partnership during the disclosure process. We recommend that administrators upgrade as soon as possible.”

Oxfam Database for Sale

Following a suspected data breach, Oxfam Australia is investigating the claim that a hacker is selling a database stolen from the charity.

Reportedly containing information relating to 1.7 million people, the database contains names, email addresses, phone numbers and donation amounts given to the Oxfam International affiliate.

Purportedly being put up for sale on a hacker forum some time last week, the details of how the attack occurred have yet to be confirmed.

Having reported the suspected breach to the Australian Cyber Security Centre (ACSC) and the relevant data authority, Oxfam Australia has yet to confirm what data was potentially accessed and how many people have been affected.

In a statement, the charity noted, “Launching the investigation and ascertaining key facts have been our priorities, but this is a complex issue and inquiries are in their early stages”, adding “We are committed to communicating quickly to our supporters once the facts have been established, and we will provide updates as we learn more.”

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.