InfoSec Round-Up July 23th
Spyware Response, Aramco Hack & Microsoft Attack
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Pegasus Spyware Response
NSO Group, the organisation behind the controversial surveillance software ‘Pegasus’, has responding to criticism stating that its customers should be the focus of ire and not them.
The software, which was reportedly used to spy on upwards of 50,000 targets, has garnered a significant amount of media attention over the last week, largely relating to its role in monitoring public figures, including journalists, government officials and various international dissidents.
With a list of these targets being leaked, Israeli technology company NSO group has defended itself and its ethics, likening the situation to “criticising a car manufacturer when a drunk driver crashes.”
Additionally, stating that the software is intended for use against criminals and terrorists, and made available only to military, law enforcement, and intelligence agencies from countries with good human-rights records, the software is believed to been used against murdered journalist Jamal Khashoggi.
A spokesperson for the company has stated, “We are sending the system to governments, we get all the correct accreditation and do it all legally… if a customer decides to misuse the system, he will not be a customer anymore. But all the allegations and all the finger-pointing should be at the customer.”
Saudi Aramco Hacked
Saudi Aramco, one of the world’s largest petroleum companies, has confirmed data from one of its contractors has been stolen and is being used in an attempt to extort $50 million from the company.
Believed to be around 1TB of proprietary data, the group behind the attack, ZeroX, claims to have stolen the data by hacking Aramco’s networks sometime back in 2020, with data being posted on the darknet in June of this year.
Reportedly including employee data, client lists, contracts, and network information, the incident has been wrongly labelled by some as a ransomware attack, with the company iterating in public statements that the affected data was held by third-party contractors.
Coming soon after the attack against US fuel company Colonial Pipeline, Aramco is no stranger to cyber-attacks, having had around 35,000 computers wiped by the Shamoon virus back in 2012.
A spokesperson for the company has stated, “[We] recently became aware of the indirect release of a limited amount of company data.” Adding, “We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture”.
China Responsible for Microsoft Attack
The UK, US and EU have named China as being responsible for a major cyber attack against Microsoft Exchange servers, in which at least 30,000 organisations have been affected.
Beginning in January, the attack exploited a vulnerability in the Microsoft systems, inserting backdoors by which large amounts of personal information and intellectual property was stolen from, amongst others, defence contractors, think tanks and universities.
According to a BBC report, Western security services believe this attack signals a shift in espionage tactics and raises concerns over escalating Chinese cyber-behaviour, with the Chinese Communist Party being labelled “reckless” by the UK Foreign Office.
Despite denials from the Chinese government, Antony Blinken, the US secretary of state accused China of a “pattern of irresponsible, disruptive and destabilizing behaviour in cyberspace, which poses a major threat to economic and national security”.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.