InfoSec Round-Up July 30th

Play Video

NSO Raid, Vaccine Passport Leak & Biden Warning

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

NSO Group Raided

Following international pressure regarding the sale of surveillance tools, the Israeli government has this week raided the offices of controversial software vendor NSO Group.

Announced by the Israeli Ministry of Defense, the investigation comes after it was revealed that the company had sold its software, know as Pegasus, to multiple oppressive governments who used it to spy on journalists, dissidents, and political rivals.

With NSO Group stating that they “welcome [the] inspection”, the company last week absolved themselves of responsibility, claiming that it was not them, but their customers that were deserving of condemnation.

A representative from NSO Group has stated, “The company is working in full transparency with the Israeli authorities. We are confident that this inspection will prove the facts are as declared repeatedly by the company against the false allegations made against us in the recent media attacks.”

Biden Warns of Escalating Cyber Tensions

During a speech at the National Counterterrorism Center of the Office of the Director of National Intelligence, US President Biden has speculated that if the US were to enter a so-called ‘hot-war’, it would likely be because of a “cyber breach of great consequence.”

Naming Russia and China as “possibly mortal competitors down the road,” the President also noted existing ‘misinformation’ efforts of Russia regarding the upcoming 2022 US elections, as well as China’s ambitions of becoming “the most powerful military force in the world, as well as the largest [and] the most prominent economy.”

Following remarks issued by NATO comparing cyberattacks to “armed attacks”, as well as many significant cyber attacks on critical infrastructure, including the Colonial Pipeline and JBS ransomware incidents, the President also recently warned Russian President Putin that the US will take “any necessary action” to defend its people.

During the speech, Biden stated: “You know, we've seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world”, adding, “I can't guarantee this… but I think it's more likely we're going to end up — well, if we end up in a war, a real shooting war with a major power, it's going to be as a consequence of a cyber breach of great consequence.”

Vaccine Passport Data Leak

Following the exposure of user data, Northern Ireland’s Department of Health (DoH) has temporarily halted its online COVID-19 vaccine certification service.

Although the extent of the breach is currently not known, the department has stated that a limited number of users were potentially exposed to data of other users, leading to the suspension of the vaccine passport service.

Having reported the issue to the UK’s data watchdog, the Information Commissioner’s Office (ICO), as well as noting that they are working to restore all services as soon as possible, the breach comes at a time of increased scrutiny regarding healthcare systems and cyber security.

As well as referring to the breach as “concerning”, Colm Gildernew, Sinn Fein’s health spokesperson has stated: “Significant personal information could have been exposed... The Department must ensure that those impacted are made aware of the breach and actions [are] being taken to address this issue.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

InfoSec Round-Up July 23th

InfoSec Round-Up July 23th - Hut Six

NSO responds to international criticism. Saudi Aramco hacked for a second time. Chinese government denies involvement with Microsoft Hack.

InfoSec Round-Up July 16th

InfoSec Round-Up July 16th - Hut Six

UK Police seize £180 million in money laundering investigation. REvil ransomware website mysteriously disappears. Iran targets British academics in phishing attack.

InfoSec Round-Up July 2nd

InfoSec Round-Up July 2nd - Hut Six

Member of public finds Ministry of Defence (MoD) documents. Salvation Army loses data in cyber attack. Denmark's Central Bank affected by SolarWinds hack.

InfoSec Round-Up June 25th

InfoSec Round-Up June 25th - Hut Six

Prolific phishing scammer arrested for 25k SMS messages. Scotland's EPA announces 4 thousand files were stolen. Security icon John McAfee found dead.

InfoSec Round-Up June 11th

InfoSec Round-Up June 11th - Hut Six

New York Time, the Guardian, Reddit and more unavailable. JBS pays $11 million ransom to attackers. FBI created fake end-to-end encrypted chat app.

InfoSec Round-Up June 4th

InfoSec Round-Up June 4th - Hut Six

Meat Supplier JBS grinds to a halt. The ICO fines Conservatives £10K. Swedish Public Health Agency hacked.

InfoSec Round-Up May 28th

InfoSec Round-Up May 28th - Hut Six

UK's ICO fines Amex £90K for marketing emails. Japanese government responds to supply chain attack. Darkside criminal gang strike again.

InfoSec Round-Up May 21st

InfoSec Round-Up May 21st - Hut Six

Fuel supplier pays a huge $4.4 million ransomware to criminals. Russia "unconvincingly" denies involvement with SolarWinds hack. FTC reports $80 million has been lost to scams.

InfoSec Round-Up May 14th

InfoSec Round-Up May 14th - Hut Six

Devastating attack hits Colonial Pipeline fuel supplier. Company criticised for 'unethical' phishing campaign. NSCS warns international cyber criminals.

InfoSec Round-Up May 7th

InfoSec Round-Up May 7th - Hut Six

“Aggressive and Urgent” action against ransomware needed. Romance fraudster steals $113K from victim. Household router flaws leave 6 million vulnerable.