Infosec Round-Up: July 3rd 2020
UCSF Pays £1.14m Ransom, India app ban and Computer Misuse Reform
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
This week we are discussing India’s banning of Chinese apps, the US University’s $1.14m data ransom and, is the Computer Misuse Act in need of reform?
India Bans Dozens of Chinese Apps
India has made the move to permanently ban dozens of Chinese-made apps, including popular social media platforms TikTok and WeChat.
India’s government has blocked access to 59 applications in total, claiming they posed a threat to the “sovereignty and integrity of India, defence of India, security of state and public order.”
Following an escalation of tensions between the two powers, India’s decision to ban the apps is the latest of many international concerns regarding Sino-technology and the blurred lines between Chinese state and business.
This week alone it has been reported that TikTok was continuing to covertly record content saved to iPhone users’ clipboards, as well as the still raging debate as to the role that technology company Huawei will play in the UK’s 5G networks.
Nikhil Gandhi, Head of TikTok, India, stated in response: “TikTok continues to comply with all data privacy and security requirements under Indian law and has not shared any information of our users in India with any foreign government, including the Chinese government… We place the highest importance on user privacy and integrity.”
Cyber-Group Urge Computer Misuse Act Reform
A group of businesses, academics and lawyers, have this week written to the UK Prime Minister, urging the reform of the thirty-year-old Computer Misuse Act (CMA).
In a public letter, the Cyber Up campaign has urged the British government to review a key piece of cyber-security legislation, claiming the act is no longer fit for purpose.
Signed by organisations such as the Cyber Security Research Institute and CREST, as well as individuals from the University of Essex and McAfee, the letter argues that the existing legislation inadvertently criminalises a large portion of “modern cyber defence practices”, such as “the scanning and interrogation of compromised victims’ and criminals’ systems”.
Given royal ascent thirty years ago, the CMA became law at a time when only 0.5% of the UK used the internet, and as the letter claims, “the concept of cyber security and threat intelligence research did not yet exist.”
The letter has yet to yield a response from the Prime Minister Boris Johnson.
University Pays $1.14m Data Ransom
The University of California, San Francisco (UCSF) has admitted it paid hackers a staggering $1.14m, following a ransomware attack.
Against many experts’ advice, the medical-research institution has paid cyber-criminals the equivalent of £910,000 after an online negotiation, witnessed by BBC News.
With the news organisation tipped-off by an anonymous source, journalists observed the negotiations via a live chat hosted on the criminal gang’s website.
Accessible only via the dark web, the Netwalker gang operate what appears to be a standard customer-service page, including live operators providing ‘support’.
Having arrived at $1.14 million, the university transferred 116.4 bitcoins to the Netwalker gang the following day, and is now working with the FBI to investigate, whilst restoring its systems.
In an update, the university stated, “Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
University of California Ransomware Attack: a $1.1.4m ransom has been paid following a ransomware attack on University of California's School of Medicine.
What is the Purpose of the Data Protection Act? Blog by information security awareness training solution provider Hut Six Security.
Top 3 Remote Work Security Lessons: remote work security blog by information security awareness provider Hut Six Security.
Who Regulates the Data Protection Act? Data Protection Blog by Information Security Awareness Training provider Hut Six Security
NHS phishing attack sees email accounts compromised as part of an attack targeting a wide range of organisations Blog by Hut Six Security.
Who Enforces the Data Protection Act? Principles, Protections and Penalties. Blog by Information Security Awareness Training provider Hut Six Security.
How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.
Who Does the Data Protection Act Apply to? Blog by Information Security Awareness Training and phishing simulator provider Hut Six Security
What Social Engineering Methods do attackers use to get your personal information? Blog by Information Security Awareness Training provider Hut Six Security
What Year Was the Data Protection Act Introduced? - 2018, however it has seen some changes as enforcements have increased.