InfoSec Round-Up June 11th

Play Video

Internet Blackout, JBS Payment & FBI Chat App

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Internet Blackout Explained

The major internet blackout, which affected many high-traffic websites this week, has been explained by cloud-computing company Fastly as being the result of the actions of a single unnamed customer.

Resulting in such websites as Reddit, Amazon, the Guardian, and the New York Times being unavailable for just under an hour, the problem occurred on June 8th and is reported as a bug stemming from a ‘valid customer configuration change’.

According to an official summary of the incident, the company detected the disruption in around one minute, and within 49 minutes 95% of Fastly’s network was operating as normal.

Having apologised for the disruption, Fastly, which is a service designed to speed up loading times and protect from denial-of-service (DOS) attacks, also noted that they are conducting a complete ‘post-mortem’ of the processes and practices followed during the incident.

In a statement, Senior Vice President of Engineering and Infrastructure Nick Rockwell explained: “Even though there were specific conditions that triggered this outage, we should have anticipated it. We provide mission critical services, and we treat any action that can cause service issues with the utmost sensitivity and priority.”

JBS Pays Ransom

Following up from last week’s story, the world’s largest meat processing company, JBS, has paid an $11 million ransom to help end a cyber-attack which occurred on the 31st of May.

Temporarily halting operations in Canada, the US and Australia, the Russia-based ransomware syndicate behind the attack had initially demanded $22.5 million, though following a discussion with a company specialising in ransomware negotiations, the sum was lowered to $11 million.

Though much of the company’s data was recovered via redundancies and back-ups, JBS explained that a decryption key was needed for two specific databases affected by the attack; databases which have since been restored.

In a statement, Chief Executive Officer of JBS USA Andre Nogueira noted “This was a very difficult decision to make for our company and for me personally”. Adding, “However, we felt this decision had to be made to prevent any potential risk for our customers.”

FBI Chat App

The FBI and Australia Federal Police have revealed that, in a joint law enforcement operation, they created a fake end-to-end encrypted chat platform designed to catch criminals.

The platform, known as Anom, was sold exclusively to criminals preinstalled on devices, allowing law enforcement entities to monitor over 300 crime syndicates operating in more than 100 countries.

Having examined 27 million messages collected over an 18-month period, 800 arrests were made as a result, as well as the seizure of 32 tons of drugs, 55 luxury vehicles and over $48 million in various currencies.

Dubbed Operation Trojan Shield, Europol described it as one of the largest and most sophisticated law enforcement operations to date, with participating countries including, Australia, Canada, Estonia, Finland, Hungary and the UK.

Randy Grossman, Acting US Attorney for the Southern District of California stated on the operation, “Trojan Shield has shattered any confidence the criminals may have in the use of hardened encrypted devices”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

The importance of an email security policy

Why Organisations Need an Email Security Policy

An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.

Preventing Human Error in Information Security

Human Error in Information Security

When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.

Security Awareness - Return on Investment

Investing in Information Security Awareness Training

Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021

Microsoft Teams Security

How Secure is Microsoft Teams?

How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security

Enterprise Data Regulation

Best Ways To Ensure Enterprise Data Regulation

Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.

Disaster Recovery Plan

Writing a Disaster Recovery Plan

Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.

Security Program Policies for 2021

What Policies Do I Need for a Security Program?

Security program policies blog by information security awareness training provider Hut Six Security.

Security Awareness Training for Cyber Essentials

Preparing for Cyber Essentials with Information Security Awareness Training

Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.

Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021

Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.