InfoSec Round-Up June 11th
Internet Blackout, JBS Payment & FBI Chat App
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Internet Blackout Explained
The major internet blackout, which affected many high-traffic websites this week, has been explained by cloud-computing company Fastly as being the result of the actions of a single unnamed customer.
Resulting in such websites as Reddit, Amazon, the Guardian, and the New York Times being unavailable for just under an hour, the problem occurred on June 8th and is reported as a bug stemming from a ‘valid customer configuration change’.
According to an official summary of the incident, the company detected the disruption in around one minute, and within 49 minutes 95% of Fastly’s network was operating as normal.
Having apologised for the disruption, Fastly, which is a service designed to speed up loading times and protect from denial-of-service (DOS) attacks, also noted that they are conducting a complete ‘post-mortem’ of the processes and practices followed during the incident.
In a statement, Senior Vice President of Engineering and Infrastructure Nick Rockwell explained: “Even though there were specific conditions that triggered this outage, we should have anticipated it. We provide mission critical services, and we treat any action that can cause service issues with the utmost sensitivity and priority.”
JBS Pays Ransom
Following up from last week’s story, the world’s largest meat processing company, JBS, has paid an $11 million ransom to help end a cyber-attack which occurred on the 31st of May.
Temporarily halting operations in Canada, the US and Australia, the Russia-based ransomware syndicate behind the attack had initially demanded $22.5 million, though following a discussion with a company specialising in ransomware negotiations, the sum was lowered to $11 million.
Though much of the company’s data was recovered via redundancies and back-ups, JBS explained that a decryption key was needed for two specific databases affected by the attack; databases which have since been restored.
In a statement, Chief Executive Officer of JBS USA Andre Nogueira noted “This was a very difficult decision to make for our company and for me personally”. Adding, “However, we felt this decision had to be made to prevent any potential risk for our customers.”
FBI Chat App
The FBI and Australia Federal Police have revealed that, in a joint law enforcement operation, they created a fake end-to-end encrypted chat platform designed to catch criminals.
The platform, known as Anom, was sold exclusively to criminals preinstalled on devices, allowing law enforcement entities to monitor over 300 crime syndicates operating in more than 100 countries.
Having examined 27 million messages collected over an 18-month period, 800 arrests were made as a result, as well as the seizure of 32 tons of drugs, 55 luxury vehicles and over $48 million in various currencies.
Dubbed Operation Trojan Shield, Europol described it as one of the largest and most sophisticated law enforcement operations to date, with participating countries including, Australia, Canada, Estonia, Finland, Hungary and the UK.
Randy Grossman, Acting US Attorney for the Southern District of California stated on the operation, “Trojan Shield has shattered any confidence the criminals may have in the use of hardened encrypted devices”.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.