InfoSec Round-Up June 11th

Play Video

Internet Blackout, JBS Payment & FBI Chat App

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Internet Blackout Explained

The major internet blackout, which affected many high-traffic websites this week, has been explained by cloud-computing company Fastly as being the result of the actions of a single unnamed customer.

Resulting in such websites as Reddit, Amazon, the Guardian, and the New York Times being unavailable for just under an hour, the problem occurred on June 8th and is reported as a bug stemming from a ‘valid customer configuration change’.

According to an official summary of the incident, the company detected the disruption in around one minute, and within 49 minutes 95% of Fastly’s network was operating as normal.

Having apologised for the disruption, Fastly, which is a service designed to speed up loading times and protect from denial-of-service (DOS) attacks, also noted that they are conducting a complete ‘post-mortem’ of the processes and practices followed during the incident.

In a statement, Senior Vice President of Engineering and Infrastructure Nick Rockwell explained: “Even though there were specific conditions that triggered this outage, we should have anticipated it. We provide mission critical services, and we treat any action that can cause service issues with the utmost sensitivity and priority.”

JBS Pays Ransom

Following up from last week’s story, the world’s largest meat processing company, JBS, has paid an $11 million ransom to help end a cyber-attack which occurred on the 31st of May.

Temporarily halting operations in Canada, the US and Australia, the Russia-based ransomware syndicate behind the attack had initially demanded $22.5 million, though following a discussion with a company specialising in ransomware negotiations, the sum was lowered to $11 million.

Though much of the company’s data was recovered via redundancies and back-ups, JBS explained that a decryption key was needed for two specific databases affected by the attack; databases which have since been restored.

In a statement, Chief Executive Officer of JBS USA Andre Nogueira noted “This was a very difficult decision to make for our company and for me personally”. Adding, “However, we felt this decision had to be made to prevent any potential risk for our customers.”

FBI Chat App

The FBI and Australia Federal Police have revealed that, in a joint law enforcement operation, they created a fake end-to-end encrypted chat platform designed to catch criminals.

The platform, known as Anom, was sold exclusively to criminals preinstalled on devices, allowing law enforcement entities to monitor over 300 crime syndicates operating in more than 100 countries.

Having examined 27 million messages collected over an 18-month period, 800 arrests were made as a result, as well as the seizure of 32 tons of drugs, 55 luxury vehicles and over $48 million in various currencies.

Dubbed Operation Trojan Shield, Europol described it as one of the largest and most sophisticated law enforcement operations to date, with participating countries including, Australia, Canada, Estonia, Finland, Hungary and the UK.

Randy Grossman, Acting US Attorney for the Southern District of California stated on the operation, “Trojan Shield has shattered any confidence the criminals may have in the use of hardened encrypted devices”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

InfoSec Round-Up June 4th

InfoSec Round-Up June 4th - Hut Six

Meat Supplier JBS grinds to a halt. The ICO fines Conservatives £10K. Swedish Public Health Agency hacked.

InfoSec Round-Up May 28th

InfoSec Round-Up May 28th - Hut Six

UK's ICO fines Amex £90K for marketing emails. Japanese government responds to supply chain attack. Darkside criminal gang strike again.

InfoSec Round-Up May 21st

InfoSec Round-Up May 21st - Hut Six

Fuel supplier pays a huge $4.4 million ransomware to criminals. Russia "unconvincingly" denies involvement with SolarWinds hack. FTC reports $80 million has been lost to scams.

InfoSec Round-Up May 14th

InfoSec Round-Up May 14th - Hut Six

Devastating attack hits Colonial Pipeline fuel supplier. Company criticised for 'unethical' phishing campaign. NSCS warns international cyber criminals.

InfoSec Round-Up May 7th

InfoSec Round-Up May 7th - Hut Six

“Aggressive and Urgent” action against ransomware needed. Romance fraudster steals $113K from victim. Household router flaws leave 6 million vulnerable.

InfoSec Round-Up: April 30th

InfoSec Round-Up: April 30th - Hut Six

Washington DC’s Metro Police Department has lost 250GB of unencrypted data which could be leaked to criminal gangs. Reverb.com exposes personal data of millions of customers. Massive Merseyrail ransomware attack.

InfoSec Round-up: April 23rd

InfoSec Round-up: April 23rd - Hut Six

TikTok Data Lawsuit, Apple Attack & Spy Warning - Infosec Round-Up April 23rd

The importance of an email security policy

Why Organisations Need an Email Security Policy

An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.

Infosec Round-Up: April 16th

Infosec Round-Up: April 16th - Hut Six

Nuclear Cyber Attack, Capcom Hack & Ransomware Food Shortage - Infosec Round-Up April 16th

Preventing Human Error in Information Security

Human Error in Information Security

When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.