InfoSec Round-Up June 25th
McAfee Found Dead, Scammer Arrest & Ransomware Recovery
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Phishing Scammer Arrested
The UK Police have arrested a prolific fraudster who sent more than 25,000 text messages in a day to illegally obtain banking details.
Apprehended on the 17th of June in a hotel in Manchester, the arrest followed hotel staff reporting the man for suspicious behaviour, including carrying a large number of cables around in a bag.
Impersonating the parcel delivery company Hermes, according to the police the scale of the SMS phishing operation was quite large, estimating that close to 26,000 fraudulent messages were sent on the day of the arrest alone.
Detective Inspector Mark Astbury, of GMP's City of Manchester Central division, stated on the matter: “What we have uncovered here are potentially the components of a highly sophisticated and authentic scam that I know many people not just in Greater Manchester but across the country have been potential victims of in recent weeks and months.”
Adding, “These are the very early stages of what promises to be a complex and dynamic investigation, and I would like to take the opportunity to remind the public to ensure they keep remaining alert to the daily risks that unscrupulous cyber criminals pose.”
Cyber Attack Recovery
Scotland’s Environment Protection Agency (Sepa) has announced that following a cyber attack which saw more than 4,000 files stolen late last year, IT systems will likely take years to be rebuilt.
Having been hit by the Conti ransomware syndicate on Christmas Eve of last year, the environmental watchdog refused to yield to the cyber criminal’s ransom demands, though has since spent around £800,000 on recovery.
Despite having backup systems in place, Sepa is yet to recover all its environmental data sets affected by the attack, though is now able to provide the majority of its services, including flood forecasting.
Speaking to BBC Scotland about the incident, Chief executive Terry A'Hearn explained, “We had reform aims anyway, we were going to build a new IT system progressively over five or six years.”
Adding, “This is an opportunity we didn't want provided by criminals, but we've decided to fast-track that and will build that in one or two years.”
John McAfee Found Dead
Controversial cyber security entrepreneur John McAfee has been found dead in a Barcelona prison only hours after a Spanish court ruled he would face extradition to the US.
Facing charges of tax evasion, the 75-year-old, who was born in Gloucestershire, was most notably the founder of the well-known security company McAfee, a company which sold to technology giant Intel in 2010 for over $7.6 billion.
Accused of evading taxes, concealing multiple assets, fraud, and money laundering, McAfee claimed in court that the charges against him were politically motivated.
With the Catalan justice department stating that “everything indicates” McAfee had taken his own life, days before he had tweeted “There is much sorrow in prison, disguised as hostility.”
Nishay K Sanan, McAfee's lawyer, has stated: “I am saddened to hear of the events and my prayers go out to his wife Janice.” Adding, “John was and will always be remembered as a fighter. He tried to love this country, but the U.S. Government made his existence impossible.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
New York Time, the Guardian, Reddit and more unavailable. JBS pays $11 million ransom to attackers. FBI created fake end-to-end encrypted chat app.
Meat Supplier JBS grinds to a halt. The ICO fines Conservatives £10K. Swedish Public Health Agency hacked.
UK's ICO fines Amex £90K for marketing emails. Japanese government responds to supply chain attack. Darkside criminal gang strike again.
Fuel supplier pays a huge $4.4 million ransomware to criminals. Russia "unconvincingly" denies involvement with SolarWinds hack. FTC reports $80 million has been lost to scams.
Devastating attack hits Colonial Pipeline fuel supplier. Company criticised for 'unethical' phishing campaign. NSCS warns international cyber criminals.
“Aggressive and Urgent” action against ransomware needed. Romance fraudster steals $113K from victim. Household router flaws leave 6 million vulnerable.
Washington DC’s Metro Police Department has lost 250GB of unencrypted data which could be leaked to criminal gangs. Reverb.com exposes personal data of millions of customers. Massive Merseyrail ransomware attack.
TikTok Data Lawsuit, Apple Attack & Spy Warning - Infosec Round-Up April 23rd
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
Nuclear Cyber Attack, Capcom Hack & Ransomware Food Shortage - Infosec Round-Up April 16th