InfoSec Round-Up July 2nd

MoD Data Breach, Salvation Army Breach & Denmark Bank Hack

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Bus Stop Data Breach

Classified documents belonging to the UK’s Ministry of Defence (MoD) have been found by a member of the public at a bus stop in Kent.

Prompting an investigation by the MoD, the documents found consisted of around 50 pages, containing information relating to UK naval operations, as well as possible UK military presence in Afghanistan following the withdrawal of NATO forces.

Found in what was described as a “soggy heap” behind a bus stop on Tuesday morning, the individual who found the papers contacted the BBC after realising the sensitive nature of their discovery.

Though the MoD has stated it will investigate the incident, and that the responsible senior official’s access to sensitive material has been temporarily suspended, the incident has raised concerns over national security, with the Labour party describing it as “as embarrassing as it is worrying”.

Responding to the breach, a spokesperson for the MoD has noted: “The department takes the security of information extremely seriously and an investigation has been launched. The employee concerned reported the loss at the time.” Adding, “It would be inappropriate to comment further.”

Salvation Army Ransomware Attack

The UK arm of the international charity, the Salvation Army, has fallen victim to a ransomware attack in which data from their corporate IT systems has been exfiltrated.

Believed to have first been detected around a month ago, the charity has confirmed they are working with the Information Commissioner’s Office and the Charity Commission, additionally noting that their public services are unaffected by the attack.

Advising charity staff and volunteers to be on the lookout for any unusual bank activity or suspicious communications, the charity has disclosed little in the way of details, though data stolen in the attack has yet to appear on any known ransomware syndicate websites.

Simon Fraser, Managing Director here at Hut Six noted on the incident: "This attack once again demonstrates that sadly no organisation is off-limits to cyber criminals. With a ransomware attack seemingly in the news every week, having an effective security awareness program as part of your wider network strategy has never been more important."

Denmark’s Central Bank Breached

In the latest development in the SolarWinds hack, it is reported that Russian state-backed hackers gained access to the networks of Denmark’s central bank, in an attack which was undetected for seven months.

Coming to light following a freedom of information request, the bank has stated that despite the long term access the hackers managed to gain, they have found no evidence “the attack has had any real consequences.”

Occurring as a result of the SolarWinds hack, which is believed to be the world’s largest and most sophisticated supply-chain attack, the central bank is just one of the many thousands of organisations believed to have been affected, though seems to have not been a primary target.

Read More: Microsoft President Condemns SolarWinds Hack

In a statement, a representative from the bank noted, “The SolarWinds attack also hit the financial infrastructure in Denmark. The relevant systems were contained and analysed as soon as the compromise of SolarWinds Orion became known.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.