InfoSec Round-Up July 2nd
MoD Data Breach, Salvation Army Breach & Denmark Bank Hack
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Bus Stop Data Breach
Classified documents belonging to the UK’s Ministry of Defence (MoD) have been found by a member of the public at a bus stop in Kent.
Prompting an investigation by the MoD, the documents found consisted of around 50 pages, containing information relating to UK naval operations, as well as possible UK military presence in Afghanistan following the withdrawal of NATO forces.
Found in what was described as a “soggy heap” behind a bus stop on Tuesday morning, the individual who found the papers contacted the BBC after realising the sensitive nature of their discovery.
Though the MoD has stated it will investigate the incident, and that the responsible senior official’s access to sensitive material has been temporarily suspended, the incident has raised concerns over national security, with the Labour party describing it as “as embarrassing as it is worrying”.
Responding to the breach, a spokesperson for the MoD has noted: “The department takes the security of information extremely seriously and an investigation has been launched. The employee concerned reported the loss at the time.” Adding, “It would be inappropriate to comment further.”
Salvation Army Ransomware Attack
The UK arm of the international charity, the Salvation Army, has fallen victim to a ransomware attack in which data from their corporate IT systems has been exfiltrated.
Believed to have first been detected around a month ago, the charity has confirmed they are working with the Information Commissioner’s Office and the Charity Commission, additionally noting that their public services are unaffected by the attack.
Advising charity staff and volunteers to be on the lookout for any unusual bank activity or suspicious communications, the charity has disclosed little in the way of details, though data stolen in the attack has yet to appear on any known ransomware syndicate websites.
Simon Fraser, Managing Director here at Hut Six noted on the incident: "This attack once again demonstrates that sadly no organisation is off-limits to cyber criminals. With a ransomware attack seemingly in the news every week, having an effective security awareness program as part of your wider network strategy has never been more important."
Denmark’s Central Bank Breached
In the latest development in the SolarWinds hack, it is reported that Russian state-backed hackers gained access to the networks of Denmark’s central bank, in an attack which was undetected for seven months.
Coming to light following a freedom of information request, the bank has stated that despite the long term access the hackers managed to gain, they have found no evidence “the attack has had any real consequences.”
Occurring as a result of the SolarWinds hack, which is believed to be the world’s largest and most sophisticated supply-chain attack, the central bank is just one of the many thousands of organisations believed to have been affected, though seems to have not been a primary target.
Read More: Microsoft President Condemns SolarWinds Hack
In a statement, a representative from the bank noted, “The SolarWinds attack also hit the financial infrastructure in Denmark. The relevant systems were contained and analysed as soon as the compromise of SolarWinds Orion became known.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.