InfoSec Round-Up July 2nd
MoD Data Breach, Salvation Army Breach & Denmark Bank Hack
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Bus Stop Data Breach
Classified documents belonging to the UK’s Ministry of Defence (MoD) have been found by a member of the public at a bus stop in Kent.
Prompting an investigation by the MoD, the documents found consisted of around 50 pages, containing information relating to UK naval operations, as well as possible UK military presence in Afghanistan following the withdrawal of NATO forces.
Found in what was described as a “soggy heap” behind a bus stop on Tuesday morning, the individual who found the papers contacted the BBC after realising the sensitive nature of their discovery.
Though the MoD has stated it will investigate the incident, and that the responsible senior official’s access to sensitive material has been temporarily suspended, the incident has raised concerns over national security, with the Labour party describing it as “as embarrassing as it is worrying”.
Responding to the breach, a spokesperson for the MoD has noted: “The department takes the security of information extremely seriously and an investigation has been launched. The employee concerned reported the loss at the time.” Adding, “It would be inappropriate to comment further.”
Salvation Army Ransomware Attack
The UK arm of the international charity, the Salvation Army, has fallen victim to a ransomware attack in which data from their corporate IT systems has been exfiltrated.
Believed to have first been detected around a month ago, the charity has confirmed they are working with the Information Commissioner’s Office and the Charity Commission, additionally noting that their public services are unaffected by the attack.
Advising charity staff and volunteers to be on the lookout for any unusual bank activity or suspicious communications, the charity has disclosed little in the way of details, though data stolen in the attack has yet to appear on any known ransomware syndicate websites.
Simon Fraser, Managing Director here at Hut Six noted on the incident: "This attack once again demonstrates that sadly no organisation is off-limits to cyber criminals. With a ransomware attack seemingly in the news every week, having an effective security awareness program as part of your wider network strategy has never been more important."
Denmark’s Central Bank Breached
In the latest development in the SolarWinds hack, it is reported that Russian state-backed hackers gained access to the networks of Denmark’s central bank, in an attack which was undetected for seven months.
Coming to light following a freedom of information request, the bank has stated that despite the long term access the hackers managed to gain, they have found no evidence “the attack has had any real consequences.”
Occurring as a result of the SolarWinds hack, which is believed to be the world’s largest and most sophisticated supply-chain attack, the central bank is just one of the many thousands of organisations believed to have been affected, though seems to have not been a primary target.
Read More: Microsoft President Condemns SolarWinds Hack
In a statement, a representative from the bank noted, “The SolarWinds attack also hit the financial infrastructure in Denmark. The relevant systems were contained and analysed as soon as the compromise of SolarWinds Orion became known.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Prolific phishing scammer arrested for 25k SMS messages. Scotland's EPA announces 4 thousand files were stolen. Security icon John McAfee found dead.
New York Time, the Guardian, Reddit and more unavailable. JBS pays $11 million ransom to attackers. FBI created fake end-to-end encrypted chat app.
Meat Supplier JBS grinds to a halt. The ICO fines Conservatives £10K. Swedish Public Health Agency hacked.
UK's ICO fines Amex £90K for marketing emails. Japanese government responds to supply chain attack. Darkside criminal gang strike again.
Fuel supplier pays a huge $4.4 million ransomware to criminals. Russia "unconvincingly" denies involvement with SolarWinds hack. FTC reports $80 million has been lost to scams.
Devastating attack hits Colonial Pipeline fuel supplier. Company criticised for 'unethical' phishing campaign. NSCS warns international cyber criminals.
“Aggressive and Urgent” action against ransomware needed. Romance fraudster steals $113K from victim. Household router flaws leave 6 million vulnerable.
Washington DC’s Metro Police Department has lost 250GB of unencrypted data which could be leaked to criminal gangs. Reverb.com exposes personal data of millions of customers. Massive Merseyrail ransomware attack.
TikTok Data Lawsuit, Apple Attack & Spy Warning - Infosec Round-Up April 23rd
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.