InfoSec Round-Up: March 12th

Play Video

Uni Cyber Attacks, Security Camera Hack & Norwegian Gov Data

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

University Cyber Attack

The University of Central Lancashire in Preston has become the third university, in the last week, to be hit with a cyber-attack.

Along with The University of the Highlands and Islands and Queen’s University in Belfast, the UK’s National Cyber Security Centre has launched an investigation, though officials are yet to confirm whether these attacks are linked.

Leaving remote-working students unable to submit work, a UCLAN spokesperson explained that the institution had “deployed a full incident response plan to evaluate the extent of the issue and to stabilise the situation”, going on to explain that systems were quickly restored, and that no data was lost.

Often targeted by criminals seeking financial gain, and by nation states looking to steal intellectual property, educational institutions are increasingly the target of information security attacks.

In a statement responding to the incident against Queen’s University, an NCSC spokesperson stated, “Universities hold valuable data which can make them a lucrative target, and the NCSC works closely with the sector to help them to improve their cyber resilience.”

Security Cameras Hacked

Up to 150,000 security cameras made by security software company Verkada, installed in schools, hospitals, and businesses around the world, have been compromised in an information security attack.

With stolen footage from inside a Tesla factory, a Florida hospital and a US school being shared online by the cyber criminals, the attack reportedly involved infiltrating the network via a “super admin” account after credentials were left vulnerable.

The attack, which was executed by an international hacker collective, appears to have been motivated by an intent to disrupt, with one attacker claiming responsibility being quoted as saying it’s “just too much fun not to do.”

A spokesperson for Verkada, the company behind the cameras stated on the incident, “We have disabled all internal administrator accounts to prevent any unauthorized access.” Adding, “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”

Norwegian Parliament Data Stolen

Norway’s parliament, the Storting, has fallen victim to a cyber attack involving the recently discovered Microsoft Exchange vulnerabilities.

Currently attributed to a Chinese-backed hacking group, Microsoft last week released security updates to fix four zero-day vulnerabilities which were actively exploited in many targeted attacks.

The full extent of the incident is reportedly not yet known, but the Norwegian parliament has confirmed that threat actors managed to steal data as part of the cyber-attack.

As the second attack against the parliament in 12 months, in December of last year it is believed that a Russian-backed hacking group managed to access an undisclosed number of official email accounts.

Storting director, Marianne Andreassen stated on the matter, “We know that data has been extracted, but we do not yet have a full overview of the situation.” Adding, “The situation is currently unclear, and we do not know the full potential for damage.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Disaster Recovery Plan

Writing a Disaster Recovery Plan

Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.

Security Program Policies for 2021

What Policies Do I Need for a Security Program?

Security program policies blog by information security awareness training provider Hut Six Security.

Security Awareness Training for Cyber Essentials

Preparing for Cyber Essentials with Information Security Awareness Training

Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.

Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021

Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

ISO 27001 Security Awareness Training

Preparing for ISO 27001 with Information Security Awareness Training

Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security

Information Security Focus for 2021

Information Security Resolutions for the New Year: Part Two

Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.

Information Security Resolutions 2021

10 Information Security Resolutions for the New Year: Part One

Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.

ISO 27001 vs SOC 2: What is the difference?

ISO 27001 vs SOC 2 Certification - Hut Six

ISO 27001 vs SOC 2 Certifications - what's the difference? SOC 2 is a type of audit report focusing on security controls. ISO27001 is a compliance standard focused on high level information security.

Top 5 Breaches 2020

The Five Biggest Breaches and Hacks of 2020

The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.