InfoSec Round-Up: March 12th

Play Video

Uni Cyber Attacks, Security Camera Hack & Norwegian Gov Data

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

University Cyber Attack

The University of Central Lancashire in Preston has become the third university, in the last week, to be hit with a cyber-attack.

Along with The University of the Highlands and Islands and Queen’s University in Belfast, the UK’s National Cyber Security Centre has launched an investigation, though officials are yet to confirm whether these attacks are linked.

Leaving remote-working students unable to submit work, a UCLAN spokesperson explained that the institution had “deployed a full incident response plan to evaluate the extent of the issue and to stabilise the situation”, going on to explain that systems were quickly restored, and that no data was lost.

Often targeted by criminals seeking financial gain, and by nation states looking to steal intellectual property, educational institutions are increasingly the target of information security attacks.

In a statement responding to the incident against Queen’s University, an NCSC spokesperson stated, “Universities hold valuable data which can make them a lucrative target, and the NCSC works closely with the sector to help them to improve their cyber resilience.”

Security Cameras Hacked

Up to 150,000 security cameras made by security software company Verkada, installed in schools, hospitals, and businesses around the world, have been compromised in an information security attack.

With stolen footage from inside a Tesla factory, a Florida hospital and a US school being shared online by the cyber criminals, the attack reportedly involved infiltrating the network via a “super admin” account after credentials were left vulnerable.

The attack, which was executed by an international hacker collective, appears to have been motivated by an intent to disrupt, with one attacker claiming responsibility being quoted as saying it’s “just too much fun not to do.”

A spokesperson for Verkada, the company behind the cameras stated on the incident, “We have disabled all internal administrator accounts to prevent any unauthorized access.” Adding, “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”

Norwegian Parliament Data Stolen

Norway’s parliament, the Storting, has fallen victim to a cyber attack involving the recently discovered Microsoft Exchange vulnerabilities.

Currently attributed to a Chinese-backed hacking group, Microsoft last week released security updates to fix four zero-day vulnerabilities which were actively exploited in many targeted attacks.

The full extent of the incident is reportedly not yet known, but the Norwegian parliament has confirmed that threat actors managed to steal data as part of the cyber-attack.

As the second attack against the parliament in 12 months, in December of last year it is believed that a Russian-backed hacking group managed to access an undisclosed number of official email accounts.

Storting director, Marianne Andreassen stated on the matter, “We know that data has been extracted, but we do not yet have a full overview of the situation.” Adding, “The situation is currently unclear, and we do not know the full potential for damage.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Disaster Recovery Plan

Writing a Disaster Recovery Plan

Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.

InfoSec Round-Up: March 5th

InfoSec Round-Up: March 5th - Hut Six

Malaysia Airlines Breach, SolarWinds $3.5M & PrisimHR Ransomware - InfoSec Round-Up March 5th

Security Program Policies for 2021

What Policies Do I Need for a Security Program?

Security program policies blog by information security awareness training provider Hut Six Security.

InfoSec Round-Up: Feb 26th

InfoSec Round-Up: Feb 26th - Hut Six

Jet Maker Attacked, Central Bank System Downed & Medical Data Leak - InfoSec Round-Up Feb 26th

Security Awareness Training for Cyber Essentials

Preparing for Cyber Essentials with Information Security Awareness Training

Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.

InfoSec Round-Up: February 19th

InfoSec Round-Up: February 19th - Hut Six

NK Hackers Charged, Yandex Insider Attack & ICO Fines - InfoSec Round-Up Feb 19th

Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021

Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security

InfoSec Round-Up: February 12th

InfoSec Round-Up: February 12th - Hut Six

Cyberpunk 2077 Attack, North Korean Crypto Theft & SIM Swaps - InfoSec Round-Up Feb 12th

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

InfoSec Round-Up: February 5th

InfoSec Round-Up: February 5th - Hut Six

SolarWinds Flaws, Ransomware Attack & Oxfam Breach - InfoSec Round-Up Feb 5th