InfoSec Round-Up: March 12th
Uni Cyber Attacks, Security Camera Hack & Norwegian Gov Data
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
University Cyber Attack
The University of Central Lancashire in Preston has become the third university, in the last week, to be hit with a cyber-attack.
Along with The University of the Highlands and Islands and Queen’s University in Belfast, the UK’s National Cyber Security Centre has launched an investigation, though officials are yet to confirm whether these attacks are linked.
Leaving remote-working students unable to submit work, a UCLAN spokesperson explained that the institution had “deployed a full incident response plan to evaluate the extent of the issue and to stabilise the situation”, going on to explain that systems were quickly restored, and that no data was lost.
Often targeted by criminals seeking financial gain, and by nation states looking to steal intellectual property, educational institutions are increasingly the target of information security attacks.
In a statement responding to the incident against Queen’s University, an NCSC spokesperson stated, “Universities hold valuable data which can make them a lucrative target, and the NCSC works closely with the sector to help them to improve their cyber resilience.”
Security Cameras Hacked
Up to 150,000 security cameras made by security software company Verkada, installed in schools, hospitals, and businesses around the world, have been compromised in an information security attack.
With stolen footage from inside a Tesla factory, a Florida hospital and a US school being shared online by the cyber criminals, the attack reportedly involved infiltrating the network via a “super admin” account after credentials were left vulnerable.
The attack, which was executed by an international hacker collective, appears to have been motivated by an intent to disrupt, with one attacker claiming responsibility being quoted as saying it’s “just too much fun not to do.”
A spokesperson for Verkada, the company behind the cameras stated on the incident, “We have disabled all internal administrator accounts to prevent any unauthorized access.” Adding, “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”
Norwegian Parliament Data Stolen
Norway’s parliament, the Storting, has fallen victim to a cyber attack involving the recently discovered Microsoft Exchange vulnerabilities.
Currently attributed to a Chinese-backed hacking group, Microsoft last week released security updates to fix four zero-day vulnerabilities which were actively exploited in many targeted attacks.
The full extent of the incident is reportedly not yet known, but the Norwegian parliament has confirmed that threat actors managed to steal data as part of the cyber-attack.
As the second attack against the parliament in 12 months, in December of last year it is believed that a Russian-backed hacking group managed to access an undisclosed number of official email accounts.
Storting director, Marianne Andreassen stated on the matter, “We know that data has been extracted, but we do not yet have a full overview of the situation.” Adding, “The situation is currently unclear, and we do not know the full potential for damage.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.
Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security
Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.
Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.
ISO 27001 vs SOC 2 Certifications - what's the difference? SOC 2 is a type of audit report focusing on security controls. ISO27001 is a compliance standard focused on high level information security.
The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.