This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

MoD Security Incidents

The UK’s Ministry of Defence (MoD) has in the last year reportedly suffered a record number of security incidents involving contractors.

With around 75 suspected or confirmed breaches of security policy, procedures or legislation occurring in 2019, 2020 saw this number double to 151, many of which reportedly involve information being send to personal email accounts.

As the highest recorded number of security incidents originating from the British Military’s private sector partners, incidents are filed with the MoD’s defence industry Warning, Advice and Reporting Point (WARP) and not via the typical UK data watchdog (the ICO).

Raising questions regarding the UK’s cyber resilience to foreign espionage, other incidents included a physical breach of a perimeter fence at an undisclosed location, misconfigured IT systems and “data sent to [an] unauthorised domain.”

A spokesperson for the MoD said: “The MoD takes the security of its personnel, systems and establishments very seriously and continually seek to improve security incident reporting.” Adding “We have recently introduced policy, processes and tools to make internal and external reporting easier and more efficient, and the increase in reports can be largely attributed to these improvements.”

$4.2 Billion Cybercrime Loss

The United States’ Federal Bureau of Investigation has published its annual report into cybercrime, announcing an estimated financial loss to victims of a terrifying $4.2 billion.

With the Internet Crime Complaint Centre (IC3) last year recording almost 800,000 complaints (an increase of 69% from 2019), 2020 has seen a record level of complaints and losses related to cybercrime.

With much of these funds being lost to phishing, extortion, and retails scams, business email account compromise (BEC), accounts for around half of all complaints and for around $1.8 billion of the total losses, up from $1.7 billion the previous year.

Specifically, IC3 noted an increase in BEC and email account compromise complaints relating to the use of identity theft and funds being converted to cryptocurrency.

The reports states: “In these variations, we saw an initial victim being scammed in non-BEC/EAC situations to include extortion, tech support, romance scams, etc., that involved a victim providing a form of ID to a bad actor.” Adding, “That identifying information was then used to establish a bank account to retrieve stolen funds and then transferred to a cryptocurrency account.”

Hacker Teen Pleads Guilty

The US teenager behind last year’s high-profile Bitcoin/Twitter scam has pled guilty in a Florida court in exchange for a three-year prison sentence.

Charged for masterminding a social media hack which targeted many notable Twitter accounts, including those belonging to Elon Musk, Kanye West and Jeff Bezos, Graham Ivan Clark, 17, is reported to have made over $100,000 in the scam.

Sentenced as a ‘youthful offender’, the hacker avoided the minimum 10-year sentence which would have been followed should he have been convicted as an adult, and as part of his sentencing, Clarke is banned from using computer without the permission and supervision of law enforcement.

Hillsborough State Attorney Andrew Warren noted, “Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences.”

Adding, “In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future.”

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.