InfoSec Round-Up: March 19th
MoD Security, $4.2B Cybercrime Loss & Hacker Teen Sentenced
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
MoD Security Incidents
The UK’s Ministry of Defence (MoD) has in the last year reportedly suffered a record number of security incidents involving contractors.
With around 75 suspected or confirmed breaches of security policy, procedures or legislation occurring in 2019, 2020 saw this number double to 151, many of which reportedly involve information being send to personal email accounts.
As the highest recorded number of security incidents originating from the British Military’s private sector partners, incidents are filed with the MoD’s defence industry Warning, Advice and Reporting Point (WARP) and not via the typical UK data watchdog (the ICO).
Raising questions regarding the UK’s cyber resilience to foreign espionage, other incidents included a physical breach of a perimeter fence at an undisclosed location, misconfigured IT systems and “data sent to [an] unauthorised domain.”
A spokesperson for the MoD said: “The MoD takes the security of its personnel, systems and establishments very seriously and continually seek to improve security incident reporting.” Adding “We have recently introduced policy, processes and tools to make internal and external reporting easier and more efficient, and the increase in reports can be largely attributed to these improvements.”
$4.2 Billion Cybercrime Loss
The United States’ Federal Bureau of Investigation has published its annual report into cybercrime, announcing an estimated financial loss to victims of a terrifying $4.2 billion.
With the Internet Crime Complaint Centre (IC3) last year recording almost 800,000 complaints (an increase of 69% from 2019), 2020 has seen a record level of complaints and losses related to cybercrime.
With much of these funds being lost to phishing, extortion, and retails scams, business email account compromise (BEC), accounts for around half of all complaints and for around $1.8 billion of the total losses, up from $1.7 billion the previous year.
Specifically, IC3 noted an increase in BEC and email account compromise complaints relating to the use of identity theft and funds being converted to cryptocurrency.
The reports states: “In these variations, we saw an initial victim being scammed in non-BEC/EAC situations to include extortion, tech support, romance scams, etc., that involved a victim providing a form of ID to a bad actor.” Adding, “That identifying information was then used to establish a bank account to retrieve stolen funds and then transferred to a cryptocurrency account.”
Hacker Teen Pleads Guilty
The US teenager behind last year’s high-profile Bitcoin/Twitter scam has pled guilty in a Florida court in exchange for a three-year prison sentence.
Charged for masterminding a social media hack which targeted many notable Twitter accounts, including those belonging to Elon Musk, Kanye West and Jeff Bezos, Graham Ivan Clark, 17, is reported to have made over $100,000 in the scam.
Sentenced as a ‘youthful offender’, the hacker avoided the minimum 10-year sentence which would have been followed should he have been convicted as an adult, and as part of his sentencing, Clarke is banned from using computer without the permission and supervision of law enforcement.
Hillsborough State Attorney Andrew Warren noted, “Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences.”
Adding, “In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future.”
Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.
Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security
Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.
Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.