This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

UK Education Threatened

The UK’s National Cyber Security Centre (NCSC) has issued an alert warning of an increase in the number of ransomware attacks targeting the UK education sector.

Responding to trends observed during August and September of last year, as well as several more recent attacks which have occurred since this February, the NCSC is urging senior leaders to take steps to help mitigate such attacks.

Often targeted for financial gain, as well as intellectual property, last August alone saw a reported 17 cyber-attacks against UK schools and universities, most of which were ransomware.

Issuing guidance to institutions, the NCSC noted in the alert, “In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.”

Adding, “Ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to re-enable critical services.”

FOREX Broker Data Leak

Online trading broker FBS has accidentally exposed around 16 billion records relating to millions of customers as a result of a misconfigured cloud database.

Discovered by researchers, the exposed Elasticsearch server containing almost 20TB of data was left completely unsecured, without encryption or password protection.

Quickly linked to FBS, a large foreign exchange trading platform with around 16 million customers, the database included full names, email addresses, billing information, passport numbers, credit card data and more.

Uncovered on the first of October 2020, researchers contacted the organisation the following day, with FBS securing the server by October 5th. It is unknown how long it had been exposed prior to its discovery.

Remarking on their find, WizCase security expert Chase Williams noted, “Were such detailed personally identifiable information (PII) to fall in the wrong hands, it could have been used in the execution of a wide range of cyber threats.”

Insider Threat Sentenced

A former IT consultant responsible for the malicious deletion of over 1,200 Microsoft Office 365 account has been sentenced to two years of prison time.

Sentenced in a California court, the incident followed Mr Kher having been fired from his role in May 2018, when in August of that year he hacked into a former client’s sever and deleted over 1,200 of its 1,500 MS 365 user accounts.

Costing the company upwards of half a million dollars to remediate his actions, Mr Kher was arrested in January of this year following his entering the US from his native India, from where he launched his destructive attack.

Described by the judge as a clear act of revenge, the defendant was sentenced to two years in custody, as well as three years’ supervised release and being ordered to pay $567,084 in restitution to the affected company.

Speaking on the case, FBI Special Agent Suzanne Turner noted, “We encourage companies to develop a relationship with the FBI and local law enforcement prior to a cyber security incident and incorporate us into incident response plans.  In this case, the victim company’s swift notification and cooperation with the FBI contributed greatly to the successful outcome.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.