InfoSec Round-Up: March 5th

Malaysia Airlines Breach, SolarWinds $3.5M & PrisimHR Ransomware

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Payroll Company Ransomware Attack

Payroll company PrismHR has suffered a significant outage following a cyber security incident, which many speculate to be a ransomware attack.

Used by more than 80,000 businesses and processing more than $80 billion in annual payments, PrismHR suffered disruption to its services, publicly stating that it detected suspicious activity within its networks.

Though PrismHR has divulged little in regard to detail, with the company announcing that it was in the process of rebuilding its entire system from data backups in a new environment, many cyber security experts suspect a ransomware outbreak.

In a statement to its customers, the company noted, “We immediately disabled access to the system to protect customer information and engaged top-tier security experts to help on this. We are working quickly to restore customer access to our platform.”

Adding, “While we are still looking into this, there is currently no evidence of unauthorized access or theft of data contained on our servers."

Malaysia Airlines Data Breach

Malaysia Airlines has notified a number of customers in regard to a data breach which is believed to have exposed personal information for around nine years.

It is currently unknown how many customers have been affected, though members of the Airlines ‘Enrich’ frequent flyer program received a notification early this week explaining the breach of a “third-party IT service provider”.

Exposed between March of 2010 and June of 2019, names, contact information, account numbers and other personal information make up the affected data.

While the company has stated that there was no payment information lost and that there is no evidence of misuse, the airline has recommended that users change their passwords as a precautionary measure.

Responding to customer concerns, the airline stated: “The data security incident occurred at our third-party IT service provider and not Malaysia Airlines' computer systems. However, the airline is monitoring any suspicious activity.”

SolarWinds Hack Cost Company $3.5m

SolarWinds, the company whose software was last year compromised as part of a wide-reaching supply-chain attack, has announced expenses of $3.5 million relating to incident investigation and remediation.

The attack, which Microsoft President Brad Smith described as a “mass indiscriminate global assault”, occurred back in December and affected many organisations across the world, potentially compromising huge swaths of sensitive information.

Currently the subject of many ongoing lawsuits, investigations and inquiries, SolarWinds is accused of violating federal security laws, leaving many company clients vulnerable to attack.

Though the company reportedly has $15 million in cybersecurity insurance coverage, the current cost of $3.5 million is expected to rise significantly as investigations progress.

As part of the annual report, SolarWinds noted, “costs related to the Cyber Incident that will be incurred in future periods will include increased expenses associated with ongoing and any new claims, investigations and inquiries.”

Adding, “We expect to incur increased expenses for insurance, finance, compliance activities, and to meet increased legal and regulatory requirements.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.