InfoSec Round-Up: May 29th 2020

Play Video

GitLab Phishing, Red Cross Cybersecurity, and easyJet Lawsuit

Episode #5 – 29th May

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at GitLab’s simulated phishing attacks, the Red Cross’ open letter on cyber security and the lawsuit over the easyJet customer data breach. Welcome to the Hut Six Infosec Round-Up.

GitLab Phishes its Employees

The DevOps platform, GitLab has announced that 20% of targeted employees have handed over credentials in a simulated phishing attack.

The mock phishing emails, which were sent to GitLab employees, were designed to tests the susceptibility of staff to online scams.

1 in 5 employees though, failed the test by not only clicking on links within suspicious emails, but also entering login details into a specially designed phishing website. Designed to mimic an official GitLab page, only 12% of email recipients reported the email to GitLab security.

 Johnathan Hunt, VP of Security at GitLab, stated “Initially, the team had the assumption that more people would fall for the phishing scam, but that assumption turned out to be false."

The average failure to detect phishing emails is an issue of some dispute, with some estimates as low as 3.4%, whilst other as high as 45%.

Publishing the results publicly is a pioneering move by GitLab as usually these results are closely guarded by organisations and even employees themselves are kept in the dark.

Red Cross Urges Governments to Improve Cybersecurity

In an open letter the International Committee of The Red Cross has called upon governments across the world to work together to help stop cyber-attacks on health care institutions.

Along with over 40 other global leaders, the head of the International Committee of the Red Cross (ICVRS) has called upon governments to do more to safeguard critical healthcare institutions during this particularly critical time.

The plea comes following a number of attacks against medical research and health facilities, including one of the Czech Republic’s biggest Covid-19 testing centres, Brno University Hospital, which was held to ransom

In the letter, ICRS president, Peter Maurer urged powers "to take immediate and decisive action to stop all cyber-attacks.” Adding “we must take action collectively to ensure this threat is addressed, and already fragile health care systems… are not put at further risk by cyber operations.”

easyJet Faces £18 Billion Lawsuit

Following on from last week’s coverage of the easyJet hack, which saw 9 million customer records breached, the budget airline is now facing a £18 billion class-action lawsuit.

The attack, which was made public only last week, has led to the filing of a lawsuit on behalf of the 9 million customers. The law firm filing the claim suggests that victims could be eligible for up to £2,000, depending on circumstances.

The stolen data, which contained full names, email addresses and travel data, may, as the law firm points out, could pose a security risk to affected individuals.; this kind of data often being sought out for the purposes of phishing.

The UK’s Nation Cyber Security Centre (NCSC), who were notified of the incident on the 19th May, have also stated that they “recommend anybody with accounts that could have been compromised to be especially vigilant against any unusual activity in their bank accounts or suspicious phone calls and emails”, as well as recommending users consider changing passwords for affected accounts.

If you are interested in finding out more about Hut Six’s information security awareness training, follow the link below.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Data Protection Principles

How Does the Data Protection Act Protect your Rights?

How Does the Data Protection Act Protect your Rights? Blog by information security awareness training provider Hut Six Security.

Ransomware Explained

How a Ransomware Attack Works

Knowing how a ransomware attack works is the key to avoiding them and the damage they can pose to your organisation. Blog by Hut Six Security.

Hut Six Staff Snippets: Handling Sensitive Information

Hut Six Staff Snippets: Handling Sensitive Information - Hut Six

Luke talks about his favourite Information Security tutorial, Handling Sensitive Information. Information Security video by Hut Six Security.

InfoSec Round-Up: May 22nd 2020

InfoSec Round-Up: May 22nd 2020 - Hut Six

Cryptomining hijack, EasyJet Hack and NHS Failing audits - InfoSec Round-Up, May 22nd 2020

Recognising Phishing Attacks

4 Ways of Recognising Phishing Attacks in 2020

Ways of recognising phishing attacks to ensure your organisation stays secure. Blog by information security awareness training provider Hut Six Security.

Data Protection Act's Eight Principles

What are the Eight Principles of the Data Protection Act?

What are the Eight Principles of the Data Protection Act? Why has this changed to seven in the DPA 2018? Blog by Hut Six Security.

Hut Six Staff Snippets: Encouraging a Secure Culture

Hut Six Staff Snippets: Encouraging a Secure Culture - Hut Six

Kayleigh talks about her favourite Information Security tutorial, Encouraging a Secure Culture, which explains the importance of building a secure culture.

Infosec Round-Up:  May 15th 2020

Infosec Round-Up: May 15th 2020 - Hut Six

Norfund Breach, Celebrity Data hack, and Ransomware Research - InfoSec Round Up, May 15th 2020

Remote Work - the New Normal?

The Age of Remote Work

4 Key Information Security Risks for remote work during lockdown. Blog from Information Security Awareness training provider Hut Six Security.

Top 10 Essential Information Security Awareness Training Topics for Employees

Top 10 Essential Security Awareness Training Topics - Hut Six

Top Cyber Security Awareness Training Topics · Phishing · Web Safety · Passwords · Malware · Mobile Devices · Wi-Fi · Social Engineering · Encryption · Backups · Sensitive Information.