InfoSec Round-Up: May 29th 2020
GitLab Phishing, Red Cross Cybersecurity, and easyJet Lawsuit
Episode #5 – 29th May
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
This week we are looking at GitLab’s simulated phishing attacks, the Red Cross’ open letter on cyber security and the lawsuit over the easyJet customer data breach. Welcome to the Hut Six Infosec Round-Up.
GitLab Phishes its Employees
The DevOps platform, GitLab has announced that 20% of targeted employees have handed over credentials in a simulated phishing attack.
The mock phishing emails, which were sent to GitLab employees, were designed to tests the susceptibility of staff to online scams.
1 in 5 employees though, failed the test by not only clicking on links within suspicious emails, but also entering login details into a specially designed phishing website. Designed to mimic an official GitLab page, only 12% of email recipients reported the email to GitLab security.
Johnathan Hunt, VP of Security at GitLab, stated “Initially, the team had the assumption that more people would fall for the phishing scam, but that assumption turned out to be false."
The average failure to detect phishing emails is an issue of some dispute, with some estimates as low as 3.4%, whilst other as high as 45%.
Publishing the results publicly is a pioneering move by GitLab as usually these results are closely guarded by organisations and even employees themselves are kept in the dark.
Red Cross Urges Governments to Improve Cybersecurity
In an open letter the International Committee of The Red Cross has called upon governments across the world to work together to help stop cyber-attacks on health care institutions.
Along with over 40 other global leaders, the head of the International Committee of the Red Cross (ICVRS) has called upon governments to do more to safeguard critical healthcare institutions during this particularly critical time.
The plea comes following a number of attacks against medical research and health facilities, including one of the Czech Republic’s biggest Covid-19 testing centres, Brno University Hospital, which was held to ransom
In the letter, ICRS president, Peter Maurer urged powers "to take immediate and decisive action to stop all cyber-attacks.” Adding “we must take action collectively to ensure this threat is addressed, and already fragile health care systems… are not put at further risk by cyber operations.”
easyJet Faces £18 Billion Lawsuit
Following on from last week’s coverage of the easyJet hack, which saw 9 million customer records breached, the budget airline is now facing a £18 billion class-action lawsuit.
The attack, which was made public only last week, has led to the filing of a lawsuit on behalf of the 9 million customers. The law firm filing the claim suggests that victims could be eligible for up to £2,000, depending on circumstances.
The stolen data, which contained full names, email addresses and travel data, may, as the law firm points out, could pose a security risk to affected individuals.; this kind of data often being sought out for the purposes of phishing.
The UK’s Nation Cyber Security Centre (NCSC), who were notified of the incident on the 19th May, have also stated that they “recommend anybody with accounts that could have been compromised to be especially vigilant against any unusual activity in their bank accounts or suspicious phone calls and emails”, as well as recommending users consider changing passwords for affected accounts.
If you are interested in finding out more about Hut Six’s information security awareness training, follow the link below.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
How Does the Data Protection Act Protect your Rights? Blog by information security awareness training provider Hut Six Security.
Knowing how a ransomware attack works is the key to avoiding them and the damage they can pose to your organisation. Blog by Hut Six Security.
Luke talks about his favourite Information Security tutorial, Handling Sensitive Information. Information Security video by Hut Six Security.
Ways of recognising phishing attacks to ensure your organisation stays secure. Blog by information security awareness training provider Hut Six Security.
What are the Eight Principles of the Data Protection Act? Why has this changed to seven in the DPA 2018? Blog by Hut Six Security.
Kayleigh talks about her favourite Information Security tutorial, Encouraging a Secure Culture, which explains the importance of building a secure culture.
4 Key Information Security Risks for remote work during lockdown. Blog from Information Security Awareness training provider Hut Six Security.
Top Cyber Security Awareness Training Topics · Phishing · Web Safety · Passwords · Malware · Mobile Devices · Wi-Fi · Social Engineering · Encryption · Backups · Sensitive Information.
Who is Responsible for Enforcing the Data Protection Act? Information security awareness blog by Information Security training provider Hut Six Security
Priya, our Customer Success Specialist, talks about her favourite tutorial, Social Media & Privacy, which explains the dangers of social media sites and how to stay safe.