InfoSec Round-Up: May 22nd 2020
Cryptomining hijack, EasyJet Hack and NHS Failing audits
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
This week we are looking at the supercomputers hijacked for crypto mining, the results of NHS cybersecurity tests, and the theft of EasyJet customer data. Welcome to the Hut Six Infosec Round-up.
Supercomputers Hijacked for Crypto-Mining
Across the world, around a dozen supercomputers have been taken offline following cyber-attacks.
Among others, the UK’s primary academic research supercomputer, ARCHER, has been taken offline following a “security exploitation” carried out against high powered machines across the world.
Staff at the University of Edinburgh, where ARCHER (Advanced Research Computing High End Resource) is based, stated they “now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere.”
Using stolen SSH credentials to access the machines, attackers infected multiple supercomputers with malware, designed to ‘mine’ difficult to trace cryptocurrency Monero.
With vast amounts of computational power needed to generate cryptocurrency and the cost of requisite hardware, cyber criminals frequently rely on hijacking processing power, as in the case of botnets.
Edinburgh University is working with the UK’s National Cyber Security Centre to restore the system, with the NCSC stating it will work “with the academic sector to help it improve its security practices and protect institutions from threats.”
NHS Trusts Fail Cybersecurity Tests
As reported by the Nation Audit Office (NAO), a vast majority of NHS trusts have failed the government led Cyber Essentials Plus assessment.
As of February 2020, only one out of 204 trusts to face an on-site cyber security assessment had scored a passing grade. Requiring a score of 100% to pass, the average score across results was 63%, an improvement upon the average of 50% in 2017.
Despite the low pass rate, NHSX and NHS Digital do note “a general improvement in cyber security across the NHS” following the 2017 WannaCry incident, which as well as costing around £73 million in IT recovery, highlighted many ongoing security issues, including out-dated equipment.
easyJet Customer Data Stolen
The budget airline, easyJet, has announced that the personal information of 9 million customers was breached in what they have termed, a “highly sophisticated” attack.
In what is already a challenging time for airlines across the world, EasyJet is now dealt another blow with the email addresses and travel details of around 9 million customers accessed, as well as 2,208 customers’ credit card details stolen.
Having begun the process of notifying affected customers, CEO Johan Lundgren stated “Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams”, as well as advising affected individuals to be “extra vigilant”.
In the statement, the company also highlighted that, thus far, “there is no evidence that any personal information of any nature has been misused”.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Ways of recognising phishing attacks to ensure your organisation stays secure. Blog by information security awareness training provider Hut Six Security.
What are the Eight Principles of the Data Protection Act? Why has this changed to seven in the DPA 2018? Blog by Hut Six Security.
Kayleigh talks about her favourite Information Security tutorial, Encouraging a Secure Culture, which explains the importance of building a secure culture.
4 Key Information Security Risks for remote work during lockdown. Blog from Information Security Awareness training provider Hut Six Security.
Top Cyber Security Awareness Training Topics · Phishing · Web Safety · Passwords · Malware · Mobile Devices · Wi-Fi · Social Engineering · Encryption · Backups · Sensitive Information.
Who is Responsible for Enforcing the Data Protection Act? Information security awareness blog by Information Security training provider Hut Six Security
Priya, our Customer Success Specialist, talks about her favourite tutorial, Social Media & Privacy, which explains the dangers of social media sites and how to stay safe.
Are there any exemptions to the Data Protection Act? Blog by Information Security Awareness Training provider Hut Six Security.
Simon Fraser, our Managing Director, talks about his favourite tutorial, Assessing your Risk, which explains how businesses can assess the likelihood of a security risk occurring
Hut Six are pleased to announce membership to Tech nation Cyber, the UK's national scale-up program for all things cyber and tech. Blog by Hut Six Security.