This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at the supercomputers hijacked for crypto mining, the results of NHS cybersecurity tests, and the theft of EasyJet customer data. Welcome to the Hut Six Infosec Round-up.

Supercomputers Hijacked for Crypto-Mining

Across the world, around a dozen supercomputers have been taken offline following cyber-attacks.

Among others, the UK’s primary academic research supercomputer, ARCHER, has been taken offline following a “security exploitation” carried out against high powered machines across the world.

Staff at the University of Edinburgh, where ARCHER (Advanced Research Computing High End Resource) is based, stated they “now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere.”

Using stolen SSH credentials to access the machines, attackers infected multiple supercomputers with malware, designed to ‘mine’ difficult to trace cryptocurrency Monero.

With vast amounts of computational power needed to generate cryptocurrency and the cost of requisite hardware, cyber criminals frequently rely on hijacking processing power, as in the case of botnets.

Edinburgh University is working with the UK’s National Cyber Security Centre to restore the system, with the NCSC stating it will work “with the academic sector to help it improve its security practices and protect institutions from threats.”

NHS Trusts Fail Cybersecurity Tests

As reported by the Nation Audit Office (NAO), a vast majority of NHS trusts have failed the government led Cyber Essentials Plus assessment.

As of February 2020, only one out of 204 trusts to face an on-site cyber security assessment had scored a passing grade. Requiring a score of 100% to pass, the average score across results was 63%, an improvement upon the average of 50% in 2017.

Despite the low pass rate, NHSX and NHS Digital do note “a general improvement in cyber security across the NHS” following the 2017 WannaCry incident, which as well as costing around £73 million in IT recovery, highlighted many ongoing security issues, including out-dated equipment.

easyJet Customer Data Stolen

The budget airline, easyJet, has announced that the personal information of 9 million customers was breached in what they have termed, a “highly sophisticated” attack.

In what is already a challenging time for airlines across the world, EasyJet is now dealt another blow with the email addresses and travel details of around 9 million customers accessed, as well as 2,208 customers’ credit card details stolen.

Having begun the process of notifying affected customers, CEO Johan Lundgren stated “Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams”, as well as advising affected individuals to be “extra vigilant”.

In the statement, the company also highlighted that, thus far, “there is no evidence that any personal information of any nature has been misused”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.