InfoSec Round-Up: May 22nd 2020

Play Video

Cryptomining hijack, EasyJet Hack and NHS Failing audits

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at the supercomputers hijacked for crypto mining, the results of NHS cybersecurity tests, and the theft of EasyJet customer data. Welcome to the Hut Six Infosec Round-up.

Supercomputers Hijacked for Crypto-Mining

Across the world, around a dozen supercomputers have been taken offline following cyber-attacks.

Among others, the UK’s primary academic research supercomputer, ARCHER, has been taken offline following a “security exploitation” carried out against high powered machines across the world.

Staff at the University of Edinburgh, where ARCHER (Advanced Research Computing High End Resource) is based, stated they “now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere.”

Using stolen SSH credentials to access the machines, attackers infected multiple supercomputers with malware, designed to ‘mine’ difficult to trace cryptocurrency Monero.

With vast amounts of computational power needed to generate cryptocurrency and the cost of requisite hardware, cyber criminals frequently rely on hijacking processing power, as in the case of botnets.

Edinburgh University is working with the UK’s National Cyber Security Centre to restore the system, with the NCSC stating it will work “with the academic sector to help it improve its security practices and protect institutions from threats.”

NHS Trusts Fail Cybersecurity Tests

As reported by the Nation Audit Office (NAO), a vast majority of NHS trusts have failed the government led Cyber Essentials Plus assessment.

As of February 2020, only one out of 204 trusts to face an on-site cyber security assessment had scored a passing grade. Requiring a score of 100% to pass, the average score across results was 63%, an improvement upon the average of 50% in 2017.

Despite the low pass rate, NHSX and NHS Digital do note “a general improvement in cyber security across the NHS” following the 2017 WannaCry incident, which as well as costing around £73 million in IT recovery, highlighted many ongoing security issues, including out-dated equipment.

easyJet Customer Data Stolen

The budget airline, easyJet, has announced that the personal information of 9 million customers was breached in what they have termed, a “highly sophisticated” attack.

In what is already a challenging time for airlines across the world, EasyJet is now dealt another blow with the email addresses and travel details of around 9 million customers accessed, as well as 2,208 customers’ credit card details stolen.

Having begun the process of notifying affected customers, CEO Johan Lundgren stated “Since we became aware of the incident, it has become clear that owing to COVID-19 there is heightened concern about personal data being used for online scams”, as well as advising affected individuals to be “extra vigilant”.

In the statement, the company also highlighted that, thus far, “there is no evidence that any personal information of any nature has been misused”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Recognising Phishing Attacks

4 Ways of Recognising Phishing Attacks in 2020

Ways of recognising phishing attacks to ensure your organisation stays secure. Blog by information security awareness training provider Hut Six Security.

Data Protection Act's Eight Principles

What are the Eight Principles of the Data Protection Act?

What are the Eight Principles of the Data Protection Act? Why has this changed to seven in the DPA 2018? Blog by Hut Six Security.

Hut Six Staff Snippets: Encouraging a Secure Culture

Hut Six Staff Snippets: Encouraging a Secure Culture - Hut Six

Kayleigh talks about her favourite Information Security tutorial, Encouraging a Secure Culture, which explains the importance of building a secure culture.

Infosec Round-Up:  May 15th 2020

Infosec Round-Up: May 15th 2020 - Hut Six

Norfund Breach, Celebrity Data hack, and Ransomware Research - InfoSec Round Up, May 15th 2020

Remote Work - the New Normal?

The Age of Remote Work

4 Key Information Security Risks for remote work during lockdown. Blog from Information Security Awareness training provider Hut Six Security.

Top 10 Essential Information Security Awareness Training Topics for Employees

Top 10 Essential Security Awareness Training Topics - Hut Six

Top Cyber Security Awareness Training Topics · Phishing · Web Safety · Passwords · Malware · Mobile Devices · Wi-Fi · Social Engineering · Encryption · Backups · Sensitive Information.

InfoSec Round-Up: May 8th 2020

InfoSec Round-Up: May 8th 2020 - Hut Six

Hackers Target Universities, LoveBug Virus, and Tokopedia Breach: InfoSec Round Up: May 8th 2020

Data Protection Act Responsibilities

Who is Responsible for Enforcing the Data Protection Act?

Who is Responsible for Enforcing the Data Protection Act? Information security awareness blog by Information Security training provider Hut Six Security

Hut Six Staff Snippets: Social Media and Privacy

Hut Six Staff Snippets: Social Media and Privacy - Hut Six

Priya, our Customer Success Specialist, talks about her favourite tutorial, Social Media & Privacy, which explains the dangers of social media sites and how to stay safe.

InfoSec Round-Up : April 20th - 30th

InfoSec Round-Up : April 20th - 30th - Hut Six

NCSC Campaign, Warwick University Breach, and Kinomap: InfoSec Round-Up: April 20th - 30th 2020