InfoSec Round-Up May 7th
Romance Fraud, Wi-Fi Flaws & Ransomware Action
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Ransomware Task Force Urges Action
An international coalition of law enforcement entities and technology companies are calling for “aggressive and urgent” action against the growing problem of ransomware.
Insisting that there is “more than just money at stake” and that “ransomware has become a serious national security threat and public health and safety concern”, the Ransomware Task Force (RTF) has issued nearly 50 recommendations to governments to help tackle ransomware attacks.
Including entities such as the UK’s National Cyber Security Centre (NCSC), Microsoft, the FBI and Amazon, amongst other suggestions, the RTF recommends that governments make it mandatory for victims to report if criminals and paid, additionally asking for increased regulation for cryptocurrency services.
With the NCSC reporting that it has handled more that 3 times as many ransomware incidents in 2020, relative to the preceding year, and an estimated global annual cost of somewhere between $42bn and $170bn, it is clear that ransomware is a problem on the rise.
Speaking to the ransomware issue, RTF co-chair Jen Ellis stated, “Citizens are being impacted by this every day. It's having a huge impact on the economy and the ability for ordinary people to access critical services.”
Adding, “The funds that come in from paid ransoms fund other forms of organised crime, like human trafficking and child exploitation.”
Romance Fraud Costs Victim £113,000
Rachel Elwell, of the West Midlands, is currently facing bankruptcy after losing almost £113,000 to a romance fraud scammer she met on a dating website.
Having claimed that he lived near the victim, but that he was abroad for an engineering contract in Ukraine, the scammer successfully convinced Ms Elwell that he had been taken captive by loan sharks and that his life was in danger.
Supporting his claims with forged documents and staged photographs, the victim first sent the scammer £250, though eventually ended up losing just under £113,000; money which is unlikely to be recovered.
Interviewed by the BBC, when asked why she had sent the funds, Ms Elwell explained, “When he said his life was in danger and I didn't hear from him, I thought he'd been murdered… Can you imagine feeling you're responsible for whether someone lives or dies?”
Attempting to confirm the man’s story, Ms Elwell only realised her mistake after visiting the scammers supposed address in Coventry, discovering that nobody of that name lived there.
As an increasingly common form of fraud, a spokesperson for the West Midlands Police stated, “Rachel's case is a prime example of romance fraud, her case highlights how much these scammers affect people's lives.”
Routers at Risk
A report by consumer watchdog Which? has warned that millions of people could be at risk due to outdated routers.
Having examined 13 models provided by internet service providers, including EE, Virgin Media and Sky, the organisation discovered flaws in more than two thirds of devices.
Estimating that around six million households could be using a device that has not been updated since 2018 or earlier, issues discovered include weak default passwords, a lack of firmware updates and local network vulnerabilities.
In response to the report, several ISPs have hit back, including Virgin who stated that they do not “recognise or accept the findings of the research.”
With proposed UK legislation banning the use of default passwords being present on devices, computing editor for Which?, Kate Bevan stated that the updates to the law “can’t come soon enough.”
Adding “Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to update devices that pose security risks”.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Washington DC’s Metro Police Department has lost 250GB of unencrypted data which could be leaked to criminal gangs. Reverb.com exposes personal data of millions of customers. Massive Merseyrail ransomware attack.
TikTok Data Lawsuit, Apple Attack & Spy Warning - Infosec Round-Up April 23rd
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
Nuclear Cyber Attack, Capcom Hack & Ransomware Food Shortage - Infosec Round-Up April 16th
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Facebook Leak, Booking.com Fined & University Attacks - Infosec Round-Up April 9th
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
Inside Attacker, FOREX Data Leak & NCSC Warning - InfoSec Round-Up March 26th
MoD Security, $4.2B Cybercrime Loss & Hacker Teen Sentenced - InfoSec Round-Up March 19th
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security