InfoSec Round-Up May 7th

Play Video

Romance Fraud, Wi-Fi Flaws & Ransomware Action

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Ransomware Task Force Urges Action

An international coalition of law enforcement entities and technology companies are calling for “aggressive and urgent” action against the growing problem of ransomware.

Insisting that there is “more than just money at stake” and that “ransomware has become a serious national security threat and public health and safety concern”, the Ransomware Task Force (RTF) has issued nearly 50 recommendations to governments to help tackle ransomware attacks.

Including entities such as the UK’s National Cyber Security Centre (NCSC), Microsoft, the FBI and Amazon, amongst other suggestions, the RTF recommends that governments make it mandatory for victims to report if criminals and paid, additionally asking for increased regulation for cryptocurrency services.

With the NCSC reporting that it has handled more that 3 times as many ransomware incidents in 2020, relative to the preceding year, and an estimated global annual cost of somewhere between $42bn and $170bn, it is clear that ransomware is a problem on the rise.

Speaking to the ransomware issue, RTF co-chair Jen Ellis stated, “Citizens are being impacted by this every day. It's having a huge impact on the economy and the ability for ordinary people to access critical services.”

Adding, “The funds that come in from paid ransoms fund other forms of organised crime, like human trafficking and child exploitation.”

Romance Fraud Costs Victim £113,000

Rachel Elwell, of the West Midlands, is currently facing bankruptcy after losing almost £113,000 to a romance fraud scammer she met on a dating website.

Having claimed that he lived near the victim, but that he was abroad for an engineering contract in Ukraine, the scammer successfully convinced Ms Elwell that he had been taken captive by loan sharks and that his life was in danger.

Supporting his claims with forged documents and staged photographs, the victim first sent the scammer £250, though eventually ended up losing just under £113,000; money which is unlikely to be recovered.

Interviewed by the BBC, when asked why she had sent the funds, Ms Elwell explained, “When he said his life was in danger and I didn't hear from him, I thought he'd been murdered… Can you imagine feeling you're responsible for whether someone lives or dies?”

Attempting to confirm the man’s story, Ms Elwell only realised her mistake after visiting the scammers supposed address in Coventry, discovering that nobody of that name lived there.

As an increasingly common form of fraud, a spokesperson for the West Midlands Police stated, “Rachel's case is a prime example of romance fraud, her case highlights how much these scammers affect people's lives.”

Routers at Risk

A report by consumer watchdog Which? has warned that millions of people could be at risk due to outdated routers.

Having examined 13 models provided by internet service providers, including EE, Virgin Media and Sky, the organisation discovered flaws in more than two thirds of devices.

Estimating that around six million households could be using a device that has not been updated since 2018 or earlier, issues discovered include weak default passwords, a lack of firmware updates and local network vulnerabilities.

In response to the report, several ISPs have hit back, including Virgin who stated that they do not “recognise or accept the findings of the research.”

With proposed UK legislation banning the use of default passwords being present on devices, computing editor for Which?, Kate Bevan stated that the updates to the law “can’t come soon enough.”

Adding “Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to update devices that pose security risks”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

The importance of an email security policy

Why Organisations Need an Email Security Policy

An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.

Preventing Human Error in Information Security

Human Error in Information Security

When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.

Security Awareness - Return on Investment

Investing in Information Security Awareness Training

Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021

Microsoft Teams Security

How Secure is Microsoft Teams?

How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security

Enterprise Data Regulation

Best Ways To Ensure Enterprise Data Regulation

Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.

Disaster Recovery Plan

Writing a Disaster Recovery Plan

Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.

Security Program Policies for 2021

What Policies Do I Need for a Security Program?

Security program policies blog by information security awareness training provider Hut Six Security.

Security Awareness Training for Cyber Essentials

Preparing for Cyber Essentials with Information Security Awareness Training

Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.

Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021

Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

Speak to us about your Cyber Awareness