InfoSec Round-Up: May 8th 2020
Hackers Target Universities, LoveBug Virus, and Tokopedia Breach
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
This week we are looking at state-sponsored hackers targeting university research, the creator of the world’s first major computer virus and 91 million records stolen from Asian e-commerce giant Tokopedia.
Hackers Targeting Universities
The NCSC has warned of state-sponsored attempts to steal Covid-19 research from universities, describing the efforts as ‘reprehensible’.
With the stakes increasingly high for developing a vaccine or treatment, competition within the scientific research community may be at an all time peak.
The University of Oxford, for example, has already begun human vaccine trials; research which presents itself as an extremely valuable target for a variety of international interests.
A spokesperson from Oxford University stated the institution is “working closely with the NCSC to ensure [their] Covid-19 research has the best possible cybersecurity and protection.”
With no known breaches of this kind so far, the NCSC stated that the overall level of cyber-attacks against the UK has remained stable during the pandemic, despite “an increased proportion of cyber-attack related to coronavirus”
Love Bug Creator Found
The creator of one of the world’s first major computer viruses has, after twenty years of uncertainty, admitted to creating the worm which, amongst other things, caused the shutdown of UK government communications.
Onel de Guzman, created the ILOVEYOU in the year 2000 with the purpose of stealing passwords to access the internet free of charge. Once in the wild, the virus spread across the world causing up to $10 billion worth of damage.
The virus exploited users’ romantic curiosity with an attachment named "LOVE-LETTER-FOR-YOU.txt.vbs", a tactic which still proves effective for cybercriminals even now.
Now running a phone shop in the Philippines capital, Manila, Guzman admitted to creating the virus, as well as expressing his regret over the incident; thus, closing the book on one of the internets many mysteries.
Researchers have found cybercriminals selling the records of up to 91 million users for the Indonesian technology company Tokopedia. The company, who specialise in e-commerce was reportedly hacked in March, with email addresses, names and passwords hashes making up the stolen data.
An initial 15 million records were leaked, though these reports have been updated to include the claim a hacker is now offering the details of 91 million Tokopedia users for $5 thousand via the dark-web.
A spokesperson from the company acknowledged an investigation into the matter is being conducted, whilst adding that “Tokopedia ensures that crucial information such as passwords remains successfully protected behind encryption”.
As with the case of any hack where details are leaked, users are advised to update their passwords, especially if those passwords are being reused, and to monitor their account for any unusual activity.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Who is Responsible for Enforcing the Data Protection Act? Information security awareness blog by Information Security training provider Hut Six Security
Priya, our Customer Success Specialist, talks about her favourite tutorial, Social Media & Privacy, which explains the dangers of social media sites and how to stay safe.
Are there any exemptions to the Data Protection Act? Blog by Information Security Awareness Training provider Hut Six Security.
Simon Fraser, our Managing Director, talks about his favourite tutorial, Assessing your Risk, which explains how businesses can assess the likelihood of a security risk occurring
Hut Six are pleased to announce membership to Tech nation Cyber, the UK's national scale-up program for all things cyber and tech. Blog by Hut Six Security.
Pratteek Bathula, our Product Director, talks about his favourite tutorial, Encryption, which explains the principle of encryption and how it is used to keep your information safe.
Technical Director Dan walks us through the password security tutorial. New video from Information Security Awareness Training Provider Hut Six Security
How Many Data Protection Principles are There? And what do they all mean? Blog by Information Security Awareness Training provider Hut Six Security
The Cyber Security Breaches Survey 2020 provides many insights into the current state of cyber security. Blog by Hut Six Security
What is the Punishment for Breaking the Data Protection Act? Blog by Information Security Awareness Training provider Hut Six Security