Infosec Round-Up Nov 12th
Google Privacy Case, REvil Bounty & Clinic Ransomware Attack
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Google Privacy Case
The UK’s Supreme Court has rejected a mass-action lawsuit which sought billions of pounds in damages against Google over the alleged illegal tracking of millions of users.
Had the case, which began back in 2017, been allowed by the Supreme Court to continue, it would have set a significant precedent in terms of future mass actions; whereby one representative could have brought action on behalf of millions of others.
In his judgement of the case, Lord Leggatt stated that a key problem was the claimants lack of evidence regarding individual suffering or any material damage or distress as a result of a breach.
Richard Lloyd, former director of consumer rights group Which? who brought the case has responded to the decision stating: “We are bitterly disappointed that the Supreme Court has failed to do enough to protect the public from Google and other big tech firms who break the law.”
Adding, “Although the court once again recognised that our action is the only practical way that millions of British people can get access to fair redress, they've slammed the door shut on this case by ruling that everyone affected must go to court individually.”
US REvil Bounty
The US Department of State is offering up to $10 million for the identity or location of members of the notorious REvil (Sodinokibi) ransomware syndicate.
As part of the Transnational Organized Crime Rewards Program (TOCRP), this week’s announcement offers a reward of $10 million “for information leading to the identification or location of any individual holding a key leadership position” in the criminal group, as well as up to £5 million for affiliates.
Responsible for attacks against JBS, Travelex and more, two members of the REvil syndicate have this week been arrested by Romanian law enforcement, as well as having around $6 million seized by the US authorities.
In the announcement the Department of State noted, “In offering this reward, the United States is demonstrating its commitment to protecting ransomware victims around the world from exploitation by cyber criminals, and to working with nations willing to bring those criminals to justice.”
Adding, “The Department has paid more than $135 million in rewards to date.”
The British data storage company Stor-a-File has suffered a ransomware attack in which a total of 13 organisations have been affected, six of which are healthcare related.
Occurring in August of this year, the attack on the firm is reported to have been the result of unpatched software, leading to data being leaked on the darkweb by ransomware criminals.
The Lister Fertility Clinic, which treats around 2,000 patients each year, was one of those organisations affected; having sent a letter to around 1,700 patients warning medical records including consent forms, medical history, and fertility treatment records was amongst the data breached.
In a statement Stor-a-File said, “the incident is limited to the small number of records we hold electronically. Everyone whose data may have been affected has been contacted. The millions of company and organisation records, held physically in boxes on shelves in our warehouses were unaffected.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.