InfoSec Round-Up: November 22nd

Facebook Scammers, $2M in Stolen Crypto & Russian Cybercrime Surge

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Ticketmaster Fined £1.25m

The UK’s Information Commissioners Office has fined Ticketmaster UK £1.25 million following a website infection that saw 9 million customers’ details skimmed by cyber-criminals.

The breach occurred in 2018, beginning in February though not detected until April, when the company was alerted by banks who noticed a corelation between Ticketmaster purchases and criminal activity being conducted soon after.

The cybercriminal gang, known as Magecart, is thought to have stolen personal information affecting 9.4 million customers, including 1.5 million in the UK.

According to the ICO investigation, Ticketmaster had failed to assess specific online risks, implement appropriate security measures, or identify the source of suggested fraudulent activity in a timely manner.

The ICO’s Deputy Commissioner, James Dipple-Johnstone stated on the matter, “When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not. Ticketmaster should have done more to reduce the risk of a cyber-attack… The £1.25 million fine we’ve issued today will send a message to other organisations that looking after their customers’ personal details safely should be at the top of their agenda.”

Scammers Expose 5.5GB Facebook Records

Researchers from vnpMentor have discovered an exposed 5.5GB database containing hundreds of thousands of Facebook users’ private data.

Compiled by unknown online scammers, the usernames, passwords and IP addresses contained within the database are thought to have been predominantly used in online Bitcoin scams.

Users were tricked into handing over login credentials via a phishing campaign that purported to allow users to reveal who has visited their online profiles.

Discovered by the security researchers in September, the data was left exposed for around four months, though was coincidentally wiped out by the Meow virus the day after it was found and has not since been accessible.

In the report, vnpMentor stated, “If you’re a Facebook user and think you’ve been a victim of this fraud, change your login credentials immediately. Furthermore, if you reused your Facebook password on any other accounts, change it immediately to protect them from hacking.”

Irish Crypto Thief Jailed

Conor Freeman, of Dublin, has been sentenced to 35 months in prison for the theft of over $2 million worth of cryptocurrency.

Identified by US Homeland Security, Mr Freeman pled guilty to stealing the funds as part of a SIM-swapping scam which bled multiple victims of their life savings; one victim loosing over $1.9 million alone.

Freeman’s co-conspirators in the thefts, who are also facing courts in the United States, exploited insiders of mobile phone carriers into swapping phone numbers to SIMs controlled by the group, allowing the criminals access to crypto wallets by intercepting 2FA codes.

When passing sentencing, Judge Martin Nolan noted “almost perfect mitigation”, with the accused entering a guilty plea, extensive co-operation with the investigation and no previous convictions.

Freeman’s defence described the cybercriminal as “very much a loner” who had retreated into an online world, hacking accounts not for the monetary gain but rather for the “thrill”.

Russia to Lose $44B to Cybercrime

According to estimates published by Russia’s largest bank, Sberbank, the Russian economy is expected to lose around $44 billion to cybercrime in 2020.

According to the source, with the shift to ‘online’ during the COVID-19 pandemic, cybercrime presents an increasing challenge to the economy; as well as suggesting the cost of cybercrime may double in 2021.

The deputy chairman of Sberbank’s executive board, stated on the matter, “on average, we have to deal with 26 billion cybersecurity events every day.” Data released by the Russian Interior Ministry further revealed that the number of crimes linked to bank cards had increased by 500% in 2020.

Speaking in 2019 on the rise in cybercrime in the region, Russia’s Minister of Internal Affairs Alexander Kolokoltsev stated: “In the last few years Internet crime has seen a 16-fold surge. This number is huge, despite the fact that crime in general is subsiding, felonies included.”

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Writing a Cyber Job Specification

How to Write a Cyber Job Specification

How to Write a Cyber Job Specification: Finding the Best Cybersecurity Talent. Cyber blog by Information Security Awareness solution provider Hut Six Security.

InfoSec Round-Up: November 15th 2020

InfoSec Round-Up: November 15th 2020 - Hut Six

Relationship Fraud, DoppelPaymer Attack & DWP Leak - InfoSec Round-Up Nov 15th

InfoSec Round-Up: November 8th 2020

InfoSec Round-Up: November 8th 2020 - Hut Six

Marriott Breach, eBay USB Drives & Possible Capcom Ransomware - InfoSec Round-Up, Nov 8th

Building your Cyber Security Team

How to Build a Cyber Team

How to Build a Cyber Team - Top Points to Consider When Building Your Team. Blog by Information Security Awareness solution Hut Six Security.

InfoSec Round-Up: November 1st 2020

InfoSec Round-Up: November 1st 2020 - Hut Six

Vaccines Under Attack, Finnish Patient Blackmail & ICO Enforcement - InfoSec Round-Up Nov 1st

InfoSec Round-Up: October 25th 2020

InfoSec Round-Up: October 25th 2020 - Hut Six

BA Fined, Instagram Investigated, Darkside Donations & PayPal Crypto - InfoSec Round-Up, Oct 25th

InfoSec Round-Up: October 18th 2020

InfoSec Round-Up: October 18th 2020 - Hut Six

Five Eyes Encryption, Hackney Council Hack & Software AG - InfoSec Round-Up, Oct 18th 2020

InfoSec Round-Up: October 11th 2020

InfoSec Round-Up: October 11th 2020 - Hut Six

HMRC Phishing, H&M Fined €35m & UK DfE ICO Report - Infosec Round-Up October 11th 2020

InfoSec Round-Up: October 4th 2020

InfoSec Round-Up: October 4th 2020 - Hut Six

TikTok Ban Blocked, Russian Hackers Sentenced & Ransomware Attacks - InfoSec Round-Up Oct 4th 2020

Maintaining Compliance for Businesses - Guest Blog

Guest Blog: The Benefits Of Maintaining Compliance For Your Business

Your business can stay ahead of issues before they become a major problem. Hut Six Security guest blog by https://www.m2sys.com/