Infosec Round-Up Oct 22nd
Acer Hack, Hacking Tool Export Ban & Ofcom Warning
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Acer Hacked Twice in One Week
The computing giant Acer has fallen victim to not one but two separate attacks in which confidential data from both Indian and Taiwanese servers was stolen.
Both conducted by threat actors known as ‘Desorden’ (Spanish for disorder), the hackers claim to have performed the second attack to simply prove that Acer is continuing to “neglecting their cybersecurity” in the wake of the first.
These latest security breaches follow a recent March 2021 incident which saw Acer fall victim to the notorious REvil ransomware in which a $50 million ransom was demanded.
In response to these most recent attacks, a spokesperson for Acer confirmed: “We have recently detected an isolated attack on our local after-sales service system in India and a further attack in Taiwan.”
Adding, “We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity.”
UK Citizens Targeted in Scams
According to the telecoms regulator Ofcom, almost 45 million people in the UK have between June and August of this year been targeted by scam texts or calls.
Having surveyed 2,000 people, about half of respondents reported some form of scam communication at least once a week, with 61% of those aged 75 or over reporting a potential scam call to their landline.
Along with this, the research also found that 79% of mobile users were unaware of their ability to report such scam texts by forwarding the message to Action Fraud via the 7726 number.
Lindsey Fussell, Ofcom's networks and communications group director, stated on the findings, “Criminals who defraud people using phone and text scams can cause huge distress and financial harm to their victims, and their tactics are becoming increasingly sophisticated”.
Warning people to “stay alert to any unsolicited contact. Put the phone down if you have any suspicion that it is a scam call, and don't click on any links in text messages you're unsure about.”
US Bans Hacking Tool Exports
The United States Bureau of Industry and Security (BIS) has this week announced new restrictions which would disallow U.S. companies from exporting or selling certain hacking software and hardware tools to authoritarian regimes.
Coming into force in 90 days’ time, these new restrictions aim to “deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights”.
Having been in development for years, the U.S. Secretary of Commerce Gina M. Raimondo stated that the rule is “an appropriately tailored approach that protects America's national security against malicious cyber actors while ensuring legitimate cybersecurity activities”.
In a public statement, the Department of Commerce stated on the issue: “The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fuelling authoritarian practices.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.