Infosec Round-Up Oct 22nd

Play Video

Acer Hack, Hacking Tool Export Ban & Ofcom Warning

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Acer Hacked Twice in One Week

The computing giant Acer has fallen victim to not one but two separate attacks in which confidential data from both Indian and Taiwanese servers was stolen.

Both conducted by threat actors known as ‘Desorden’ (Spanish for disorder), the hackers claim to have performed the second attack to simply prove that Acer is continuing to “neglecting their cybersecurity” in the wake of the first.

These latest security breaches follow a recent March 2021 incident which saw Acer fall victim to the notorious REvil ransomware in which a $50 million ransom was demanded.

In response to these most recent attacks, a spokesperson for Acer confirmed: “We have recently detected an isolated attack on our local after-sales service system in India and a further attack in Taiwan.”

Adding, “We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity.”

UK Citizens Targeted in Scams

According to the telecoms regulator Ofcom, almost 45 million people in the UK have between June and August of this year been targeted by scam texts or calls.

Having surveyed 2,000 people, about half of respondents reported some form of scam communication at least once a week, with 61% of those aged 75 or over reporting a potential scam call to their landline.

Along with this, the research also found that 79% of mobile users were unaware of their ability to report such scam texts by forwarding the message to Action Fraud via the 7726 number.

Lindsey Fussell, Ofcom's networks and communications group director, stated on the findings, “Criminals who defraud people using phone and text scams can cause huge distress and financial harm to their victims, and their tactics are becoming increasingly sophisticated”.

Warning people to “stay alert to any unsolicited contact. Put the phone down if you have any suspicion that it is a scam call, and don't click on any links in text messages you're unsure about.”

US Bans Hacking Tool Exports

The United States Bureau of Industry and Security (BIS) has this week announced new restrictions which would disallow U.S. companies from exporting or selling certain hacking software and hardware tools to authoritarian regimes.

Coming into force in 90 days’ time, these new restrictions aim to “deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights”.

Having been in development for years, the U.S. Secretary of Commerce Gina M. Raimondo stated that the rule is “an appropriately tailored approach that protects America's national security against malicious cyber actors while ensuring legitimate cybersecurity activities”.

In a public statement, the Department of Commerce stated on the issue: “The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fuelling authoritarian practices.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Infosec Round-Up Oct 8th

Infosec Round-Up Oct 8th - Hut Six

125GB of Twitch data leaked. School IT tech charged in insider threat case. EU parliament votes against A.I surveillance.

Infosec Round-Up Oct 1st

Infosec Round-Up Oct 1st - Hut Six

iPhone contactless flaw could allow locked phone payments. China warns crypto “seriously endanger the safety of people’s assets”. Ethereum research facing 20 years in prison.

InfoSec Round-Up Sep 24th

InfoSec Round-Up Sep 24th - Hut Six

REvil steals loot from affiliate criminals. Lithuania warns of Chinese made phones. UK MoD exposes the data of Afghan interpreters.

Infosec Round-Up Sep 17th

Infosec Round-Up Sep 17th - Hut Six

Irish DPA investigates TikTok data collection. NSO Group flaw fixed. Microsoft announces passwordless future.

Infosec Round-Up Sep 10th

Infosec Round-Up Sep 10th - Hut Six

Ragnar Locker threatens victims with possible data leaks. UK student jailed for "cynical" cyber crime. ProtonMail faces criticism.

Infosec Round-Up Sep 3rd

Infosec Round-Up Sep 3rd - Hut Six

Insider threat destroys 21GB of credit union data. Hackers leak UK firearms marketplace data. Coinbase accidentally sends 125K warning emails.

Infosec Round-Up Aug 27th

Infosec Round-Up Aug 27th - Hut Six

Ethical hacker rewarded with $500K after returning stolen crypto. Japanese exchange attacked. US loses $2.3 million to BEC scam.

Infosec Round-Up Aug 20th

Infosec Round-Up Aug 20th - Hut Six

48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.

Infosec Round-Up Aug 13th

Infosec Round-Up Aug 13th - Hut Six

Apple responds to CSAM scanning criticism. Crypto hacker returns over $300 million worth of tokens. Crytek game developer confirms data leak hack.

Infosec Round-Up Aug 6th

Infosec Round-Up Aug 6th - Hut Six

Zoom to pay $86 million on privacy lawsuit. LockBit 2.0 cyber criminals recruiting insider threats. Isle of Wight schools hit with ransomware attack.