Infosec Round-Up Oct 22nd

Acer Hack, Hacking Tool Export Ban & Ofcom Warning

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Acer Hacked Twice in One Week

The computing giant Acer has fallen victim to not one but two separate attacks in which confidential data from both Indian and Taiwanese servers was stolen.

Both conducted by threat actors known as ‘Desorden’ (Spanish for disorder), the hackers claim to have performed the second attack to simply prove that Acer is continuing to “neglecting their cybersecurity” in the wake of the first.

These latest security breaches follow a recent March 2021 incident which saw Acer fall victim to the notorious REvil ransomware in which a $50 million ransom was demanded.

In response to these most recent attacks, a spokesperson for Acer confirmed: “We have recently detected an isolated attack on our local after-sales service system in India and a further attack in Taiwan.”

Adding, “We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity.”

UK Citizens Targeted in Scams

According to the telecoms regulator Ofcom, almost 45 million people in the UK have between June and August of this year been targeted by scam texts or calls.

Having surveyed 2,000 people, about half of respondents reported some form of scam communication at least once a week, with 61% of those aged 75 or over reporting a potential scam call to their landline.

Along with this, the research also found that 79% of mobile users were unaware of their ability to report such scam texts by forwarding the message to Action Fraud via the 7726 number.

Lindsey Fussell, Ofcom's networks and communications group director, stated on the findings, “Criminals who defraud people using phone and text scams can cause huge distress and financial harm to their victims, and their tactics are becoming increasingly sophisticated”.

Warning people to “stay alert to any unsolicited contact. Put the phone down if you have any suspicion that it is a scam call, and don't click on any links in text messages you're unsure about.”

US Bans Hacking Tool Exports

The United States Bureau of Industry and Security (BIS) has this week announced new restrictions which would disallow U.S. companies from exporting or selling certain hacking software and hardware tools to authoritarian regimes.

Coming into force in 90 days’ time, these new restrictions aim to “deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights”.

Having been in development for years, the U.S. Secretary of Commerce Gina M. Raimondo stated that the rule is “an appropriately tailored approach that protects America's national security against malicious cyber actors while ensuring legitimate cybersecurity activities”.

In a public statement, the Department of Commerce stated on the issue: “The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fuelling authoritarian practices.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.