InfoSec Round-Up: October 18th 2020

Five Eyes Encryption, Hackney Council Hack & Software AG

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Software AG Suffers Data Theft

German technology company Software AG has fallen victim to a ransomware attack in which cyber criminals are demanding the staggering ransom of $20 million.

The enterprise software company, who boasts over 10,000 clients worldwide and revenues of €800m, revealed that had been struck with an attack on the 3^rd of October, with stolen information appearing on the dark web on the 9^th, following negotiation between the two parties.

Screenshots leaked by the gang show, amongst other things, stolen employee passport and ID scans, employee emails, financial documents, and directories from the company's internal network.

Believed to be the Clop strain of ransomware, a sophisticated and still-evolving strain used largely to target enterprise organisation, the group behind the attack claim to have stolen around 1TB of internal information.

In a public statement, the company announced, “Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as soon as possible which had been shut down for security reasons.”

Five Eyes Issues New Encryption Statement

In a joint statement, published by the US Department of Justice, the Five Eyes nations have again requested that technology companies to do more to help governments protect public safety and identify online criminality by limiting end-to-end encryption.

In the statement, officials of the US, Australia, New Zealand, the UK, Canada, and India and Japan, acknowledged that though “encryption is an existential anchor of trust in the digital world and [they] do not support counter-productive and dangerous approaches that would materially weaken or limit security systems”, end-to-end encryption poses “pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children”.

Not a new conversation, many within the information security sector have challenged such requests, regarding them either unachievable or impractical to modern security practices; though as the statement points out, “in 2018, Facebook Messenger was responsible for nearly 12 million of the 18.4 million worldwide reports of CSAM [child sexual abuse material to the US National Center for Missing and Exploited Children (NCMEC)].

These reports risk disappearing if end-to-end encryption is implemented by default, since current tools used to detect CSAM [child sexual abuse material] do not work in end-to-end encrypted environments.”

Hackney Council Affect by “Serious Cyber-Attack”

London’s Hackney Council has announced that they have been hit by a cyber-attack, affecting many of its IT systems.

With very few details thus far revealed, the council has said it is working with the National Cyber Security Centre (NCSC), Nation Crime Agency (NCA) and external experts to “investigate and understand the impact of the cyber-attack on [their] servers.”

Adding that they are “choosing not to share any more information at this stage in order to make sure [they] do not inadvertently assist the attackers.”

Though details are scarce, local authorities are frequently the target of ransomware attacks, with Redcar and Cleveland Borough Council being struck earlier this year, and reportedly costing the authority more than £10 million in recovery costs.

Mayor of Hackney Philip Glanville has stated, “This investigation is at an early stage…Our focus is on continuing to deliver essential frontline services, especially to our most vulnerable residents, and protecting data, while restoring affected services as soon as possible.”

Carnival Cruise Confirms Customer Data Compromise

The American-British cruise operator, Carnival has disclosed that personal information belonging to passengers, employees and crew members was compromised during a ransomware attack that took place in mid-August.

Reportedly working “as quickly as possible” to notify an unspecified number of affected parties, the stolen information may, according to a company statement, include names, addresses, phone numbers, passport numbers, Social Security numbers, and dates of birth.

With over 150,000 employees worldwide and up to 13 million annual passengers, Carnival is one of the largest cruise operator s in the world, though is not new to information security issues.

Princess Cruises, a cruise line owned by the Carnival Corporation also suffered a breach (spanning 3 months of 2019) when unauthorised individuals gained access to multiple employee email accounts.

In the release, Carnival advises customers to remain vigilant against phishing attacks, as well as stating along with notices, “affected individuals will be offered complimentary credit monitoring, as appropriate.”

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.