InfoSec Round-up: April 23rd

Play Video

TikTok Data Lawsuit, Apple Attack & Spy Warning

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

TikTok Data Lawsuit

“A data collection service that is thinly veiled as a social network”

Anne Longfield - Former Children's Commissioner for England

The popular video sharing app, TikTok is being sued for billions of pounds over the collection and use of personal data belonging to millions of children across the UK and EU.

Launched by former children’s commissioner for England Anne Longfield on behalf of an anonymous 12-year-old girl, lawyers allege that children’s data, including phone numbers, videos, location and biometric data is collected without sufficient transparency, warning or the necessary consent required by law.

With over 800 million users worldwide, a reported 18 million of which are aged 14 years or younger, if the class action lawsuit proves successful, affected children could receive thousands of pounds in compensation.

Responding to the legal challenge, TikTok has dismissed the claims stating that the case is without merit and that they intend to ‘vigorously defend’ against the action.

Having pointed to TikTok as one of the worst offenders for data privacy, Ms Longfield referred to the company as “a data collection service that is thinly veiled as a social network”, further stating “behind the fun songs, dance challenges and lip-sync trends lies something far more sinister."

British Officials Targeted

Intelligence agency MI5 has warned that over 10,000 British officials have been targeted by international spies via social media platforms, including LinkedIn.

Having launched the Think Before You Link campaign, warning British officials about the deluge of nefarious accounts looking for state secrets, Ken McCallum, head of the spy agency, described the problem as one of “industrial scale”.

With Russia and China noted as being amongst those deploying fake profiles on various networking sites, targets have included military and security officials, civil servants and defence contractors, as well as experts within the pharmaceutical sector.

The awareness campaign, launched by the Centre for the Protection of National Infrastructure (CPNI), an offshoot of MI5, is in cooperation with the rest of the Five Eyes intelligence alliance, and seeks to highlight the scale of this international problem.

The CPNI notes, “Criminals and hostile actors may act anonymously or dishonestly online in an attempt to connect with people who have access to valuable and sensitive information. They often do this by posing as recruiters or talent agents who will approach individuals with enticing opportunities.

Adding, “The consequences of engaging with these profiles can damage individual careers, as well as the interests of your organisation, and the interests of UK national security and prosperity”

Apple Supplier Cyber Attack

One of Apple’s major suppliers, Taiwanese manufacturer Quanta Computer, has been hit with a cyber-attack in which stolen designs schematics are being held to a ransom of $50 million.

Perpetrated by international ransomware syndicate REvil, along with “gigabytes of personal data” the gang claim to have confidential blueprints of unreleased Apple products, some of which have reportedly already been leaked online.

Although it is not clear how the attackers obtained the documents, the leak was deliberately timed to coincide with Apple’s recent ‘Spring Loaded’ event.

With the Taiwanese company reportedly expressing no interest in paying the ransom, the criminals have given Apple until the beginning of May to meet their demands for 123,028 of the cryptocurrency Monero.

In a public statement, a representative of Quanta Computer noted, “We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the company’s business operation.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

The importance of an email security policy

Why Organisations Need an Email Security Policy

An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.

Preventing Human Error in Information Security

Human Error in Information Security

When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.

Security Awareness - Return on Investment

Investing in Information Security Awareness Training

Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021

Microsoft Teams Security

How Secure is Microsoft Teams?

How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security

Enterprise Data Regulation

Best Ways To Ensure Enterprise Data Regulation

Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.

Disaster Recovery Plan

Writing a Disaster Recovery Plan

Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.

Security Program Policies for 2021

What Policies Do I Need for a Security Program?

Security program policies blog by information security awareness training provider Hut Six Security.

Security Awareness Training for Cyber Essentials

Preparing for Cyber Essentials with Information Security Awareness Training

Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.

Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021

Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

Speak to us about your Cyber Awareness