Exploit warning, NCSC Annual Review & Fraud Compensation

Exploit Warning, NCSC Annual Review & Fraud Compensation

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

NCSC Annual Review

In their annual review, the UK’s National Cyber Security Centre (NCSC) has, amongst other things, announced their support in 777 significant incidents in the last 12 months, 20% of which were related to the health sector and vaccines.

As well as highlighting one case in which they helped vaccine researchers at the University of Oxford defend against an attempted ransomware attack, the centre also removed over 50,000 online scams and more than 90,000 malicious URLs.

Beyond highlighting the achievements of the organisation, the report also warned that the threat of leaked data from ransomware attacks is “almost certain to grow”, with this tactic of ‘double extortion’ becoming “routine”.

Sir Jeremy Fleming, the Director of GCHQ noted within the report, “In the UK there was an increase in the scale and severity of ransomware attacks, targeting all sectors from businesses to public services.”

Adding, “In response, the NCSC has identified and mitigated numerous threats, whether committed by sophisticated state actors, organised criminal groups or lone offenders.”

Crypto Fraud Compensation

United States law enforcement has announced plans to liquidate around $57 million of seized cryptocurrency to provide restitution to the victims of now-defunct exchange BitConnect.

During its two years of operation BitConnect admins are believed to have made off with $2 billion in funds stolen from investors around the world, with the exchanges founder, Glen Arcaro, pleading guilty to criminal charges earlier this year.

The $57 million will be, according to the US Department of Justice, “the largest single recovery of cryptocurrency for victims to date”, allowing those impacted the chance to recoup at least some losses.

With acting U.S. Attorney Randy S. Grossman praising the work of the prosecutors and law enforcement, the Justice Department announcement noted, “As part of his plea agreement, Arcaro admitted that he earned no less than $24 million from the BitConnect fraud conspiracy, all of which, according to court documents, he has agreed to repay to defrauded investors.”

International Exploit Warning

In a joint advisory released by cybersecurity centres in the US, UK, and Australia, authorities warn of the ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities by Iranian-backed hackers.

In the statement, authorities said they “have observed this Iranian government-sponsored Advanced Persistent Threat (APT) group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include [the deployment of] ransomware”.

Additionally advising that Iranian government-sponsored actors are actively targeting a broad range of victims across multiple critical infrastructure sectors, including transport and healthcare, the statement also provides advice for defending against such threats.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.