19 April 2019

IRM Weekly Cybersecurity Roundup: Ecuador cyber-attacks and more

Fancy getting the weekly roundup delivered straight to your inbox? Sign up to the IRM newsletter.

Ecuador hit with over 40 million cyber-attacks since Julian Assange’s arrest

In the five days since the Ecuador government revoked Julian Assange’s asylum and allowed his arrest in the UK, the country has experienced 40 million cyber-attacks from groups linked to Assange.

Julian Assange is the founder of WikiLeaks and had self-exiled himself to Ecuador’s London Embassy for seven years. He now faces extradition to the US to face government hacking charges, or to Sweden, where he faces two cases of sexual misconduct. Currently held at Belmarsh Prison in London, he could also face up to a year in jail for skipping bail.

The targets of the cyber-attack include the Ecuadorian Central Bank, the Finance Ministry and the President office. The attacks appear to come from computers of those in support of Assange in Brazil, France, Germany, Romania, the UK and the US.

The attacks used Volumetric DDoS, sending large amounts of traffic to a targeted network in an effort to overwhelm its bandwidth capabilities and flood the target, slowing their systems or rendering it useless entirely.

You can read more here.

How Notre-Dame could be rebuilt with new technology

After the devastating events that took place this week with the Notre Dame fire, France has seen an enormous amount of generosity. People from all over the world have raised hundreds of million Euros to help rebuild the famous cathedral.

With money pouring in, the talks of rebuilding have been extremely fast-paced, with plans to restore the cathedral in the next 5 years. Some help has come from an unlikely source. Game developers, Ubisoft, who created the Assassin’s Creed arc, have not only donated €500,000, but they have offered their ‘digital version’ of the building. The cyber-version, which featured in the 2014 Assassin’s Creed Unity, took over 14 months to model and design.

Ubisoft game developer, Caroline Miousse, said: “We would be more than happy to lend our expertise in any way that we can, to help with these efforts.”

You can read more here.

Bounty UK illegally shared over 14 million members’ personal data

Bounty UK, a parenting and pregnancy club, have been fined £400,000 for illegally sharing personal data belonging to 14 million members. The information came from membership registrations through Bounty’s website, mobile app, ‘merchandise pack claim cards’ and even from new mothers at hospital bedsides.

In April 2018, the company operated as a data-broking service, supplying data to third parties for the purpose of electronic direct marketing.  They shared this information with companies including Sky, Acxiom, Equifax and Indicia along with over 30 other organisations.

Bounty has now made significant changes to their practice, including the number of personal records it holds and the length of time the information is kept for.

You can read more here.

Home Office under review after two data breaches

The Home Office has launched an independent review of its compliance against data protection rules and have personally reported themselves to the Information Commissioner office (ICO) following two recent data breaches.

In the space of a week, the Home Office has dealt with two data breaches. The first incident came after hundreds of applicants enquiring about the Windrush compensation scheme were included in various messages to individuals and organisations. The Home Office reported itself to the ICO after hundreds of potential victims email addresses were wrongly shared.

Five batches of emails, each with 100 recipients, were affected. No other personal data was included.

The second incident came earlier this week when an official failed to mask 240 email addresses in a message to applicants seeking help with the EU settlement scheme. The EU settlement scheme was set up to enable EU nationals to live and work in the UK after Brexit.

An ICO spokesperson confirmed that the Home Office had alerted the watchdog to the incident.

You can read more here.

Quick Fire Updates:

Facebook, Instagram and Snapchat to limit actions for under 18’s: Social media giants are proposing a limit on ‘likes’ and ‘streaks’ for under 18’s. They believe the tools encourage users to share more personal data and spend more time on apps than desired. Read more here.

Say hello (and goodbye) to Samsung’s new Galaxy Fold: Samsung had announced that its folding smartphone will go on sale in April, sooner than rivals like Huawei. But after being sent out to media outlets, major issues with broken screens and bulged corners have caused some serious concerns. Read more here.

Sweden’s Social Democratic Party hit by a hacktivist: Their account was hacked into by an unknown hacktivist making a number of false assertions, touching on far-right issues: Read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.