24 May 2019

IRM Weekly Cybersecurity Roundup: Instagram account breach and more

Fancy getting the weekly roundup delivered straight to your inbox? Sign up to the IRM newsletter.

50 million Instagram ‘influencer’ accounts breached

Contact details of over 50 million Instagram users were found online stored on an unguarded database. The database is owned by a Mumbai-based company called Chtrbox which was stored on an Amazon server with no password protection.

The information included emails and phone numbers of high profile users known as ‘influencers’ on Instagram.

Although the information did not contain sensitive personal data, the gathering/ scraping of information is still classed as violating social media policies.

Chtrbox have now taken the database offline and the firm said it had never purchased any data that had been obtained via “unethical means”, such as a hacking.

You can read more here.

Foreign Minister, Jeremy Hunt, made a speech on Thursday 23rd at the NATO Cyber Defense Pledge Conference where he discussed the UK’s willingness to take “appropriate counter-measures” against foreign cyber threats. This is alongside the announcement from Penny Mordaunt that the UK will invest £22m to open new cyber operation centres.

Hunt’s speech supports a new strategy to share world-leading expertise to protect the UK from Russia’s attempts to damage critical national infrastructure through malicious cyber activity.

Hunt also disclosed that Britain is providing information to 16 allies in the NATO military alliance about Russia’s cyber activities in their territories over the last 18 months.

The British Foreign Minister will call on all of NATO’s 29 members to team up against Moscow and deliver a “proportionate” response if Russia ever attacks.

You can read more here.

Air Force investigates Navy for cyber-attack

A memo obtained by The Military Times claims the Air Force is investigating the Navy for a cyber intrusion on its network.

A Navy prosecutor hid tracking software embedded into emails sent to defense attorneys, one of whom was an Air Force Lawyer, involved in a high-profile war crimes case of a Navy SEAL in San Diego.

The tracking device was an attempt to find out who was leaking information to the editor of The Navy Times, a sister publication.

The tracking device was a “splunk tool,” which allowed the sender of the malware to gain “full access to  a computer and all files on it.”

You can read more here.

Quick Fire Updates:

Auction for a malware-infested laptop goes live: A laptop that has been infected with six notorious strains of malware including WannaCry, has gone to auction for a $1 million in the US for an art project. You can read more here.

North Korea hits out at Japan over counter-attack computer virus announcement: North Korea has condemned plans by the Japanese military to develop a counter-attack computer virus as symptomatic of Tokyo’s “war hysteria”. Read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.