01 August 2019

IRM Weekly Cybersecurity Roundup: British Army cyber warfare and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

British Army announces new cyber warfare division

The British Army has introduced the “Sixth Division”. The new division will concentrate on cyber warfare, hackers, digital propaganda, intelligence and surveillance. Recruits will be trained in intelligence gathering and covert surveillance, as well as a range of other cyber skills.

The need for a new division stems after the UK recently used online warfare to counter the IS message in northern Iraq. This is where a terrorist group used digital resources to recruit and radicalise. The unit will also reflect the UK’s increasing concern over Russian ambitions in the Baltic States and beyond.

The new division will not receive additional funding or new recruits. Instead, soldiers from different brigades will be trained to form Sixth Division. You can read more here.

Hacker gains access to 100 million Capital One customer accounts

In March earlier this year, Capital One found itself a victim to a data breach. The hacker managed to gain access to more than 100 million Capital One customer accounts and credit card applications.

A  33-year old-woman from Seattle has been arrested on suspicion of the attack. She accessed 140,000 social security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. In addition, she accessed an undisclosed number of people’s names, addresses, credit scores, credit limits and balances.

Unusually, Thompson didn’t seem to disguise her identity. She openly attempted to sell the information via GitHub using her full name. She also posted on social media and Slack stating how she accessed the data through improperly secured Amazon cloud instances.

She will be charged with a single count of computer fraud and faces a maximum penalty of five years in prison and a $250,000 fine.

Capital One will notify affected individuals via a variety of channels. They also aim to make free credit monitoring and identity protection available to those affected. You can read more here.

Flaws in Visa contactless cards bypasses payment limits

Researchers have uncovered flaws that allow attackers to bypass the payment limits on Visa contactless cards after testing with major UK banks.

Contactless limits were put into force as a safeguard against fraudulent losses, but these tests have been run due to recent increases in fraudulent loss.

According to the tests, even PIN entry verification or fingerprint authentication can be bypassed using a device which intercepts communication between a card and the payment terminal.

The device acts as a proxy and is known to conduct ‘man in the middle’ attacks. First, the device tells the card that verification is not necessary, even though the amount is greater than £30. The device then tells the terminal that verification has already been made by another means.

The researchers advise that contactless card users need to be vigilant in monitoring their bank account statements. If available from their bank, they should implement additional security measures such as payment verification limits and SMS notifications. You can read more here.

Quick-fire updates:

Facebook’s breakthrough AI mind-reading experiment: Facebook has been funding a study to develop machine-learning algorithms capable of turning brain activity into speech. You can read more here.

Google Zero reveals flaws in Apple’s iMessage app: Google notified Apple of five flaws in their iMessage software which were then fixed last week, only to come across a sixth which had not been rectified. Users should download iOS 12.4 with no further delay. You can read more here.

Thousands of officers have been victims of a breach in the LAPD: Personal information of thousands of LA Police Department officers and applicants appears to have been stolen in a breach of local government security. You can read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.