05 June 2020

IRM Weekly Cybersecurity Roundup: MOD Cyber Regiment and more

UK launches Cyber Regiment in Armed Forces

Cyber Regiment MOD

The Ministry of Defence in the UK has launched the 13th Signal Regiment – the first dedicated cyber regiment. The initiative is designed to protect vital defence networks at home and when on operations overseas.

Defence Secretary Ben Wallace said: “Cyber-attacks are every bit as deadly as those faced on the physical battlefield, so we must prepare to defend ourselves from all those who would do us harm and 13th Signal Regiment is a vital addition to that defence.”

The unit will work with the Royal Navy and Royal Air Force to provide secure networks for all military communications.

Around 250 specialist servicemen and women with the relevant high-end technical skills will make up the new unit based in Dorset.

You can read more here.

Cybersecurity to become part of MOT tests

A new safety standard, CAV PASS, has been introduced to minimise the defects ahead of testing autonomous cars on the road in the UK. According to reports, cybersecurity is likely to become part of the criteria in an MOT test for driverless vehicles.

The test will be designed to ensure the roadworthiness of a vehicle from a technical security perspective, in the same way you would check the tyres for a physical roadworthiness.

The possible cybersecurity element of an MOT test would look at ensuring the vehicle cannot be hacked.

You can read more here.

Pride celebrations targeted with cyber-attacks

Operation PridefallA group of cybercriminals are using the internet board “4chan” to make plans to continuously disrupt the month-long plans set out by LBGT+ supporters as they host events online due to Coronavirus.

The day before Pride Month began, the 4chan group used cyber-attack tactics to force an LBGT+ fundraiser offline. The spammers also posted various fake donation sites encouraging followers to donate to the wrong account.

More online events have been set up in the absence of physical gatherings, but “Operation Pridefall” led by the criminals aims to ruin these plans. Organisers or anybody who has experienced hate crime through these attacks are being asked to report it to the police.

You can read more here.

Credentials stolen in unauthorised Amtrak access

Unauthorised third-party access has recently been discovered on Amtrak’s Guest Reward accounts. The breach was discovered by the company, otherwise known as the National Railroad Passenger Corporation, on April 16th.

It appears that usernames and passwords have been compromised and this may have led to further personal information being viewed by the cybercriminals.

There is now an investigation to find the source of the breach. Amtrak is compensating those affected by the breach by offering to pay for a year’s membership to Experian’s IdentityWorks fraud-monitoring services.

You can read more here.

E-learners exposed in data breach

A data breach on the popular Spanish e-learning platform, 8Belts, has exposed the details of over 100,000s global learners.

It appears the information was being held on a misconfigured Amazon Web Services S3 buckets, which has resulted in the data leak.

The information exposed includes full names, email addresses, phone numbers, dates of birth, country of residence, national ID numbers and Skype IDs.

You can read more here.

Quick-Fire Updates

Hackers steal US military confidential documents: after gaining access to Westech International’s computer network. The documents were leaked online to add pressure to the company to pay the ransom fee requested. Read more here.

17% jump in block website requests in line with George Floyd riots: Cloudflare has announced they’ve witnessed a huge spike in attacker’s attempting to use DDoS attacks to bring down anti-racism sites campaigning against the death of Mr Floyd. Read more here.

Want an easy way to stay up to date with the latest cybersecurity news? Sign up to the IRM newsletter and you’ll receive it directly to your inbox each week.