Cyber Round-up

Cyber Round-up for 4th January

Happy new year and welcome to the first Ironshare Cyber Round-up of 2019. We look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

  • The First Data Breach of 2019
  • Suffers Christmas Ransomware Attack
  • Security Firm Hijacks Twitter Accounts
  • UK Tax Scams

The First Data Breach of 2019

Well we didn’t have to wait long for the news of 2019’s first reported data breach.

Within 24 hours of the new year celebrations, the Victorian Government in Australia reported that it had detected unauthorised access to its Government Directory resulting in the details of 30,000 public servants being compromised. The breach is believed to have been accomplished after a successful email phishing attack on a government employee.

The Victorian Government Directory contains the work and contact details of its employees including name, job roles, email addresses and phone numbers. Fortunately, the breach did not involve the compromise of any financial information.

An email to staff read:

‘On 22 December 2018 an unauthorised third party accessed and downloaded a partial copy of the Victorian government employee directory, which identified approximately 30,000 public service staff and contractors. It appears the third party accessed the list after compromising an employee’s email account.’

Although information, like that leaked here, may be found through other online sources (i.e. social media, LinkedIn etc.), businesses should be aware that malicious actors can use this information to understand the structure of an organisation, and use it to launch a more targeted attack, such as Business Email Compromise.

If you haven’t thought about this already, start your new year with an audit of your business’s security. Understanding where your risks and vulnerabilities are, will help you to plug the gaps and reduce the opportunities for the bad guys to exploit your systems and data. Suffers Christmas Ransomware Attack was sent an unwanted gift on Christmas Eve in the form of the RYUK Ransomware.  Since then, the cloud hosting provider has been working to bring its systems back online and restore service for its 30,000 customers.

An update was provided to customers on 29th December stating that attackers used a compromised account to access the Data Resolution systems, giving them access to the data centres domain. This allowed the actors to lock out access to the company systems, before moving quickly to infect servers with the RYUK ransomware.

This was not the only report of RYUK infections over the Christmas period with multiple major US news publishers, reportedly suffering the same fate.

In an update to their customers, Data Resolution was quick to blame North Korea for the attack, stating they had hit 150 banks in the last year. How they can so confidently attribute this to an actor or group, when they are still in the process of recovery is odd, but we assume that this is simply due to the Checkpoint report released in August last year, that associates this ransomware with the notorious North Korean Lazarus group.

As of the 2nd January most of the providers services are still pending or in the process of recovery.

Security Firm Hijacks Twitter Accounts

In an attempt to highlight flaws in the Twitter social media platform, security firm Insinia Security, briefly hijacked a number of high-profile twitter accounts.

Insinia have been warning about the problems of using SMS text messaging for some time, and in late December decided to publicise the issue by taking brief control of celebrity twitter accounts that included Eamonn Holmes and Louis Theroux.

The Twitter flaw in question allows anyone with your phone number to tweet to your account. By understanding how Twitter handles incoming texts from a phone number, Insinia were able to post to and fully control a hijacked account. As part of the process they posted a tweet stating that the hijacked account was now under the control of Insinia Security.

These actions have led to mixed feelings across the security community. Some feel happy in that this was necessary to get Twitter to take action and force a fix to this known flaw. The majority though appear to feel that this act was unethical and irresponsible.

As Insinia gained unauthorised access to twitter accounts, there are grounds that their actions were also potentially illegal, committing an offence under the computer misuse act, which shines a bad light on the security research community.

Insinia stand by their decisions and state that no unethical or illegal actions were taken to prove this flaw. They highlight that these methods can easily be used to spread fake news, carry out social engineering, damage reputations and distribute malware.

If you are concerned that you could be directly affected by this flaw, then it is recommended to remove your phone number from your Twitter account.

BBC Report:

Insinia Blog post:

UK Tax Scams

January is Tax Return season in the UK, so please be aware that there are a number of tax related scams in circulation. These scams come in the form of genuine looking phishing emails, but more commonly we are seeing cold calling used as the delivery method.

The aim of these scams is to steal your personal information and identity, but can also lead to stealing money from your bank accounts.

These automated telephone cold calls threaten the victims with arrest and legal action due to unpaid tax bills, in order to get them to call a fake HMRC number so the bad guys can steal their information.

If you receive one of these scam emails or phone calls, never call these numbers or click on the links in these fake emails, always go direct to the HMRC website for the real contact details.

Although HMRC do contact taxpayers by automated phone calls for late bills etc. they will never threaten legal action or arrest, and they will always include your unique taxpayer reference number in any contact with you.

For guidance on how to recognise real HMRC contact please see the official website.

As always, remain aware to stay safe online.

And that’s it for this week, please don’t forget to tune in for our next instalment.

Sign Up

To keep up to date with our news and posts why not join our mailing list by using the link to subscribe:

You can also follow us using the social media links provided.

If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment:


Ironshare – Security Simplified


Edition #23 – 4th January 2019