Welcome to our weekly dose of critical cyber stories. So what are the top cybersecurity stories from the third week of July 2023?
In this week’s roundup, we explore a range of impactful incidents and reports that have dominated the cybersecurity news cycle. From a massive cryptocurrency heist by North Korean hackers to the potential banning of Chinese social media apps in Australia, the world of cyber threats continues to be dynamic and ever-changing. Here are this week’s top stories:
Lazarus Group Strikes Again: North Korean Hackers Steal $100M in Crypto
The notorious Lazarus Group, linked to North Korea, has once again made headlines with another significant cryptocurrency heist. The prolific group continues to exploit the digital currency space, causing significant concern for crypto investors and security agencies worldwide. The hackers’ sophisticated techniques and persistent attacks underscore the urgent need for robust cybersecurity measures in the crypto industry. The incident serves as a stark reminder of the potential vulnerabilities in the digital currency space and the importance of implementing advanced security protocols to safeguard assets.
IBM Secures £54.7M Biometric Deal with UK’s Home Office
IBM has been awarded a £54.7 million ($70 million) contract by the UK’s Home Office to develop a biometric matcher platform. The platform will aid police and immigration services in identifying suspects by comparing them to a database of fingerprint and photo data. The contract, set to run for five years with an option to extend for three more, will see IBM transition and manage the existing Matcher Platform, previously built by Fujitsu. IBM will also create new search capabilities and decommission legacy algorithms for the police service biometric data service IDENT1 and the immigration and asylum biometric information system (IABS).
Australia Considers Banning Chinese Social Media Apps Amidst Propaganda Concerns
An Australian Senate Committee has recommended the prohibition of Chinese social media apps, citing their use by the Communist Party of China to disseminate propaganda and misinformation. The committee’s report highlights the weaponization of social media to spread disinformation for malicious or deceptive purposes, often by foreign powers. The report specifically names China and Russia as nations conducting such campaigns. The committee suggests that all social media networks should adhere to legislated transparency standards, enforceable by fines and potential bans for repeated non-compliance. The report also criticizes WeChat for its failure to appear before the committee and TikTok for its lack of transparency.
NHS Lanarkshire Called Out for Mishandling Patient Data on WhatsApp
NHS Lanarkshire has been reprimanded by the Information Commissioner’s Office (ICO) after staff members shared patients’ personal data on WhatsApp over 500 times. The shared information included patient names, phone numbers, addresses, images, videos, and clinical information. The health board did not have appropriate policies and clear guidance in place when WhatsApp was made available for download, leading to the data breach. The ICO has issued several recommendations to prevent future data breaches, including the implementation of a secure clinical image transfer system and ensuring staff are aware of their responsibilities to report personal data breaches internally.
Cyber Insurance Not a Major Factor in Ransom Payments, Study Finds
A study by the Royal United Services Institute, a British think tank, has concluded that fears of cyber insurance coverage prompting companies to pay ransomware demands more readily are unfounded. The study, funded by the UK’s National Cyber Security Center, found no evidence that insured victims are more likely to pay ransoms than those without insurance. The report suggests that insurers could play a more significant role in enforcing corporate discipline and recommends that they require companies to exhaust all other options before resorting to ransom payments. The study also calls for clearer guidance from authorities on handling ransom payments.
For more cybersecurity news, insights and analysis, follow Code Red on Twitter and LinkedIn.