14 May 2020

IRM Weekly Cybersecurity Roundup: Norfund swindled of $10m and more

Norfund wealth company swindled of $10m in cyber con

Norfund, the world’s largest wealth fund (worth over $1 trillion) has confirmed that a hacker manipulated the organisation into routing a loan to an account owned by the criminal.

The payment of $10m was due to be received by a Cambodian microfinance organisation but was instead cleverly rerouted from Norfund to the bank account of the hacker in Mexico.

The attack could have been achieved through various methods, but the most common techniques in these money-transfer scenarios are a business email compromise attack. This is where the cybercriminal impersonates an employee or official. It’s also thought that documents and payment details were falsified to make the con successful.

Since the attack, Norfund are working hard to improve their processes and routines to ensure something similar doesn’t happen again.

You can read more here.


Swiss railway manufacturer attacked by malware

RailwaySwiss railway manufacturer, Stadler, has confirmed it’s triggered the appropriate security measures after its IT network was attacked by malware.

The company has determined that the attack was most likely due to a data breach after internal monitoring services discovered the malware on the network.

The exact amount hasn’t been confirmed, but the cybercriminals are trying to extort a “large amount of money”, using the threat of publishing sensitive information held by Stadler to harm the company.

After restarting services and protecting systems, Stadler are continuing to produce new trains, but have involved the authorities to recover from the cyber-attack.

You can read more here.


Spanish-based dating app users exposed

Almost 4 million users of a Barcelona-based dating app, MobiFriends, have had their details exposed on a popular hacking forum.

The data, which is now available for free (but was previously for sale) includes birth dates, genders, website activity, numbers, usernames, email addresses and MD5 hashed passwords.

It’s thought that some of the email addresses revealed are corporate emails, meaning there is more risk of people becoming the target of spear-phishing campaigns.

MobiFriends are yet to comment (of 14th May).

You can read more here.


Automotive Cyber Feasibility Report releasedZenzic Cyber Feasibility Report

In 2019, IRM contributed towards Zenzic’s UK Connected and Automated Mobility Roadmap to 2030 – a document offering direction for those with an impact on the future of automotive mobility.

Zenzic is a UK initiative set up by the Government to contribute more research to develop the country’s capability in automated and connected vehicles. This week, they released the Cyber Feasibility report.

After funding was provided, Innovate UK collated the output of various research projects which examined solutions to:

  • Measure and maintain cyber-physical resilience and identify vulnerabilities
  • Provide specifications to support the creation of new cyber test facilities
  • Explore commercial opportunities to develop new cyber-related services

One of the key findings across all the projects was that there should be a centre of excellence in the UK which would focus on connected automated mobility.

You can download the report here.


Quick-Fire Updates

Company who helped build Nightingale COVID hospital hit by cyber-attack: The outsourcing company, Interserve, who helped build the Nightingale Hospital in Birmingham, has fallen victim to a cyber-attack earlier in the month. Read more here.

UK electricity network hit by cyber-attack: Elexon, who are the body responsible for administering the UK power market, said that its internal systems and company laptops had been affected by a cyber-attack on Thursday. Read more here.

American supermarket warns of breach: Supermarket chain Giant Food has had to warn customers of a potential credit card data breach after they discovered an illegal card-reading device in a store in D.C. Read more here.


Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter.