The world of cyber security is always changing. New technologies and events are constantly reshaping the landscape, and helping us understand the importance of cyber security both currently and in the future. With this in mind, here is our round-up of the top cyber security headlines from this week that you should know about.
Twitch hit by massive data breach
The popular live streaming platform Twitch, most well-known for video game and e-sports streaming, was hit by a huge data breach last week.
Threatpost reports that this breach revealed information such as the website’s source code, payment information for top streamers, and users’ and employees’ personal details. Twitch has explained in a statement that the breach was caused by a ‘server configuration change that was subsequently accessed by a malicious third party’, implying an element of human error.
BBC News reports that the leak was originally posted as a 128GB file to the online forum 4chan, by an anonymous user who described it as ‘part one’ of what may be a series of leaks yet to happen. The investigation into the source of the leak is ongoing.
Google announces Cybersecurity Action Team
In a statement released earlier this week, Google announced that it has brought together its in-house cyber security experts for the creation of a Cybersecurity Action Team.
The objective of the Cybersecurity Action Team is described as ‘the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses’. In pursuit of this, the team will focus on four key areas of cyber security: strategic advisory services, trust and compliance services, security customer and solutions engineering, and threat intelligence and incident response services.
Phil Venables, the founder of the Cybersecurity Action Team and vice president and CISO of Google Cloud, says that ‘our comprehensive suite of security solutions delivered through our platform and amplified by the Google Cybersecurity Action Team will help protect organizations against adverse cyber events with capabilities that address industry frameworks and standards’. According to Enlyft, over 940,000 companies use the Google Cloud platform, so this is sure to be a welcome development for the cyber security of these organisations.
University of Sunderland’s IT systems hit by suspected cyber attack
The University of Sunderland has shared that it is currently experiencing ‘extensive’ IT issues, which they believe ‘has all the hallmarks of a cyber attack’. IT systems across the university are down, which includes telephone lines and infrastructure used for online classes.
Online classes have been cancelled as a result of the disruption, but the campus remains open for face-to-face teaching. A spokesperson told BBC News that ‘we take the security of our systems extremely seriously and will work to resolve the situation as quickly as possible’, but there is currently no sign of when the situation will be resolved.
A similar incident occured at Newcastle University last year, when cybercrime group DoppelPaymer commited a ransomware attack and threatened to leak data including student and staff information. There is no known correlation between these events. However, Orpheus Cyber explains that the education sector is a popular target for these cyber attacks, because underinvestment in cyber security systems results in vulnerabilities that can be easily exploited by malicious actors. The investigation into the University of Sunderland attack continues.
Ransomware attacks are ‘the most immediate danger’ to UK businesses, says UK cyber head
Lindy Cameron, the head of the National Cyber Security Centre (NCSC), has given a warning that businesses need to do more to protect themselves against ransomware attacks, describing these as ‘the most immediate danger to UK businesses and most other organisations’.
Speaking from the Chatham House Cyber 2021 Conference, she added that the challenge of fighting these attacks is that ‘the criminals responsible often operate beyond our borders, are increasingly successful in their endeavours, and pose a global challenge we must fight together to ensure no place becomes a safe haven’.
A wave of ransomware attacks has caused disruption throughout the world over the last year. Some of the most notable examples include the attack that caused weeks of disruption to Ireland’s health service earlier this year, and the Colonial Pipeline attack that resulted in massive fuel shortages across the east coast of the United States in the spring. Whether you work for a small business or a government body, the importance of practising cyber security in every level of your company cannot be underestimated. Check out our blog with some top tips on how to keep your business cyber secure here.
US will have ‘no fighting chance’ against China in AI and Cyber Security, says ex-Pentagon chief software officer
In a strongly-worded statement of resignation shared on LinkedIn, the former Chief Software Officer for the United States Air Force has warned that the USA ‘will have no chance competing in a world where China has the drastic advantage’ in the cyber security and artificial intelligence (AI) fields in the next 20 years.
Nicolas Chaillan, who held the post for three years, criticised the Department of Defense for being ‘underutilized and poorly leveraged by the DOD’, claiming that ‘most of my time was wasted trying to convince folks to engage with me and consider more relevant and efficient solutions’. He added that China has a ‘booming, hardworking population’ that the U.S. can only compete with ‘by being smarter, more efficient, and forward-leaning through agility, rapid prototyping and innovation’.
Although the U.S. is known for having the highest military expenditure in the world, a recurring complaint throughout Chaillan’s letter is that his office was routinely underfunded. In May this year, the Biden administration announced its 2022 budget proposal, which included $9.8 billion for cybersecurity funding for federal civilian agencies. This number has been steadily increasing in recent years, so it will be interesting to see how (or if) the US uses this funding to catch up with China’s technological developments and hold onto its status as a global superpower.