With the year already in full swing, it has been another busy week in the world if I.T. and Tech. With calls for text alerts to warn citizens in the event of an impending terror attack, more developments on last week’s Travelex ransomware attack and yet more issues with Amazon Web Services buckets. If you missed all that, fear not our trusty roundup will bring you right up to date.
The UK needs to adopt terror-text alerts
The UK government is being urged to adopt terror-text alerts amid rising tensions in Iran. Following the death of a high ranking Iranian official two weeks ago, the current UK terrorist threat is ‘severe’, meaning an attack is highly likely. However, unlike other countries there is no way to warn the UK public should an attack be launched.
In the US, Australia and other countries, if the government believe there is a threat to life – such as the wildfires currently sweeping through Australia – text alerts can be sent to every smart phone user in an area warning them to take cover or evacuate. However, the UK has been slow to take up the technology and now the national security strategy committee claim that the recent tensions with Iran has shown that a similar system is long overdue in this country.
Lord Toby Harris, who sits on the committee said: “I think the likelihood of Iran launching a nuclear attack on Britain any time soon is extremely remote. But we know there is a risk of nuclear material or other harmful materials falling into the hands of terrorist groups, some of whom are backed by Iran. It cannot be right that other countries have the technology to warn their citizens of an incoming threat, and we do not. The time for the government to act is now.” Read more here.
Travelex to being restoring systems
In a statement earlier this week, foreign exchange company Travelex said that it is beginning to restore its systems following a huge ransomware attack at the beginning of the month. The company’s systems were held for ransom by Sodinokibi Malware – a cyber mafia group – which demanded a payment of $6million by 16thJanuary, disrupting the company’s operations in 70 countries across the globe.
In the UK banks including the Royal Bank of Scotland, NatWest, First Direct, Barclays and Lloyds to name but a few have been left unable to provide travel exchange services since the attack began on 6th January. However, Travelex now says that it is making ‘good progress’ in restoring its systems but has been quiet about whether it has paid the $6m ransom to release the 5GB of data that was being held by Sodinokibi.
Travelex CEO Tony D’Souza said: “We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week.”
The curse of the AWS S3 bucket strikes again
During 2019 we repeatedly reported that misconfigured Amazon Web Services (AWS) buckets were leaving potentially sensitive data unsecured. The biggest of these being Teletext holidays, which had left the data of more than half a million of its customers exposed for three years. Now, cybersecurity experts have found that an unsecured database on AWS has been exposing sensitive information on thousands of British consultancy firms as well as working professionals. This information includes the scans of passports of British consulting professionals.
The researchers said that the bucket was leaking sensitive information and they were able to see all files stored in the database, including thousands of passport scans, tax documents, background checks, job applications, expense forms, scanned contracts, emails, and salary details.
It isn’t known how long the data had been left exposed, but it contained everything a cybercriminal would have needed to carry out large-scale fraud and identity theft should they have been aware of it. The database has now been taken offline and the researchers have said that the issue was due to the bucket owner’s neglect and not the fault of AWS. Again, this points to a lack of training or understanding within businesses on the need for cybersecurity processes around sensitive information held on cloud services such as this.
Those were some of this week’s top stories but if you want more content, follow us across our four social media channels: