Robin’s Newsletter #221

11 September 2022. Volume 5, Issue 37
Ex-Uber CISO trial underway for bug bounty handling of data breach. UK, US, Albania condemn Iranian cyber-attacks. China accuses NSA of spying.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

My thoughts are with those mourning the loss of Her Majesty Queen Elizabeth II and the 21st anniversary of the 9/11 terrorist attacks.

This week

  • The trial of former Uber CISO Joe Sullivan has begun, with DOJ attorney Andrew Dawson saying the case is “about coverup, about payoff, and about lies.” Many in the security community believe that Sullivan is not to blame, having consulted with then CEO Travis Kalanick and Uber’s legal counsel on the treatment of a data breach and extortion attack by two cyber criminals as a ‘bug bounty’ submission (vol. 3, iss. 34),

  • The UK’s Data Protection and Digital Information Bill got its second reading on Monday when the outgoing Secretary of State for Digital, Culture, Media and Sport introduced the bill for its first debate by MPs. Hailed by Dorries as “one of Brexit’s biggest rewards,” the bill has led to warnings that material deviations from the EU’s General Data Protection Regulations risk the adequacy decision and would mean adherence with multiple regimes for businesses. The bill will now progress to the committee stage, for individual clauses to be debated,

  • Albania has severed diplomatic ties with Iran after blaming the country for cyberattacks in July against government websites and publishing stolen documents via a front organisation calling itself ‘Homeland Justice’. NATO allies have rallied around the strong response to the incident, with the US introducing sanctions saying the action “disregards norms of responsible peacetime State behavior” and the UK condemning the “increasingly reckless pattern of behaviour by Iran”. Microsoft has published details of their investigation into the attacks,,

Interesting stats

  • 90% of healthcare IT worker respondents to a Ponemon/Proofpoint survey report their facilities have suffered a cyberattack in the past year, up from ~40% reported in a similar study conducted by Ponemon two years ago

Other newsy bits

  • North Korea’s Lazarus group has been targeting energy providers in the US, Canada and Japan with malware dubbed VSingle, YamaBot and MagicRAT, for espionage purposes, according to Cisco Talos. Chainalysis has helped the US government to identify the wallets containing $30 million of cryptocurrency stolen by Lazarus earlier this year from NFT game Axie Infinite,

  • The Los Angeles Unified School District (LAUSD) was targeted by cybercriminals in a ransomware attack over the Labor Day weekend. Schools in the US’s second-largest public school district were open as normal following the public holiday, though with “significant disruption” to technology systems. That the schools could stay open is a positive sign. Cybercriminals often use the cover of public holidays to give more time undisturbed to carry out their attacks

  • Just before the US Labor Day public holiday, Samsung snuck out a notification that the company had experienced a data breach. Information was light and the timing convenient (for the company), which had known about the intrusion for a month. Zach Whittaker has parsed what Samsung’s data breach notice does and doesn’t, say about their incident: that customer data was taken, but we don’t know for how many people, and that it included Social Security and precise geolocation data

  • InterContinential Hotels Group (IHG) notified the London Stock Exchange that “technology systems have been subject to unauthorised activity” on Tuesday. Customers were unable to make bookings via IHG’s website or app, though reservations were able to be made directly with hotel properties (many of which are operated under franchise). The attack bears all the hallmarks of a ransomware attack

  • Instagram is to appeal a €405 million ($402 million) fine from Ireland’s Data Protection Commission for GDPR violations. The fine was issued over the way that Instagram handled data of children aged 13-17, with many being able to switch their accounts from personal to business profiles in pursuit of content metrics, but that also resulted in contact information being made public

  • Bitwarden, an open source password manager with premium features, has raised a ‘minority growth investment’ round of $100 million to expand features and expand into the secrets management space 

  • Cymulate has announced a $70 million Series D funding round. Cymulate’s platform provides automated red teaming and attack simulations for endpoints, email and web gateways

  • Private equity firm Thoma Bravo has pulled out of its planned acquisition of DarkTrace after “an agreement could not be reached” on the terms of a deal

And finally

  • China has accused the US National Security Agency (NSA) of compromising the systems at the country’s Northwestern Polytechnical University. The university is involved in developing hypersonic missiles for the Chinese military and would represent a pretty obvious target for espionage. The accusations linked back to NSA director Rob Joyce, who ran the ‘Tailored Access Operations’ team (tasked with such intrusions) though that role is hardly secret: Joyce has talked about it previously and is listed on the NSA website,

  Robin's Newsletter - Volume 5

  Joseph Sullivan Uber Bug bounty Lazarus Albania Iran Cyber-norms Attribution Samsung Data breach Data Protection and Digital Information Bill General Data Protection Regulation Instagram