Weekly podcast: Sage insider, HEI hotels POS malware, and NSA hacked

This week, we discuss a data breach at software company Sage, a malware attack on hotel and resorts chain HEI, and the attempted auction of alleged US “cyber weapons” by hacking group the Shadow Brokers…

Hello and welcome to the IT Governance podcast for Friday, 19th August. Many thanks to Lewis and Michael for holding the fort for the last few weeks while I’ve been away. Without further ado, here are this week’s stories.

First, a salutary reminder that insider threats present a major security risk to all organisations: FTSE 100 software company Sage – which provides accounting and payroll software to some 3 million small and medium-sized businesses in 23 countries – reported on Monday that “a small number” of its UK customers’ personal details had been accessed “using an internal login”. The ICO has been informed.

A statement on Sage’s homepage said: “Our customers are always our first priority so we are communicating directly with those who may be affected and giving guidance on measures they can take to protect their security. Please note this issue does not affect any customers in other countries.” The announcement caused shares to fall, but they have since recovered.

A 32-year-old woman was arrested by City of London Police at Heathrow Airport on Wednesday on suspicion of conspiracy to defraud.

Hotel and resorts chain HEI has suffered a data breach affecting customers’ payment card information. Potentially compromised information includes the “name, payment card account number, card expiration date, and verification code of customers who used a payment card at point-of-sale terminals at […] affected properties” between January 2015 and June 2016.

In a notice published on its website, HEI said: “HEI was recently alerted to a potential security incident by its card processor. Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain properties designed to capture payment card information as it was routed through these systems.”

The notice lists 20 affected locations, including names such as Marriott, Sheraton and Hyatt.

A group of cyber criminals calling themselves the Shadow Brokers claim to have hacked Equation Group – a hacking team linked to the NSA, according to Kaspersky Lab – and are trying to sell off US “cyber weapons” to the highest bidder. “Attention government sponsors of cyber warfare and those who profit from it!!!!” said the group. “We find cyber weapons made by creators of stuxnet, duqu, flame.”

Cisco has confirmed that two of the exploits in the leaked archive – EPICBANANA and EXTRABACON – are legitimate. The Shadow Brokers’ hopes for a bounty of 1 million bitcoins – around US$580 million – may be a tad optimistic, though. Wired reports that the highest bid is apparently just shy of $1000 at the moment.

Whistle-blower Edward Snowden believes Russia is behind the malware leak, which he says could be designed to expose the NSA’s cyber warfare activities. “This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies,” he said.

In possibly unrelated news, the NSA’s website went down earlier this week. The NSA blamed the outage on a storm.

Well, that’s it for this week. As ever, please feel free to comment below, telling us a bit about yourself and what you’d like more information on and we’ll do our best to answer in coming weeks. Until next time, remember that you can keep up to date with the latest information security news on our blog. And whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.