Plain English Cyber in 3 articles, 2 numbers and 1 action.

This week: University of Limerick is a victim of invoice redirection fraud; self-driving cars remind us that humans are still useful, and DeFi security continues to defy logic.

This week’s action: Come to Limerick. Fly from Shannon. Just don’t use a self-driving car to get here.

If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.

 

THREE ARTICLES

 

1: University of Limerick is the victim of a €100k payment fraud

While I sit here in my hometown of Limerick this week, the Irish Independent reports that just over €100k was stolen from UL last July as a result of an invoice redirection fraud.

‘Invoice redirection fraud’ involves an organisation being fooled into transferring money into a criminal’s bank account. It is usually involves a fake invoice or payment instruction being sent to the victim by email. While the email may appear to come from a genuine supplier or partner, it has been written by a criminal.

UL reported the crime to the Gardai and to Bank of Ireland, and the bank refunded UL ‘for the full amount taken in the fraud’. ‘It is suspected the culprits are based in the UK’.

‘The university said that measures have been taken aimed at preventing a similar occurrence’. This includes cybersecurity awareness training for all finance staff, as well as participation in a workshop to review the lessons learned from the crime.

Read more: https://www.independent.ie/irish-news/crime/gardai-and-interpol-liaise-to-track-down-uk-based-fraudsters-suspected-of-100k-university-of-limerick-theft-41862781.html (subscription required)
 

2: Self-driving cars

Sticking to my mid-west of Ireland focus this week, my next article is about self-driving cars. What’s the link between the mid-west and self-driving cars, I hear you ask? Well, Silicon Republic recently reported that Future Mobility Campus Ireland (FMCI) has just opened a facility in Shannon to “provide an R&D and testing site for mobility technologies spanning ground and air uses.” Apparently, FMCI partner with major players such as General Motors and Jaguar Land Rover (which also has a major R&D centre in Shannon).

Anyway, back to the self-driving cars. Wired Magazine recently reported on an incident with self-driving taxis in San Francisco. Cruise, a self-driving taxi company owned by General Motors, has a licence to operate its fully self-driving taxis in specific parts of San Francisco. Unfortunately, 60 of their vehicles all stopped at the same time recently, blocking roads and causing major traffic disruption to other road users. The issue was apparently caused by a server connection problem. And to add to the misery, “the company was unable to access its system which [would have allowed] remote operators to safely steer vehicles to the side of the road and had to wait for humans to get there and remove them while stopping traffic for up to 90 minutes”.

Apparently, failures of individual cars are common. Wired describes one example: “Around midnight on June 21, nearly two weeks after Cruise won permission to charge for rides, San Francisco resident Stephen Merity was walking through the city’s Tenderloin neighborhood when he saw a driverless Cruise stopped in a crosswalk, blocking a right-hand turn lane. When he returned a few minutes later, he found two more Cruise vehicles stopped behind the first. When another driverless car appeared and started to navigate around its stuck brethren, an apparently inebriated bystander cheered it on: “You can do it!

These incidents were not caused by a cyber-attack. But it demonstrates the difficulty of relying on computers to perform what us humans think are pretty simple tasks. In reality, they aren’t simple tasks. And when things go wrong, recovery from a technology failure is not as simple either.

Humans may be flawed. But they can operate independently, and are pretty resilient in challenging moments.

Read more: https://www.wired.com/story/cruises-robot-car-outages/ via https://gianlucamauro.beehiiv.com/p/biggest-data-break-ever-1-billion-people-impacted
 

3: Disneyland Facebook and Instagram pages display offensive messages

Slightly further afield from the beautiful mid-west of Ireland, The Record reports that “Disneyland officials are investigating an incident [recently] in which the Facebook and Instagram accounts of the theme park were hacked and used to send several offensive messages. [The attacker] used the n-word as well as the f-word repeatedly in the messages. The posts were removed within a few hours after the account, which has about 8.4 million followers, was taken down briefly.”

The attack reminds us that not all cyber-attackers are motivated by financial gain. Sometimes, they just want to inflict reputational damage.

The report does not explain how to the accounts were compromised, but it is certain that the use of Multi-Factor Authentication (MFA) would reduce the likelihood of such a breach as MFA ensures that a password is not enough to gain access to an account.

Read more: https://therecord.media/disneyland-investigating-compromised-facebook-and-instagram-accounts/ via Secure The Village
 

TWO NUMBERS

 

1: $540m

The amount of money that was stolen from a crypto gaming company, according to a recent report in The Block.

The attackers, apparently from North Korea, are said to have “duped a senior engineer at Axie Infinity into applying for a job at a fictitious company”. “One source added that the approaches were made through the professional networking site LinkedIn.“ After completing multiple rounds of interviews, “a fake [job] “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate [the company’s] systems”.

Read more: https://www.theblock.co/post/156038/how-a-fake-job-offer-took-down-the-worlds-most-popular-crypto-game via Secure The Village
 

2: $2 billion

The amount of money stolen as a result of DeFi hacks in the last two years, an increase of almost $1.3b since January 1st, according to the same report in The Block.

As I’ve said before, sometimes DeFi security defies logic.

Read more: https://www.theblock.co/post/156038/how-a-fake-job-offer-took-down-the-worlds-most-popular-crypto-game via Secure The Village
 

ONE ACTION

 

1: Come to Limerick. Fly from Shannon. Just don’t use a self-driving car to get here!

It’s the last Friday of July and I’d say about 80% of my regular readers are on their summer holidays right now.

For the 20% of you thinking about your holiday plans for August, if you live in Ireland and are thinking about going abroad, why not avoid the chaos of Dublin airport and fly from Shannon? The long-term car park is next to the short-term car park, and both are within walking distance of a world-class terminal building.

And if you are thinking of holidaying in Ireland, the mid-west and the Wild Atlantic Way are certainly worth a visit.

Just don’t rely on a self-driving car to get you here!