InfoSec Round-Up May 7th

Romance Fraud, Wi-Fi Flaws & Ransomware Action

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Ransomware Task Force Urges Action

An international coalition of law enforcement entities and technology companies are calling for “aggressive and urgent” action against the growing problem of ransomware.

Insisting that there is “more than just money at stake” and that “ransomware has become a serious national security threat and public health and safety concern”, the Ransomware Task Force (RTF) has issued nearly 50 recommendations to governments to help tackle ransomware attacks.

Including entities such as the UK’s National Cyber Security Centre (NCSC), Microsoft, the FBI and Amazon, amongst other suggestions, the RTF recommends that governments make it mandatory for victims to report if criminals and paid, additionally asking for increased regulation for cryptocurrency services.

With the NCSC reporting that it has handled more that 3 times as many ransomware incidents in 2020, relative to the preceding year, and an estimated global annual cost of somewhere between $42bn and $170bn, it is clear that ransomware is a problem on the rise.

Speaking to the ransomware issue, RTF co-chair Jen Ellis stated, “Citizens are being impacted by this every day. It's having a huge impact on the economy and the ability for ordinary people to access critical services.”

Adding, “The funds that come in from paid ransoms fund other forms of organised crime, like human trafficking and child exploitation.”

Romance Fraud Costs Victim £113,000

Rachel Elwell, of the West Midlands, is currently facing bankruptcy after losing almost £113,000 to a romance fraud scammer she met on a dating website.

Having claimed that he lived near the victim, but that he was abroad for an engineering contract in Ukraine, the scammer successfully convinced Ms Elwell that he had been taken captive by loan sharks and that his life was in danger.

Supporting his claims with forged documents and staged photographs, the victim first sent the scammer £250, though eventually ended up losing just under £113,000; money which is unlikely to be recovered.

Interviewed by the BBC, when asked why she had sent the funds, Ms Elwell explained, “When he said his life was in danger and I didn't hear from him, I thought he'd been murdered… Can you imagine feeling you're responsible for whether someone lives or dies?”

Attempting to confirm the man’s story, Ms Elwell only realised her mistake after visiting the scammers supposed address in Coventry, discovering that nobody of that name lived there.

As an increasingly common form of fraud, a spokesperson for the West Midlands Police stated, “Rachel's case is a prime example of romance fraud, her case highlights how much these scammers affect people's lives.”

Routers at Risk

A report by consumer watchdog Which? has warned that millions of people could be at risk due to outdated routers.

Having examined 13 models provided by internet service providers, including EE, Virgin Media and Sky, the organisation discovered flaws in more than two thirds of devices.

Estimating that around six million households could be using a device that has not been updated since 2018 or earlier, issues discovered include weak default passwords, a lack of firmware updates and local network vulnerabilities.

In response to the report, several ISPs have hit back, including Virgin who stated that they do not “recognise or accept the findings of the research.”

With proposed UK legislation banning the use of default passwords being present on devices, computing editor for Which?, Kate Bevan stated that the updates to the law “can’t come soon enough.”

Adding “Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to update devices that pose security risks”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.