Infosec Round-Up Oct 29th
UK Ransomware Doubles, DDoS Attacks & Teen Scammer
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
UK Ransomware Attacks Double
The head of the UK’s Government Communications Headquarters (GCHQ) has stated that the number of ransomware attacks against British institutions has doubled in the past year.
Jeremy Fleming, the director of GCHQ made the disclosure this week at the Cipher Brief annual threat conference, noting ransomwares increased popularity amongst criminals was due to the attack vector being both highly profitable and “largely uncontested”.
Although GCHQ has not made the exact numbers of recorded ransomware attacks for this year or the last public, Mr Fleming recently announced that in a joint initiative with the UK’s new National Cyber Force, offensive tactics would be used to bring down the gangs responsible.
In his remarks the head of the spy agency noted: “If you do fairly basic cyber security, if you are really clear at an organisational level about things that you need to protect and if you are very diligent in implementing the guidance of your cyber security professionals… then you’re going to protect yourselves.”
Internet Phone DDoS Attack
In what has been described as an “unprecedented” cyber-attack, multiple UK based voice over internet protocol (VoIP) service providers have been targeted by distributed denial of service (DDoS) attacks.
Although the exact number of the attacks has not been disclosed, the Comms Council UK noted that the DDoS attacks which occurred over the past month “appear to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals”.
Resulting in numerous outages, VoIP technology allows for calls to be made over the internet, providing infrastructure to a range of customers, including businesses as well as public services, including the police and NHS.
A spokesman for the UK’s communications regulatory authority Ofcom has stated on the matter: “We're aware that some networks have been experiencing problems recently… We are in contact with them to establish the scale and cause of the problem, and also liaising closely with the UK Government and National Cyber Security Centre.”
Teen Scams £2 Million
Police have confiscated over £2 million worth of cryptocurrency from a Lincolnshire teenager who ran a sophisticated online gift voucher scam.
Having set up a website designed to impersonate legitimate online business Love2Shop, the seventeen-year-old also bought Google ads which allowed his fraudulent website to be promoted alongside the real one.
Believed to have harvested £6,500 worth of vouchers during the websites time of operation, a later police investigation also revealed on the teenager’s computer 12,000 credit card numbers, 197 PayPal accounts, and 48 Bitcoins.
Appearing in court this week, the judge handed down a 12-month youth rehabilitation order, as well as commenting that if the offender was an adult, he would be facing jail time.
Detective Constable Luke Casey of Lincolnshire Police noted on the case: “Cryptocurrency is often thought by criminals to be an anonymous way to move funds around undetected, but I'm glad that in this case we were able to highlight that the police are now able to effectively investigate offences of this nature.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Computer maker Acer hacked twice in a single week. Ofcom reports almost 45 million people targeted by scammers. US restricts the sale of hacking tools.
125GB of Twitch data leaked. School IT tech charged in insider threat case. EU parliament votes against A.I surveillance.
iPhone contactless flaw could allow locked phone payments. China warns crypto “seriously endanger the safety of people’s assets”. Ethereum research facing 20 years in prison.
REvil steals loot from affiliate criminals. Lithuania warns of Chinese made phones. UK MoD exposes the data of Afghan interpreters.
Irish DPA investigates TikTok data collection. NSO Group flaw fixed. Microsoft announces passwordless future.
Ragnar Locker threatens victims with possible data leaks. UK student jailed for "cynical" cyber crime. ProtonMail faces criticism.
Insider threat destroys 21GB of credit union data. Hackers leak UK firearms marketplace data. Coinbase accidentally sends 125K warning emails.
Ethical hacker rewarded with $500K after returning stolen crypto. Japanese exchange attacked. US loses $2.3 million to BEC scam.
48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.
Apple responds to CSAM scanning criticism. Crypto hacker returns over $300 million worth of tokens. Crytek game developer confirms data leak hack.