Infosec Round-Up Oct 29th

UK Ransomware Doubles, DDoS Attacks & Teen Scammer

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

UK Ransomware Attacks Double

The head of the UK’s Government Communications Headquarters (GCHQ) has stated that the number of ransomware attacks against British institutions has doubled in the past year.

Jeremy Fleming, the director of GCHQ made the disclosure this week at the Cipher Brief annual threat conference, noting ransomwares increased popularity amongst criminals was due to the attack vector being both highly profitable and “largely uncontested”.

Although GCHQ has not made the exact numbers of recorded ransomware attacks for this year or the last public, Mr Fleming recently announced that in a joint initiative with the UK’s new National Cyber Force, offensive tactics would be used to bring down the gangs responsible.

In his remarks the head of the spy agency noted: “If you do fairly basic cyber security, if you are really clear at an organisational level about things that you need to protect and if you are very diligent in implementing the guidance of your cyber security professionals… then you’re going to protect yourselves.”

Internet Phone DDoS Attack

In what has been described as an “unprecedented” cyber-attack, multiple UK based voice over internet protocol (VoIP) service providers have been targeted by distributed denial of service (DDoS) attacks.

Although the exact number of the attacks has not been disclosed, the Comms Council UK noted that the DDoS attacks which occurred over the past month “appear to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals”.

Resulting in numerous outages, VoIP technology allows for calls to be made over the internet, providing infrastructure to a range of customers, including businesses as well as public services, including the police and NHS.

A spokesman for the UK’s communications regulatory authority Ofcom has stated on the matter: “We're aware that some networks have been experiencing problems recently… We are in contact with them to establish the scale and cause of the problem, and also liaising closely with the UK Government and National Cyber Security Centre.”

Teen Scams £2 Million

Police have confiscated over £2 million worth of cryptocurrency from a Lincolnshire teenager who ran a sophisticated online gift voucher scam.

Having set up a website designed to impersonate legitimate online business Love2Shop, the seventeen-year-old also bought Google ads which allowed his fraudulent website to be promoted alongside the real one.

Believed to have harvested £6,500 worth of vouchers during the websites time of operation, a later police investigation also revealed on the teenager’s computer 12,000 credit card numbers, 197 PayPal accounts, and 48 Bitcoins.

Appearing in court this week, the judge handed down a 12-month youth rehabilitation order, as well as commenting that if the offender was an adult, he would be facing jail time.

Detective Constable Luke Casey of Lincolnshire Police noted on the case: “Cryptocurrency is often thought by criminals to be an anonymous way to move funds around undetected, but I'm glad that in this case we were able to highlight that the police are now able to effectively investigate offences of this nature.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.