Infosec Round-Up Oct 29th
UK Ransomware Doubles, DDoS Attacks & Teen Scammer
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
UK Ransomware Attacks Double
The head of the UK’s Government Communications Headquarters (GCHQ) has stated that the number of ransomware attacks against British institutions has doubled in the past year.
Jeremy Fleming, the director of GCHQ made the disclosure this week at the Cipher Brief annual threat conference, noting ransomwares increased popularity amongst criminals was due to the attack vector being both highly profitable and “largely uncontested”.
Although GCHQ has not made the exact numbers of recorded ransomware attacks for this year or the last public, Mr Fleming recently announced that in a joint initiative with the UK’s new National Cyber Force, offensive tactics would be used to bring down the gangs responsible.
In his remarks the head of the spy agency noted: “If you do fairly basic cyber security, if you are really clear at an organisational level about things that you need to protect and if you are very diligent in implementing the guidance of your cyber security professionals… then you’re going to protect yourselves.”
Internet Phone DDoS Attack
In what has been described as an “unprecedented” cyber-attack, multiple UK based voice over internet protocol (VoIP) service providers have been targeted by distributed denial of service (DDoS) attacks.
Although the exact number of the attacks has not been disclosed, the Comms Council UK noted that the DDoS attacks which occurred over the past month “appear to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals”.
Resulting in numerous outages, VoIP technology allows for calls to be made over the internet, providing infrastructure to a range of customers, including businesses as well as public services, including the police and NHS.
A spokesman for the UK’s communications regulatory authority Ofcom has stated on the matter: “We're aware that some networks have been experiencing problems recently… We are in contact with them to establish the scale and cause of the problem, and also liaising closely with the UK Government and National Cyber Security Centre.”
Teen Scams £2 Million
Police have confiscated over £2 million worth of cryptocurrency from a Lincolnshire teenager who ran a sophisticated online gift voucher scam.
Having set up a website designed to impersonate legitimate online business Love2Shop, the seventeen-year-old also bought Google ads which allowed his fraudulent website to be promoted alongside the real one.
Believed to have harvested £6,500 worth of vouchers during the websites time of operation, a later police investigation also revealed on the teenager’s computer 12,000 credit card numbers, 197 PayPal accounts, and 48 Bitcoins.
Appearing in court this week, the judge handed down a 12-month youth rehabilitation order, as well as commenting that if the offender was an adult, he would be facing jail time.
Detective Constable Luke Casey of Lincolnshire Police noted on the case: “Cryptocurrency is often thought by criminals to be an anonymous way to move funds around undetected, but I'm glad that in this case we were able to highlight that the police are now able to effectively investigate offences of this nature.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.