Search This Blog

Showing posts with label UK. Show all posts

Apple and Google's Accused for Mobile Browser Monopoly Activities

The domination of Apple and Google in web devices and cloud gaming will be examined, according to the UK's authorities.

The Competition and Markets Authority announced on Tuesday that it is shifting forward on a market investigation it first suggested in June of how the companies regulate internet browsers for mobile devices and concerns that Apple restricts cloud gaming on its devices after receiving help in a public consultation.

The Competition and Markets Authority (CMA) found from market research conducted last year that they controlled the majority of mobile operating systems, app marketplaces, and web browsers.

If the 18-month study indicates an adverse impact on competition, the CMA may enforce modifications. However, the allegations are rejected by both businesses.

The authority announced on Tuesday that it is starting the investigation in part since the U.K. has put off giving its competition regulator new authority over digital markets, which is similar to what was recently passed in the European Union and which it claimed could help resolve those problems.

According to remarks released on Tuesday as part of the CMA's public consultation on its inquiry, some major IT rivals backed the investigation against Apple and Google. If nothing is done, Microsoft Corp. warned that Apple and Google's grip over its mobile ecosystems might pose growing challenges to the competition.

3D-printed guns: UK’s Latest Problem


Last month, officers from the Met's Specialist Crime Command discovered a suspected makeshift 3D firearm factory at a home in London. 

The met stated the seizure was “one of the largest” ever conducted in the UK and, it demonstrates the emerging threat of 3D firearms in the country. 

“The raid was part of an operation involving officers from the Met’s ‘Operation Viper’ team, who lead on developing firearms intelligence. This operation demonstrates how we continue to relentlessly target those who attempt to put lethal firearms on the streets of London,” commander Paul Brogden stated.

The discovery comes as some experts also warn of a growing threat. Matthew Perfect, head of the National Firearms Targeting Centre at the UK's National Crime Agency (NCA), says the latest 3D weapons are "stuff that you definitely, wouldn't want to see on the streets in the UK. These are automatic weapons. These are weapons that are capable of multiple rounds of discharge.” 

At present, the 3D printed components only form some of the parts needed to make a gun, at most 80 to 90% of the weapon, Mr. Perfect added. Key metal components such as the barrel typically have to be manufactured in more traditional ways. And the guns still require ammunition. 

John Maytham speaks to professor of criminology and public policy at the University of Brighton, Peter Squires, about the growth of 3D-printed firearms in the UK and the threat that they pose within the illicit firearm market. 

Rajan Basra, a senior research fellow at the International Centre for the Study of Radicalization at King's College London, says the situation in the UK impersonates a trend visible around Europe. While most violent extremists will prefer established weapons, printed guns are an alternative for those who can't obtain illicit firearms. 

“They're popping up all over Europe and police in the UK are intercepting them and burning them in London and Manchester. This is something that we thought was a slow-burn issue and that it would constitute a serious threat in years to come but suddenly they're turning up in real-world in both components and fully fabricated firearms,” Basra stated. 

Designing and owning homemade firearms, including 3D-printed guns, is banned in EU nations. In the UK, for example, the Home Office Guidelines of Firearm Licensing Law were updated in 2013 to specifically criminalize the manufacture, purchase, and sale of 3D-printed guns and gun parts. The first known conviction in the UK for producing a fireable 3D-printed gun came in 2018.

Data of UK and EU Users is Accessible to TikTok Staff in China


As part of an investigation by the BBC, it was disclosed that some of TikTok's workers had access to data from accounts in the UK and the European Union. These accounts have been made public by the Chinese company. 

As a result of a demonstrated need to do their work, Facebook said they had adopted the "privacy policy" as part of their "legal obligations." 

The company has come under scrutiny from authorities around the world in the past few years, including those from the UK and the US, over concerns over the possible transfer of data to Chinese officials. 

According to a report by the New York Times, the US government has called for the app to be banned in the country.
• US citizens can't be tracked by TikTok, the app's developers claim. 
• As far as I'm concerned, I've learned more on TikTok than I ever did in school. 

It has been stated that the policy applies to "the European Economic Area, the United Kingdom, and Switzerland" according to TikTok's website. 

As described in a statement on Wednesday by Elaine Fox, the platform's head of privacy and security for Europe, the platform's global team plays a key role in maintaining a "consistent, enjoyable, and safe" experience for users. 

Even though TikTok currently stores European user data in the US and Singapore, Ms. Fox explained that "we have allowed certain employees from our corporate group based in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States remote access to TikTok European user data." 

To limit the number of employees who have access to European user data, minimize data flows outside of the region, and store European user data locally, our main focus is on controlling access to European user data among employees. 

Additionally, she said the approach was subject to a series of robust security controls and approval protocols, and it was conducted in compliance with the General Data Protection Regulations (GDPR) regarding personal data use. 

An official at the US Communications Watchdog, the country's leading watchdog for communications, made the announcement the same week that he recommended a ban on TikTok. 

Brendan Carr, one of the commissioners at the Federal Communications Commission (FCC), told the Washington Post that there does not appear to be anything other than a ban as a solution to the problem.

There is no way in this world where you can come up with adequate protection. This is because the Chinese communist party will not fall into the hands of the Chinese communist regime. This is because he did not believe there was a world in which such protection could be implemented. 

In a series of interviews, ByteDance, the company behind TikTok, has denied that the organization is controlled by the Chinese government. 

Authorities in the UK, EU and the United States have systematically monitored the app for the past few years. 

The investigation is underway 

As a result of the public concern expressed in August by MPs regarding the risks of data being disclosed to the Chinese government, the UK Parliament closed the account for its TikTok service.

According to senior MPs and members of the parliament, the account should be removed until TikTok can give "credible assurances" that it will not be used to leak data to Beijing until that time. 

The Irish Data Protection Commission has also investigated the app about two privacy-related issues for which it acts as a lead regulator in the EU. 

A watchdog has begun investigating TikTok's processing of the personal data of children as part of a monitoring program. The company is also investigating whether its actions regarding the transfer of personal data overseas to other countries have been by EU law, for instance, to China. 

The same year, a US security panel ordered ByteDance to sell off its American operations. This was due to concerns that users' data may be shared with Chinese authorities, prompting ByteDance to sell off its American operations. 

In June this year, TikTok said it had migrated US users' information to servers run by American software giant Oracle in Austin, Texas. 

As reported last month, TikTok denied the report that a Chinese team at ByteDance was planning on using the app to track the locations of American citizens while they use the app. 

According to the social media company, TikTok has never been used as an instrument of targeting by the American government, activists, public figures, or journalists. 

Ms. Fox said on Wednesday that the app does not collect precise location data from its users in Europe, which is according to the European Union. 

With almost 4 billion downloads, TikTok is the world's fastest-growing social media app and has become one of the most popular in the world. 

According to analysis company Sensor Tower, the company has garnered more than $6.2 billion (£5.4 billion) in gross revenue from in-app purchases since its launch in 2017. It tracks trends related to mobile apps.

Security Experts Raise Concern Regarding Fairness of Conservative Leadership Contest


Malicious actors from rogue nations could try to discredit the Tory online vote with false narratives regarding the fairness of an online members’ vote, cybersecurity experts warned. 

After the controversial exit of Liz Truss, Conservative MPs will vote for their preferred candidate in a series of ballots. But if there are still two candidates remaining in the race after Monday, Tory party members will take part in an online vote to decide the new UK prime minister. 

Online voting concerns 

During the last Tory leadership election, held over the summer, the online publication Tortoise managed to register four bogus conservative members to demonstrate how the leadership contest is open to potential exploitation. 

The website signed up two foreign nationals, a person who did not exist, and a pet tortoise as members of the Conservative Party. Shockingly, the party accepted its payments of £25 for each registration, and the bogus recruits were issued membership numbers and invited to hustings. 

According to James Harding, the editor of Tortoise, the incident had raised serious concerns regarding the safety of the vote. He condemned the secrecy surrounding the ballot, with the Conservatives refusing to provide real insights regarding the modus operandi of their membership or the security arrangements. 

 “I think that it’s reasonable if you live in a democracy to try and know who’s voting the prime minister into power,” Harding stated. If you want to have confidence in your democracy you have to have some understanding of how the election works and that someone is supervising it. We could find ourselves in a position where we go to another membership contest and the membership is doing that online and how do we know that’s secure?” 

However, Conservative Party chairman Jake Berry insisted that the web ballot will be “secure” even though it had to be ditched for the last contest because of concerns regarding the system loopholes. Jake Berry "Without going into the security measures we will take, for reasons I'm sure you will understand, we are satisfied that the online voting system will be secure,” Berry stated. 

The concerns are raised amid warnings from threat analysts that hostile states like Russia could attempt to hijack the poll and influence who becomes the next Prime Minister. 

Previously in 2016, Russia was accused of attempting to interfere in key elections including the US presidential race and the Brexit referendum. 

According to Peter Ryan, a professor of applied security at Luxembourg University, KGB hackers could exploit the rules that allow Tory members living abroad to vote. 

“We don't know that much about the electorate that is putting in place the leader of a G7 country,” he said. For all we know, the KGB could have signed up a significant number of stooges. The margin last time was low - it would not take much to swing it.”

UK Residents Warned to Watch out for Purchase Scams when Buying Gifts this Christmas


Christmas shopping can be a headache for UK residents as hackers continue to ramp up their efforts to siphon money on online shopping sites. The prospect of long queues and the rising cost of living have persuaded many to scan for lucrative deals in order to manage their bank account this Christmas. 

A huge spike in energy bills has already put millions of households on the verge of fuel poverty and the situation can be much worse by the end of this year. Hence, Britons will choose to shop online for their presents this year, but Christmas could be ruined if you fall victim to the thousands of online scams. 

Over the last three months, there has been an 86% surge in reports of victims being conned while shopping online, as reported to the cyber helpline. 

A recent victim, who requested anonymity, explained how he was trapped in an online scam: “I was shopping online and found some good deals on a site I found on social media. I spent £179, but my items didn’t turn up. I contacted the customer care number and they advised me that the order had failed to go through even though the money had been deducted from my account.” 

“They sent me an email with a form to fill in to help them process my order. The form asked for the card details I had used for my order and without thinking I also shared my PIN. Over the next few days over £200 has been taken from my bank account.” 

In some cases, the items are delivered but they are faulty or completely different from the description. Additionally, the fraudsters are targeting sellers by sending the product before payment or buying an item and then returning a fake item, but getting their money back. 

Prevention strategies 

Here are some simple tips to help you and your family enjoy a secure online shopping experience this festive season. 

Question product availability: Carry out some research first, or ask a friend or family member if they’ve used the site and regarding their experiences before completing the purchase. 

Check where you are sending your money: Be cautious while paying for your items, and scan if there’s a ‘closed padlock’ icon in the browser’s address bar. Use a credit card when shopping online, if you have one. The majority of credit card providers protect online purchases. 

Employ strong passwords: Make sure that your really important accounts (such as your email account or online shopping accounts) are protected by strong passwords that you don’t use anywhere else. 

“Be extremely careful when you are shopping online this Christmas. The internet is awash with fake shopping sites, fake items for sale, and criminals trying to scam you,” Founder & CEO of The Cyber Helpline, Rory Innes, stated. There will be a lot of valid offers and deals over the coming weeks, but before you buy, check if the website is legitimate, if the offer looks reasonable, search online for reviews and check if the company really exists. If you received the offer in a message or email, don’t click any links and visit the official website directly to check if the offer exists.”

UK Transport Firm Go-Ahead Targeted in a Cyber Attack


Go-Ahead, one of the UK’s biggest bus operators, has said it is battling a cyber-attack after unearthing “unauthorized activity” on its network earlier in the week. 

The company said it became aware of a network breach late on Sunday and is “currently managing a cyber security incident” to keep buses running without disruption. However, the rail business remained unaffected as it operates on separate systems and is running smoothly in the UK and abroad. 

The cyber attack has affected parts of Go-Ahead’s back office systems, including the software that manages parts of its bus operations, such as driver rostering, although there was no disruption to services on Monday.

“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” the company said in a statement on Tuesday. 

The company has also notified relevant regulators of the attack, including the Information Commissioner’s Office in the UK. 

The Newcastle-based transportation is one of the UK’s biggest bus operators, with networks across South, South West, London, North West, East Anglia, East Yorkshire, and its native North East. The firm also operates multiple high-capacity railway services in the UK including Great Northern, Thameslink, Gatwick Express, and Southern. 

The incident occurred just weeks before Go-Ahead is due to be acquired by a consortium of Australian bus operator Kinetic Holding and Spain’s Globalvia Inversiones, backed by international pension funds. The acquisition previously estimated the value of the UK business at £669m. 

Cyber attacks on governments and other entities have multiplied in recent years. There were 2.8bn known malware attacks in the first half of 2022, up by 11 percent, cyber security company SonicWall reported.

Attacks on European entities surged more rapidly than in the United States. In Europe, the total number of malware attacks grew by 23 percent compared to the first half of 2021. In the United States, the number grew by 2 percent. 

"Cybercrime has been a global phenomenon for decades. But with geopolitical forces accelerating the reconfiguration of the world’s cyber front lines, the true danger presented by threat actors is coming to the fore —, particularly among those that once saw the smallest share of attacks," Bill Conner, president, and chief executive of SonicWall, stated.

UK Agency Publishes New Guidelines for Crypto Exchanges to Stop Sanctions Evaders


Crypto exchanges are now required to report suspected sanctions breaches to UK authorities under new rules introduced amid concerns that digital currencies such as Bitcoin, Ether, and Tether, or non-fungible tokens (NFTs) are being used to evade Russian sanctions. 

On August 30, the Treasury’s Office of Financial Sanctions Implementation (OFSI) updated official guidelines to specifically include "crypto assets" among the things that must be blocked if sanctions are imposed on an individual or enterprise. 

According to the regulations established by the Treasury's Office of Financial Penalties Implementation, cryptocurrency exchanges will be breaking the law if they fail to report customers who are subject to sanctions. 

The regulations mean that exchanges now have the same legal obligations as professionals like estate agents, accountants, lawyers, and jewelers. The breach of guidelines will mean crypto exchanges are committing a criminal offense if they fail to report customers designated for sanctions. 

“It is vital to address the risk of crypto-assets being used to breach or circumvent financial sanctions,” a Treasury spokesperson stated. “These new requirements will cover firms that either record holdings of, or enable the transfer of, crypto-assets and are therefore most likely to hold relevant information.”

Financial sanctions on Russian business tycoons, politicians, and firms have been among the UK’s most prominent responses to the invasion of Ukraine. 

Earlier this year in April, Binance, the cryptocurrency exchange giant, blocked the accounts of relatives of Russian politicians, including Polina Kovaleva, the stepdaughter of the foreign minister, Sergei Lavrov, and Elizaveta Peskova, the daughter of Putin’s spokesperson, Dmitry Peskov. 

Employing crypto assets to bypass sanctions and shift money across the globe was already illegal in the UK under laws that cover all “economic resources”. However, the latest guidelines underline authorities’ concern regarding the new assets, which could be employed for circumventing sanctions because customers do not rely on regulated exchanges to make transactions. 

Anna Bradshaw, a partner in Business Crime Department at Peters & Peters, a London law firm, supported the UK’s move by stating the new guidelines were “in line with the more general expansion of financial services and anti-financial crime regulation to the crypto sector”.

“Crypto and virtual assets are treated no differently than any other type of assets for the purposes of an asset freeze. Having said that, reliance on crypto or virtual currencies could potentially make it more difficult to detect that a sanctioned party is involved, or that it relates to sanctioned trade or other sanctioned activity – at least in time for steps to be taken to prevent it.”

Fraudulent UK Visa Scams Circulate on WhatsApp

According to a Malwarebytes report, individuals working in the UK are being scammed by a recent phishing campaign on WhatsApp. 

Scammers claim in a WhatsApp message that users who are willing to relocate to the UK for work will be eligible for a free visa as well as other perks. 

Bogus scam message 

Scam operators are disseminating information under the pretext of the UK government, promising a free visa and other advantages to anyone who wants to migrate there. The chosen candidates would be given travel and lodging expenses as well as access to medical facilities. 

The WhatsApp chat app is used to transmit to target volumes to start the fraud. Users are informed that the UK is conducting a recruiting drive with more than 186,000 open job positions because the country will require more than 132,000 additional workers by the year 2022. 

The objective of the scam 

When a victim clicks on the scam link, a malicious domain that looks like a website for UK Visas and Immigration is displayed to them. "Apply for thousands of jobs already available in the United Kingdom," is the request made to foreign nationals as per the scam.

The website's goal is to collect victims' names, email addresses, phone numbers, marital statuses, and employment statuses. 

Any information entered into the free application form is instantly 'accepted,' and the user is informed that they "will be provided a work permit, visa, plane tickets, and housing in the UK for free" according to a Malwarebytes report. 

Report fake WhatsApp messages

Users have the option to Report and Block on WhatsApp if they get a message from someone who is not on their contact list. One should disregard these spam communications and use the report button to file a complaint. Additionally, users can block these contacts in order to stop getting future scam messages from them.

Phishing attacks with a Visa theme are a typical occurrence in the world of cybercriminals. A similar hoax circulated several times in the past to entice people looking to work or study abroad.

In 2021, the UK Government was Plagued by Hundreds of Spam Emails


The UK government was reportedly bombarded with billions of phishing emails last year, with large numbers of questionable and fraudulent links being clicked on by staff. Comparitech recently published a report on these fraudulent emails and got responses in the sort of freedom of information requests from 260 government agencies. 

According to Comparitech, 764,331 government employees got a total of 2.7 billion fraudulent emails, averaging 2,399 per employee. However, this indicates that the emails were most likely flagged as malicious and prohibited by the relevant government agency. 

In 2021, personnel opened 0.32 percent of malicious emails on average, with 0.67 percent of these events resulting in employees clicking on potentially dangerous links, as per research. According to Comparitech, this might suggest some UK government employees clicked on 57,736 questionable links last year. The firm reiterated whether any FOI responses have been unclear - were ignored to avoid overestimating this amount. 

357 million fraudulent emails were received by NHS Digital's 3,996 employees, amounting to 89,353 mails per employee. Other essential infrastructure services, such as railway supplier Network Rail Limited, received 223 million malicious emails, or 5,033 emails per employee, while tax authority HM Revenue & Customs received 27.9 million spam emails, or 415 emails per employee. 

In other cases, the researchers' attempts to better grasp the government's ransomware threat were hampered by respondents' lack of transparency. "One government department reported in 2021 it had identified 97 data theft over just 30 days. Seventy-one government agencies were also glad to announce why they had not been hit by ransomware in 2021 the remaining 187 didn't say whether or not they had. In 2021, only two government agencies disclosed it had been the victims of a successful ransomware attack," said Paul Bischoff of Comparitech.

This New Russian Cyclops Blink Botnet Targets ASUS Routers


Nearly a month after it was discovered that the malware used WatchGuard firewall appliances as a stepping stone to obtaining remote access to infiltrated networks, ASUS routers have been the target of a budding botnet known as Cyclops Blink. 

The botnet's primary objective is to develop an infrastructure for additional attacks on high-value targets, according to Trend Micro, given that none of the compromised hosts belongs to vital organisations or those that have an obvious value on economic, political, or military espionage. 

Cyclops Blink has been identified by intelligence services in the United Kingdom and the United States as a replacement framework for VPNFilter, a malware that has targeted network equipment, especially small office/home office (SOHO) routers and network-attached storage (NAS) devices. 

Sandworm (aka Voodoo Bear), a Russian state-sponsored actor has been linked to both VPNFilter and Cyclops Blink. It has also been tied to several high-profile cyberattacks, including the 2015 and 2016 attacks on the Ukrainian electrical grid, the 2017 NotPetya attack, and the 2018 Olympic Destroyer attack on the Winter Olympic Games. 

The complex modular botnet, c language, affects a variety of ASUS router types, with the company admitting that it is working on a patch to handle any potential exploitation. –  
  • GT-AC5300 firmware under
  • GT-AC2900 firmware under
  • RT-AC5300 firmware under
  • RT-AC88U firmware under
  • RT-AC3100 firmware under
  • RT-AC86U firmware under
  • RT-AC68U, AC68R, AC68W, AC68P firmware under
  • RT-AC66U_B1 firmware under
  • RT-AC3200 firmware under
  • RT-AC2900 firmware under
  • RT-AC1900P, RT-AC1900P firmware under
  • RT-AC87U (end-of-life)
  • RT-AC66U (end-of-life), and
  • RT-AC56U (end-of-life)
Apart from employing OpenSSL to encrypt connections with its command-and-control (C2) servers, Cyclops Blink also includes specific modules that can read and write from the devices' flash memory, allowing it to persist and survive factory resets. A second reconnaissance module acts as a medium for exfiltrating data from the hacked device to the C2 server, while a file download component is responsible for retrieving arbitrary payloads through HTTPS. Although the exact form of initial access is unknown, Cyclops Blink has been affecting WatchGuard and Asus routers in the United States, India, Italy, Canada, and Russia since June 2019. 

A law firm in Europe, a medium-sized entity producing medical equipment for dentists in Southern Europe, and a plumbing company in the United States are among the impacted hosts. Because of the infrequency with which IoT devices and routers are patched and the lack of security software, Trend Micro has warned that this might lead to the establishment of "eternal botnets."

The researchers stated, "Once an IoT device is infected with malware, an attacker can have unrestricted internet access for downloading and deploying more stages of malware for reconnaissance, espionage, proxying, or anything else that the attacker wants to do. In the case of Cyclops Blink, we have seen devices that were compromised for over 30 months (about two and a half years) in a row and were being set up as stable command-and-control servers for other bots."

DDoS Assaults on Ukrainian Banking Elite has Resumed Yet Again

Cyberattacks took down Ukrainian official and bank websites, prompting the government to declare a statewide state of emergency amid growing fears that Russian President Vladimir Putin could launch a full-scale military invasion of Ukraine. The websites of Privatbank (Ukraine's largest bank) and Oschadbank (the State Savings Bank) were also blasted in the onslaught and brought down Ukrainian government sites as well, according to Internet monitor NetBlocks. 

"At around 4 p.m., another massive DDoS attack on the state commenced. We have relevant data from several banks," stated Mykhailo Fedorov, Minister of Digital Transformation, who also mentioned the parliament website had been hacked. Hackers were prepared to conduct big attacks on government organizations, banks, and the defense sector, as Ukrainian authorities said earlier this week. 

SSSCIP and other national cybersecurity authorities in Ukraine are currently "working on countering the assaults, gathering and evaluating information." According to the Computer Emergency Response Team of Ukraine (CERT-UA), the attackers used DDoS-as-a-Service platforms and numerous bot networks, including Mirai and Meris, to carry out the DDoS attacks on February 15th. The DDoS attacks were traced to Russia's Main Directorate of the General Staff of the Armed Forces on the same day, according to the White House. 

"We have technical information indicating ties the Russian main intelligence directorate, or GRU," Deputy National Security Advisor for Cyber Anne Neuberger stated. "Known GRU infrastructure was spotted delivering huge volumes of communication to Ukraine-based IP addresses and domains." 

Neuberger went on to say as, despite the "limited impact," the strikes can be considered as "setting the framework" for more disruptive attacks, which could coincide with a possible invasion of Ukraine's territory. 

The UK government also blamed Russian GRU hackers for the DDoS strikes last week which targeted Ukrainian military and state-owned bank websites. Following a press release from Ukraine's Security Service (SSU), which also had its website hacked, the country was attacked by a "huge wave of hybrid warfare." The SSU announced earlier this month so, during January 2022, it stopped over 120 cyberattacks aimed at Ukrainian governmental entities.

ICO Struck by 2650% Rise in Email Attacks in 2021


The UK's Information Commissioner's Office (ICO) reported a whopping 2650% spike in email attacks in 2021, as per official numbers acquired by the Parliament Street think tank following a Freedom of Information request, 

Email attacks on the UK's privacy and data protection regulator increased from 150,317 in January to 4,135,075 in December, according to the findings. For each month last year, the data refers to the volume of phishing emails discovered, malware detected and prevented, and spam detected and blocked by the ICO. 

The majority of the attacks were caused by spam emails, which increased by 2775 % from January to December. During this time, the number of phishing emails climbed by 20%, while malware increased by 423 percent. 

In December, the statistics revealed a significant increase in email attacks, with 4,125,992 spam messages, 7886 phishing emails, and 1197 malware cases. This increase is likely to be linked to the Omicron variant's rapid spread in the UK at the end of the year, with threat actors able to use issues like testing and immunizations as bait. This is in addition to the Christmas scams that proliferate in the build-up to the holidays. 

Edward Blake, area vice president EMEA of Absolute Software, commented: “Cyber-attacks are targeting organizations across the globe at an alarming rate, once again reminding businesses of the need to re-evaluate and revamp their security protection if it is not up to scratch. Cybersecurity is not just about protecting endpoints via anti-malware or email cybersecurity solutions. While these are important, there are now a variety of access points for cyber-criminals to capitalize on that IT leaders need to be aware of. These include vulnerable unpatched applications and network vulnerabilities, stolen or illegally purchased log-in credentials or even by hacking unprotected smart devices.” 

Barracuda Networks' manager, Steven Peake, expressed similar concerns, saying: “The pandemic continues to be a catalyst for opportunistic cyber-criminals to try and prey on unsuspecting, vulnerable people. Our recent research showed a 521% surge in COVID-19 test-related phishing attacks, so it is hardly surprising to see major organizations, such as the ICO, hit by such a high volume of threats as they represent lucrative targets. Phishing emails, malware, and spam, in particular, account for a large proportion of the threats these organizations face, so they need to implement measures to protect themselves. These cyber-attackers aren’t going anywhere anytime soon.” 

As part of its plans to reform the country's data sector, the UK government announced plans to revamp the ICO's structure last year.

UK Foreign Office Suffered ‘Serious Cyber Security Incident’


A "serious incident" compelled the Foreign Office of the United Kingdom to seek immediate cybersecurity assistance. A recently released public tender document confirmed the incident. According to a document released on February 4, the Foreign, Commonwealth and Development Office (FCDO) sought "urgent business support" from its cybersecurity contractor, BAE Applied Intelligence, 

The FCDO paid the company £467,325.60 — about $630,000 — for its services after issuing a contract for "business analyst and technical architect support to assess an authority cyber security incident" on January 12, 2022, according to the notice. However, the incident's facts, which had not previously been made public, remain unknown. 

The document stated, “The Authority was the target of a serious cyber security incident, details of which cannot be disclosed. In response to this incident, urgent support was required to support remediation and investigation. Due to the urgency and criticality of the work, the Authority was unable to comply with the time limits for the open or restricted procedures or competitive procedures with negotiation.” 

The Stack was the first to report on the BAE contract. According to an FCDO's spokesperson who did not give their name stated that the office does not comment on security but has measures in place to detect and protect against potential cyber events. Further queries about the incident, such as whether classified information was accessed, were declined by the spokesperson. 

TechCrunch also contacted the United Kingdom's data protection authority to see if the event had been reported, but is yet to hear back. The announcement of the apparent incident came only days after the British Council, an institution that specialises in international cultural and educational opportunities, was found to have suffered a severe security breach. Clario researchers discovered 144,000 unencrypted files on an unsecured Microsoft Azure storage server, including the personal and login information of British Council students. 

Following an investigation by the UK's National Cyber Security Center, Wilton Park, a Sussex-based executive agency of the FCDO, was hit by a cyberattack in December 2020, which revealed that hackers had access to the agency's systems for six years, though there was no proof that data had been stolen.

SPAR Stores Hit by Cyberattacks In UK


The SPAR retail has been compelled to shut down a few of its convenience stores in Britain after a cybersecurity breach on its IT systems. The cyberattack happened on Sunday, currently being investigated by Lancashire Police. SPAR consists of around 2600 stores placed across the UK. Due to the incident, 330 SPAR stores in England (North) couldn't finalize the payments, made using debit or credit cards. The attack also stopped the shops from using their stock control systems and their accounting. 

Meanwhile, some of the stores remained closed due impact of the attack, few of the stores have started running but currently taking only cash payments. "There has been an online attack on our IT systems which is affecting stores' ability to process card payments, meaning that a number of SPAR stores are currently closed. We apologize for any inconvenience, we are working as quickly as possible to resolve the situation," SPAR said in a tweet. A SPAR store located in Hull University campus in Yorkshire was one of the targets affected by the attack and had to be closed. 

Stores presented at other locations in Yorkshire and Lancashire were also affected by the attack. SPAR disclosed on social media that the company suffer an online attack on the IT systems of its main wholesaler, James Hall, and Co. Ltd, of Preston in Lancashire. BBC reports "question for James Hall is now the one all cyber attack victims dread - shall we pay criminals to get our shops back online? But of course, for the hundreds of thousands of Spar customers affected by the hack, the more pressing question is when will their local stores open again." 

The James Hall company site was closed during the time of publication. "Due to a major & widespread IT failure across the entire Northern SPAR network, all Northern SPAR stores will be closed for an unknown period of time," said SPAR Ribchester.

Norton Research Shows That Almost 42% of UK Gamers Have Encountered Cyber-Attack


Regardless of whether casual or diehard, gamers polled in the UK said that they would rather spend their time playing video games than attending a sporting event or concert (72%), going on a date (72%), or reading a book (68 % ). 

The 2021 Norton Cyber Safety Insights Report: Special Release – Gaming & Cybercrime, undertaken by The Harris Poll among more than 700 UK adults who as of now play online games, discovered that even more than two in five UK gamers (42 percent) have encountered a cyberattack on their gaming account or gadget. Nearly four in five (78 percent) of the those polled say they have been monetarily impacted as a direct consequence, losing an average of £145. 

The study also revealed remarkable conclusions about gamer-to-gamer cyber risks as well as the extents gamers would go to win. More than a quarter of British gamers polled (28%) are at least slightly likely to hack into a friend's, family member's, or romantic partner's gaming account if they knew that it would give a competitive benefit in an online video game. This perception is much more pronounced among hardcore gamers, with approximately half of those polled (48 percent) simply stating they are at least somewhat likely, highlighting serious gamers' tenacity to win. 

“These findings are jarring, but there are some gamers out there that will do whatever it takes to win,” said BigCheeseKIT, gamer, and Twitch streamer. “I’ve learned that when you’re gaming online, it’s so important to be mindful of who you are friends with online and what information you share when gaming online. While this is especially true for professional gamers who have that public profile, it’s clear this goes for any online gamer.” 

The competitive spirit pervades all sorts of gamers, from casual to diehard. If they knew it would give them a competitive advantage, nearly half of UK gamers polled (43 percent) said that they are at least somewhat probable to exploit loopholes or technical problems in a game, and nearly one-third (34 percent) would download cheats to their gaming account or systems, pay to take possession of some other user's gaming account (30 percent), or hack into a spontaneous player's gaming account (29 percent ). 

“Scammers know that – for both experienced and casual gamers – cheats, skins, and limited edition items are highly sought after,” said Armin Buescher, Technical Director at NortonLifeLock. “Offering these competitive boosts is a perfect opportunity to share malicious links or trick gamers into downloading malware that, if successful, can rob players of their gaming profile, personal information, or more. Having security that specifically helps protect against these threats can give players peace of mind so they can focus on the enjoyment of the game itself.”

Labour Party Hit By A Cyber Attack


The Labour Party has been impacted by a "cyber incident" affecting the data of its representatives and members. On October 29, Labour stated it was informed by a third-party business that managed membership data on its behalf that they had been impacted by the incident. 

The Labour Party is a British political party that has been defined as a coalition of social democrats, democratic socialists, and trade unionists. The Party is located on the political spectrum's center-left. As a result, "a significant quantity" of party data was "rendered inaccessible on their systems". 

The issue is being investigated by the Information Commissioner's Office and the National Cyber Security Centre. Labour wrote in a recent statement that it was collaborating with both the authorities, as well as the National Crime Agency, to figure out what occurred. 

The company also stated that it had been "working closely and on an urgent basis with the third party to understand the full nature, circumstances and impact of the incident" but that its data systems remained untouched. 

Labour is yet to divulge the identity of the third party, the overall scope of the event, or the sort of data compromised. However, it specifically stated that the issue involved data submitted to the party by "members, registered and affiliated supporters, and other individuals who have provided their information". Notably, the Labour Party's remark is ambiguous and raises many problems for party members. 

The NCSC stated that it was aware of the situation and also was supporting Labour. It advised everyone “who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages.”

The NCA acknowledged that it was conducting the criminal probe and stated that its investigations were in their early stages. “We are working closely with partners to mitigate any potential risk and assess the nature of this incident,” a spokesperson said. 

This was not the first time that Labour has been harmed by a cyberattack. Last year, it was revealed that a cybercriminal acquired donor information from a third-party source named Blackbaud between February and May. Names, email addresses, phone numbers, and donation amounts were among the data obtained.

HM Treasury of UK Received Five Million Malicious Emails in Past Three Years


Her Majesty’s Treasury, the UK government department answerable for the country’s financial policy, has been hit by almost five million destructive email assaults in the previous three years, according to official figures. 

A Freedom of Information (FoI) request submitted by the think tank Parliament Street revealed that 4,870,389 phishing, malware and spam emails concentrating on HM Treasury were effectively blocked in this period. This comprised 1,271,207 malicious email attacks from October 2018 to September 2019, 1,918,944 between October 2019 to September 2020, and 1,680 from October 2020 to September 2021. 

The information comes as Chancellor Rishi Sunak prepares to ship the United Kingdom govt’s annual budget, which is anticipated to incorporate pledges around cybersecurity, such as funding to minimize the digital skills gap. 

The figures highlight the escalating determination of threat actors to access and steal confidential government information. Earlier this week, Parliament Street disclosed that more than 126 million malicious emails had been fired at House of Commons inboxes this year, a 358% increase at the overall figure for 2020. However, there was no specific data on how many threats slipped past email filters over this period. 

The number of malicious emails blocked by HoC filters in 2018 was 15.7 million, which surged to nearly 30.3 million in 2019, but then dropped again to almost 28 million in 2020. With 126.4 million malicious emails recorded up to September this year, Parliament Street believes the total for 2021 could reach as high as 150 million.

“The ever-present cyber threat facing public sector organizations is not going to disappear any time soon. In fact, recent trends indicate that cyber-attacks are likely to become more sophisticated, and criminals will find new ways to breach systems, disrupt apps and websites, and steal sensitive data,” Chris Ross, SVP International for Barracuda Networks, said. 

“This is why it is imperative the organizations defend themselves from all angles, with web application firewalls, to protect cloud infrastructure and network, email inbox defense software, to help defend against the onslaught of phishing attacks targeting employees, and a third-party data backup solution, to protect data and organizations against the growing ransomware threat,” he added.

UK Based Firms, Voip Unlimited, And Voipfone Under DDoS Attack


Users of Voipfone's UK business broadband and Voice-over-Internet-Protocol (VoIP) services have reported to that the supplier has been facing massive service interruptions for the past couple of days, that also seems to be the consequence of a Distributed Denial of Service (DDoS) attack against their system applications. 

Likewise, South Coast-based Voip Unlimited had also reported that it has been bombarded with a "colossal ransom demand" after being struck by a prolonged and large-scale DDoS attack. They believe that it was launched by the Russian cybercriminal organization REvil. 

On September 2nd, it reported that "services are operational ... however the attacks are still ongoing." 

However, at this point, it remains unclear whether any additional UK Internet Telephony Service Providers (ITSP) have also been affected or not. Nevertheless, the UK Comms Council – the industry association which represents ITSPs – has alerted customers well about cyberattacks and reminded them to implement "appropriate DDoS mitigation strategies." 

Mark Pillow, MD of Voip Unlimited, informed that the business accepts "full responsibility of the availability of our services to our clients" and that they feel "extremely sorry for all inconvenience caused." 

He further explained: "At 2 pm 31st August, Voip Unlimited's network was the victim of an alarmingly large and sophisticated DDoS attack attached to a colossal ransom demand." 

DDoS attacks usually function by flooding a target server or end-user with data requests from numerous internet-connected devices (often malware-infected machines/botnets, etc.), causing the designated destination to crash or experience substantial performance issues until the bad traffic ceases. These attacks might potentially reveal additional vulnerabilities that hackers can abuse. 

A number of VoIP Unlimited's networks suffered "intermittent or total loss of internet connectivity services" as a result of the attack, however, clients utilizing its Voip Unlimited Ethernet and Broadband services are thought to have been mostly unharmed. 

"UK Comms Council has communicated to us that other UK SIP (Session Initiation Protocol) providers are affected and identified them as a criminal hacking organization called REvil who appear to be undertaking planned and organized DDoS attacks against VoIP companies in the UK," Pillow added. 

The sheer magnitude of the attack is yet unknown, but according to an email sent by Voipfone on Tuesday and obtained by El Reg, the firm's services were "intermittently disrupted by a DDoS attack" over the Bank Holiday weekend, flooding its system with phony traffic from tens of thousands infected devices. 

It is quite noticeable that the users have now become extremely upset as a result of their inability to access vital digital telecommunication services upon their return to work following the August Bank Holiday weekend. 

In a statement, chair of Comms Council UK Eli Katz told, "Comms Council UK is aware of the Denial of Service attacks currently targeting IP-based communications service providers in the UK and that a small number of our members have been impacted. We have communicated the issue to our membership and are continuing to liaise closely with them to share further information and support as the situation develops." 

Likewise, an alleged DDoS attack on Iran's telecommunications networks in February caused a substantial disturbance, wiping out around 25% of the country's internet connectivity and triggering an early outage of mobile and fixed-line services.

NCSC Alerts of Cyber Threats to Ireland's Energy, Telecoms and Transport Sectors


One of the UK's leading cyber officials has cautioned of a rising threat to Ireland's cross-border telecoms, energy, and transportation infrastructure while praising the UK's continued close cooperation 

Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), mentioned that the two countries had "shared cyber interests" and a strong bilateral partnership while speaking remotely at an Institute of International and European Affairs (IIEA) event in Dublin. 

This will become increasingly crucial, as per given the potential of increased cyber-threats affecting both Northern Ireland and its southern neighbor.

“Energy security for Northern Ireland is based on gas pipelines and electrical interconnectors to both Great Britain and across the border, including the Single Electricity Market. The energy sector is dependent on operational technology — connected systems that monitor and control automated industrial processes — to function effectively and efficiently,” Cameron explained. 

Cameron noted that it is a real possibility that this reliance on operational technology and the interconnected nature of the energy supply network on the island of Ireland combines to create a potential target for cyber-attacks.

Other probable concerns include a ransomware attack on the rail link between Belfast and Dublin, collectively operated by Northern Ireland Railways and Irish Rail, she noted. 

Cameron cautioned state actors are a constant concern that might exhibit themselves in the telecoms industry – where targets could be compromised to facilitate spying in other sectors as well as sources of consumer and communications data in and of themselves. 

She further added, “Some managed service providers that operate in Northern Ireland provide services both sides of the border. It is, therefore, a realistic possibility that a cyber-attack on a telecoms provider could impact services to both of our countries.” 

“The governments of both UK and Ireland have been clear that they will not tolerate malicious cyber activity, and we have and will publicly call out state-level attacks.” 

These dangers are no longer theoretical: in May, the Irish Health Service was targeted by a very destructive ransomware attack, which Cameron claimed put patients' lives in jeopardy. 

Following the incident, the NCSC collaborated closely with its Irish partners, however, the threat actors themselves handed over the decryption key after a few days as a "public relations move".

Cisco Smart Install Protocol is Still Being Exploited in Cyber-Attacks


Five years after Cisco issued its first warning, the Smart Install protocol is still being utilized in assaults, and there are around 18,000 internet-exposed devices that might be targeted by hackers. Smart Install is a plug-and-play configuration and image-management technology from Cisco that allows new switches to be deployed with zero-touch. Smart Install can be extremely important to organizations, but it can also be a significant security concern. 

A Smart Install network consists of a group of networking devices known as clients that are served by a common Layer 3 switch or router that serves as a director. You can use the Zero-Touch Installation process in a Smart Install network to install new access layer switches without the help of the network administrator. The director acts as a central management point for client switch images and configuration. When a new client switch is added to the network, the director immediately recognizes it and determines which Cisco IOS image and configuration file should be downloaded. 

The function remains enabled and can be accessed without authentication once a device has been set up via Smart Install. Malicious actors have been able to remotely target devices with Smart Install enabled, including reloading devices, loading a new operating system image, and running arbitrary commands with elevated privileges. 

After an exploitation tool was made public in 2016, Cisco issued a warning on the misuse of Smart Install. In 2017 and 2018, the company sent more alerts, identifying hundreds of thousands of vulnerable devices, including those in critical infrastructure organizations. In 2018, it was revealed that hacktivists targeted the Smart Install function in assaults on Cisco switches in Iran and Russia as part of an ostensibly pro-US attack, as well as a state-sponsored cyberespionage group affiliated to Russia. 

In 2016, the number of networking equipment vulnerable to Smart Install assaults surpassed 250,000, but by 2018 it had reduced to 168,000. The Shadowserver Foundation is still keeping track of the number of potentially susceptible devices, reporting that almost 18,000 are currently online, including many in North America, South Korea, the United Kingdom, India, and Russia. 

Last month, Lumen Technologies' Black Lotus Labs cybersecurity unit discovered that a hacktivist group had compromised at least 100 internet-exposed routers belonging to both public and private sector entities, most of which were based in the United States.