Manchester United hit by 'sophisticated' cyber attack but say fan data is safe

Manchester United systems have been hit by a cyber attack but have stated that the data of their customers and fans have not been compromised. Currently, details surrounding the attack are scarce with the team only disclosing that the attack was a “sophisticated operation by organized cybercriminals”. The club has assured fans that all public-facing systems, such as their mobile app, social media and website, remain secure and no disruption of matches are expected.
Female athletes hacked in 'reprehensible' naked photo leak

On Fridays 20th November, the same night as the Manchester United cyber attack, four female British athletes had explicit photos from their phone stolen and leaked online. One of the althetes, who all remain unnamed, reportedly had around 100 images stolen while another had 30 images and videos taken in the attack.

A spokesperson for the NCSC has “utterly reprehensible” and the organisation recommend that turn on two-factor authentication where it’s available and ensure the use of strong passwords.
UK's National Cyber Force comes out of the shadows

The existence of the National Cyber Force has been confirmed after months of speculation. The force has come to fruition a decade after the UK started its offences cyber operations, the force will counter threats from terrorists, hostile states and criminals. MI6 officers will work alongside both the cyber-spy agency GCHQ and the military as part of a new unified command.

Even though the existence of the National Cyber Force was formally made public by the PM this month, it has in fact been up and running since April. The aim is for cyber operations to be intergraded with traditional military, though, force will not just focus on high end military capabilities, it will also operate day-to-day to combat wider threats.
Black Friday shoppers urged to avoid handing cyber criminals early Christmas gift
Passwords are the foundation for cybersecurity efforts, a strong password can be the first line of defence in protecting our devices and online accounts from cyber criminals and their malicious actions. The importance of a strong password is often stressed in advice about cyber security but many are unaware of what are the characteristics of a strong password are.

Here are some top tips:
Use Three Random Words

Strong passwords are often pictured as a random sequence of nonsensical letters, numbers and symbols. While these passwords can offer a good amount of protection they are often unmemorable, using three well-chosen and random words can acts as a passphrase so it’s easier to remember and can offer a considerable amount of security. To strengthen the password more add in symbols, digits and/or capital letters e.g. monkey*Girdle*biscuit or Coffee41walnutPuppy. Its best to avoid phrases that may be easy to guess like ‘onetwothree’ or words closely related to you such as the names of pets or family members.

Use 2 factor authentication (2fa)

Most websites allow you to set up 2 factor authentication. This may mean, requiring the input of a pin sent to your phone as well as your usual password. It is strongly recommended that you use this security feature for all you critical accounts. That way, even if your password is compromised by a cyber criminal, your account is still safe as they will not have, for example, the pin set to your phone needed to log in.
Use a Password Manager

It is recommended that a unique password is used for every account or device you have. Using the same password over multiple accounts can be extremely dangerous because if a cyber criminal obtains one of your passwords, they may then be able to access other accounts. A  password manger can be beneficial as it remembers all your unique passwords for you and can input the relevant login details into an app or website on your behalf. There are different types of password managers, some are integrated into internet browser like Google Chrome or Firefox, or are part of the operating system on your smartphone or tablet and others are standalone services that are downloaded.
While password managers are extremely helpful, it is important that they are kept secure as if a cyber criminal gains access to it they will potentially have access to all of your login credentials for all associated accounts. Therefore, it is highly recommended that updates are installed on the password manger as soon as they come out, a strong password is used to the password manger itself (e.g. three random words) and 2 factor authentication (2fa) is set up and utilised so you have a backup plan if someone attempts to get into your password manager account.

For more information on password managers visit the NCSC Guide- Password Managers: how they help you secure passwords

Weekly Threat Report 27th November 2020
Mozilla withdraws Adobe Flash support in January 2021
Capcom warns of potential ransomware impact

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

According to Armorblox, a recent spike in phishing attacks and business email compromise can be traced back to the exploitation of google services by cyber criminals. Arjun Sambamoorthy, head engineer and co-founder of Armorblox, has recently published a report detailing how services such as Google Forms and Google Docs are being used by malicious individuals to give their spoofing attempts a sense of legitimacy, to both security filters and victims.
IBM Works With Cisco to Exorcise Ghosts From Webex Meetings

CISO Webex is a video conferencing tool that has seen a boost in popularity in recent months as more and more people work from home. At its peak, the platform is believed to have hosted as many as 4 million meetings in a single day and claimed has to have as many as 324 million users, however, research conducted by IBM Research and IBM’s Office of the CISO found 3 vulnerabilities in the system. These vulnerabilities, if exploited by malicious individuals could allow them to become a ‘ghost’ joining a meeting without being detected and further allow them to stay in meetings as a ‘ghost’ even after being expelled. They could also access details of other attendees such as full names, IP addresses, email addresses.
Spotify resets some user logins after hacker database found floating online

Researchers working for vpnMentor have uncovered an unsecure Elasticsearch database containing upwards of 380 million records that detailed login credentials and personal identifiable data that belonged to Spotify users. The investigation found that the database did not belong to Spotify but in fact was used by a third party in order to defraud Spotify users.
Huawei: Why is it being banned from the UK's 5G network?

The UK government has released a series of measures it will take to remove the Chinese owned phone brand Huawei from the UK’s 5G networks. Mobile phone providers will be banned from buying new Huawei products as of the end of this year and all Huawei equipment is required to be removed from all 5G kit by 2027. The decision came after growing security concerns regarding China.
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch
If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040 for 
 report and get advice about fraud or cyber crime

Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2020 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp