Cyber attack: Hackers post Hackney Council's 'stolen documents

In October 2020, Hackney Council was severely hit with a cyber attack in the form of ransomware, which they are still experiencing repercussions from.  

A criminal cyber group have recently dumped, what they claim to be, the documents stolen from the attack including the personal details of council staff and residents.  The documents where leaked on the dark web and experts have stated that the data was 'limited' and not 'visible through search engines'.

Officials are working with UK National Cyber Security Centre and National Crime Agency to investigate the hack.
Amey suffers cyber attack from ransomware

The British infrastructure management company Amey Plc have recently been hit by what they have described as a ‘complex’ cyber attack orchestrated by ransomware group Mount Locker. On the 16th December 2020, the company realised that their computer systems had been breached and on the 26th December the malicious actors began to leak Amey's sensitive proprietary data.

As of the 3rd January, Mount Locker has claimed to have stolen 143 GB of data, 65 GB of which has already been published on the leak site.
Hacked home cams used to livestream police raids in swatting attacks

The FBI have reported that hackers have been hijacking the smart devices of innocent households and making 'prank' calls to the police in order to livestream police raids in what are being called 'swatting' attacks.

These attacks are becoming increasingly common and are usually intended to trick armed police or other emergency responders to go to the unaware target's residence.

The FBI stated that these actions where able to be carried out as the victims had reused passwords from other services for their smart devices, highlighting just how important a strong and unique password can be. Hacked credentials are often also sold and bought via illegal online markets.

Though many of these "swatting" attacks are reported in the USA, they are not limited to the states. In 2017, a Coventry man became the first Briton to be charged by police for such an attack.  The charge came after the 21 year old called a US terrorism hotline and made false claims causing a victims home to be raided and the victim to be shot with rubber bullets.
COVID-19 Vaccine Phishing Scams

Scammers and cyber criminals are once again using the COVID-19 pandemic as a ploy to trick individuals into giving up personal details and financial information.

Many of these scams involve malicious actors sending out fraudulent SMS text messages (known as smishing attacks) regarding COVID vaccine eligibility. These message contain a link that leads to a convincing mock NHS website where the recipient is asked to input their bank details in order to register for the vaccine. Other deceitful message ‘themes’ may include:

  • A text or phone call stating that you are entitled to relief payments
  • Offers for health supplements
  • Calls or texts that suggest you must pay a fine for breaching lockdown rules or other government regulations
  • Offers for COVID-19 financial support that appear to come from your bank
  • Messages with links to the sale of COVID-19 ‘cures’ or PPE
Top Cyber Tips
  • Remember! Genuine UK Government SMS messages will only ever come from UK_Gov and will only ever direct individuals to GOV.UK/coronavirus. Be extremely cautious clicking any links or attachments from other sources as they may lead to malicious sites or have the ability to download malicious software onto your device.
  • It is important to note that COVID scams are not limited to SMS text messages, it is also important be wary of phone calls and emails regarding COVID-19.
  • If you are unsure about a message you have received directly refer to the official government website for guidance or utilise the ‘Contact Us’ section to access further information and services.
  • If you receive a text message, email or phone call asking for payment details for the vaccine, do not give any personal information. The vaccination is free of charge and the NHS/government will not be asking for payment.
  • If you are looking to by PPE, use your search engine to get to a trusted site. Opening links sent to you via text or email may lead to fraudulent sites trying to steal data.
What to do if you receive a fraudulent text, email or phone call:
  • Hang up or don’t respond. Do not follow any links or open any attachments that may be included.
  • If you receive what you believe to be a phishing email, it is recommended you forward the email to the Suspicious Email Reporting Service (SERS):
  • If you receive what you believe to be a scam text message, its recommended you forward it to Action Fraud at by texting 7726.
Guidance issued as SolarWinds compromised
Spotify reset passwords following data breach
Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users

Researchers have exposed a large scale scam that has been targeting cryptocurrency users that may have started as far back as January 2020. The RAT, dubbed ElectroRAT, is designed to target operating systems such as Windows, macOS, and Linux. The ElectroRAT scam involved the attackers creating three malicious applications, two of which masqueraded as cryptocurrency trade management applications, while the other posed as a cryptocurrency poker platform.

Google has announced their January 2021 security updates for Android devices which will patch 42 vulnerabilities, 4 of which were of critical severity.
Eliciting Current Activities of Malicious Browser Extensions

Almost all popular web browsers offer extensions, including Chrome, Safari, Opera Firefox, Microsoft Edge, and Internet Explorer. Due to extension popularity, cyber criminals are finding them easy to exploit and have become good at tricking victims into downloading malware and malicious browser extensions. One example included threat actors using at least 28 malicious programs, posing as extensions for top social media sites, to infect millions of systems as a means to redirect users to phishing sites and/or steal data. Additionally, Microsoft Edge removed 18 extensions from their add-on portal after cyber criminals were caught injecting ads into users’ web search result pages.
Leading Game Publishers Hit Hard by Leaked-Credential Epidemic

Over half a million credentials from top gaming companies have been leaked and are for sale online.

Large gaming companies, such as Ubisoft, have become targets for cybercriminals. In a recent scan, 1 million stolen credentials tied to the large gaming universe of clients and employees where discovered, half of which could be found for sale online. Of the total 1 million credentials stolen, 500,000 belonged to employees of large gaming companies.
What can we offer you?
Get in Touch
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime

Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
Registration for the CyberFirst Girls Competition 2021 is now open

The NCSC are working hard to get more girls interested in a career in cyber security. The CyberFirst Girls Competition provides a fun but challenging environment to inspire the next generation of young women to consider a career in cyber security.

The competition is a team event, with each one made up of 4 female students from Year 8 in England and Wales, Year 9 in Northern Ireland and S2 in Scotland.



The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp