Ticketmaster fined £1.25m over payment data breach
Ticketmaster has been issued a £1.25 million fine by the Information Commissioner's Office (ICO) for not keeping its customers personal data secure following 2018 cyber-attack on the Ticketmaster website. The ICO stated that sensitive personal data and payment information from over 9 million European customers had potentially been breached as a result of the attack. Following the breach 60,000 Barclays bank customers fell victim to fraud and online bank ‘Monzo’ replaced 6,000 payment cards due to fraud.
However Ticketmaster, according to the ICO, took nine weeks to begin monitoring activity on its payments page. An investigation found that there was a vulnerability within a third-party chatbot installed on Ticketmaster payment page. A cyber-attacker was able to utilise the chatbot vulnerability to access customer payment details.
Capcom Confirms Hackers Stole Data in Recent Attack
Resident Evil and Street Fighter developer Capcom has stated that a large amount of data was stolen from its systems during the ransomware attack mentioned in last week’s issue. Data stolen included names and signatures, addresses, passport information, and human resources information. The exact scale of the breach remains unclear but other potentially breached information includes help desk information from Japan, store member and e-sports operations website member information from North America, lists of shareholders, past employee and applicant data as well as emails, numbers phone, photographs, dates of birth, shareholder numbers and amount of shareholdings. According to Capcom, over 350,000 individuals may have been affected by this attack.
Exposed Database Reveals 100K+ Compromised Facebook Accounts
A global scam targeting Facebook users has been uncovered where users were tricked into giving their login credentials by using a tool that claimed to reveal who had visited their profile. Fraudsters would then use these stolen credentials to access accounts and spam comments on Facebook posts directing victims to deceitful websites that would eventually lead to a fake bitcoin trading platform where victims where scammed out of ‘deposits’ of at least €250 (approximately £223).
The scam was discovered after an unsecure ‘ElasticSearch’ database, used by cybercriminals and scammers to store the login credentials of at least 100,000 individuals. The database also exposed IP addresses, outline texts for the scam comments left on these compromised accounts and sensitive personal information of the victims of this scam including emails, names and phone numbers.
Common Scams Targeting Businesses 

In the last few months there has been an influx in scams leveraging COVID-19. Online scams are increasingly common and, if successful, can be detrimental to businesses and individuals alike. Thusly, it is important to be aware of the types of scams you may come into contact with so you can better protect yourself and your organisation.
Scams that may Target your Organisation:

Government grant/tax refund scams – Fraudsters impersonating the government may contact a business via email, phone or text suggesting they might qualify for a special COVID-19 government grant or a tax refund. Contact may alternatively be made through social media posts and messages.

Invoice/mandate scams – Criminals claiming to be from a regular supplier contact businesses and state their bank details have changed and ask to change said payment details.

CEO impersonation scams – An employee may receive a phone call or email from an individual claiming to be a senior member of staff. They often request an urgent payment be made to a new account, the scammer will often create a sense of urgency in order to trick the employee into carrying out the request. These scams can be very convincing as criminals may use spoofing software to appear genuine.

Technical support scams – With more people working remotely, criminals may impersonate creditable companies and offer help fix device issues in order to gain computer access or steal login credentials.
A Common Scam Targeting Individuals

Online shopping scams – Many opt for shopping online for convenience, to avoid queues and busy shops and for the best deal and with lockdown there has been an even bigger increase in online shopping activity, unfortunately fraudsters and cybercriminals are keen to exploit this. Red flags include being asked to pay deposits, or in full, for goods by bank transfer. Items claimed to be being sold can range from PPE, to COVID testing kits to puppies, kittens and phones. Once paid, the scammer will break off contact without ever sending the paid for item, or if they do send the item the quality, as often seen with protective masks, are sub-standard. Direct payment by bank transfer does not provide the security, and dispute resolution, offered by some online market places and services such as PayPal.
Top Tips to Protect Yourself and Business

• Be cautious regarding unexpected ‘urgent’ communications offering, or requesting, financial assistance. 
• Check that any information given is genuine by using official government websites. If in doubt, phone the helpdesk for clarification.
• Be wary if met with an unexpected urgent requests for payment, even if you think you know the source. Always reach out directly to the individual or organisation to confirm their request.
Weekly Threat Report 13th November 2020
COVID-19 driving a cyber security focus for UK business
New console? Make sure you stay secure
A New Hacker-for-Hire Mercenary Group Reported
‘Hack-for-hire’ groups are becoming more and more prominent. Blackberry’s security team has reported a new hack-for-hire group dubbed ‘CoastaRicto’, it is the fifth group of its kind to be discovered in 2020 with victims appearing in Europe, Africa, South Asia, America and Australia. The group mostly targets financial institutions and has been observed utilising bespoke and novel malware, Modus operandi.
Pharma Mobile Phishing Attacks Turn to Malware
In the past, cyber criminals who would deploy phishing attacks onto pharmaceutical companies would do so as a means of gaining the credentials of employees. However, it seems that criminals are changing their tactics to focus on the delivery of malware in hopes of obtaining critical research revolving the development of a COVID-19 vaccine. Research has shown in the third quarter of this year 77% of mobile phishing attempts on pharmaceutical companies attempted to deliver malware, which mirrors the overall 106% increase in malware delivery in mobile phishing.
Newly Launched Origin Dollar Cryptocurrency Gets Hacked in Less Than Two Months
Origin Protocol is attempting to salvage the $7 million worth its cryptocurrency Origin Dollar (OUSD) that was stolen in a recent attack.  The attack took place just two months after the launch of OUSD, the stolen funds, have been traced to an Ethereum wallet containing 7,137 ETH and 2.249 million DAI.
Microsoft Unveils 'Pluton' Security Processor for PCs
This week Microsoft has revealed a new security processor ‘Pluton’, a product they describe as ‘the security chip designed for the future of Windows PCs’. The technology behind Pluton has been described by the company as ‘chip-to-cloud security technology’, a technology pioneered by Xbox Azure Sphere IoT security solution.

What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch
If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040 for 
 report and get advice about fraud or cyber crime

Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2020 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp