Fuel Crisis: Lorry drivers unpaid after ‘suspicious’ cyber-attack: ‘Why carry on working?’

Contractors including HGV drivers have been left unpaid this month after there was a suspected cyber-attack on the software and services company Giant Group and their Giant Pay umbrella company. This has disrupted the paying of employees in many different sectors. The company originally said it detected “suspicious activity” and has since stated it was the victim of a “sophisticated cyber-attack”, but has not revealed how the incident justified this description.

Giant Group has also reported that they had to close down their whole network as a result of the attack, meaning they also have no access to phone and email systems, due to them being integrated with their IT infrastructure. Giant has stated that it is working with its insurers, Information Commissioner’s Office and the National Crime Agency.
Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

Armourblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email. This attack is coming from what looks like a legitimate domain associated with the Baptist religion. Zix is a key player in the email encryption market, up there with the likes of Cisco Systems, Trend Micro and Norton LifeLock.

The threat actor has been sending phishing attacks using the old domain of ‘’, whereas the new legitimate domain in use is ‘, which is an organisation set up in 1994. As of Tuesday (21/09), researchers said that to date, the fake-Zix encrypted email has targeted around 75,000 inboxes. Tips on how to recognise phishing emails and how to protect against them are included in the linked article.
Apple AirTag Bug Enables ‘Good Samaritan Attack’

The new AirTag tracking device from Apple is designed to help people find their lost property. These tiny beacons can be set to lost mode and, if someone finds one, it can be scanned by a good Samaritans mobile phone. This allows them to see the owner’s phone number so that they can get in touch with them and return the device. However, according to new research this very feature can be abused to redirect the Good Samaritan to a malicious website.
Setting the beacon to lost mode generates a unique URL and allows the user to enter a personal message and their contact number. When the beacon is scanned, this unique URL will appear, which in theory requires no logging in on the part of the finder of the beacon. The average Good Samaritan may not know that they do not need to log in. This is very important as Apple’s Lost Mode currently has no way of stopping malicious actors from injecting arbitrary computer code into its phone number field – this code could lead to the Good Samaritan visiting a fake Apple iCloud Login page.
As of Monday 28th September, Apple notified the cyber security consultant that discovered the vulnerability of their intention to fix the bug.
Modern Cyber-Criminals Don’t Hack in – They Log in
Ciaran Martin warns Scottish firms of ‘one in two chance of cyber-attack’
Exchange/Outlook Autodiscover Bug Spills 100k+ Email Passwords
Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts
Canadian Proof-of-Vaccination App Portpass with Over 650,000 Users Exposed Personal Left User Profiles Unsecured

Formula for success: Top schoolgirl codebreakers rewarded with trip to home of McLaren racing

The future of Technology Assurance in the UK

Principles and how they can help us with assurance

Secure communication principles (updated)

Beware of NHS COVID pass fraud

Warning from Action Fraud as criminals continue to target the elderly

Is public Wi-Fi as safe as you think?
A question that we have been asked a lot recently at the various student events we have attended is ‘how safe is public Wi-Fi?’
Public Wi-Fi is something that a great deal of people rely on to be productive on the go and to access the internet away from the comfort of their homes. However, there is a lack of awareness about hacking and how cyber criminals use public Wi-Fi to steal personal and financial details from individuals and businesses via public networks.
Attacking a public Wi-Fi network
One of the most common threats to public Wi-Fi is a ‘Man in the Middle Attack.’ This is where a cyber-criminal joins a public Wi-Fi network and relies on the established connection to the victim’s machine to redirect the communication flows through the attackers host network. This allows the hacker to intercept sensitive data such as important emails, credit card information and security credentials of the user’s business network.
One of the main things people use public Wi-Fi for is to check their social media and emails. The problem with this is that these two activities reveal a large amount of personal information. Additionally, if people use online banking or download apps on public Wi-Fi their financial information is also at risk.
How to protect yourself whilst using Public Wi-Fi:

  • Keep Wi-Fi turned off when out, as some public Wi-Fi’s can be configured so devices automatically connect as they are regarded as a ‘trusted’ hub.
  • Exercise caution and verify the authenticity of the Wi-Fi network before logging onto it. For example, speak to an employee at the location that’s providing the public Wi-Fi connection, and ask for information about their legitimate Wi-Fi access point – such as the connection’s name and IP address.
  • Use a trusted Virtual Private Network (VPN) service in order to secure your traffic. By using a VPN when you connect to a public Wi-Fi network, you’ll be encrypting all of your data that passes through the network. This means your data cannot be exploited by a hacker.
  • Use mobile data services such as 4G in preference to public Wi-Fi, wherever possible.
  • If you are concerned about the network, raise this with the organisation providing the public Wi-Fi service or contact Action Fraud.
  • Don’t download applications to your electronic devices.
  • Don’t install any updates to programmes on your computer.
  • Avoid accessing your emails, social network accounts or online banking services.
  • Don’t online shop and reveal financial details.
  • Keep your device up to date with the latest manufacturers updates.
Chinese authorities attempt another Cryptocurrency ban
On the 24th September, Chinese authorities enforced a ban upon cryptocurrencies. This is the 19th attempt from China to ban the digital currencies but this time it is believed to be enforced much more than previous attempts. Due to the ban, Cryptocurrency mining is now outlawed and all crypto transactions are now illegal. This has left many Crypto traders giving up, or moving underground, as well as Crypto miners moving to other countries to continue their work.
Colossus Ransomware Hits Automotive Company in the U.S.
A new ransomware family called “Colossus has snagged at least one victim in the United States as of last week. The attack on an automotive group of dealerships involved the operators threatening to leak up to 200GB of stolen data. Researchers at ZeroFox haven’t observed any dark web chatter related to Colossus ransomware or anything in affiliation with such a program. While a public Colossus-specific ransomware leak site doesn’t exist yet, one might emerge in the coming weeks, to leak data from a victim unwilling to pay the ransom.
Good practices to employ to prevent Account Takeovers
Approov CEO, Dave Stewart, discusses the best practices to avoid account takeovers.
Credential Stuffing Epidemic:
Credential stuffing is a cyber attack mechanism that relies on brute force, but eliminates the need for hackers to spend time and resources trying to guess individual passwords.

Good Practices:
  1. Attack Detection: Attackers often configure their credential stuffing tools to imitate the behaviour of legitimate users, and employ proxies to distribute their access requests across different IP addresses. A possible sign of an assault is a marked increase in login failure rates over a short time period.
  2. Two-Factor Authentication (2FA): This should be mandatory for all high-risk use cases, such as user accounts that have recorded a suspiciously high number of failed login attempts.
  3. Monitoring Public Data Dumps: Organisations should continuously monitor the internet for public disclosures of data breaches and exposed email addresses. All compromised accounts should be earmarked for mandatory password reset and 2FA moving forward.
Multiple Vulnerabilities in Microsoft Edge Could Allow for Arbitrary Code Execution
Vulnerabilities have been discovered in Microsoft Edge, the most severe of which could result in remote code execution. Microsoft Edge is a Chromium based internet browser made by Microsoft, which is installed by default on all new Windows computers. Edge was made to replace Internet Explorer, and runs faster and with more features. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser.

Suggested Mitigation:
  • Apply the security updates provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Keeping children safe in education 2021

Please get in touch with us if you'd like to know more about the free education sector cyber protection support services we provide. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
The West Midlands Regional Cyber Crime Unit will be taking part in the NEXT GENERATION INNOVATORS - School Outreach Day on the 5th October 2021 at the Three Counties Showground WR13 6NW and THE FAMILY DAY on the 9th October 2021 at the Malvern Theatres, Great Malvern, WR14 3HB.  Come and see us! 


The West Midlands Regional Cyber Crime Unit will be taking part in this years Cyber Fringe Festival on the 23-27th November 2021. Get your free delegate pass today!

On the fringe of Cyber & Security: 5 days of Strategic, Operational and Technical sessions, covering: Cyber industry, Defence & Emergency services, Diversity, Government, Acceleration, and Skills


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp