Copy
Schools recognised by cyber experts for first-rate teaching

14 schools and colleges across the UK are the latest to receive CyberFirst Schools status for their excellent cyber security teaching, awarded by the NCSC.

The most recent schools to be awarded Good, Silver and Bronze status for the CyberFirst Schools initiative are:
  • Cardiff High School, Cardiff - Gold
  • Cardiff and Vale College, Cardiff - Gold
  • Coleg Cambria, North East Wales - Gold
  • Saint Ronan’s College, Lurgan - Gold
  • Corpus Christi Catholic High School, Cardiff - Silver
  • Denmark Road High School, Gloucester - Silver
  • North East Futures UTC, Newcastle Upon Tyne - Silver
  • Royal Grammar School Newcastle - Silver
  • Rougemont School, Newport - Silver
  • South Eastern Regional College, Co. Down - Silver
  • St Joseph's RC High School, Newport - Silver
  • St Patrick’s College Dungannon - Silver
  • Dalriada School, Ballymoney - Bronze
  • Knockevin Special School, Downpatrick - Bronze
UK supports US charges against North Korean cyber actors

On the 17th February, the US Department of Justice (DoJ) and the FBI brought criminal charges against three North Korean cyber actors, thought to be part of the Lazarus Group.

The indictment alleges that the individuals were involved in malicious activity including the targeting of the entertainment industry, ATM cash-out attacks, the creation of ransomware and spearphishing campaigns.

This hugely popular screenshot app is a privacy nightmare

The popular screenshot app ‘Lightshot’ is resulting in people unknowingly leaking their sensitive information and private photos. After taking a screenshot, the app provides users with the option to upload the image to the company’s server with a URL to access it. The feature was intended to allow users to share their images/screenshots with family, friends, colleagues, etc. but, in reality, the way in which the URL’s are generated produces a serious privacy issue.

The URL’s are easy to guess as all uploaded images follow the same simple format (‘prnt.sc/’ followed by a six digit long alphanumerical code) meaning that anyone can input the URL with 6 random digits and possibly stumble upon another users uploaded images. The easily discoverable URL’s containing screen grabs of potential personal information may also be exploited by open source data scrapers and cyber criminals.
Top Cyber Tips for End Users and Organisations

Our growing reliance on technology has provided us with endless conveniences such as the expansive storage of information with easy manipulation and retrieval and the ability to grow businesses and communications outside of what would be geographically possible. However, our heavy reliance on technology has introduced serious threats to business operations with often detrimental impacts.

Here are some top tips for end users and organisations:

Securing Emails

  • Use strong, unique passwords on email accounts. NCSC guidance suggest using three random words put together as your password, numbers and symbols can also be used to strengthen the password further.
  • Turn on two-factor authentication, especially on sensitive accounts.
  • Never use personal email accounts for company business.
  • Encrypt sensitive emails and documents.
  • Use digital signatures.
  • Be vigilant of phishing attempts and always avoid opening suspicious links and attachments.
Securing Mobile Devices
  • Only download apps from trusted and recognised sources (i.e. Google Play, Apple App Store) and patch them as soon an update becomes available.
  • Configure privacy settings and app permissions after downloading.
  • Avoid connecting to public networks as they can be unsecure, instead utilise mobile data or a VPN.
  • Turn on remote wipe. This way if your device is lost or stolen all data can be removed remotely to avoid data being compromised.
  • Turn off GPS, Bluetooth and Wi-Fi when not in use.
  • Protect your device using passwords, passcodes or biometrics.
Using USB’s
  • Ensure USB’s containing sensitive data are encrypted.
  • Scan all external devices (including USB’s) for malware and viruses.
  • Disable auto-run and auto-play, this will stop your device from automatically launching content.
Securing Home Wi-Fi
  • Ensure you change the default passwords and SSID name (router name).
  • Keep firmware up to date.
  • Be aware of your Wi-Fi’s signal radius and if applicable use separate Wi-Fi for guests/customers and business reasons.
Software
  • Update your operating system, browser and applications as soon as an update becomes available. It is recommended to turn on automatic updates, if possible.
  • Uninstall unused software.
  • Equip all devices with a trusted antivirus software and update the software regularly.
  • Ensure data is backed up on a regular basis, and backups should be tested, encrypted and stored in a secure device offline.
DDoS attack takes down EXMO cryptocurrency exchange servers

UK cryptocurrency exchange company EXMO has been targeted in a DDoS (distributed denial-of-service) attack that saw the companies servers being temporarily taken offline.

Following the attack, EXMO suspended all withdrawals and stated that all user losses that are a result of the incident will be covered and refunded fully. Currently, there has been on updates regarding the incident; however, the servers and websites are now back online.
270 addresses are responsible for 55% of all cryptocurrency money laundering

The majority of cryptocurrency money laundering is concentrated within just a few online services and links back to a small group of around 270 blockchain addresses.

Blockchain investigation company Chainalysis reports that cyber criminals who choose to keep their money in the form of cryptocurrency often tend to launder their funds through a small collection of online services. The illegal activity studied in a Chainalysis report included cryptocurrency addresses that were connected to ransomware attacks, online scams, terrorist funding, stolen data and payments linked to illegal services on dark web marketplaces.

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Unlike messaging apps such as WhatsApp, the increasingly popular Telegram does not offer end-to-end encryption by default. This means that users must manually enable the device specific feature ‘secret chat’, a feature that keeps messages encrypted and offers the option to send ‘self-destructing’ messages.

Recently, a bug was found and has since been fixed. However, this made it possible for users of the macOS version of the app to access self-destructing audio and video messages long after they had disappeared from secret chats.

 
Google Chrome, Microsoft Edge getting this Intel security feature

The Intel CET (Control-flow Enforcement Technology) security feature is soon to be supported by Chromium-based browsers such as Google Chrome and Microsoft Edge. The Intel CET is a hardware feature that prevents a wide range of vulnerabilities, initially introduced in 2016 it was added to 11th generation Intel CPUs in 2020.

 
What can we offer you?
Get in Touch
Click here to subscribe to the Cyber Crime Sentinel Newsletter!

Virtual School and Education Cyber Aware Training Events

Join our online webinar aimed at schools and educational organisations and discover how cyber attacks and ransomware are being used to target them. Get the latest advice and cyber awareness training for all staff.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Aware - Training for staff: Sports Organisations

Join our monthly online webinars aimed at sports organisations and discover the latest attacks businesses are facing, the social engineering tactics being used to gain data and the latest awareness training that staff need to know.

Please note: All participants are screened before being invited to the event. Please use your corporate sports email address when registering.

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
https://cyberthreatweekly.buzzsprout.com/
 

 

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Facebook
Twitter
Website
Spotify
YouTube
Apple Podcast
LinkedIn
Facebook
Twitter
Link
Website
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp