Copy
Beware of holiday fraud as travel restrictions ease

This week, Action Fraud, the national reporting centre for fraud and cyber crime, has launched a national awareness campaign to remind the public to think twice before handing over their money and personal information when booking holidays. This follows the government’s recent announcement on international travel resuming.

Despite the fact that travel was banned for a lot of the 2020/2021 financial year, losses by victims still totalled  £2,205,251 during this time – an average loss of £1,242 per victim. 
New plans to boost cyber resilience of UK’s critical supply chains

The Department for Digital, Culture, Media and Sport (DCMS) is calling for views on a number of measures to enhance the security of digital supply chains and third party IT services, used by firms for things such as data processing and infrastructure management.
Diversity & Inclusion Survey 2021

The NCSC and KPMG UK have launched the 2021 diversity and inclusion survey for the cyber security industry. They're asking anyone who works or has worked in a cyber security role to provide feedback in this 10 min anonymous survey. 
Cyber Security on the Move

With the easing of lockdown restrictions, more of us will be venturing out and taking advantage of modern assets in order to stay connected to the digital world while on the go. Unfortunately, this convenient connectivity opens up pathways for malicious actors to hijack your systems and/or steal personal data. Whether you’re visiting a café with Wi-Fi to do work, staying the night in a hotel or anything in between, it is vital you are aware of the threats and how to mitigate them.
What are the risks?
  • Eavesdropping and Shoulder Surfing - Using devices in public may not only attract thieves but you may also be exposing sensitive data, such as passwords and bank details to snooping shoulder surfers or eavesdroppers.
  • Public Wi-Fi - Hackers can take advantage of peoples willingness to connect to public Wi-Fi and can set up their own, seemingly legitimate, public Wi-Fi that captures sensitive information and traffic as soon as you connect. Some of these malicious access points can also masquerade as your trusted network hubs causing your device to connect automatically without your knowledge.
  • Loss or Theft of a Device - It is critical to ensure that your data is protected against malicious actors in the event your device is lost or stolen.
Mitigation Advice
  • Consider purchasing a privacy screen for devices, as these affordable solutions can make the screen concealed to onlookers.
  • Consider investing in a VPN. VPN’s (Virtual Private Networks), available through app stores and other third-party providers, encrypt network traffic so that it is not readable to hackers. VPN’s also allow users to maintain privacy and anonymity but can slow down internet connection.  If speed is of the upmost importance, consider replying on a mobile data plan.
  • To avoid the breach of sensitive data in the event that your device is lost or stolen, implement strong passwords and biometric security, i.e. facial or fingerprint recognition. To minimise the loss of data, recognise how much information you store solely on devices and consider utilising cloud storage to store data and backups.
  • Many service providers will encrypt your data as well as enforce 2 Factor Authentication meaning that, even if a hacker has your password, they cannot access your data/accounts. 

 
CrowdStrike breaks down 'Golden SAML' attack

At the annual RSA Conference this year, Security vendor, CrowdStrike, explained the inner workings of the infamous "Golden SAML" attack. 

"Golden SAML," the attack technique at the centre of a number of high-profile breaches, including the supply chain infection at SolarWinds, results in attackers gaining complete control over both local and cloud systems.

Android apps exposed data of millions of users through cloud authentication failures

In a report published this week, Check Point Researchers analysing Android apps have discovered serious cloud misconfigurations leading to the potential exposure of data belonging to over 100 million users. 

According to the report, no less than 23 popular mobile apps contained a variety of "misconfigurations of third party cloud services."

Microsoft releases free online ‘playbooks’ to help businesses defend against cyber-attacks
 

Microsoft has released a series of free incident response ‘playbooks’ offering advice to businesses and organizations on how to respond quickly to attacks, such as the Microsoft Server Exchange hack and Nobellium/Solorigate attacks.

Microsoft, Adobe Exploits Top List of Crooks’ Wish List

A year-long study into the underground market for exploits in cybercriminal forums shows Microsoft products made up 47 percent of requested/paid for exploits, compared with internet of things (IoT) exploits, which only accounted for 5 percent.

 

What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

SME Inputs 

Join our monthly online webinars aimed specifically at Small and Medium-sized Enterprises to discover what cyber threats could potentially impact your business and get the latest advice and cyber awareness training for all staff. To register visit: 

https://www.eventbrite.co.uk/e/cyber-aware-cyber-security-training-for-your-business-tickets-151185153865

Cyber Security Awareness Webinars: Schools and Education

Join our online webinar aimed at schools and educational organisations and discover how cyber attacks and ransomware are being used to target them. Get the latest advice and cyber awareness training for all staff.

Please note: All participants are screened before being invited to the event. Please use your corporate email address when registering.

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Get in touch with us if your school or organisation would like support with staff training. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
https://cyberthreatweekly.buzzsprout.com/




Our colleagues in the West Midlands Police Economic Crime Unit also produce cyber and fraud focused business newsletters. If you wish to subscribe to their newsletter, please e-mail  - CI_PROTECT_TEAM@west-midlands.pnn.police.uk 
 

 

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Facebook
Twitter
Website
Spotify
YouTube
Apple Podcast
LinkedIn
Facebook
Twitter
Link
Website
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp