Facebook blames ‘faulty configuration change’ for nearly six-hour outage

After the 6 hour outage of Facebook on 4th October 2021, the social media giant’s employees stated they believed the incident was caused by a “faulty configuration change.” The employees state they believe it was an internal mistake in how internet traffic is routed, and from this security experts have deduced that the cause of this may have been a genuine mistake, or perhaps sabotage by an insider: Both are plausible.
Twitch reportedly suffers massive Data leak

Reportedly, more than 100GB of Twitch data has been posted online on Wednesday. Amongst the documents, there appears to be details surrounding the earnings of the platforms top streamers. Not long after the leak, a popular Gaming Streamer confirmed the accuracy of their earnings to the leaked data. Those behind the leak have also claimed to have the original source code for the platform. Despite this, Twitch have yet to put out a statement (as of writing this) addressing the validity regarding the leak and the claims made.
Schools have become a favoured target for cyber-attacks – what can we do about it?

Since the birth of mass ransomware strains in around 2013, small businesses, such as, schools soon became a favoured victim for ransomware attacks. Often defenceless to these attacks the ransomware scammers target schools for that exact reason - the reliance on the digital world and the educational continuity that was pushed upon them by the pandemic.  In 2019, a UK National Cyber Security Centre (NCSC) audit found that 97 per cent of the 432 schools questioned admitted that losing access to their network would cause major disruption. Almost all, 83 per cent, had experienced some type of security incident, with the leading causes cited being fraudulent emails.
In Other News

How fraudsters can use the forgotten details of your online life to reel you in

UK armed forces confirm cyber as a fifth dimension of warfare

Researchers find Apple Pay, Visa contactless hack

UK's £5bn National Cyber Force HQ to be sited in Lancashire beside Defence Secretary's constituency

Three universities gain recognition from experts for their top cyber security education

Bring Your Own Device: How to do it well

School Cyber Security

This October is National Cyber Security Awareness Month and each week we are targeting a different sector. This week, we are looking at education and we kick started the week by attending the Malvern Festival of Innovation's - Next Generation Innovator's Day. Throughout the day, we spoke to lots of really enthusiastic young people about staying on the right side of the Computer Misuse Act, the worthwhile opportunities available to them when making the right Cyber Choices and about keeping themselves safe online.  We also educated teachers about the free cyber security training options that are available to them. 
Every school has an obligation to look after its data as well as manage the risks of using networked computers and services, therefore all staff and students need to have good cyber practices. It is also very important that both senior leaders and governors are aware that cyber security is a management and assurance issue. After all, poor cyber hygiene could affect a school’s ability to function, its reputation and its legal obligations to keep personal data safe.
Why cyber security should matter to schools
More and more schools and colleges are falling victim to cyber crime, these could be in the form of phishing, ransomware, DDoS or even just data theft. Here are some factors the education sector need to consider:

  • Many cyber incidents are untargeted - i.e. mass phishing emails
  • Schools hold a great deal of sensitive information
  • Cyber criminals want to make money - i.e. Hoping schools pay the ransom when targeted. 
Who are often behind cyber-attacks?
  • Online criminals
  • Hackers
  • Malicious insiders
  • Honest mistakes
  • School Pupils
Mitigating the risk
The National Cyber Security Centre has worked with the Education Network to produce a set of cards that discuss the importance of cyber security in schools and how best to mitigate the risks. These tips include:
  • Having strong passwords
  • Using Two-factor authentication
  • Getting familiar with phishing techniques
  • Being cautious of USB devices
  • If working from home, use a VPN and antivirus software
For School IT staff
Cyber Essentials – Five key controls to guard against common cyber threats

Ten Steps to Cyber Security – Breaks down the task of defending networks into ten essential components

Exercise in a Box – a live tool that offers table-top and simulated exercises to practice on and learn from

Active Cyber Defence - The NCSC provides a range of free cyber security tools and services to eligible organisations as part of the Active Cyber Defence (ACD) programme.
Unnamed Ransomware gang uses a Python script to encrypt VMware ESXi servers

Researchers from Sophos were investigating a ransomware attack and discovered that the attackers employed a Python script to encrypt virtual machines hosted on VMware ESXi servers. In the attack investigated by experts, ransomware operators encrypted the virtual disks in a VMware ESXi server only three hours after the initial intrusion. The intruders gained access to the network by logging into a TeamViewer account that was running on a device where a domain admin was logged in. Following that, the attackers used the Advanced IP Scanner to scan the network and identify other targets and then logged onto an ESXi server using an SSH client called Bitvis. In this case, the IT administrators at the victim organization left SSH ESXi Shell service enabled, thus opening the door to the attackers. Finally, the attackers executed a tiny 6kb Python script to encrypt all virtual disks and VM settings of the virtual machines hosted on the server.
Thousands of University Wi-Fi Networks Expose Log-In Credentials
A team of researchers from WizCase has reviewed 3,100 configurations of the free Wi-Fi network Eduroam at universities throughout Europe, discovering that more than half of them have issues that can be exploited by threat actors. Eduroam provides free Wi-Fi connections at participating institutions. It assigns students, researchers and faculty members log-in credentials that allow them to obtain internet connectivity across different institutions by using credentials from their own university.
The flaw researchers discovered was within the implementation of the Extensible Authentication Protocol that Eduroam uses, which provides authentication as people connect to the network. Some universities haven’t configured these authentication phases correctly, opening security holes. The researchers said in a recent report: “If you are using an Android device and have Eduroam Wi-Fi set to auto-connect, malicious people could capture your plaintext username and password by only getting 20 or so meters in range of you.”
Misconfigured Apache Airflow servers leak thousands of credentials

While investigating a misconfiguration flaw in Apache Airflow, researchers from Intezer discovered many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies, including Slack, PayPal and AWS. Of all the scenarios that the researchers have analysed, the most common reason for credential leak seen on AirFlow servers was insecure coding practices such as hardcoded passwords in Python DAG code. In another case of misconfiguration, researchers saw Airflow servers with sysadmins leaving the configuration publicly accessible:  "The configuration file (airflow.cfg) is created when Airflow is first started. It contains Airflow's configuration and it is able to be changed," the researchers stated. The file contains secrets such as passwords and keys. But, if the `expose_config` option in the file is mistakenly set to 'True,' the configuration becomes accessible to anyone via the web server, who can now view these secrets. Intezer has stated that this flaw was patched quite a while ago, but any organisations that still use the older version are putting their data at risk. This shows how important it is to avoid delaying software updates.
Conti Ransomware Expands Ability to Blow Up Backups

The ransomware gang Conti has developed novel tactics to demolish backups, especially the Veeam recovery software. This is very concerning because backups are one of the main things that stands in the way of ransomware, as backups aid recovery and mean the victim are less likely to have to pay the ransom. Conti bases its negotiation strategies on the premise that the majority of targets who pay the ransom are “motivated primarily by the need to restore their data.” Researchers have found that Conti builds its backup-removal expertise from the ground up, starting at the “team development level.” Namely, when the ransomware-as-a-service (RaaS) gang recruits workers to invade networks, it’s clear that penetration-tester candidates need top-notch skills at finding and obliterating backups. These researchers have offered mitigations and recommendations to fend off Conti backup removal attacks, as described in the article.
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Keeping children safe in education 2021

Please get in touch with us if you'd like to know more about the free education sector cyber protection support services we provide. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
The West Midlands Regional Cyber Crime Unit and our force colleagues will be taking part in the Internet Retailing EXPO on the 13th-14th October 2021 at the NEC.

Feel free to come and chat to the team at stand F22 about cyber security and what it means for retailers!


The West Midlands Regional Cyber Crime Unit will be taking part in this years Cyber Fringe Festival on the 23-27th November 2021. Get your free delegate pass today!

On the fringe of Cyber & Security: 5 days of Strategic, Operational and Technical sessions, covering: Cyber industry, Defence & Emergency services, Diversity, Government, Acceleration, and Skills.


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp