Record number of cyber incidents mitigated as NCSC protects vaccine rollout

The National Cyber Security Centre (NCSC) provided unprecedented support over the past year to organisations, including those on the front line of the pandemic response and vaccine rollout, the organisation’s annual review revealed (released Wednesday).

In the report, they have disclosed how they have offered wrap-around support for 777 cyber incidents, including attacks on coronavirus vaccine research, distribution, and supply chains.  The review also outlines the damaging effect of growing ransomware attacks, including against UK councils and Ireland’s healthcare system. 

Sky article: Cyber attacks on the UK hit new record - with COVID vaccine research prime target

It could be you: Lottery fraud reports reach highest levels in two years

Criminals are taking advantage of well-known lottery draws to trick victims into parting with their money. New data from Action Fraud, the national reporting centre for fraud and cyber crime, reveals almost £1 million has been lost to lottery fraud in the past seven months.
Joint advisory highlights Microsoft Exchange and Fortinet

An advisory was issued on Wednesday by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC) and the NCSC. The advisory warns of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. 

The advisory provides observed tactics and techniques and indicators of compromise.

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws 
What is Police CyberAlarm?
Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity. This service is made up of two parts; monitoring and vulnerability scanning. The CyberAlarm monitors traffic on a member’s internet connection, while detecting and reporting malicious activity, enabling organisations to minimise their vulnerabilities. Something important to note is that data collected by the system does not contain any content of the traffic. The system is designed to protect personal data, trade secrets and intellectual property.
Members of Police CyberAlarm will become part of the wider UK cyber defence network, sharing collected data with Police for analysis at local, regional and national levels to identify trends, react to emerging threats and identify, pursue and prosecute cyber criminals.
Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses, providing regular reports of all known vulnerabilities.
Once a CyberAlarm Virtual Server has been installed it will securely collect, analyse and feed data back to the Police CyberAlarm Server. The data sent only includes metadata (logs) from internet facing gateways and devices such as External Firewalls.
Data received by the Police CyberAlarm Server is then used to create regular reports on potential malicious activity seen by individual members as well as reports containing threat trends seen across the member network. Members can then use this reported intelligence to update their defences to better protect themselves from cyber threats.
Finally, this data is also used by the Police Cyber Crime Units to enhance the UK cybercrime threat picture, enabling them to identify, pursue and prosecute cyber criminals.
Benefits of Joining Police CyberAlarm
  • Regular Reporting – Members receive weekly or monthly reports detailing activity discovered on their devices.
  • Intelligence Feeds – Data is used to detail the latest threats to members, so they can update blacklists and other security measures.
  • Vulnerability Scanning – This is used to scan an organisations website and external IP addresses for known vulnerabilities.
Please visit the Police CyberAlarm website for more information or to register.
Zero-days: The next element of the service-based cyber economy?

The concept of zero-days as a service (ZDaaS) could be on the verge of racing up the CISO agenda, according to new research from Digital Shadows, which has found that cyber criminals are increasingly discussing the potential of a model whereby zero-day exploits are leased or rented to affiliates.

In their whitepaper Vulnerability intelligence: do you know where your flaws are?, the Digital Shadows team found that of late, active zero-day vulnerabilities have become the most expensive items advertised on dark web cyber crime forums, with prices reaching up to $10m in some cases.
Fake Ransomware Infection Hits WordPress Sites

Last weekend, Sucuri a website company that specialises in WordPress security, noticed that fake red-on-black warnings were being plastered to hundreds of WordPress sites, warning that they’ve been encrypted.

It started out slow, and then it started to grow. Running a Google Search last week turned up only six results for the ransom demand – “FOR RESTORE SEND 0.1 BITCOIN”. That was up to 291 hits when the website security service provider reported its findings on Tuesday this week.
Thousands of Firefox users accidentally commit login cookies on GitHub

Thousands of Firefox cookie databases containing sensitive data are available on request from GitHub repositories, data potentially usable for hijacking authenticated sessions.

These cookies.sqlite databases normally reside in the Firefox profiles folder. They're used to store cookies between browsing sessions. They can be found by searching GitHub with specific query parameters, what's known as a search "dork."

For more information on this you can read this article: Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

Microsoft recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD

This week, Microsoft released a vulnerability affecting Azure AD. The vulnerability was discovered by Karl Fosaaen from NetSPI, it received a CVSS score of 8.1. Fosaaen explained that due to a misconfiguration in Azure, Automation Account “Run as” credentials (PFX certificates) ended up being stored in clear text in Azure AD and anyone with access to information on App Registrations can access them.

An attacker could use these credentials to authenticate as the App Registration, typically as a Contributor on the subscription containing the Automation Account.

What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Keeping children safe in education 2021

Please get in touch with us if you'd like to know more about the free education sector cyber protection support services we provide. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
The West Midlands Regional Cyber Crime Unit will be taking part in this years Cyber Fringe Festival on the 6-10th December 2021. 

On the fringe of Cyber & Security: 5 days of Strategic, Operational and Technical sessions, covering: Cyber industry, Defence & Emergency services, Diversity, Government, Acceleration, and Skills.


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp