COVID Vaccine-Maker Suffers Cyber Attack
India based pharmaceutical company 'Dr Reddy's' is one of the many organisations working towards a vaccine for Covid-19. On the 2nd October the company was hit by a cyber attack that subsequently affected their sites worldwide including those in the UK, Brazil, Russia and the US.  The incident took place around a week after the company was given the permission to begin the final trial stages for the Russian Covid vaccine and involved a ransomware attack. The company has reportedly isolated all data centre services to contain the attack.
Trump Campaign Website Hacked in 'Cryptocurrency Scam'
Donald Trumps official campaign website has been hacked in what is thought to be a cryptocurrency scam. Trumps official site briefly displayed the message 'The world has had enough of the fake news spreaded [sic] daily' alongside FBI and the US Department of Justice badges and claims that Trump was "involved in the origin of the coronavirus" and is interfering with the upcoming US presidential election. The message also requested donations in cryptocurrency in exchange for access to this information.
Digital Kilmarnock army set to be trained to protect Britain from cyber attacks
A 200 person strong team made up of 16 to 24 year olds will be trained to help protect British businesses and organisations from cyber attacks at Kilmarnock’s new HALO site thanks to a £1.5 million funding package. For their work the young people will be paid for a minimum of 25 hours’ work per week and their training will result in a HALO-accredited qualification.

Cyber Security Myths

Cyber security myths arise from a general lack of understanding, inaccurate assumptions and generalisations. These myths need to be dispelled lest we neglect the security of our devices and data and put ourselves or company at a heightened risk of cyber attacks and data breaches.
Myth: ‘Nothing on my computer would be of any interest to an attacker’
Fact: Any computer can be of interest to an attacker. A compromised computer can be used to capture audio from a mic, or footage from a webcam, for extortion or blackmail, generate cryptocurrency, commit identity fraud to steal services, harvest email addresses for a future phishing attack or email based scam. It can also be infected with bot software to attack other organisations, turned into a file or web server to host illicit or illegal content (such as child exploitation images).
Myth: ‘Cloud computing transfers the security risk to the cloud provider’
Fact: There is no transfer of liability. Under GDPR, if an organisation utilises a cloud service and then suffers a data breach it is the organisation and not the cloud provider who is deemed responsible.

Myth: ‘Anti-virus software means your devices are secure’
Fact: While beneficial, anti-virus software alone does not guarantee security. Instead anti-virus software should be used as part of a larger approach to cyber security along with network segregation, staff training and strong authentication to prevent an infection. Auditing capabilities should also be utilized to detect any issues.
Myth: ‘if my data, device or business was compromised, I would notice quickly’
Fact: The average time an adversary spends in a network before detection is around 6 months. This is another reason that multiple prevention and detection solutions are advised over a single solution.
Weekly Threat Report 23rd October 2020
US warns of Chinese actors exploiting public vulnerabilities
Marks & Spencer CEO spoofed
Santander downplays 'hack' of PagoFX cash transfer biz, says nothing to worry about
Financial giant Santander has downplayed claims that its international money transfer startup 'PagoFX' was compromised in data leak involving a third party software developer used by PagoFX.
Zoom finally adds end-to-end encryption for all, for free – though there are caveats
Zoom has added end-to-end encryption for all users regardless if they are paying subscribers or not. Zoom says its end-to-end encryption (E2EE) will use 256-bit AES-GCM, meaning that those working from home and utilising zoom can do so more securely. However, some restrictions of using this serve include cloud recording being disabled, as well as  live transcription, breakout rooms, polling and one-to-one private chats.
Google Removes 21 Malicious Android Apps from Play Store
The findings were reported by the Czech cyber security firm Avast who stated these apps where downloaded a total of almost 8 million times. The apps appeared as harmless games but where saturated with HiddenAds, a type of Trojan known for its capabilities to serve intrusive ads outside of the app.
Microsoft develops new machine learning model to detect password spray attacks
Microsoft has developed a new machine learning-based algorithm that detects password spray attacks with significantly improves performance than its past mechanism.
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2020 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp