Cyber criminals demand ransom to unlock SEPA systems

The Scottish Environmental Protection Agency (SEPA) have been the victim of a ‘significant cyber attack’ in which malicious hackers have demanded a ransom for the unlocking of their computer systems. The attack resulted in more than 1GB being stolen and the company’s email and contact centre being locked. The ransomware attack, which has been described as incredibly sophisticated, took place on Christmas Eve and is thought to have originated from international groups.
Police Scotland and the National Cyber Security Centre are investigating the incident but the IT systems remain affected 3 weeks later.
Final call for girls to enter UK contest to find top codebreakers

There is just one week to go until the 2021 CyberFirst Girls Competition begins! Girls aged 12-13 are being encouraged to join the virtual competition to put their cyber security skills to the test through a series of fun and challenging online puzzles covering topics including logic, networking and cryptography. Hundreds of schools have already signed up but there is still time to register at

Email Security

For many, emails are a part of everyday work and personal life, but for a lot of organisations there is a genuine concern that a cyber criminal will send emails to individuals posing as their organisation. This type of attack, known as ‘spoofing’, can be extremely convincing and, if successful, can aid malicious actors in compromising the confidentiality of communications, in committing fraud or stealing data. The aftermath of such an attack can cause long lasting damage to an organisations reputation as well as being both time consuming and expensive to rectify.  This can also result in the loss of data or money to the individuals targeted in the attack. Therefore, it is important to be aware of the risks and have good email security.

Top cyber tips for good email security
Sender Policy Framework (SPF) – SPF is an email authentication technique that preserves a list of authorised email servers, which act as the official starting point of email communication from an organisation. Meaning that, when an email is sent to a recipient, the SPF record will ensure that the email originated from an authorised server. SPF is an email authentication technique that can be used to prevent spammers from sending messages on behalf of your organisations domain.

DomainKeys Identified Mail (DKIM) - DKIM is a technical standard that lets you add a digital signature to outbound email messages in the message header. This digital signature is used as a means of proving that the email address was not altered or spoofed. You should use DKIM in addition to SPF and DMARC to help prevent spoofers from sending messages that look like they are coming from your domain. 

Domain-based Messaging Authentication Reporting & Conformance (DMARC) - DMARC brings the previously mentioned SPF and DKIM mechanisms together into a single framework, DMARC inspects the ‘from header’ and check that it is recognised by the SPF to ensure that the address shown in the DKIM signature match. The recipients system can then choose to dump, flag or accept the email that fails the DMARC authentication process. Copies of emails that fail authentication will also be sent to the supposed sender organisation. This will help the organisation fix authentication issues and identify malicious threat actors and web sites. 
Message Encryption - For strong email security, mail servers should enforce resilient cryptographic protocols, meaning that the contents of the email will be encrypted while in transit so that an unauthorised party are unable to read an intercepted message.

Find out more by visiting the NCSC advice: Email security and anti-spoofing 
New FreakOut botnet targets Linux systems running unpatched software

The botnet known as 'FreakOut' first emerged during November 2020 and has recently resurfaced in a series of attacks this month. The FreakOut botnet is reportedly targeting unpatched Linux systems and comes with features that could potentially be used for DDoS attacks, crypto-mining, brute force attacks and more.
Technical report: Responsible use of the Border Gateway Protocol (BGP) for ISP interworking

The NCSC have released a technical report containing guidance on best practice use of this fundamental data routing protocol.
Hackers Compromise Mimecast Certificate For Microsoft Authentication

Cloud email management provider Mimecast has been compromised by a sophisticated threat actor after the malicious individuals obtained a digital certificate, used to authenticate several of the company’s products.  The threat actor also abused the certificate to gain access to some of its Mimecast clients Microsoft 365 accounts.
Rogue: The Evolution of Next Level Malware Development Package

An extensive and affordable network of malware development packages, for use on Android phones, has recently been discovered on dark web markets. A malware package dubbed Rouge was amongst the found packages. This Rouge malware is capable of targeting Android devices with key-loggers and can aid in the development of advanced Android malware, which has the capability of gaining control over the host device.
What can we offer you?
Get in Touch
Click here to subscribe to the Cyber Crime Sentinel Newsletter!

Virtual School and Education Cyber Aware Training Events

Join our online webinar aimed at schools and educational organisations and discover how cyber attacks and ransomware are being used to target them. Get the latest advice and cyber awareness training for all staff.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Aware - Training for staff: Sports Organisations

Join our monthly online webinars aimed at sports organisations and discover the latest attacks businesses are facing, the social engineering tactics being used to gain data and the latest awareness training that staff need to know.

Please note: All participants are screened before being invited to the event. Please use your corporate sports email address when registering.

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp