Copy
Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

A hack on security start-up company Verkada Inc. resulted in hackers gaining access to the live feeds of 150,000 security cameras including those inside of prisons, schools, police departments, businesses and hospitals. Organisations including Tesla Inc., Cloudflare Inc. and Verkada itself had their security footage exposed as well as women’s health clinics and psychiatric hospitals.
 
The malicious actors responsible also claim to have access to Verkada customer’s full video archives.
 
In response, a Verkada spokesperson has stated that the company has “disabled all internal administrator accounts to prevent any unauthorised access” and that their “internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”
 
Queen's University takes 'precautions' after cyber-attack attempt

Queen’s University in Belfast (QUB) was subject to an attempted cyber attack that took place on the 24th February. The university has stated that there is currently no evidence that any data has been breached but the university QUB has temporarily suspended access to several university systems.

The QUB National Cyber Security Centre statement.

Cyber attack disrupts services at the University of the Highlands and Islands

A separate cyber attack has also caused disturbances to the University of the Highlands and Islands (UHI) in Scotland. The incident caused disruptions to networks and systems across its network of 13 colleges and institutions.

A UHI spokesperson has stated that source of the incident is, as of now, unknown and no personal data is believed to have been affected.
European Banking Authority hit by Microsoft Exchange hack

The European Banking Authority (EBA) has been hit by a global cyber attack leaving their email servers compromised. The EBA has taken its email system offline to assess the damage and stated that personal data on their servers may have been accessed.

Microsoft explained that the attack exploited a vulnerability in Microsoft Exchange email system or, at times, utilised stolen passwords in order to gain access to systems. The attack would then take remote control of the servers and steal data.

Many large business and government bodies employ the use of Microsoft Exchange servers but establishments have come forward regarding being hit by the attack.

NCSC advice following Microsoft vulnerabilities exploitation is here
Be alert of Covid Vaccine Scams!
 
The NHS has announced their plans to begin texting the public to invite them to book their much anticipated Covid vaccine. The first people to be contacted will be those 55 and overs and unpaid carers amounting to around 440,000 individuals as part of the biggest NHS vaccination program in history.
 
This news of the vaccine roll out has brought joy to many and the use of text messages makes it quicker and more convenient to book an appointment. However, the use of these legitimate vaccine text alerts may get mimicked and exploited by those with malicious intentions. Below are some useful tips on how you can be avoid falling victim to a Covid themed smishing attack.

 

Remember that the NHS will never charge for the Covid vaccination and therefore their text message will NEVER:

  • Request any bank account, card or financial details.
  • Ask you to prove your identity by requesting copies of payslips, bills or any personal documents such as a passport or driving license. (The NHS may however ask you to bring photo ID with you to your physical vaccination appointment.)
  • Ask for information such as your banking pin or password.
  • Arrive at your home unexpectedly to deliver the vaccine.


The legitimate NHS text message will:
  • Show as being sent from ‘NHSvaccine’.
  • Contain a link to the NHS.uk website.
 
If you receive a text message you are unsure about, avoid clicking on any links and call 119 to book your appointment instead.
Google Play Harbours Malware-Laced Apps Delivering Spy Trojans

A novel malware dropper known as Clast82 brings together AlienBot and MRAT malware in a Google Play campaign targeting Android users. According to researchers, the malware dropper allows for attackers to steal data from android mobile devices and has been spread via 9 deceptive apps available in the Google Play store.
 
Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

Malicious actors are targeting Microsoft users in a phishing attack that utilises fake Google reCAPTCHA’s in an attempt to steal credentials. These attacks come in the form of emails often sporting convincing domain landing pages that include the logos of the victims company as well as the fraudulent reCAPTCHA.
 
Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection

Formerly disguised as an antivirus installer that, at its peak in February, targeted over 2,500 systems a day, the Monero Miner cryptocurrency ransominer is back. This time it's now masquerading as an ad blocker and OpenDNS service. Researchers at Kaspersky have warned that this hybrid malware has infected over 20,000 systems in just 60 days.
 
A bug in a popular iPhone app exposed thousands of call recordings
 

A security flaw in popular iPhone app ‘Call Recorder’ allowed anyone to access the recorded conversations of another person just by knowing their phone number.

What can we offer you?
Get in Touch
Click here to subscribe to the Cyber Crime Sentinel Newsletter!

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Aware - Training for staff: Sports Organisations

Join our monthly online webinars aimed at sports organisations and discover the latest attacks businesses are facing, the social engineering tactics being used to gain data and the latest awareness training that staff need to know.

Please note: All participants are screened before being invited to the event. Please use your corporate sports email address when registering.

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
https://cyberthreatweekly.buzzsprout.com/
 

 

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Facebook
Twitter
Website
Spotify
YouTube
Apple Podcast
LinkedIn
Facebook
Twitter
Link
Website
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp