Copy
RCCU at the National Cyber Security Show

From the 7-9th September 2021, the West Midlands Regional Cyber Crime Unit (WMRCCU) hosted a stand at the National Cyber Security Show.  Joined by Protect Officers from our regions police force cyber teams as well, it was also the debut of two of our new Cyber Crime Volunteers and our two new Cyber Crime Interns, who all shined and proved valuable assets throughout the event.
 
UK and US cyber security leaders meet to discuss shared threats and opportunities

Last week, the CEO of the National Cyber Security Centre and the Director of the US Cybersecurity and Infrastructure Security Agency met in London. Efforts to tackle ransomware was at the top of the agenda, along with diversity in Cybersecurity and collaborations with industry. The NCSC Chief Executive had this to say: “Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”
 
Student hacker costs University thousands, before being sent to prison.

A master’s student from the University of South Wales has recently been sent to prison after hacking into the computer network of his university. It was discovered that the student had downloaded 216 files including exam papers, marking, reports and coursework, by selling copies of these files he was able to make $27k. Cardiff Crown Court stated that the student used “very sophisticated” cyber-criminal techniques and was able to hide his intrusion for 18 months. The investigation of the incident, finding the culprit, and implementing new cybersecurity measures cost the university around $138K.
 
This incident shows the importance of our Prevent messages, if this student was more educated about the Computer Misuse Act and the consequences of breaching it perhaps he wouldn’t have committed the crime.
40 million T-Mobile customers hit by US data breach

Details of French visa applicants exposed

Top of the class: Schools awarded by experts for high quality cyber teaching

Are you hungry? A two-part blog about risk appetites

Apple rushes to block 'zero-click' iPhone spyware

Cybersecurity Vulnerability Could Affect Millions of Hikvision Cameras

Hackers breached computer network at key US port but did not disrupt operations

Hacking group used ProxyLogon exploits to breach hotels worldwide

China declares all crypto-currency transactions illegal

Money Mules

With the students going back to school this month and some recent data being revealed on BBC’s Crimewatch Live showing a 78% year-on-year increase in under 21s taking part in money mule activity, we thought it was a great time to address this vulnerability. 

 A money mule is a person who transfers stolen money between different countries.

Money mules are recruited, sometimes unwittingly, by criminals to transfer illegally obtained money between different bank accounts. Money mules receive the stolen funds into their account, they are then asked to withdraw it and wire the money to a different account, often one overseas, keeping some of the money for themselves.

Even if you’re unaware that the money you’re transferring was illegally obtained, you have played an important role in fraud and money laundering, and can still be prosecuted. Criminals will often use fake job adverts, or create social media posts about opportunities to make money quickly, in order to lure potential money mule recruits.

Behaviours that put you at risk of becoming a money mule
  • Responding to job adverts, or social media posts that promise large amounts of money for very little work. 
  • Failing to research a potential employer, particularly one based overseas, before handing over your personal or financial details to them.
  • Allowing an employer, or someone you don’t know and trust, to use your bank account to transfer money.
How can people protect themselves
  • No legitimate company will ever ask you to use your own bank account to transfer their money. Don’t accept any job offers that ask you to do this. 
  • Be especially wary of job offers from people or companies overseas as it will be harder for you to find out if they really are legitimate.
  • Never give your financial details to someone you don’t know and trust.
Data exclusively revealed on BBC’s Crimewatch Live shows 78% year-on-year increase in under 21s taking part in money mule activity

For CrimeStoppers #dontbeamoneymule Campaign visit here
iOS 15 Privacy Features

The latest Apple iOS releases this week and it is clear that Apple has taken steps to increase user privacy and control. One of the more interesting features is the new Privacy Dashboard, which will show permissions given to apps and how often the apps have accessed certain features, like the camera for example. Another new feature will allow you to turn off email tracking, which shows digital marketers when an email has been opened. Additionally, you will now be able to opt out of Apples personalised ads, a feature that was hidden in previous versions.
 
Hacker’s steal $600m in cryptocurrency heist

Hackers have stolen $600m (£433m) in what appears to be one the largest cryptocurrency heists ever. The Blockchain site Poly Network has reported that hackers have exploited a vulnerability in their system to steal thousands of digital tokens. Hours after the attack the hacker began to return the funds to Poly Network, first in small amounts and then in millions.
 
2021’s Most Dangerous Software Weaknesses
Saryu Nayyar, CEO at Gurucul has gone over Mitre’s list of dangerous software bug types and has emphasized that the “classic” vulnerabilities are still just as effective.
 
Buffer/Memory Overruns
This involves attackers targeting the memory, entering values or commands until they exceed the size of the memory. Once outside the memory attackers can insert executable software, allowing them to take over a computer.
 
Cross-Site Scripting (XSS)
Attackers can use web features to plant malicious scripts, these are implanted in unprotected client-side web pages and are executed when the users open that page.
 
SQL/ Command Injection
This is where the attacker uses SQL escape characters to enter SQL commands to modify or query the database.
 
Use After Free
This memory manipulation trick allows an attacker to insert malicious software into the free memory which will then be executed when the memory is next allocated. It also allows attackers to read the contents of memory

 

HP Omen Hub Exposes Millions of Gamers to Cyberattack
Last week HP released a fix addressing a vulnerability that was discovered in one of the HP Omen Gaming Hub’s drivers which would allow attackers to gain kernel access without administrator privileges. This software is preinstalled on all HP Omen Desktops and Laptop where it is used optimise gaming performance, to provide the best experience. The vulnerable versions are:
  • HP OMEN Gaming Hub prior to version 11.6.3.0
  • HP OMEN Gaming Hub SDK Package prior to version 1.0.44 
The problem has come from the fact that the software is built using code copied from a problematic open-source driver called WinRing0.sys. This high security flaw can allow attackers, even without administrator privileges, to escalate privileges and run code in kernel mode, allowing them to bypass security products and potentially access wider networks.
 
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Keeping children safe in education 2021

Please get in touch with us if you'd like to know more about the free education sector cyber protection support services we provide. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
https://cyberthreatweekly.buzzsprout.com/


The International Cyber Expo will be taking place on the 28 - 29 September 2021 at Olympia, London.

You can register in advance for FREE and find out more at Welcome to International Cyber Expo.

The West Midlands Regional Cyber Crime Unit will be taking part in the NEXT GENERATION INNOVATORS - School Outreach Day on the 5th October 2021 at the Three Counties Showground WR13 6NW and THE FAMILY DAY on the 9th October 2021 at the Malvern Theatres, Great Malvern, WR14 3HB.  Come and see us! 
 


 

The West Midlands Regional Cyber Crime Unit will be taking part in this years Cyber Fringe Festival on the 23-27th November 2021. Get your free delegate pass today!

On the fringe of Cyber & Security: 5 days of Strategic, Operational and Technical sessions, covering: Cyber industry, Defence & Emergency services, Diversity, Government, Acceleration, and Skills
 

 

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Facebook
Twitter
Website
Spotify
YouTube
Apple Podcast
LinkedIn
Facebook
Twitter
Link
Website
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp