Search This Blog

Showing posts with label UK. Show all posts

UK Cryptocurrency Exchange EXMO Suffers a 'Massive' DDoS Assault

 

Cryptocurrency exchange EXMO, a British company was targeted in a distributed denial-of-service (DDoS) attack. As a precautionary measure company has shut down its servers temporarily. The company also said in a notification that it suffered a distributed denial-of-service attack on February 15, when its website was offline for two hours.

EXMO’s spokesperson said that the previous DDoS assaults only affected the website but this attack is quite different from previous attacks due to its potency and capability to drive 30 GB of traffic per second affecting the whole network system, including the website, API, Websocket API, and exchange charts. The assault was combated with the help of DDoS protection Qurator and the company has also beefed up the security to avoid any further damage. 

This was the second assault on the company in the last two months, on December 24, threat actors attacked the company and earned 5% of EXMO’s assets from their ‘hot’ wallets. Later, the company confirmed that it has suffered a loss of about $4 million in customer cryptocurrency; currently, there are no proofs to establish the motives behind both the attacks but it is suspected that due to the bitcoin price hit records high, threat actors tried to cash in on the higher value of the stolen assets.

EXMO released an update regarding the developments in an investigation wherein they mentioned, “Our team is currently developing a new infrastructure for hot wallets. Since each blockchain needs a separate server, the process will take some time, once deposits and withdrawals are available, you will have to generate a new wallet address in the ‘Wallet’ section of your account. Our investigation is ongoing, and we are taking all necessary and precautionary measures to prevent such incidents from reoccurring.” 

The company was launched in 2013 and is headquartered in London. Due to Britain’s exit from the European Union, EXMO had chosen to establish their brand into new European bases as part of a contingency plan. The company was registered with the UK Financial Conduct Authority (FCA) for a brief stint as a crypto asset business until July 9th, 2021, following a request submitted back in April 2020. 

EXMO has expanded its reach outside the UK in a very short span of time and the company’s offices are in Kyiv, Barcelona, Moscow, and Istanbul.

Threat Actors Targeting British Users in a Facebook Phishing Campaign

 

After targeting the German users in the ongoing Facebook phishing campaign threat actors have shifted their focus onto the British users, nearly 75% of the new victims are based in the UK. Cybernews exposed the phishing campaign on Facebook named “Is that you” after it tricked nearly 4.5 lakh users in Germany since its beginning on January 26.

It seemed like threat actors have abandoned their campaign after getting exposed but they were planning to launch their phishing campaign in another country. The new phishing campaign was launched on February 11 in the UK and since then it has targeted more than 20,000 British users. Cybernews has shared the details of their investigation regarding the ongoing phishing campaign in Germany and the UK with Facebook, CERT UK, Dominican Republic’s cyber police, and wal. ee (the URL shortener service used by the threat actor).

Threat actors are using the same legitimate third-party web statistics service to track the growth of the latest phishing campaign in the UK as they used in Germany. Their methodology of operating is also identified as it was in Germany, threat actors are sending a personal Facebook text to the unsuspected users and are claiming to have discovered a video or image with the victim featured in it. This text then directs the victim through a chain of websites that have been compromised with malicious scripts that accumulate the victim’s credentials and are infected with adware or other malware, depending on the victim’s device.

The two things which are unidentical from the previous phishing campaign in Germany are tracking code and campaign name. Cybernews managed to gain access to the threat actor’s dashboard in order to learn the scale of the campaign and it appears that over 20,000 users are trapped in the net laid by the threat actors. Due to the access to the threat actor’s dashboard, Cyber news was able to spot the devices and browsers predominantly used by the victims.

Three steps to protect yourself against phishing campaign

 1) Your passwords should be unique and complex for all the online accounts and the password manager will suggest you to generate strong passwords.

 2) Enable the multi-factor authentication option (MFA) and try to remain vigilant while using any social media platform and beware of any suspicious text sent to you even from your Facebook contact.

 3) Threat actors usually apply social engineering to tempt you to click on the malicious links or download infected files, think twice before clicking on such suspicious links and report to the cyber cell for the potential cyber fraud.

Ticketmaster Fined $10 Million by Department of Justice for Unlawful Business

Ticketmaster had to pay €7.3 Million ($10M) fine compensation for intervening in a rival company's computer systems, says the US Department of Justice. Ticketmaster agreed to pay a fine amount after it faced allegations by the US DoJ that the company gained unlawful access into rival company's systems to obtain information about its business. According to DoJ, the US ticket sales and distribution company illegally used retained passwords of a former employee of a rival company to access their computer systems. Ticketmaster had done this as a scheme to wipe out the competitor's business. Responding to the action, Ticketmaster has said that it feels good now that the issue is resolved.


The DoJ in the released statement said that the unlawful activity happened in 2017. The scheme involved 2 company employees, both now dismissed. According to Ticketmaster, the employees' actions violated their company policies and conflicted with their organizational values. Federal officers alleged Ticketmaster of computer intrusion, wire fraud, and other illegal activities dating back to 2013. The federals have agreed to remove charges in 3 years if the company doesn't make any trouble as per the federal prosecution deal. The inquiry emphasized the company's (Ticketmaster) attempts to obtain information, specifically related to concert pre-sale tickets, says the court statements. 

The rival is a UK based company with headquarters in Brooklyn, New York, but the information in legal documents suggest it was Songkick. Songkick holds expertise in offerings performance artists digital widgets called "artist's toolbox," which allowed Songkick to pre-sell tickets to their events on its online websites separately from ticket blocks which were available to Ticketmaster, a company owned by Live Nation Entertainment Inc. 

Live Nation and Ticketmaster unlawfully took a former worker rival company to get details about its business operations, client details, and marketing plans. The employee gave Ticketmaster the login credentials of his former company, which Ticketmaster used several times to gain access to computer systems and get information about Songkick's pricing to develop their own competing platform. 

Bloomberg reports, "songkick sued Live Nation and Ticketmaster in Los Angeles federal court and reached a $110 million settlement in 2018 that included the sale of its ticketing assets to Live Nation. Other Songkick assets had been sold earlier to Warner Music Group."

New Laws for Drone Users Across Europe and UK

 

As of December 31, 2020, the new European Drone Regulations spread out by the European Union Aviation Safety Agency (EASA) will come into power, making the way for an epoch of harmonization across the 27 EU Member States as well as Iceland, Norway, Liechtenstein, and the UK. The set of new rules clarify where drones can be flown, just making it simpler to follow/trace the owners. The UK Civil Aviation Authority (CAA) issued the rules, they have anticipated that there will be an escalation in the number of drone clients after they eliminated the differentiation among recreational and business applications.

At first, these drones didn't need to be enlisted because of their sub-250g weight, yet this prerequisite has now been extended out to all drones with a camera. This implies proprietors of those drones, or any with a camera, should enlist their drone with the Civil Aviation Authority (CAA) and get an Operator ID. All drone proprietors in the UK will require two IDs before flying outside: the Flyer ID, which includes breezing through a short online assessment, and an Operator ID, which means enrolling your drone at an expense of £9 every year. 

Three new classifications will consider the drone you have and where you mean to fly it, this will, at last, make it workable for novice drone pilots without a qualification. These categories are Open, Specific, and Certified. These have various prerequisites as far as training is concerned and the kinds of drones you can utilize. Recreational flying will be covered by the 'Open' category. 

Open category: The Open Category is for what are viewed as generally low-risk flights and will apply to the sort of consumer drones that most of the novice drone pilots use. It further has three subcategories – A1, A2, and A3.
 • A1 - drones weighing under 250g (0.55lb) can be flown over individuals. 
 • A2 - drones weighing more than 250g however under 2kg should be flown at least 50m (164ft) away from individuals. 
 • A3 - drones weighing more than 2kg should be flown well away from individuals. 

Specific category: The Specific Category covers drone flights that represent more danger than the 'Open' Category and requires a degree of planning, similar to all current commercial activities. The CAA will distribute a bunch of pre-characterized situations and danger assessments.

Certified category: The Certified Category identifies with complex tasks, for example, those where parcels or even individuals are conveyed by the drone. This category is profoundly trained professionals and won't apply to the vast majority of drone pilots.

Elliott Corke, director of Global Drone Training, said, “We would encourage people to read the manual and practise somewhere safe first.”

New marketing campaign against UK subway by using TrickBot malware

 

UK subway market has disclosed that its marketing system has been hacked. The malicious actor was sending TrickBot malware-laden phishing emails to the customers by using its marketing system. 

Threat actor successfully accessed subway UK customers' confidential information such as names and email addresses by hacking a subcard server. This campaign has come to light when BleepingComputer observed a massive phishing campaign targeting U.K. citizens, pretending to be order confirmation from subway UK. 

According to the researchers, threat actor was distributing malicious Excel documents to the users that would install the updated version of the TrickBot malware into the system. As per the analysis, the downloaded TrickBot malware is a DLL that will be inserted into legitimate Windows Problem Reporting executable directly (wermgr.exe) from memory to avoid being caught by security software and would appear like an authentic task running in the task manager. 

What is TrickBot? 

Trickbot is a computer malware-trojan, which targets Microsoft Windows or other operating systems to get sensitive information and acts as a dropper for other malware. Mainly, the malware is configured to send direct links to users by emails to download malware from malicious websites and trick the users into opening malware through an attachment. 

It is about yesterday when Subway UK customers were receiving bogus emails from 'Subcard' of Subway about customers placed orders. The emails that were sent to the users comprised of certain links of documents that appeared to be a confirmation of the order. 

In a recent development, it has been observed that TrickBot malware expanded its arsenal by adding TrickBoot. 

In November, operators of TrickBot had added a new tool to its array with the name ‘LightBot’ to inspect the victim’s network for high-value targets. 

Subway said in a statement to BleepingComputer, "Having investigated the matter, we have no evidence that guest accounts have been hacked. However, the system which manages our email campaigns has been compromised, leading to a phishing campaign that involved first name and email. The system does not hold any bank or credit card details."

"Crisis protocol was initiated and compromised systems locked down. The safety of our guests and their personal data is our overriding priority and we apologies for any inconvenience this may have caused."

A Government-Backed Advert for Career Opportunities in Cyber Security Taken Down Mere Hours After Release

 

A campaign originally meant to draw in more individuals to career opportunities in cybersecurity has gone under hefty analysis and criticism which ultimately resulted in it being removed completely after just a couple of hours of its release.

Part of the government's Cyber First mission, the advertisement shows a young lady tying up her ballet shoes with the caption being "Fatima's next job could be in cyber. (she just doesn't know it yet)” with the slogan "Rethink. Reskill. Reboot." 

At first, it was quite unclear regarding who was behind this campaign, with it including the branding of DCMS and NCSC's Cyber First Campaign. Secretary of State for DCMS Oliver Dowden however dismissed any association with the campaign, saying “this is not something from DCMS” while agreeing that “it was crass.” 

The poster though, one of a few which highlights individuals from a wide variety of different professions has been vigorously criticized on online media.

Javvad Malik, a security awareness advocate at KnowBe4, said the poster did come across as tone-deaf.

“With any career, you want to pull people towards it and motivate them to want to choose it,” he said. “It's only when people enjoy, have an interest in, or have a passion for a role that they actually have a sense of achievement and contentment. 

The Prime Ministers official spokesperson stated: "This is part of a campaign encouraging people from all walks of life to think about a career in cybersecurity. However, this particular piece of content was not appropriate and has been removed from the campaign. The government recognizes the challenge to the cultural industry and today the culture secretary has announced £257m of funding to help support 1,385 theatres, art venues, museums, and cultural organizations across England." 

This move comes after the chancellor denied empowering laborers in the already struggling arts industry to retrain. 

Rishi Sunak has although insisted that this was a general statement made by him about the requirement for some workers to "adapt" and recommended there would be "new and fresh opportunities" accessible for the individuals who couldn't do their old jobs.

Litigation Firm Discovers a New Phishing Scam Falsely Purporting To Be From Leading UK Supermarket


A litigation firm discovered a new phishing scam falsely indicating to be from a leading UK supermarket Tesco. 

The scam had utilized SMS and email communication planned to fool customers into handling over their subtleties, and steal classified and payment data. 

The fraud started through an official-looking but fake Facebook page entitled 'Tesco UK' which shared images implying to be from a Tesco warehouse, showing stuffed boxes of HD television sets. 

As per Griffin Law, the litigation firm, the message stated: “We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.” 

The firm stated that at least some 100 customers had responded to the Facebook page or received an email.

The original fake Tesco Facebook page is currently listed as 'content unavailable.' It was the clueless users who had due to immense excitement shared the post helped it to spread before receiving an email offering them the opportunity to 'claim their prize.' 

A button in the message connected victims to a landing page to enter their name, place of residence, phone number, and the bank account details. 

Tim Sadler, Chief, Tessian, stated: As the lines between people in our ‘known’ network and our ‘unknown’ networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can’t trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people’s vulnerabilities." 

Although Sadler empathized with the people who are struggling financially in the wake of the [COVID-19] pandemic and henceforth the proposal of a free television could be appealing to them.

However, he advises the users to consistently scrutinize the authenticity of these certain messages and consistently confirm the requestor's offer before tapping on the link and refrain from asking for trouble.

The UK Government Vs Apple & Google API on the New COVID-19 App That Tells Who Near You is Infected!



Reportedly, the United Kingdom declared that their coronavirus tracing application is being run via centralized British servers and that’s how they are planning to take things forward and not via the usual “Apple-Google approach” which is a preferred one for most.

Per sources, the CEO of the Tech unit of the National Health Service mentioned that their new smartphone app will have its launching in the upcoming weeks, with the hopes of helping the country return to normalcy by beating coronavirus.

According to reports, the UK government believes that the contact-tracing protocol created by Apple and Google protects user privacy “under advertisement only”. Hence the British health service supports a system that would send the data of who may have the virus to a centralized server giving all the controls in the hand of the NHS.

The way of the NHS and that of Apple and Google, work via Bluetooth by putting a cell-phone on the wireless network, having it emit an electronic ID that could be intercepted by other phones in the vicinity. If a person tests positive for COVID-19 their ID would be used to warn the others near them.

Meaning, if you were near an affected person, your phone would show flags about their being infected, you’d be notified about it and if you may have caught the novel coronavirus you’d be alerted about that too, mention sources.

Per reports, Google and Apple especially had created an opt-in pro-privacy API for Android and iOS. The feature allows the user’s phone to change its ID on other phones near them and store it across different intervals of time.

Per sources, if a person is discovered to have COVID-19 they can allow the release of their phone’s ID to a decentralized set of databases looked over by healthcare providers and the nearby users would be notified about it.

The above-mentioned approach works best to help ensure that the users aren’t tracked by exploiting the above information. Google and Apple say that their protocol would make it next to impossible for them, the governments, and mal-actors to track people. The data wouldn’t leave the user’s phone unless they want it to, that too anonymously if and when.


A person, to declare themselves infected must enter a specific code from a healthcare provider after being tested positive which is a great way to curb fraudulent announcements about being infected.

The NHS, on the other hand, thought of proposing a centralized approach that makes the government, the party that has the coronavirus related details of all the users on their database for further analysis.

Per sources, for this application to be successful 60% of a population would have to download it and opt for it. Trust plays a major role here, if the users don’t trust the app it would be of no use to others either.

Reports mention that most countries prefer the Google and Apple method better, including Switzerland, Austria, and Estonia. Germany too is in strong support of a decentralized line whereas France had to face criticism for its inclination towards the centralized approach.

Nevertheless, the NHS is hell-bent on going forward with the centralized approach and is adamant that it will safeguard the privacy of people no matter what. In the centralized way of things, the NHS would capture all the IDs of phones with the app active on them and store the details on their database. Later on, if a user is found to be infected the NHS would make the call about all the hows, whens, and ifs of the warning procedure on the other phones.

If things were to work out the way NHS wants it to, the application would advise users to take steps to help them save themselves against the virus, like self-isolating if need be. The advice notified would be customized per the situation. They would also build a better database and help people with first-hand updates. People could also voluntarily provide detailed information about themselves to make the app’s experience more comprehensive.

Moreover, the centralized system would be way easier for conducting audits and analysis of the data that has been stored in the databases for further research about users that are at most risk.

But regardless of all the superficial advantages, the NHS would still be creating a database bursting with people’s personal information like their health statuses, their movements, and that too with the government having complete control of it.

The success of the entire operation dwells on the people’s trust in the NHS, the UK government, and the governments of all the countries for that matter who have opted for the centralized system.

More than 300 hundred arrested in "dark web child abuse" sting!


Hundreds, around 338 people have been arrested in the worldwide sting of "largest dark web child porn marketplaces", investigators said.

The now seized English website, "Welcome to Video" hosted 2,00,000 videos showing illegal acts committed to children, which were downloaded more than a million times. The site had eight terabytes of data containing gruesome acts being done to infants, toddlers and children.

The site's owner Jong Woo Son, 23, from Korea is currently in prison, serving a sentence of 18 months. Unites States officials have unsealed nine allegations against him.

"You may try to hide behind technology but, we will find you and arrest you and prosecute you." Jessie Liu, the US attorney for the District of Columbia said in a press conference.

The site was shut down a year ago in March by US authorities, but on Wednesday officials said 338 users have been arrested from 38 countries including UK, Ireland, US, South Korea, Germany, Spain, Saudi Arabia, the United Arab Emirates, the Czech Republic and Canada.
The site also used a Bitcoin based marketplace with at least 7,300 transaction worth about 730,000 dollars. UK's National Crime Agency said "The site was one of the first to offer sickening videos for sale using the cryptocurrency bitcoin. "

The arrest was  result of a three years of hunt by National Crime Agency of Britain, and task forces from UK, US, South Korea and Germany. The officials first came across the website while investigating one of UK's worst child sex offender and paedophile, geophysicist Dr Matthew Falder in 2017. Fadler, admitted to 137 offenses and is serving a 25 years sentence for sharing images and abusive videos on the dark web. Then in March, 2018 officials went to South Korea to take down the website's server and to arrest Jong Woo Son, the owner of the site.

The officials were able to arrest many suspects by tracing the cryptocurrency transactions. Seven men from the UK and five from America have already been convicted of the investigation. One of them being, Kyle Fox another child offender already in jail for raping a five-year-old boy and sexually abused a three-year-old girl.
“The scale of this crime is eye-popping and sickening,” said John Fort, the chief of IRS criminal investigations. The task force was able to rescue 23 children from a state of constant abuse.

Forensic services firm pays ransom after cyber-attack

The UK's biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.

Eurofins Scientific was infected with a ransomware computer virus a month ago, which led British police to suspend work with the global testing company.

At the time, the firm described the attack as "highly sophisticated".

BBC News has not been told how much money was involved in the ransom payment or when it was paid.

The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

The agency, which is investigating the attack, said: "As there is an ongoing criminal investigation, it would be inappropriate to comment."

Eurofins previously said the attack was "well-resourced" but three weeks later said its operations were "returning to normal".

Cyber-attack hits police forensic work

It said it would also not comment on whether a ransom had been paid or not.

It added it was "collaborating with law enforcement" in the UK and elsewhere.

The ransomware attack hit the company, which accounts for over half of forensic science provision in the UK, on the first weekend in June.

Ransomware is a computer virus that prevents users from accessing their system or personal files. Messages sent by the perpetrators demand a payment in order to unlock the frozen accounts.

Eurofins deals with over 70,000 criminal cases in the UK each year.

It carries out DNA testing, toxicology analysis, firearms testing and computer forensics for police forces across the UK.

Forensic science work has been carried out by private firms and police laboratories in England and Wales since the closure of the government's Forensic Science Service in 2012.

'Court hearings postponed'

An emergency police response to the cyber-attack was led by the National Police Chiefs' Council (NPCC) to manage the flow of forensic submissions so DNA and blood samples which needed urgent testing were sent to other suppliers.

Spotify app: Crashed down for users around the world







Spotify users around the world are having trouble logging in the app as well as while streaming the music.

Initially, the users in the UK and Europe reported about the app's crashing down, but after some time the users around the world reported the same problem.

The first report of app crashing came out at 11am GMT (7am ET).

However, Spotify tweeted a response to the influx of reports from its customers: 'Something's not quite right, and we're looking into it. Thanks for your reports!'

 According to the outrage monitoring site DownDetector, users are facing a problem as the website is not working properly. Around 63 percent of users reported that they are facing trouble in playing music.

Users have started making memes about the crashing of the popular music streaming website.