Search This Blog

Showing posts with label United Kingdom. Show all posts

The Salvation Army in the UK was Infected with Ransomware

 

The Register has uncovered that criminals infected the Salvation Army in the United Kingdom with ransomware and stole the organization's data. A spokeswoman for the Salvation Army confirmed that the evangelical Christian church and charity had been hacked and that it had notified UK regulators. 

She said, “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the Information Commissioner’s Office, are also in dialogue with our key partners and staff, and are working to notify any other relevant third parties. We can also confirm that our services for the vulnerable people who depend on us are not impacted and continue as normal.” 

There is currently no other information concerning the event, such as the identity of the attackers or the material that was accessed. Furthermore, no data has been found on any known ransomware gang websites. Salvation Army workers and volunteers, on the other hand, have been instructed to keep a tight eye on their accounts for any unusual banking activity or suspicious contact. 

Jake Moore, a cybersecurity specialist with Slovakian antivirus firm ESET, told The Register: “It is vital that those who could be at risk are equipped with the knowledge of how to mitigate further attacks. The first few days and weeks after a breach are the most important, as criminals will be quick to take advantage of the situation and strike while they still can.”

 “Those who may believe they have had their details taken must contact their banks to add extra fraud protection and to be on guard for extra attempts such as unsolicited calls or emails phishing for extra information,” added ESET’s Moore. 

Other information security industry sources speculated that the attacks were carried either by the Conti or Pysa ransomware gangs. Conti was the ransomware strain used by the WizardSpider gang in the Irish Health Service attack, which came dangerously close to paralyzing Irish hospitals as employees were forced to revert to pre-computer era paper-based systems. Pysa, meanwhile, has been detected targeting schools and other “soft underbelly” targets, like the Hackney Council breach late last year. 

The current ransomware attack has shown that no organization is immune to ransomware and that it must be prepared to confront attacks at any time. Keith Glancey, systems engineering manager at Infoblox, commented: “This latest attack on the UK arm of the Salvation Army shows that ransomware is growing in sophistication and that actors are getting bolder. No organization is off-limits, even those in the charity sector.”

Cryptocurrency Addiction: Here's All You Need to Know!

 

Cryptocurrency addiction is defined as compulsive cryptocurrency trading and related behaviors that have negative implications in a person's life. Cryptocurrency addiction is a behavioral addiction that disrupts or destroys personal, familial, and leisure endeavors, similar to gambling addiction. 

Many of us enjoy the occasional wager or lottery flutter – but it only becomes a problem for roughly 9 people out of 1000. However, 70 persons out of 1000 engage in dangerous behavior that could become an issue in the future. 

Cryptocurrency traders, according to experts, exhibit the same behavioral addictions as problem gamblers. Although no data exist for the number of people addicted to cryptocurrency trading, Tony Marini, the lead counselor at Castle Craig Hospital in Peebles, said they are seeing an increasing number of people in Scotland. 

"This is the crack cocaine of gambling because it is so fast," he said. "It's 24/7. It's on your phone, your laptop, it's in your bedroom." In the last few years, the clinic has treated over 100 people with cryptocurrency addictions. People come to his door because of his constant availability and severe volatility, told Mr. Marini. 

"There are so many people out there that are trading cryptocurrency that is making money," he said. "And they're telling everyone that they're making money. We are not hearing from the people that are losing money."

Jake was a cryptocurrency trader who lost millions of pounds. He does not want his true identity revealed since he is still receiving treatment at one of the UK's few hospitals dedicated to patients who are addicted to betting on the value of the virtual currency. Jake originally purchased Bitcoin, the most widely used cryptocurrency, in 2015, but it wasn't until a major win a few years later that his trading became out of control.

"I can pinpoint the exact moment it became a problem," he said. "I had been eroding the sum I put aside, but I entered a trade, and I was willing to risk that last amount I had. I ended up making back pretty much everything I lost in a single trade. The feeling was one of absolute euphoria."

The market isn't the only thing that may go wrong. The technology that powers cryptocurrency is notoriously difficult, and if you're not vigilant, you could end yourself investing in a hoax.

Furniture Village Hit by a Week-Long Cyber Attack

 

Customers have been left 'with nothing to sit on' and unable to pay while waiting for sofas, beds, and tables as a result of a week-long cyber-attack on Furniture Village. The Slough-based store revealed yesterday that it had been the 'subject of a cybersecurity attack,' but that 'to the best of its knowledge,' no customer data had been disclosed. 

Internal systems are momentarily down, according to the company's website, although orders are still being taken online and in stores. The problem was discovered six days ago, on May 29, when Furniture Village said that its systems were experiencing technical difficulties and that its phone lines had been disconnected. 

Customers have been complaining on social media for over a week about not being able to get refunds or contact customer service, as well as delays or cancellations in delivery. The company confessed in a tweet that deliveries are taking longer than normal since its 'warehouses are currently operating manually.' 

In a statement released yesterday, Furniture Village said: "Frustratingly, our company was recently the target of a cybersecurity attack, however, by immediately implementing security protocols, including shutting down the affected systems, we were able to restrict the scope of the attack. Thankfully, to the best of our knowledge, no personal data has been lost or compromised." 

"We're working around the clock to restore all system-related functions of the business as soon as it’s safe to do so. The business remains healthy, and our teams are focused on supporting our customers, resorting to manual processes where necessary," the company added. 

The precise nature of the attack is unknown at this time, however, some industry experts suspect the retailer was the victim of a ransomware campaign. No formal confirmation has been given as to whether or not law enforcement agencies have been alerted. 

The National Crime Agency of the United Kingdom released its 2021 National Strategic Assessment last week, claiming that criminals are using technological advancements to fuel "serious and organised crime." Ransomware assaults have "grown in frequency and impact," according to the report.

"It is estimated 50 percent of all ransomware attacks included a threat to publish stolen data and over the last year there were £3bn of estimated fraud losses for UK individuals and businesses, but an accurate figure is constrained by significant under-reporting," it said.

Hackers Send Fake Census Form Alerts to UK Respondents

 


The United Kingdom, like every other country, runs a census every ten years. The census asks residents a number of questions regarding the address of individuals, their age, name, nationality, employment, health, education, and language. (The census here is mandatory and participants are obliged to provide answers)
 
The census happens in the year that ends with number-1, except Scotland, the census is postponed until 2022 due to the Covid-19 pandemic. Due to the Covid-19 pandemic, most of the respondents are filling their services online, they are getting a unique 16 digit access code from the government to each resident via snail-mail. The participant can go to the official government census website, enter the 16 digit login code, saving him the arduous work of filling the form by hand, and snail-mail it back. If the participant fails to fill the census form before 21-03-2021, the government will send a chain of warning notifications with a unique 16 digit code, requesting the participant to fill the form and also fining €1000 if he fails to do so.
 
Naked Security reports, "the criminals did make some grammatical mistakes in their forms that a native speaker of English might notice, and these would be another giveaway, along with the fake domain name, but the crooks have cloned the UK Office for National Statistics “look and feel” very believably."
 
Stay alert of forged forms-
 
If the participant hasn't filled the form yet but may soon do it, he/she should stay wary of fake "census reminders" that are sent by the hackers. And if you've already filled your form, be on alert if you think there have to be some modifications in the details. The hackers are trying to take advantage of the online census by luring the participants into phishing attacks and stealing their data.
 
The fake form may ask for your postcode instead of your 16 digits unique code (the hackers could've also sent a fake 16 digit code but they chose not to), after that, the hackers will ask you similar questions that you may answer while filling out the original forms. However, in the fake form case, you end up exposing your personal details to the hackers, instead of sending your details to Office for National Statistics.

 
How to stay safe?

 
1. Check the Domain name before filling the form on the official website.
 
2. Don't open links that you may receive via SMS or e-mail.
 
3. Stay alert of the text messages that you may receive, please go through the message before filling the form.
 

Great Britain named Russia as the main threat in cyberspace

 Lindy Cameron, executive director of Britain's National Cyber Security Center (NCSC), said on Friday that the Russian Federation poses the greatest threat to Britain in cyberspace.

According to her, as in any other area related to security, in cyberspace, Russia poses the most acute and urgent threat to the United Kingdom.

"We need to look carefully at China's ambitions for technological development. China will change the world we live in in a much more fundamental way than Russia," said Cameron.

Against the backdrop of the current world situation, she urged against complacency, complaining that cybersecurity is still not getting the attention it deserves. She also cited incidents involving cyberattacks against IT company SolarWinds and Microsoft Exchange service.

E Hacking News reminds that the NCSC is in charge of the Government Communications Center, the British intelligence agency responsible for conducting electronic reconnaissance and ensuring the protection of government and military information. The NCSC, in turn, works with the public and commercial sectors to respond to cyberattacks and to protect private and public information networks.

In December 2020, U.S. media reported that hackers linked to a foreign government hacked systems belonging to the U.S. Treasury Department, the Department of Homeland Security, the U.S. Commerce Department's National Telecommunications and Information Administration (NTIA), as well as networks at the Pentagon, Department of Energy and NNSA's nuclear safety agencies. A number of U.S. officials said the hacker group APT29 or Cozy Bear, allegedly linked to Russian intelligence, was likely behind the cyberattacks.

Later it became known that the cyberattack targeted SolarWinds, an IT company based in Austin, Texas. The hackers took advantage of the updates released by the company between March and June last year for its Orion software.

In March of this year, Microsoft warned that a hacker group allegedly backed by the Chinese government was exploiting security vulnerabilities in its Exchange Server messaging software, which is popular with U.S. agencies and companies.

UK Police's Forensic firm targeted in cyber attack









An investigation has been launched after a ransomware attack targeted the UK’s largest private forensics provider, which is widely used by forces across the country. 

The firm Eurofins scientists detected a breach of its systems on June 2. After following the report, police have suspended all its work with the company. The company carries out DNA analysis, toxicology, ballistics and computer forensics work.

The National Police Chiefs’ Council, Chief Constable James Vaughan, said in a statement: “We have put our national contingency plans in place, which will see urgent submissions and priority work diverted to alternative suppliers to be dealt with as quickly as possible.’’

“It is too early to fully quantify the impact, but we are working at pace with partners to understand and mitigate the risks. We will share more information as soon as we can.”

The company has been told to return the casework that had not been started. They deal with more than 70,000 cases ever year, including murders and terrorism.  


WikiLeaks‘ founder Assange arrested after seven years hide out inside Ecuador embassy







British police has finally arrested the WikiLeaks founder Julian Assange from the Ecuadorian embassy in London after Ecuador government withdrew asylum citing his bad behavior. 

The arrest has closed the seven year long dramatic stint which could end up in landing in a United States prison as he is facing  a hacking conspiracy charge.

According to an indictment Assange conspired with former Army intelligence analyst Chelsea Manning to steal, and publish classified documents. 

Soon after his arrest, Assange appeared before Westminster Magistrates’ Court, where District Judge Michael Snow found  him guilty for breaching his bail conditions, flatly rejecting his assertion that he had not had a fair hearing and a reasonable excuse for not appearing.

“Mr. Assange’s behavior is that of a narcissist who cannot get beyond his own selfish interests,” Snow said. “He hasn’t come close to establishing ‘reasonable excuse.’”

While, Assange waved to the public from the gallery as he was taken to the cells. His next appearance would be on May 2 via prison video-link for his extradition case.

Whereas his attorney, Jennifer Robinson, said he will fight any extradition to the U.S.

“This sets a dangerous precedent for all journalist and media organizations in Europe and around the world,” she said. “This precedent means that any journalist can be extradited for prosecution in the United States for having published truthful information about the United States.”

UK : Social Media Executives To Be Held Accountable For Destructive Content!



Reports have it, that according to a recent proposal of the UK authorities, social media executives shall be personally blamable for the harmful content on their platforms.
The freshly published paper in which the details were mentioned is just a tactic to restrict the spread of violent and detrimental content related to suicides and cyber bullying.
Disinformation, is another theme eluded upon along with the rising need for companies to hold their ground against terroristic, child abusive, and sexually abusive content.
The regulations and guidelines in the aforementioned paper also mention the requirement for every individual regulator to impose the rules.
Its’s high time, the online companies took responsibility for what content their platforms displayed, in an attempt to reinstate trust in technology within the society.
Files hosting sites, chat forums, messaging services, search engines and social media platforms alike will come under the belt of the aforementioned measures.
If not adhered to, the policies also mention within them strong punishments for companies including substantial fines and blocking access.
This is a great action which has potential to bring change. The implementation although could not be as simple as it all sounds.
The above-mentioned set of guidelines would provide for a stable code of conduct for everyone on the social media which if complied to, will lead to safer platforms.
But, the implementation, is still in question along with other questions like, Will the regulatory approach be different for smaller companies?
Social media regulation and the improvements it requires is on everyone’s mind, of late because of the mosque shooting in New Zealand.
The shooting was live streamed on Facebook and other social media sites like Instagram, YouTube and etc. were rushed to block and delete the copies of the video which has instantly gone viral.
A legislation not very different from the one in UK that was discussed above was passed in Australia meaning to hold the executives responsible for whatever is posted on their platforms.