Security News
The UK's Criminal Records Office has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from what it described as a "Cyber security incident." ACRO is the country's national law enforcement organization responsible for managing criminal record information, providing criminal records on request, and sharing those records with foreign nations.
Fresh off the back of an embarrassing "Grilling" by US Congress on national security grounds, TikTok has received a more concrete reprimand from the UK's Information Commissioner's Office - a fine of £12.7 million for "Misusing children's data." Despite TikTok's own rules disallowing children under the age of 13, the video-sharing app's whirlwind success has meant that some 1.4 million kids in the UK used it in 2020 by the ICO's estimates.
The NCA says all of its fake so-called "Booter" or "Stresser" sites which have so far been accessed by several thousand people-have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks. "However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators," reads an NCA advisory on the program.
The U.K.'s National Crime Agency revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. NCA says several thousands of people accessed its fake sites, which had a realistic appearance as a genuine booter service.
The United Kingdom government has banned use of Chinese social media platform TikTok among ministers and officials on their work devices as a "Precautionary" measure over worries the app is used to snoop on Brits. Speaking to Parliament this afternoon, Oliver Dowden, chancellor of the Duchy of Lancaster and Secretary of State who oversees Cabinet Office policy, said the ban would have immediate effect and applied to devices issued within ministerial and non-ministerial departments, but not to "Personal devices for government employees or ministers or the general public."
UK Prime Minister Rishi Sunak on Monday announced the National Protective Security Agency as part of a refresh of the government's security strategy known as the "Integrated Review". The refresh included the replacement of the UK's Conflict, Stability and Security Fund with an Integrated Security Fund that's funded to the tune of £1 billion to "Deliver on the core objectives of the Integrated Review at home and around the world, including in economic and cyber security, counter terrorism and human rights."
Let's start with a couple of plums from the US, where - hold onto your peaked caps - law enforcement officials have been breaking the law, wholesale. The government says, with a straight face, that to Protect the Children it must install back doors in end-to-end encryption.
The US and UK have sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan. Conti and Ryuk ransomware extorted at least £27 million from 149 UK individuals and businesses, according to the government's estimate.
The NSCS has attributed the campaigns to a Russia-based group called SEABORGIUM and the Iran-based TA453 group, also known as APT42. The threat groups target individuals working in academia, defence, government, non-government organisations, and think-tanks.
The U.K. National Cyber Security Centre has issued a warning of Russian and Iranian state-sponsored hackers increasingly targeting organizations and individuals. More specifically, the country's cybersecurity agency has identified a spike in spear-phishing attacks attributed to threat actors tracked as SEABORGIUM and TA453.