US authorities have taken down over 350 websites selling gun silencers and parts from China used to convert semiautomatic pistols into fully automatic machine guns. The move follows an investigation that started in August 2023, targeting illegal sales of these dangerous devices.
Undercover operations revealed shipments from China, falsely labelled as items such as ‘necklaces’ or ‘toys’. Instead, these packages contained machine gun conversion devices, known as ‘switches’, and ‘silencers’, both banned under the National Firearms Act. Some websites even sold counterfeit goods, misusing the trademark of gun manufacturer Glock Inc.
Acting US Attorney Joshua Levy emphasised the importance of seizing these websites to halt the influx of illegal and dangerous contraband. Law enforcement has so far seized over 700 machine gun conversion devices, 87 illegal suppressors, 59 handguns, and 46 long guns.
Officials highlighted the growing problem of such devices being easily accessible, posing a serious threat to public safety. The seizures are part of a broader effort to tackle the illegal gun parts trade and protect communities.
Cyberattacks targeting US utilities surged nearly 70% this year, according to data from Check Point Research. The energy sector is particularly vulnerable, with outdated software systems making utilities easier targets. Despite the spike in incidents, none of the attacks have yet caused severe damage, but experts warn that a coordinated effort could be disastrous, affecting essential services and resulting in major financial losses.
Check Point data showed an average of 1,162 cyberattacks through August, compared to 689 in 2023. These figures highlight the increasing risks as the US power grid rapidly expands to meet higher energy demand, particularly from new sectors such as AI data centres. Experts say the grid’s rapid growth creates more potential entry points for attackers.
Outdated Internet of Things (IoT) and Incident Command Systems (ICS) used by many utilities are not as secure as other industries’ advanced software, putting critical infrastructure at heightened risk. Regulations like NERC’s Critical Infrastructure Protection provide only a basic level of security, which some experts argue is insufficient given the growing threats.
The financial impact of cyber breaches in the energy sector has been significant. In 2022, IBM reported the average cost of a data breach in the sector reached $4.72 million. With the 2024 US election approaching, cybersecurity experts expect an even greater surge in cyberattacks on essential infrastructure.
BT has reported detecting 2,000 potential cyberattacks on its network every second. The rise is attributed to criminals deploying disposable ‘bots’ to bypass existing security measures.
In July, digital surveillance activity by hackers using malicious scanning bots surged by 1,200% compared to the previous year. The telecom giant revealed that these attacks are targeting a wide range of sectors, including retail, education, hospitality, defence, and financial services.
Tris Morgan, BT’s managing director of security, stated that hackers are probing connected devices every 90 seconds in their attempts to breach systems. However, this reflects a significant escalation in cyber threats.
At its Secure Tomorrow cybersecurity event, BT showcased its advanced quantum secure communications and AI-driven cyber defence technologies.
The Department of Telecommunications (DoT) and the Telecom Regulatory Authority of India (TRAI) are taking significant steps to enhance the security and quality of telecom services. To combat spam and cyber fraud, TRAI has implemented measures to disconnect and blacklist entities involved in bulk spam operations, resulting in the removal of over 3.5 lakh spam numbers and the blacklisting of 50 entities.
Additionally, the DoT’s Sanchar Saathi platform allows citizens of India to report suspicious activity, leading to the disconnection of over one crore fraudulent connections and the blocking of 2.27 lakh handsets involved in cybercrime. Concurrently, TRAI has updated its Quality of Service (QoS) regulations to enforce stricter benchmarks for network performance metrics such as call drop rates, packet drop rates, and latency. Effective 1 October 2024, these regulations will introduce monthly monitoring from April 2025, enhancing oversight and accountability to improve network quality.
DoT and TRAI are also implementing proactive measures to tackle the issue of unregistered telemarketers. For that, TRAI is considering immediate service suspensions for telemarketers not registered, based on a predefined threshold of complaints, and is working on proactive detection of suspected spammers.
These initiatives are part of a broader strategy to create a more secure and user-friendly telecom environment. Through these collaborative efforts, the DoT and TRAI ensure ongoing enhancements in telecom services, infrastructure, and quality assurance, aiming to provide users with a more reliable and customer-centric experience.
Great Britain has recently designated its data centres as ‘critical national infrastructure,’ a move designed to bolster their protection against cyber threats. This new classification aligns data centres with other essential services, such as water and energy, highlighting their importance in maintaining the country’s communications and economy.
The announcement comes amidst significant investment in the sector. This includes a £3.75 billion plan by DC01UK to build Europe’s largest data centre in Hertfordshire and an £8 billion commitment by Amazon Web Services for UK operations over the next five years. These investments underscore the increasing importance of securing digital infrastructure.
UK technology minister Peter Kyle emphasised that the new designation would improve collaboration between the government and data centre operators. This collaboration aims to prevent disruptions and protect against cybercriminals. This move follows recent incidents such as the CrowdStrike outage in July, which revealed vulnerabilities in digital infrastructure and underscored the need for increased security.
The National Crime Agency (NCA), once regarded as the UK’s frontline defense against serious and organized crime, including cybercrime, is now in a state of crisis, according to a new report from Spotlight on Corruption, a British nonprofit organisation which focuses on financial corruption.
The report highlights a severe ‘brain drain’ within the agency, with a significant number of experienced personnel leaving, leading to a concerning loss of nearly 20% of its cyber expertise annually. This exodus is primarily blamed on a dysfunctional pay system, which has not only resulted in a high number of vacancies but has also driven up costs. To fill the gaps, the NCA has increasingly relied on temporary workers and consultants, who account for over 10% of the agency’s budget.
The report calls for urgent reform and increased investment in the NCA, warning that the agency’s ability to protect the UK from serious threats, including fraud, corruption, and organized crime, is at a tipping point. Without major changes to pay and working conditions, the agency’s effectiveness is at risk of further deterioration.
The report also contrasts the NCA with the FBI, noting that while the NCA is sometimes referred to as Britain’s equivalent, there are significant differences between the two agencies. The FBI is considered a desirable career path due to its competitive pay, benefits, and opportunities for professional development, resulting in a low staff turnover rate of just 1.7% in 2023. In comparison, British police officers would have to accept a pay cut to join the NCA, which lacks similar financial incentives.
It’s worth noting that the report doesn’t go into the details of the recent successful operations conducted with the participation of the NCA.
In 2023, the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) reported a significant rise in financial fraud involving cryptocurrencies such as bitcoin, ether, and tether. The IC3 received over 69,000 public complaints about cryptocurrency fraud, resulting in estimated losses exceeding $5.6 billion.
The report highlights that investment scams are the most pervasive form of cryptocurrency exploitation, responsible for nearly 71% of all cryptocurrency-related losses. Call centre frauds, including tech support scams and government impersonation schemes, accounted for about 10% of these losses. The decentralised nature of cryptocurrencies, coupled with the speed and irreversibility of transactions, makes them particularly attractive to criminals and poses substantial challenges in recovering stolen funds.
IC3 plays a central role in aggregating and analysing these complaints to identify trends and develop strategies to combat fraud. Timely and accurate complaint reporting is crucial for aiding law enforcement in their investigations.
Germany’s domestic intelligence agency has warned about a Russian cyber group tied to the military intelligence agency, GRU. Known as Unit 29155 or UNC2589, the group has been accused of launching cyberattacks against NATO and the EU countries, escalating concerns about Russian interference. In a coordinated effort, Germany’s Bundesverfassungsschutz issued the alert in collaboration with the FBI, US cybersecurity agencies, and other international partners.
The warning follows a wave of suspicion across Europe regarding Russian cyber activities, particularly since the invasion of Ukraine in 2022. Earlier this year, Germany accused Russia of targeting the Social Democratic Party as well as industries like defence, aerospace, and logistics. These attacks have been attributed to UNC2589, also known by other names such as Cadet Blizzard or Ember Bear.
The cyber group is reportedly involved in espionage and sabotage, with tactics that include defacing websites and leaking stolen data. The GRU unit to which it belongs is notorious for its alleged role in the poisoning of former Russian double agent Sergei Skripal and his daughter Yulia in Britain in 2018, further cementing its reputation as a severe threat to international security.
New Mexico has filed a lawsuit against Snap Inc, alleging that Snapchat’s design facilitates the sharing of child sexual exploitation material. Attorney General Raul Torrez stated that a months-long investigation found Snapchat to be a key platform for sextortion, where predators coerce minors into sending explicit content.
Snap said it is reviewing the complaint and will respond in court. The company has invested significant funds into trust and safety measures and continues to work with law enforcement and safety experts to combat such issues.
Snapchat is widely used by teens due to its disappearing message feature, which has been criticised for misleading users. According to Torrez, predators can permanently capture the content, creating a virtual collection of child sexual images that are shared indefinitely.
Investigators opened a decoy Snapchat account as part of the investigation, discovering 10,000 records of child sexual abuse material on the dark web. Snapchat was identified as a major source for such content in these sites. New Mexico also sued Meta last December for similar reasons.
CrowdStrike is set to reveal the financial impact of a significant cyber outage that disrupted Microsoft’s Windows operating system last month. The incident, caused by a faulty software update, led to global disruptions, affecting various sectors, including aviation and healthcare.
The outage has sparked lawsuits, including one from Delta Air Lines, and has raised concerns about potential market share losses to rivals.
Following the outage, many customers have reconsidered their cybersecurity options. Competitors like Palo Alto Networks have seized the opportunity, offering discounts to attract customers, which analysts believe may have chipped away at CrowdStrike’s market share. Over half of the company’s brokerages have reduced their annual revenue estimates, anticipating that CrowdStrike may lower its forecast.
Despite the challenges, CrowdStrike remains a dominant player in the cybersecurity industry. Some analysts believe the financial hit from the outage will be short-lived, given the high costs associated with switching providers and the company’s efforts to assist customers in restoring their systems. Shares of CrowdStrike have declined by about 20% since the outage, yet the stock is still up over 5% for the year.
As CrowdStrike prepares to report a 31% revenue increase for the quarter ending in July, its focus is on regaining trust and solidifying its position in the market. The company will also participate in a Microsoft summit in September aimed at enhancing cybersecurity measures, which could be crucial in repairing its reputation.
