Cybercrime

Cyber threats soar: BT identifies 2,000 attacks per second

BT has reported detecting 2,000 potential cyberattacks on its network every second. The rise is attributed to criminals deploying disposable ‘bots’ to bypass existing security measures.

In July, digital surveillance activity by hackers using malicious scanning bots surged by 1,200% compared to the previous year. The telecom giant revealed that these attacks are targeting a wide range of sectors, including retail, education, hospitality, defence, and financial services.

Tris Morgan, BT’s managing director of security, stated that hackers are probing connected devices every 90 seconds in their attempts to breach systems. However, this reflects a significant escalation in cyber threats.

At its Secure Tomorrow cybersecurity event, BT showcased its advanced quantum secure communications and AI-driven cyber defence technologies.

UK National Crime Agency losing 20% of cyber experts annually, report warns

The National Crime Agency (NCA), once regarded as the UK’s frontline defense against serious and organized crime, including cybercrime, is now in a state of crisis, according to a new report from Spotlight on Corruption, a British nonprofit organisation which focuses on financial corruption.

The report highlights a severe ‘brain drain’ within the agency, with a significant number of experienced personnel leaving, leading to a concerning loss of nearly 20% of its cyber expertise annually. This exodus is primarily blamed on a dysfunctional pay system, which has not only resulted in a high number of vacancies but has also driven up costs. To fill the gaps, the NCA has increasingly relied on temporary workers and consultants, who account for over 10% of the agency’s budget.

The report calls for urgent reform and increased investment in the NCA, warning that the agency’s ability to protect the UK from serious threats, including fraud, corruption, and organized crime, is at a tipping point. Without major changes to pay and working conditions, the agency’s effectiveness is at risk of further deterioration.

The report also contrasts the NCA with the FBI, noting that while the NCA is sometimes referred to as Britain’s equivalent, there are significant differences between the two agencies. The FBI is considered a desirable career path due to its competitive pay, benefits, and opportunities for professional development, resulting in a low staff turnover rate of just 1.7% in 2023. In comparison, British police officers would have to accept a pay cut to join the NCA, which lacks similar financial incentives.

It’s worth noting that the report doesn’t go into the details of the recent successful operations conducted with the participation of the NCA.

Cybersecurity breach costs Enzo Biochem $4.5 million

Enzo Biochem has agreed to pay $4.5 million to settle claims that it failed to protect sensitive patient data, leading to a significant cyberattack in April 2023. The breach compromised the personal and health information of approximately 2.4 million patients, including Social Security numbers and health histories. The settlement, announced by New York Attorney General Letitia James, involves payments to New York, New Jersey, and Connecticut.

The attack was made possible by shared login credentials among Enzo employees, including one password that hadn’t been updated in ten years. The attackers installed malware on the company’s systems, which went undetected for several days due to insufficient monitoring. The company has since taken steps to enhance its security measures, such as enforcing stronger passwords, implementing two-factor authentication, and improving its response plan for future incidents.

Enzo began notifying affected patients in June 2023. The breach impacted 1.46 million New Yorkers, including 405,000 whose Social Security numbers were compromised. New York will receive $2.8 million from the settlement. Attorney General James emphasised the importance of protecting patient information, particularly in the context of medical services.

Enzo Biochem has not commented on the settlement. The company previously exited the clinical lab testing business in August of the previous year. The settlement marks a significant reminder of the importance of robust cybersecurity protocols in protecting sensitive data.

Ransomware group dismantled by global authorities

An international operation has dismantled the criminal ransomware group Radar/Dispossessor, which had been targeting companies across various sectors, including healthcare and transport. Authorities from the United States and Germany led the effort to bring down the group, which was founded in August 2023 and initially focused on the US before expanding its attacks globally.

The investigation has identified 43 companies as victims, spanning countries such as the UK, Germany, Brazil, and Australia. The group, led by an individual using the alias ‘Brain’, primarily targeted small to medium-sized enterprises. Many more companies are believed to have been affected, with some cases still under investigation.

Radar/Dispossessor exploited vulnerable computer systems, often through weak passwords and the absence of two-factor authentication, to hold data for ransom. Authorities successfully dismantled servers and domains associated with the group in Germany, the US, and Britain.

Twelve suspects have been identified, hailing from various countries, including Germany, Russia, Ukraine, and Kenya. Investigations are ongoing to identify further suspects and uncover more companies that may have been victimised.

UN approves its first comprehensive convention on cybercrime

On 8 August, UN member states approved a groundbreaking comprehensive treaty to address cybercrime, marking the organization’s first-ever agreement on the issue. Following three years of negotiations in the Ad-Hoc Committee (AHC) and a concluding two-week session in New York, the United Nations Convention Against Cybercrime was approved by consensus. The treaty will now be presented to the General Assembly for formal adoption.

The negotiation process was initiated in 2017 by Russia, despite initial resistance from the United States and European nations. The adoption of the convention also comes despite significant opposition from human rights groups and technology companies, who have expressed concerns over potential risks of increased surveillance.

The treaty is set to take effect once ratified by 40 member countries, and establishes ‘a global criminal justice policy,” to protect society against cybercrime by ‘fostering international cooperation’.

Civil society and industry share concerns about the UN draft Cybercrime Convention

Civil society organisations and more than 150 tech companies within the Cybersecurity Tech Accord urged the United Nations to revise the final draft of the UN Cybercrime Convention. Non-state stakeholders share concerns that the current language of the convention could lead to human rights abuses and criminalise the work of penetration testers, ethical hackers, security researchers, and journalists.

The UN member states are currently in the final round of negotiations for what will become the first global treaty on cybercrime, with talks running from 29 July to 8 August. The current draft, published on 23 May, has seen some positive changes, but the Tech Accord, in particular, calls for further revisions. The office of the UN High Commissioner for Human Rights also noted that the revised draft of the UN Cybercrime Convention includes some welcome improvements, however significant concerns remain about many provisions that fail to meet international human rights standards. The Electronic Frontier Foundation (EFF) added that the proposed UN Cybercrime Convention mandates intrusive domestic surveillance measures and requires states to cooperate in surveillance and data sharing. It allows the collection, preservation, and sharing of electronic evidence for any crime deemed serious by a country’s domestic law, with minimal human rights safeguards, even with countries that have poor human rights records.

These shortcomings are particularly concerning given the already expansive use of existing cybercrime laws in some jurisdictions, which have been used to unduly restrict freedom of expression, target dissenting voices, and arbitrarily interfere with the privacy and anonymity of communications, according to the office’s analysis. A key concern of the Tech Accord is the need for more transparency in the convention’s current form, while the EFF calls to address the currently formulated highly intrusive secret spying powers without robust safeguards and insufficient protection for security researchers, among other concerns.

Social media platforms asked to tackle cybercrimes in Malaysia

Malaysia is urging social media platforms to strengthen their efforts in combating cybercrimes, including scams, cyberbullying, and child pornography. The government has seen a significant rise in harmful online content and has called on companies like Meta and TikTok to enhance their monitoring and enforcement practices.

In the first quarter of 2024 alone, Malaysia reported 51,638 cases of harmful content referred to social media platforms, surpassing the 42,904 cases from the entire previous year. Communications Minister Fahmi Fadzil noted that some platforms are more cooperative than others, with Meta showing the highest compliance rates—85% for Facebook, 88% for Instagram, and 79% for WhatsApp. TikTok followed with a 76% compliance rate, while Telegram and X had lower rates.

The government has directed social media firms to address these issues more effectively, but it is up to the platforms to remove content that violates their community guidelines. Malaysia’s communications regulator continues highlighting problematic content to these firms, aiming to curb harmful online activity.

Europol predicts a surge in AI-assisted cybercrimes across the EU

Europol’s latest report predicts a surge in AI-assisted cybercrimes across the EU. The ‘Internet Organised Crime Threat Assessment 2024’ highlights how AI tools are enabling non-technical individuals to execute complex online crimes. These tools, such as deep fakes and false advertisements, are making it easier for bad actors to engage in cybercrime.

The agency stresses the need for law enforcement to enhance their capabilities to counter these threats. Europol’s Executive Director, Catherine De Bolle, emphasises the importance of building robust human and technical resources. Future advancements in deepfake technology could lead to severe cases of sexual extortion, requiring sophisticated detection tools.

Concerns also extend to the cryptocurrency ecosystem. Europol’s report flags the potential for increased fraud involving non-fungible tokens (NFTs) and Bitcoin exchange-traded funds (ETFs). As more people adopt these financial instruments, those without extensive cryptocurrency knowledge may become prime targets for scammers.

Recently, Europol seized €44.2 million in cryptocurrency assets from ChipMixer, linked to money laundering. This operation underscores the growing challenges law enforcement faces in combating sophisticated financial crimes facilitated by emerging technologies.

Chinese national behind 911 S5 botnet arrested in Singapore

The US Department of Justice (DOJ) announced the arrest of a Chinese national, Wang Yunhe, in an international operation targeting cybercrime. Wang, aged 35, was apprehended in Singapore on 24 May for allegedly creating and using malware responsible for cyberattacks, large-scale fraud, and child exploitation. This arrest comes on the heels of a similar high-profile sweep last August, involving 10 Chinese citizens charged with laundering over $2 billion through Singapore.

According to the US Treasury Department, the botnet, known as ‘911 S5,’ was used by criminals to compromise personal devices to further conduct identity theft, financial fraud, and child exploitation.

The Treasury’s Office of Foreign Assets Control has now imposed sanctions on three Chinese nationals behind the platform—Yunhe Wang, Jingping Liu, and Yanni Zheng—and on three entities owned or controlled by Yunhe Wang. FBI Director Christopher Wray described the ‘911 S5’ botnet as likely the world’s largest, comprising malware-infected computers in nearly 200 countries.

According to the DOJ, Wang and unnamed accomplices developed and distributed malware that compromised millions of residential Windows computers worldwide. From 2018 to July 2022, Wang accrued $99 million from selling access to hijacked IP addresses, facilitating cybercriminals in bypassing financial fraud detection systems. These criminals committed fraud, resulting in losses exceeding $5.9 billion, including 560,000 fraudulent unemployment insurance claims.

Wang used the illicitly obtained proceeds to acquire assets globally, spanning properties in the USA, Saint Kitts and Nevis, China, Singapore, Thailand, and the UAE. His possessions included luxury sports cars, numerous bank accounts, cryptocurrency wallets, luxury watches, and 21 properties across multiple countries. Matthew S. Axelrod from the US Department of Commerce’s Bureau of Industry and Security described the case as resembling a screenplay, highlighting the extensive criminal enterprise and lavish expenditures financed by nearly $100 million in profits.

The operation is a collaborative effort led by law enforcement agencies from the US, Singapore, Thailand, and Germany. It underscores the international cooperation required to combat cybercrime effectively.

The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from infected devices.

FBI, CISA, and HHS warn against ALPHV/BlackCat ransomware targeting US healthcare sector

The FBI, CISA, and the Department of Health and Human Services (HHS) have issued a joint advisory to healthcare organisations across the United States warning against targeted ransomware attacks orchestrated by the ALPHV/Blackcat group.

In the notice, the agencies alerted of the escalating threat posed by ALPHV/Blackcat affiliates, particularly targeting the healthcare sector. This warning is the latest in a wave of notifications detailing the emergence of the BlackCat cybercrime gang. Others include an FBI flash alert in April 2022 and an advisory in December 2023.

Since its inception in November 2021, the BlackCat group, suspected to be a rebrand of the DarkSide and BlackMatter ransomware gangs, has been linked to over 60 data breaches and has amassed a staggering $300 million in ransoms from more than 1,000 victims as of December 2023.

Most concerning is the recent surge in ransomware attacks against healthcare organisations, with the ALPHV/Blackcat group targeting hospitals in retaliation to operational disruptions and infrastructure crackdowns by international police forces. The agencies have underscored the urgent need for critical infrastructure organisations to implement robust mitigation measures to against the risk of Blackcat ransomware attacks.

Today’s advisory comes in the wake of a cyberattack on UnitedHealth Group subsidiary Optum, leading to an ongoing outage affecting Change Healthcare, a pivotal payment exchange platform in the US healthcare system. Although UnitedHealth Group has refrained from confirming the BlackCat link, forensic experts investigating the incident have identified the group’s involvement.

The attack, exploiting the critical ScreenConnect authentication bypass vulnerability (CVE-2024-1709), underscores the urgent need for heightened vigilance and proactive measures to safeguard against ransomware threats.

While the FBI has taken steps to disrupt BlackCat’s operations, including dismantling its Tor negotiation and leak sites, the group persists. The State Department has offered substantial rewards for information leading to the identification or location of BlackCat leaders, emphasising the severity of the threat posed by ransomware groups.