Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label UK. Show all posts
UK
attacks Businesses Cyber Crime CyberCrime global cooperation guidance insurance Ransomware resilience Security UK

Global Effort Unites Against Ransomware: New Guidance to Strengthen Business Defenses

  

Ransomware attacks continue to pose significant challenges for businesses worldwide, with incidents on the rise. 

In response, the UK, along with 38 other nations and international cyber insurance organizations, has collaborated to release updated guidance aimed at supporting victims and enhancing resilience. This guidance advises against making immediate ransom payments, as recovery of data or malware removal is not guaranteed, and paying ransoms often encourages further criminal activity.

Instead, businesses are urged to create a comprehensive response plan, with policies and contingency measures in place. Organizations that fall victim to ransomware should report the incident to law enforcement and consult security professionals for expert guidance.

Ransomware has become a lucrative venture for cybercriminals, causing an estimated $1 billion in losses in 2023. By removing the incentive for criminals, these new policies aim to weaken the ransomware business model and reduce future attacks.

"International cooperation is crucial in fighting ransomware as cybercrime knows no borders," stated Security Minister Dan Jarvis. He emphasized that this collective effort will hit cybercriminals financially and better protect businesses in the UK and beyond.

The UK is taking a leading role, collaborating with three major insurance organizations—the Association of British Insurers, the British Insurance Brokers' Association, and the International Underwriting Association—to issue co-sponsored guidance. Meanwhile, the UK National Crime Agency has taken steps by sanctioning 16 individuals from the 'Evil Corp' cybercrime group, responsible for over $300 million in theft from critical infrastructure, healthcare, and government sectors.

Jonathon Ellison, Director for National Resilience at the NCSC, highlighted the urgency of addressing ransomware threats: "This guidance, backed by both international bodies and cyber insurance organizations, represents a united front in bolstering defenses and increasing cyber readiness."
Read more »
UK
Cyber Attacks Malicious Campaign Telecom Firm UK

BT Uncovers 2,000 Potential Cyberattacks Signals Every Second

 

BT logs 2,000 potential cyber attack signals per second, according to the latest data from the telecom behemoth, as it warns of the rising threat from cyber criminals.

The telecom firm stated it found that web-connected devices were being scanned more than 1,000 times each a day by known malicious sources, as attackers scan for vulnerabilities in online systems. While some scans are authentic for security monitoring, BT stated that 78% were not harmless. 

BT said its most recent data on the issue revealed a 1,234% lift in new malicious scanners across its networks over the last year, and cautioned that the increase could be attributed to more malicious actors using AI-powered, automated bots to scan for vulnerabilities in security systems in order to avoid tools designed to detect suspicious activity.

The UK's National Cyber Security Centre (NCSC) has previously cautioned that AI technologies were upskilling malicious actors and lowering the entrance barrier to launch cyber attacks.

According to BT's research, the IT, defence, and financial services sectors were the most targeted for cyber assaults, but other sectors, such as retail, education, and hospitality, were being increasingly targeted since they are seen to have a lower security focus. The data was made public during BT's Secure Tomorrow cybersecurity festival at the company's Adastral Park research facility in Suffolk. 

“Today, every business is a digital business, and our data shows that every 90 seconds hackers are checking connected devices to find a way in – like opportunistic burglars looking for an open window,” Tris Morgan, managing director for security at BT, stated. 

“Tools like AI provide new routes of attack, but they can also the first line of defence. At BT, we’re constantly evolving our network security to stay one step ahead and protect more than a million businesses, day in, day out.” 

The cybersecurity warning comes after the government announced that all UK data centres will be designated as Critical National Infrastructure (CNI), putting them on an equal footing with energy, water, and emergency services infrastructure, and will now receive more government support and protection from cyber attacks, IT blackouts, and environmental disasters.
Read more »
UK
Cyber Security Data Theft Databreach NHS Ransomware UK

Cybersecurity Expert Warns NHS Still Vulnerable After Major Ransomware Attack

 

A leading cybersecurity expert has warned that the NHS remains at risk of further cyber-attacks unless it updates its computer systems. This stark warning follows a significant ransomware attack that severely disrupted healthcare services across London. 

Prof Ciaran Martin, the founding CEO of the UK's National Cyber Security Centre (NCSC), told the BBC: "I was horrified, but not completely surprised. Ransomware attacks on healthcare are a major global problem." NHS England announced it was increasing its cybersecurity resilience and had invested $338 million over the past seven years to address the issue. 

However, Prof Martin’s warnings suggest more urgent action is necessary. A recent British Medical Association report highlighted the NHS's ageing IT infrastructure, revealing that doctors waste 13.5 million hours annually due to outdated systems - equivalent to 8,000 full-time medics' time. 

 The cyber-attack on 3 June, described by Prof Martin as one of the most serious in British history, targeted Synnovis, a pathology testing organisation. This severely affected services at Guy's, St Thomas', King's College, and Evelina London Children's Hospitals. 

NHS England declared it a regional incident, resulting in 4,913 outpatient appointments and 1,391 operations being postponed, alongside major data security concerns. The Russian-based hacking group Qilin, believed to be part of a Kremlin-protected cyber army, demanded a $40 million ransom. When the NHS refused to pay, the group published stolen data on the dark web. 

This incident reflects a growing trend of Russian cyber criminals targeting global healthcare systems. Now a professor at the University of Oxford, Prof Martin highlighted three critical issues facing NHS cybersecurity: outdated IT systems, the need to identify vulnerable points, and the importance of basic security practices.

He further said, "In parts of the NHS estate, it's quite clear that some of the IT is out of date." He stressed the importance of identifying "single points of failure" in the system and implementing better backups. 

Additionally, he emphasized that improving basic security measures could significantly hinder attackers, noting: "Those little things make the point of entry quite a lot harder for the thugs to get in." Emphasizing the severity of the recent attack, he said, "It was obvious that this was going to be one of the most serious cyber incidents in British history because of the disruption to healthcare."
Read more »
UK
Cyber Attacks Data Privacy Healthcare London National Cyber Security Centre NHS patient data protection Ransomware attack Russian Gang UK

Ransomware Attack on Pathology Services Vendor Disrupts NHS Care in London

 

A ransomware attack on a pathology services vendor earlier this week continues to disrupt patient care, including transplants, blood testing, and other services, at multiple NHS hospitals and primary care facilities in London. The vendor, Synnovis, is struggling to recover from the attack, which has affected all its IT systems, leading to significant interruptions in pathology services. The Russian-speaking cybercriminal gang Qilin is believed to be behind the attack. Ciaran Martin, former chief executive of the U.K. National Cyber Security Center, described the incident as "one of the more serious" cyberattacks ever seen in England. 

Speaking to the BBC, Martin indicated that the criminal group was "looking for money" by targeting Synnovis, although the British government maintains a policy against paying ransoms. Synnovis is a partnership between two London-based hospital trusts and SYNLAB. The attack has caused widespread disruption. According to Brett Callow, a threat analyst at security firm Emsisoft, the health sector remains a profitable target for cybercriminals. He noted that attacks on providers and their supply chains will persist unless security is bolstered and financial incentives for such attacks are removed. 

In an update posted Thursday, the NHS reported that organizations across London are working together to manage patient care following the ransomware attack on Synnovis. Affected NHS entities include Guy's and St Thomas' NHS Foundation Trust and King's College Hospital NHS Foundation Trust, both of which remain in critical incident mode. Other impacted entities are Oxleas NHS Foundation Trust, South London and Maudsley NHS Foundation Trust, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and primary care services in South East London. 

The NHS stated that pathology services at the impacted sites are available but operating at reduced capacity, prioritizing urgent cases. Urgent and emergency services remain available, and patients are advised to access these services normally by dialing 999 in emergencies or using NHS 111. The Qilin ransomware group, operating on a ransomware-as-a-service model, primarily targets critical infrastructure sectors. According to researchers at cyber threat intelligence firm Group-IB, affiliate attackers retain between 80% and 85% of extortion payments. Synnovis posted a notice on its website Thursday warning clinicians that all southeast London phlebotomy appointments are on hold to ensure laboratory capacity is reserved for urgent requests. 

Several phlebotomy sites specifically managed by Synnovis in Southwark and Lambeth will be closed from June 10 "until further notice." "We are incredibly sorry for the inconvenience and upset caused to anyone affected." Synnovis declined to provide additional details about the incident, including speculation about Qilin's involvement. The NHS did not immediately respond to requests for comment, including clarification about the types of transplants on hold at the affected facilities. The Synnovis attack is not the first vendor-related incident to disrupt NHS patient services. Last July, a cyberattack against Ortivus, a Swedish software and services vendor, disrupted access to digital health records for at least two NHS ambulance services in the U.K., forcing paramedics to use pen and paper. 

Additionally, a summer 2022 attack on software vendor Advanced, which provides digital services for the NHS 111, resulted in an outage lasting several days. As the healthcare sector continues to face such cybersecurity threats, enhancing security measures and removing financial incentives for attackers are crucial steps toward safeguarding patient care and data integrity.
Read more »
UK
Data Breach data security Employee Data Fines ICO Information Commissioner Office Information Security Ireland UK

PSNI Faces £750,000 Fine for Major Data Breach

 

The Police Service of Northern Ireland (PSNI) is set to receive a £750,000 fine from the UK Information Commissioner’s Office (ICO) due to a severe data breach that compromised the personal information of over 9,000 officers and staff. This incident, described as "industrial scale" by former Chief Constable Simon Byrne, included the accidental online release of surnames, initials, ranks, and roles of all PSNI personnel in response to a Freedom of Information request. 

This breach, which occurred last August, has been deemed highly sensitive, particularly for individuals in intelligence or covert operations. It has led to significant repercussions, including Chief Constable Byrne's resignation. Many affected individuals reported profound impacts on their lives, with some forced to relocate or sever family connections due to safety concerns. The ICO's investigation highlighted serious inadequacies in the PSNI's internal procedures and approval processes for information disclosure. 

John Edwards, the UK Information Commissioner, emphasized that the breach created a "perfect storm of risk and harm" due to the sensitive context of Northern Ireland. He noted that many affected individuals had to "completely alter their daily routines because of the tangible fear of threat to life." Edwards criticized the PSNI for not having simple and practical data security measures in place, which could have prevented this "potentially life-threatening incident." He stressed the need for all organizations to review and improve their data protection protocols to avoid similar breaches. 

The ICO's provisional fine of £750,000 reflects a public sector approach, intended to prevent the diversion of public funds from essential services while still addressing serious violations. Without this approach, the fine would have been £5.6 million. In response to the breach, the PSNI and the Northern Ireland Policing Board commissioned an independent review led by Pete O’Doherty of the City of London Police. The review made 37 recommendations for enhancing information security within the PSNI, underscoring the need for a comprehensive overhaul of data protection practices. 

Deputy Chief Constable Chris Todd acknowledged the fine and the findings, expressing regret over the financial implications given the PSNI's existing budget constraints. He confirmed that the PSNI would implement the recommended changes and engage with the ICO regarding the final fine amount. The Police Federation for Northern Ireland (PFNI), representing rank-and-file officers, criticized the severe data security failings highlighted by the ICO. 

PFNI chair Liam Kelly called for stringent measures to ensure such an error never recurs, emphasizing the need for robust data defenses and rigorous protocols. This incident serves as a stark reminder of the critical importance of data security, particularly within sensitive sectors like law enforcement. The PSNI's experience underscores the potentially severe consequences of inadequate data protection measures and the urgent need for organizations to prioritize cybersecurity to safeguard personal information.
Read more »
User Privacy
Action Fraud Cyber Fraud Cyber Scam Cyber Scammers UK User Privacy

Scammers Targeting WhatsApp Groups in UK

 

When businessman Mohammed Yousaf received an urgent plea for assistance from one of his oldest friends, he rushed to the rescue.

The 56-year-old received a WhatsApp message from the account of a man he had been friends with for 50 years. It began with the greeting 'Salaam', followed by the message: "Please, I need a little assistance from you..." 

Mohammed was concerned about his friend and inquired how he could help. He was told that his friend was attempting to send £800 to an account, but it did not function, and he was asked if he could make the payment instead, with his friend reimbursing him the next day. What transpired was a fraud that terrified Mr. Yousaf and cost him £800. Unfortunately, he's not alone. 

Last month, men in East Lancashire were warned of blackmail fraud after scammers posing as Eastern European gang members sent threatening requests for payment. Police said men in Accrington and Blackburn were pushed into giving over substantial sums of cash after getting disturbing messages and video calls of someone carrying a pistol. 

Action Fraud, the UK's national reporting centre for fraud and cybercrime, reports that fraudsters are now targeting group chat participants in order to exploit WhatsApp users. The fraud often begins when a member of the group receives a WhatsApp audio call from the fraudster, who pretends or claims to be another member of the group. 

This is done to earn the individual's trust, and the scammer will frequently use a phoney profile image and/or display name, giving the impression that it is a genuine member of the group. 

The fraudster will inform the victim that they are providing them a one-time passcode that will allow them to participate in an upcoming video call for group members. The perpetrator then asks the victim to reveal the passcode so that they can be "registered" for the video conference.

In reality, the attacker is asking for a registration number to migrate the victim's WhatsApp account to a new device, allowing them to take over the account. 

Once the fraudster has gained access to the victim's WhatsApp account, they will activate two-step verification, making it impossible for the victim to regain access to their account. Other members of the group, or friends and family in the victim's contacts, will then be messaged, urging them to wire money immediately because they are in urgent need of assistance. 

According to Detective Superintendent Gary Miles, head of the City of London Police's National Fraud Intelligence Bureau, WhatsApp remains a key channel of communication for several people in the UK, but fraudsters continue to figure out ways to gain access to these platforms.
Read more »
VespAI
Artifical Inteligence Cornwall Technology UK University of Exeter VespAI

AI Developed to Detect Invasive Asian Hornets

 



Researchers at the University of Exeter have made an exceptional breakthrough in combating the threat of unsettling Asian hornets by developing an artificial intelligence (AI) system. Named VespAI, this automated system boasts the capability to identify Asian hornets with exceptional accuracy, per the findings of the university’s recent study.

Dr. Thomas O'Shea-Wheller, from the Environment and Sustainability Institute from Exter's Penryn Campus in Cornwall, highlighted the system's user-friendly nature, emphasising its potential for widespread adoption, from governmental agencies to individual beekeepers. He described the aim as creating an affordable and adaptable solution to address the pressing issue of invasive species detection.

How VespAI Works

VespAI operates using a compact processor and remains inactive until its sensors detect an insect within the size range of an Asian hornet. Once triggered, the AI algorithm aanalyses aptured images to determine whether the insect is an Asian hornet (Vespa velutina) or a native European hornet (Vespa crabro). If an Asian hornet is identified, the system sends an image alert to the user for confirmation.

Record Numbers of Sightings

The development of VespAI is a response to a surge in Asian hornet sightings not only across the UK but also in mainland Europe. In 2023, record numbers of these invasive hornets were observed, posing a significant threat to honeybee populations and biodiversity. With just one hornet capable of consuming up to 50 bees per day, the urgency for effective surveillance and response strategies is paramount.

Addressing Misidentification

Dr. Peter Kennedy, the mastermind behind VespAI, emphasised the system's ability to mitigate misidentifications, which have been prevalent in previous reports. By providing accurate and automated surveillance, VespAI aims to improve the efficiency of response efforts while minimising environmental impact.

What The Testing Indicate?

The effectiveness of VespAI was demonstrated through testing in Jersey, an area prone to Asian hornet incursions due to its proximity to mainland Europe. The system's high accuracy ensures that no Asian hornets are overlooked, while also preventing misidentification of other species.

Interdisciplinary Collaboration

The development of VespAI involved collaboration between biologists and data scientists from various departments within the University of Exeter. This interdisciplinary approach enabled the integration of biological expertise with cutting-edge AI technology, resulting in a versatile and robust solution.

The breakthrough AI system, dubbed VespAI, as detailed in their recent paper titled “VespAI: a deep learning-based system for the detection of invasive hornets,” published in the journal Communications Biology. This publication highlights the notable discovery made by the researchers in confronting the growing danger of invasive species. As we see it, this innovative AI system offers hope for protecting ecosystems and biodiversity from the threats posed by Asian hornets.


Read more »
UK
China Cyber Attacks data security Digital Personal Data Protection NHS UK

Safeguarding the NHS: Protecting Against Potential Cyber Attacks from China

 

Recent concerns have surfaced regarding the vulnerability of the NHS to cyberattacks, particularly from China. Reports indicate that Beijing-backed actors exploited software flaws to access the personal details of millions of Britons. As experts in cybersecurity, it's crucial to address these fears and provide insights into safeguarding against potential cyber threats. 

The prospect of a cyber attack on the NHS by hostile actors underscores the critical importance of robust cybersecurity measures. With the personal details of 40 million Britons potentially compromised, the stakes are high, and proactive steps must be taken to protect sensitive data and preserve public trust in the healthcare system. 

One of the primary concerns raised by these reports is the exploitation of software flaws to gain unauthorized access to personal information. Vulnerabilities in software systems can provide entry points for cybercriminals to launch attacks, compromising the integrity and security of sensitive data stored within NHS databases. 

Furthermore, the involvement of state-backed actors adds a layer of complexity to the threat landscape. Nation-state cyber-attacks are often sophisticated and well-coordinated, making them particularly challenging to defend against. As such, healthcare organizations must remain vigilant and adopt comprehensive security measures to detect and deter potential threats. To defend against potential cyber attacks from China or any other threat actor, the NHS must prioritize cybersecurity at every level. 

This includes implementing robust security protocols, conducting regular risk assessments, and investing in advanced threat detection and response capabilities. Additionally, healthcare professionals and staff members must receive comprehensive training on cybersecurity best practices to recognize and respond to potential threats effectively. By fostering a culture of security awareness and vigilance, the NHS can strengthen its defenses against cyber attacks and mitigate the risk of data breaches. 

Collaboration and information sharing are also essential components of an effective cybersecurity strategy. By partnering with government agencies, cybersecurity experts, and industry stakeholders, the NHS can stay ahead of emerging threats and leverage collective intelligence to bolster its security posture. 

While the prospect of a cyber attack on the NHS is concerning, it's essential to approach these threats with a proactive and informed mindset. By implementing robust cybersecurity measures, fostering a culture of security awareness, and collaborating with relevant stakeholders, the NHS can enhance its resilience against potential cyber threats and safeguard the personal data of millions of Britons.
Read more »
UK
Food Outlets Payments Watchdog Tech Outages Technology UK

Payments Watchdog Assessing McDonald's and Greggs Tech Outages

 

The payments watchdog is investigating the technical failures that have caused havoc at a number of high-profile outlets over the past week. 

Greggs became the fourth large company to experience IT issues, after McDonald's, Tesco, and Sainsbury's. The Payments Systems Regulator (PSR) stated that it was reviewing the incident. 

"The PSR is aware of the recent payment issues and is assessing their nature to determine whether any further action is needed," the company noted. 

The PSR is the UK's economic regulator for payment systems, ensuring that they perform effectively for individuals who use them. If it discovers an issue with the payment system's resilience, it can refer the matter to the Bank of England.

These systems are receiving a lot of attention following a string of technological issues that prevented users from making purchases.

Sainsbury's was unable to fulfil most online food deliveries on Saturday due to complications with an overnight software update, which also affected contactless payments in shops. Tesco also had to cancel a "small number" of orders. 

The day prior, McDonald's locations worldwide were unable to accept orders owing to a "global technology system outage".

On Wednesday, bakery company Greggs became the latest major retailer to experience IT system failures at several outlets. Experts have suggested that the failures may be linked due to their near proximity, possibly through a shared network or payment infrastructure provider. 

The CEO of the IT company Evolve, Alan Stephenson-Brown, stated that the many failures served as a timely reminder that even large corporations aren't immune to IT troubles. 

“The retailers would have lost millions of pounds. This highlights that digital disruption is a principal risk for many retailers. Ensuring contingency planning is in place is vital," Mr Stephenson-Brown added. 

The possibility for disruptions and vulnerabilities will increase as firms rely more and more on digital transactions, according to Jamil Ahmed, an engineer at the transaction provider Solace.

"The brick and mortar retail industry is facing a crossroads. Customers, accustomed to the constant uptime and reliability of online shopping, are demanding the same flawless digital experience from physical retailers," Ahmed said.
Read more »
User Security
Charity Scam Cyber Fraud Scammer Group UK User Security

Lancashire-Based Scamming Group Jailed in £500k Charity Fraud

 

A group of charity scammers who pretended to be grocery store bucket collectors and deceived the public out of at least £500,000 have been imprisoned. 

By pretending to be collectors for children's charities such as Children In Need, Great Ormond Street Hospital Children's Charity, The Children's Society, The Christie Charitable Fund, and Mind, the group of fake collectors took advantage of the goodwill of the public. 

David Lavi, 47, who was identified as the main con artist, contacted charities and requested permission to collect money on their behalf using their logos and brand names. The gang used banners, fake ID badges, and Pudsey Bear costumes and set up booths and stalls in supermarkets. 

Preston Crown Court was informed that although the gang collected at least £500,000, they only contributed less than 10% to the charity.

Judge Andrew Jefferies KC stated that he could only surmise the total amount pocketed by the gang and that some cash deposits were made with charity as police began to investigate.

"This was a huge betrayal of trust. You all took advantage of public goodwill and, in some cases, private grief," the judge told Levi and his co-defendants as he handed down his sentence. 

The court heard how Levi and his crew of fraudsters duped stores into allowing collections under false pretences. 

The imposters are believed to have claimed approval from head office or charity administrators and threatened to report an employee to their national office if they were not allowed. 

Lancashire Police launched an inquiry in May 2017 after Children In Need referred the case to Action Fraud. Officers raided Levi's house and business in Lytham, Lancashire, in June, and recovered various phones, iPads, and charity items. 

Detectives subsequently built the case using financial, telephone, and cell-site data, as well as surveillance of some of the collections themselves. 

Levi was sentenced to five years in prison on Thursday for fraud and money laundering. Following his release on parole, he will be subject to a five-year serious crime prevention order. 

"When people donate to a charity, they rightly expect that their money will go to supporting good causes, not lining the pockets of greedy con men like David Levi and his gang," Detective Chief Inspector Mark Riley said following the sentencing. "They have exploited peoples' goodwill and honesty to the tune of thousands of pounds, and I'm pleased that we have been able to bring them to justice.”
Read more »
UK
Cyber Security Joint Advisory North Korea Hackers South Korea Threat Intelligence UK

UK and South Korea Issue Joint Advisory Over North Korea-Linked Cyber Assaults

 

The UK and South Korea have issued warnings that cyber attacks by North Korean state-linked groups are becoming more sophisticated and widespread.

The two countries' cyber security and intelligence agencies have issued a new joint advisory urging organisations to strengthen their security measures in order to minimise the risk of their systems being compromised. 

According to the UK's National Cyber Security Centre (NCSC), which is part of GCHQ, and the South Korean National Intelligence Service (NIS), hackers have been leveraging previously unknown vulnerabilities and exploits in third-party software in their supply chains to gain access to an organisation's systems. 

Both agencies expressed concern that such assaults on the software-based supply chain pose a particularly major threat because a single initial breach can affect a number of organisations and lead to subsequent attacks, resulting in greater disruption or the deployment of ransomware.

The joint advisory warns that organisations should take measures to safeguard themselves as these kinds of attacks, which are backed by North Korea, are likely to escalate. 

Paul Chichester, NCSC director of operations, stated: “In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations. 

"Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK (North Korea) state-linked cyber actors carrying out such attacks with increasing sophistication.

“We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.” 

President Yoon Suk Yeol of South Korea is currently on a state visit to the UK. This joint advisory marks the first time the NCSC has issued a warning of this nature without collaboration from other Five Eyes agencies in Australia, Canada, New Zealand, and the US. 

This is not the first instance that hackers have targeted their enemies. In 2017, North Korea launched a cyberattack on global hospitals, businesses, and banks. And in 2014, its hackers reportedly targeted Sony Pictures in retaliation for a satirical film about their leader, Kim Jong Un.
Read more »
UK
Advanced Encryption Standard chief nuclear inspector China cyber operations Cyber Security Cyberattacks National Risk Register nuclear power regulatory scrutiny UK

UK Notifies Nuclear Power Plant Operator About Cybersecurity Weakness

EDF, the company responsible for operating multiple nuclear power facilities in the United Kingdom, has come under increased regulatory scrutiny concerning its cybersecurity practices. 

This heightened attention signifies an escalation of the regulatory oversight initiated the previous year. According to the annual report from the UK's chief nuclear inspector, EDF failed to fulfill its commitment to deliver a comprehensive and adequately resourced cybersecurity improvement plan.

A spokesperson from EDF acknowledged that cybersecurity is a continually evolving concern for all organizations and emphasized their commitment to ongoing enhancement of their management processes, with the aim of eventually returning to standard regulatory scrutiny. The spokesperson also asserted that EDF's current measures pose no risk to the safety of their power stations, recognizing the significance of information security and the associated risks linked to data loss.

There is currently no concrete evidence of successful cyberattacks on British nuclear power plants. Nonetheless, earlier this year, the Intelligence and Security Committee (ISC) of the UK Parliament issued a warning regarding China's widespread cyber operations, including targeting endeavors in the civil nuclear sector. The ISC revealed that Chinese threat actors had infiltrated the computer networks of energy sector companies, with the primary focus on the non-nuclear segment, driven by China's domestic energy demand.

The specific reasons behind this new wave of regulatory scrutiny, as first reported by The Ferret, have not been disclosed to the public. EDF, a provider of energy to over five million residential and business customers, generated over £8.7 billion in revenue in 2021 but did not provide a comment when requested.

As detailed in the UK's civil nuclear cybersecurity strategy, the National Cyber Security Centre (NCSC) threat assessment highlighted ransomware as the most likely disruptive threat. While a ransomware attack on the IT systems of a nuclear power plant could disrupt its operations, these systems are designed with multiple fail-safes to prevent radiological accidents.

While cyberattacks on the operational technology systems of power plants are uncommon, they are not unprecedented, with the Triton malware in Saudi Arabia in 2017 serving as a notable example. Whether the suspected Russian actors behind such an attack could potentially circumvent the fail-safe mechanisms preventing an explosion remains unknown.

According to the UK government's National Risk Register, a cyberattack targeting the computer systems controlling a nuclear reactor might necessitate a controlled shutdown as a protective measure. While the register did not cite a risk of radiological contamination, the disruption to energy production could be protracted due to the stringent regulatory controls in place for nuclear safety and security.

Read more »
Vulnerability
Australia Breach Customer Cyber Attacks Data Energy Experts Investigation Ransomware Report Security Software threat UK Vulnerability

Cyberattack Strikes Australian Energy Software Company Energy One

 

Energy One, an Australian company specializing in software solutions and services for the energy industry, has fallen victim to a cyber assault.

In an announcement made on Monday, the company revealed that the breach was identified on August 18 and had repercussions for certain internal systems both in Australia and the United Kingdom.

“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” Energy One said.

Energy One is actively engaged in an inquiry to ascertain the extent of the impact on customer-related systems and personal data. The organization is also committed to tracing the initial point of intrusion employed by the attacker.

Though detailed specifics about the attack are presently undisclosed, the company's official statement strongly suggests the possibility of a deliberate ransomware attack.

To facilitate the investigation, cybersecurity specialists have been enlisted, and competent authorities in both Australia and the UK have been informed about the incident.

According to a recent report by Searchlight Cyber, a British threat intelligence firm, malevolent actors have been peddling opportunities for initial access into energy sector enterprises globally, with prices ranging from $20 to $2,500.

Perpetrators of cybercrime can exploit various avenues, including Remote Desktop Protocol (RDP) access, compromised login credentials, and vulnerabilities in devices like Fortinet products.
Read more »
US Cyber Security
Cyber Security Data Privacy Laws Data server database E-Commerce Phishing Attacks UK US Cyber Security

Tech Giants Threaten UK Exit Over Privacy Bill Concerns

As US tech giants threaten to sever their links with the UK, a significant fear has emerged among the technology sector in recent days. This upheaval is a result of the UK's proposed privacy bill, which has shocked the IT industry. The bill, which aims to strengthen user privacy and data protection rights, has unintentionally sparked a wave of uncertainty that has US IT companies considering leaving.

The UK's plans to enact strict privacy laws, which according to business executives, could obstruct the free movement of information across borders, are at the core of the issue. Users would be able to request that their personal data be removed from company databases thanks to the unprecedented power over their data that the new privacy regulation would give them. Although the objective is noble, major figures in the tech industry contend that such actions may limit their capacity to offer effective services and innovate on a worldwide scale.

US tech giants were quick to express their worries, citing potential issues with resource allocation, regulatory compliance, and data sharing. The terms of the bill might call for a redesign of current systems, which would be costly and logistically challenging. Some businesses have openly addressed the prospect of moving their operations to more tech-friendly locations due to growing concerns about innovation and growth being hampered.

Additionally, some contend that the proposed measure would unintentionally result in fragmented online services, where users in the UK might have limited access to the platforms and functionalities enjoyed by their counterparts elsewhere. This could hurt everything from e-commerce to communication technologies, harming both consumers and businesses.

The topic has received a lot of attention, and tech titans are urging lawmakers to revisit the bill's provisions to strike a balance that protects user privacy without jeopardizing the viability of their services. An exodus of technology could have far-reaching effects. The consequences might be severe, ranging from employment losses to a decrease in the UK's status as a tech center.

There is hope that as conversations proceed, a solution will be found that takes into account both user privacy concerns and the practical requirements of the tech sector. The preservation of individual rights while promoting an atmosphere where innovation can flourish depends on finding this balance. Collaboration between policymakers, tech corporations, and consumer advocacy organizations will be necessary to find common ground.


Read more »
UK
AI Artificial Intelligence Automation Job Automation Job Security Jobs OpenAI Rishi Sunak Startup Technology UK

With More Jobs Turning Automated, Protecting Jobs Turn Challenging


With the rapid trend of artificial intelligence being incorporated in almost all the jobs, protecting jobs in Britain now seems like a challenge, as analyzed by the new head of the state-authorized AI taskforce.

According to Ian Hogarth, a tech entrepreneur and AI investor, it was “inevitable” that more jobs would turn increasing automated.

He further urged businesses and individuals the need to reconsider how they work. "There will be winners or losers on a global basis in terms of where the jobs are as a result of AI," he said.

There have already been numerous reports of jobs that are losing their status of being ‘manual’, as companies are now increasing adopting AI tools rather than recruiting individuals. One recent instance was when BT stated “it will shed around 10,000 staff by the end of the decade as a result of the tech.”

However, some experts believe that these advancements in the job sector will also result in the emergence of new job options that do exist currently, similar to the time when the internet was newly introduced.

Validating this point is a report released by Goldman Sachs earlier this year, which noted 60% of the jobs we aware of today did not exist in 1940.

What are the Benefits?

According to Hogarth, the aim of the newly assigned taskforce was to help government "to better understand the risks associated with these frontier AI systems" and to hold the companies accountable.

Apparently, he was concerned about the possibility of AI posing harm, such as wrongful detention if applied to law enforcement or the creation of dangerous software that encourages cybercrime.

He said that, “expert warnings of AI's potential to become an existential threat should not be dismissed, even though this divides opinion in the community itself.”

However, he did not dismiss the benefits that comes with these technologies. One of them being the advancements in the healthcare sector. AI tools are not all set to identify new antibiotics, helping patients with brain damage regain movements and aiding medical professional by identifying early symptoms of diseases.

According to Mr. Hogarth, he developed a tool that could spot breast cancer symptoms in a scan.

To monitor AI safety research, the group he will head has been handed an initial £100 million. Although he declined to reveal how he planned to use the funds, he did declare that he would know he had succeeded in the job if "the average person in the UK starts to feel a benefit from AI."

What are the Challenges 

UK’s Prime Minister Rishi Sunak has set AI as a key priority, wanting to make UK to become a global hub for the sector.

Following this revelation, OpenAI, the company behind the very famous chatbot ChatGPT is all set to build its first international office in London. Also, data firm Palantir has also confirmed that they will open their headquarters in London.

But for the UK to establish itself as a major force in this profitable and constantly growing sector of technology, there are a number of obstacles it will have to tackle.

One instance comes from an AI start-up run by Emma McClenaghan and her partner Matt in Northern Ireland. They have created an AI tool named ‘Wally,’ which generates websites. The developers aspire to turn Wally into a more general digital assistance.

While the company – Gensys Engine – has received several awards and recognition, it still struggle getting the specialized processors, or GPUs (graphics processing units). They need to continue developing the product further.

In regards to this, Emma says, "I think there is a lack of hardware access for start-ups, and a lack of expertise and lack of funding.”

She said they waited five months for a grant to buy a single GPU - at a time when in the US Elon Musk was reported to have purchased 10,000.

"That's the difference between us and them because it's going to take us, you know, four to seven days to train a model and if he's [able to] do it in minutes, then you know, we're never going to catch up," she added.

In an email chat, McClenaghan noted that she thinks the best outcome for her company would be if it gets acquired by some US tech giant, something commonly heard from a UK startup.

This marks another challenge for the UK: to refocus on keeping prosperous companies in the UK and fostering their expansion.

Read more »
UK
Crypto Cyber Security Cyberattacks CyberCrime Gambcare NFT UK

"New Crypto Ad Rules: Mandatory 24-Hour Cooling-Off Period Introduced"

 


British consumers who purchase crypto assets from October 1st will be entitled to a mandatory 24-hour "cooling-off" period, to strengthen consumer protections. As a consequence, consumers will have a better chance of avoiding cryptocurrency scams. 

Reuters reports that the Financial Conduct Authority (FCA) has imposed updated marketing rules based on concerns raised regarding the lack of direct regulation of crypto assets such as bitcoin on a global scale, as a result of concerns raised about the lack of direct regulation. 

There will be a delay in the process of completing the transaction for new investors. Up to ten out of every ten adults in the UK own at least one form of cryptocurrency, according to government estimates. 

There could be serious consequences for owners of companies who fail to comply with the regulation, such as jail time, fines, or both. 

Specifically, the FCA's updated guidelines will eliminate "refer a friend" bonuses for crypto buyers, as well as require promoters to provide clear risk warnings and ensure that advertisements related to crypto assets are transparent, fair, and cannot mislead prospective buyers. 

The FCA worked on similar regulations last year to address advertising for high-risk investments in traditional finance. These regulations have been implemented as a result of those regulations. In the coming years, the US government plans on passing an updated financial services law that will regulate crypto assets. This is aligned with Britain's plans to regulate crypto assets by 2020. 

The rules, which are expected to take effect on 8 October, will apply to crypto assets, including digital currencies such as bitcoins. These assets have the qualities of being transferrable and fungible.  

It follows that the updated advertising guidelines will not cover the purchase of non-fungible tokens (NFTs), with the only exception being that they will be forbidden by the updated guidelines from being offered as incentives for crypto investments. 

A parliament committee reported last month that the characteristics of cryptocurrencies are "more closely related to those of gambling than the characteristics of financial services". In the past two years, GambCare, an organization that offers help people who are struggling with investing in cryptocurrency and other forms of online financial markets, has received more than 300 calls from people who need assistance. 

Following the passage of legislation by the government to give it authority over how digital assets are advertised, the Financial Conduct Authority is bringing these changes into effect. 

All crypto companies operating in the UK will be subject to the new rules and regulations. Those who break the rules will be subjected to a range of actions by the FCA, including removing them from their websites if they persist. 

Sheldon Mills, who is the executive director of the Consumers and Competition Bureau, said that its research revealed that “many people regret making a hasty decision.”

Due to the increasing complexity of the cryptocurrency landscape, introducing mandatory 24-hour cooling-off periods in cryptocurrency advertisements is a significant step towards protecting consumers and promoting responsible investment practices to keep them safe and secure. With the updated ad rules, potential investors are given more time for thoughtful consideration and research, therefore reducing the risk of impulsive decisions and assisting them to make more informed decisions. 

There is a need to reaffirm the commitment of regulators to striking a balance between fostering innovation and protecting the interests of individuals and organizations when it comes to regulating the exciting world of cryptocurrencies while monitoring the effectiveness of these measures.   
Read more »
UK
Ad targeting Data Breach Data Leak Mental Health Charities Patient Info Social Media UK

UK Mental Health Charities Imparted Facebook Private Data for Targeted Ads

 

Some of the largest mental health support organisations in Britain gave Facebook information about private web browsing for its targeted advertising system. 

The data was delivered via a monitoring mechanism installed in the charities’ websites and includes details of URLs a user visited and buttons they clicked across content linked to depression, self-harm and eating disorders. 

Additionally, it included information about the times visitors saw pages to access online chat tools and when they clicked links that said "I need help" in order to request assistance. Some of the pages that caused data sharing with Facebook were particularly targeted towards youngsters, such as a page for 11 to 18-year-olds that provided guidance on how to deal with suicidal thoughts. 

Details of conversations between charities and users or messages sent via chat tools were not included in the data sent to Facebook during the Observer's analysis. All of the charities emphasised that they took service user privacy very seriously and that such messages were confidential.

However, it frequently involved browsing that most users would consider private, such as information about button clicks and page views on websites for the eating disorder charity Beat as well as the mental health charities Mind, Shout, and Rethink Mental Illness. 

The data was matched to IP addresses, which are typically used to identify a specific person or home, and, in many cases, specifics of their Facebook account ID. The tracking tool, known as Meta Pixel, has now been taken down from the majority of charity' websites. 

The information was discovered following an Observer investigation last week that exposed 20 NHS England trusts sharing data with Facebook for targeted advertising. This data included browsing activity across hundreds of websites related to particular medical conditions, appointments, medications, and referral requests.

Facebook says it makes explicit that businesses should not use Meta Pixel to gather or distribute sensitive data, such as information that could expose details about a person’s health or data belonging to children. It also says it has filters to weed out sensitive data it receives by mistake. However, prior research has indicated that they don't always work, and Facebook itself acknowledges that the system "doesn't catch everything".

The social media giant has been accused of doing too little to oversee what information it is being supplied, and faced questions over why it would allow some entities – such as hospitals or mental health organisations – to send it data in the first place.
Read more »
UK
Capita cyber attack Data breaches attacks UK

Capita Cyberattack Sees 90 Organizations Report Possible Data Breaches

 

The Information Commissioner's Office (ICO), the data watchdog, has stated that it has received around 90 reports regarding possible breaches connected to Capita. 

In the realm of data protection in the UK, the Information Commissioner's Office (ICO) takes on the role of a guardian. Its primary function involves enforcing laws that govern communication, networking, and the security of data. 

The ICO ensures that businesses and organizations adhere to these laws, with the aim of safeguarding individuals' personal information. Its most notable role is in upholding the EU's General Data Protection Regulation (GDPR). 

The ICO's primary objective is to ensure that businesses operating in the UK adhere to rigorous data protection principles, safeguarding individuals' privacy and personal information. Capita is a major supplier to UK government departments and is involved in various contracts within the private sector. 

These reports pertain to both the cyberattack that occurred in March and the recent discovery of an unsecured database. As per the information from the Information Commissioner's Office (ICO), it said that it is currently investigating two cyber incidents related to Capita. In March, Capita experienced a cyber attack that resulted in staff being locked out of Microsoft's Office 365 Productivity suite.

Although initially claiming no data was accessed, Capita later acknowledged that some data was exposed to malicious actors. Furthermore, it was confirmed that in the recent cyberattack on Capita, resulted in a breach of personal information of nearly 500,000 members of the USS lecturers' pension fund. 

Additionally, the ransomware group Black Basta has claimed responsibility for the breach. However, yet we are not informed about any ransom demands or payments, but Capita expects to face costs of £20m as a result of the incident. Furthermore, the Information Commissioner's Office further said that the exact count of companies impacted by the breach is currently uncertain. 

Capita provides services to a wide range of organizations, including the Ministry of Defense and the NHS in the public sector, as well as the Royal Bank of Scotland, O2, and Vodafone in the private sector. With over 50,000 employees, Capita holds substantial UK government contracts valued at over £8bn. 

The cyberattack has had an impact on various local councils in the UK. Barnet, Barking and Dagenham, Lambeth, and South Oxfordshire have all reported encountering issues due to the incident. Additionally, following the discovery of the unsecured AWS bucket, Colchester and Coventry city councils have come forward to acknowledge that their data may also be affected.
Read more »
UK
Cyber Security Fake Reviews New Bill Safety Subscription Traps UK

Fake Reviews and Subscription Traps to be Banned Under New Bill in UK

 

As part of the modifications planned under new rules, buying, selling, or hosting bogus reviews would become unlawful. The UK government's new Digital Markets, Competition, and Consumer Bill intends to benefit consumers while increasing competition among large technology corporations. 

The bill, which was filed on Tuesday, prohibits people from obtaining money or free items in exchange for writing flattering reviews. Firms would also be required to notify customers when their free subscription trials expire. Furthermore, the bill seeks to end the current market dominance of the tech titans.

Since 2021, the law has been in the works. Its creators have stated that they want to oversee the way a number of large tech businesses dominate the market - though none have been expressly named yet, and will be chosen following a nine-month assessment phase.

It makes no difference where they are located, and corporations headquartered in China will be included if they are judged to be in scope. The newly established Digital Markets Unit, which will be part of the Competition and Markets Authority (CMA), will thereafter be given special powers to open up a specific market based on the circumstances.

This may involve asking Apple to allow iPhone and iPad users to download apps from various app stores, or compelling search engines to share data. The CMA will be authorized to levy fines of up to 10% of global revenue for non-compliance, depending on the infraction, and will not need a court order to enforce consumer law.

The EU Digital Markets Act was created to address similar competition difficulties with large digital corporations.

The UK bill is fairly broad, and the CMA will have to:
  • deal with the large, worldwide issue of big tech's market dominance 
  • help customers manage subscriptions, and potentially extend the "cooling off" period so they can be stopped after one payment is made 
  • ensure platforms take "reasonable steps" to verify that product and service evaluations are authentic.
After successfully forcing Meta, Facebook's parent company, to sell the graphics animation firm Giphy after ruling that it would harm competition, the CMA demonstrated that a UK regulator can be effective when tackling what are likely to be predominantly US-based behemoths. Meta was disappointed, but it did comply.

According to Reed Smith lawyer Nick Breen, the expanded powers granted to the CMA under the new bill mean that "no one has the luxury of taking this lightly." The trade organization techUK's Neil Ross expressed hope that it would feature "robust checks and balances" as well as a fast appeals mechanism.

"The new laws we're delivering today will empower the CMA to directly enforce consumer law, strengthen competition in digital markets, and ensure that people across the country keep hold of their hard-earned cash," said Business Minister Kevin Hollinrake.

Following parliamentary approval, the new rules will be implemented as soon as possible, according to the Department of Business and Trade.


Read more »
User Privacy
Chinese Gadget Chinese Spy Cyber Security Data Theft Illegal spying UK User Privacy

Chinese Gadget: A Potent Tool to Spy on UK Citizens

 

Our smartphones, the websites we visit, and CCTV cameras are harvesting invaluable data about our lives by tracking every move we make hundreds of thousands of times per day. A large portion of this data is stored in China. This idea is terrifying. 

The Chinese-owned video-sharing app TikTok has software that can access our most private information, according to a cybersecurity company's demonstration last week. It's the newest and most concerning illustration of how technology constantly monitors us, endangering both our civil freedoms and the security of the country.

According to Asian Light International, China is "weaponizing" microchips placed in smart bulbs, refrigerators, vehicles, and credit cards to spy on you. Three Chinese firms, Quectel, Fibocom, and China Mobile, already control 54% of the worldwide device market and 75% of the connection industry.

Clients of the three Chinese companies include Tesla Motors, Dell, Lenovo, HP, and Intel, as well as Sumup, a company that processes credit card payments. According to Asian Lite International, devices with modules include laptop computers, voice-activated smart speakers, smart watches, smart energy metres, fridges, light bulbs, and other appliances that can be operated via an app. They also include body-worn police cameras, doorbell cameras, and security cameras, as well as bank card payment terminals, cars, and even hot tubs.

The modules gather information and then broadcast it over 5G networks, allowing China to track the movements of intelligence targets like people, weapons, and supplies while also using the gadgets for industrial espionage. In the UK, there are already millions of them in use. 

A report by Charles Parton, a former diplomat who advised parliament on China, claims that "trojan horse" technology poses a "widespread" threat to Britain's national security. Parton worked in China, Taiwan, and Hong Kong for 22 years of his diplomatic career. He has provided China-related advice to the Foreign Office, the European Union, and the Commons Foreign Affairs Committee.

Senior MPs have expressed concerns about the "widespread presence" of cellular IoT modules, according to the report, which claims that ministers have entirely failed to comprehend the harm they bring. It urges ministers to act right away to prevent the sale of Chinese-made cellular IoT in the UK before it's too late. 

Charles Parton stated, "We are not yet aware of the hazard. China has recognised a chance to control this market, and if it succeeds, it will be able to collect a lot of data and compel other nations to depend on them." 

According to a report released on Monday by Washington-based consultancy OODA, the potential threat to national security posed by Huawei products used in mobile infrastructure is greater than the threat posed by Chinese-made components in mobile phone masts. As a result, the government has decided to outlaw these products. Cellular IoTs, or Internet of Things, are tiny modules that are employed in everything from advanced weapon systems to smart refrigerators to track usage and transmit information to the owner and frequently the manufacturer utilising 5G.

Espionage has a lot of potential. According to Asian Light International, the research recommends monitoring American arms sales activity in conjunction with artificial intelligence and machine learning to handle enormous amounts of data. In order to track visiting ministers during advance security sweeps, it can also be used to identify and address royal and diplomatic protection personnel. 

Even seemingly innocent uses of the equipment, like farm gear, might enable the Chinese identify weak points in Western supply chains, like low crop harvests, and subsequently undercut British providers. gaining market share, increasing reliance on Chinese goods in the West. The West would become totally dependent on China for the supply of the crucial component if China were allowed to establish a monopoly on the manufacture of the equipment, which is subsidised by the Chinese government to make them less expensive than Western competitors, according to Asian Lite International. 

According to the OODA report, government assets should be thoroughly audited to determine whether equipment needs to be replaced and that task be delegated to corporations working in sensitive industries like defence by the end of 2025.
Read more »
Subscribe to: Posts (Atom)