Ukrainian cyber police dismantle International account hijacking ring, arrest three in major operation
In a crackdown, the Ukrainian cyber police and national police investigators have apprehended three individuals linked to the global hijacking of over 100 million emails and Instagram accounts. Aged between 20 and 40, the suspects utilised specialised brute-force software to decrypt passwords, a method that employs automated guesswork of password combinations until the correct one is identified. This technique's effectiveness hinges on the computational power versus the password's complexity. The cybercriminals profited by selling the stolen account access on the darknet to fraud groups, who then exploited these accounts to defraud contacts of the victims by posing fraudulent money transfer requests.
Operating across various Ukrainian regions, the organised criminal group was well-structured, with a leader assigning tasks to members. Law enforcement conducted seven searches in multiple cities, confiscating 70 computers, 14 mobile phones, bank cards, and cash. The suspects now face charges of unauthorized information system and network interference, carrying a penalty of up to 15 years imprisonment. Further investigations are exploring connections to foreign entities, particularly for activities favouring Russian interests. To safeguard against such hijackings, individuals are advised to use strong passwords and enable multi-factor authentication (MFA), adding a vital security layer against unauthorised access.
NHS Dumfries and Galloway targeted in major cyber attack, data breach feared
NHS Dumfries and Galloway has been hit by a severe cyber-attack, prompting an immediate response in collaboration with Police Scotland, the National Cyber Security Centre, and the Scottish government to mitigate the breach's impact on its systems. This attack has raised concerns about the potential acquisition of a significant amount of data, including sensitive information that could identify patients and staff.
The health board is actively working to determine the extent of the data accessed and has issued a warning about possible disruptions to services. It has also alerted the public and staff to be vigilant against any suspicious attempts to access their systems or claims of possessing their data, advising immediate contact with Police Scotland for any such instances. A dedicated webpage has been established to provide updates on the situation.
Health Secretary Neil Gray assured the Scottish government's support to NHS Dumfries and Galloway, highlighting the activation of established procedures to address this cyber security incident, with NHS National Services Scotland keeping the broader NHS network informed.
IMF investigates cyber security breach involving email compromise
The International Monetary Fund (IMF) is currently addressing a cyber security incident that compromised several internal email accounts, first identified on February 16. The Washington-based financial organisation, integral to global economic stability, enlisted independent cyber security experts to assess and mitigate the breach.
Eleven email accounts were found compromised but have since been secured, with no evidence suggesting further breaches. The IMF is continuing its investigation into the cyberattack, underscoring its commitment to transparency and cyber security vigilance among staff. This incident marks a significant breach since a major attack in 2011 led to substantial data theft. The IMF emphasizes its robust cyber security measures designed to rapidly counter such threats. Given the IMF's pivotal role in international financial assistance, such breaches raise concerns about cyber-espionage, particularly from nations engaged in fund negotiations. Despite this, top IMF managers, including the Managing Director, were reportedly not affected. This event serves as a reminder of the escalating costs and frequency of cyber incidents in global financial institutions.
Only 13% of UK Organisations Cyber-Resilient, says new Microsoft report
A Microsoft and University of London report reveals only 13% of UK organisations are resilient to cyber-attacks, highlighting a significant vulnerability in national cyber security. The majority are either at high risk (39%) or considered vulnerable (48%) to cyber threats. This vulnerability undermines the UK's aspiration to become an AI superpower, with Microsoft advocating for more investment in AI to counteract the increasing use of AI by cybercriminals. The report emphasizes the importance of security-by-design and the use of AI in cyber security, noting that the UK economy could save £52bn annually with improved cyber resilience. It also points out the potential of AI to reduce financial losses from cyber-attacks by 20%. Despite the widespread concern over AI-related risks, only a minority of organisations utilize AI for detecting vulnerabilities or strengthening defences.
