Australian Prime Minister Scott Morrison announced a sophisticated nation-state actor is causing increasing havoc by attacking the country’s government, corporate institutions, and his country's critical infrastructure operators. He said, “We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used". While Morrison didn't actually name the specific country responsible in his statement, Reuters said its sources confirmed China was the culprit. Political tensions have ramped up between Australia and China in recent months after Australia called for an investigation into China’s handling of the COVID-19 pandemic. China then reacted by placing tariffs on Australian exports and banning shipments of beef from Australia.
Why am I leading a UK cybersecurity blog with an Australian cyberattacks story? Well, it is because the UK might well be next in the cross-hairs of China's sophisticated cyber army, after the UK Governance stance on using Huawei in 5G infrastructure significantly soured last month. And also due to the increasing political pressure applied by the UK government on the Chinese government following their introduction of a controversial new security law in Hong Kong.
Increased UK Huawei Tensions in June 2020
Increased UK Huawei Tensions in June 2020
Away from the international cyber warfare scene, a coalition led by security companies is urging the UK government to revamp the much-dated Computer Misuse Act. The UK's 'anti-hacking' law is 30 years old, so written well before the internet took root in our digital society, so is not really suitable for prosecuting for modern cybercriminals, they tend to be prosecuted under financial crime and fraud laws. The coalition is calling for a change in the law includes the NCC Group, F-Secure, techUK, McAfee and Trend Micro. They argue section 1 of the Act prohibits the unauthorised access to any programme or data held in any computer and has not kept pace with advances in technology. In their letter to PM they said "With the advent of modern threat intelligence research, defensive cyber activities often involve the scanning and interrogation of compromised victims and criminals systems to lessen the impact of attacks and prevent future incidents. In these cases, criminals are obviously very unlikely to explicitly authorise such access."
Since launching a 'Suspicious Email Reporting Service' in April 2020, the UK National Cyber Security Centre (NCSC) announced it has now received one million reports, receiving around 16,500 emails a day. NCSC Chief Executive Officer Ciaran Martin called the number of reports a “milestone” and “a testament to the vigilance of the British public". I think the email reporting service is another fantastic free service provided by NCSC (i.e. UK Gov) to UK citizens, so one thing the UK government is definitely getting right in the cybersecurity space at the moment.
Zoom announced it will extend 'optional' end-to-end encryption (E2EE) to free users. It is not certain when exactly Zoom's free E2EE will commence or whether it will be defaulted as on, given the Zoom CEO said, “We plan to begin early beta of the E2EE feature in July 2020.” Still good to see the much security criticised Zoom is continuing to bolstering its security, and also by appointing a seasoned Chief Information Security Officer from Salesforce.
Some men just want to watch the world burn...
Some men just want to watch the world burn...
With the recent uptick in ransomware, phishing, unsecured cloud buckets and massive data breaches dominating the media headlines over the past couple of years, you could be forgiven for forgetting about the threat posed by Distributed-Denial-of-Service (DDoS) attacks. So then, a timely reminder that some threat actors have vast botnets as their disposal for orchestrating huge DDoS attacks after Amazon reported thwarting the biggest ever DDoS attack, and a European bank suffered the biggest ever PPS DDoS attack. The motives of these colossal DDoS attacks are unclear, I guess some men just want to watch the world burn.
NEWS
Quote from Batman butler Alfred (Michael Caine), The Dark Knight
BLOGNEWS
- Australia PM Claims Nation-State Actor is behind a Surge of Cyberattacks
- Zoom will Extend Optional End-to-End Encryption to Free Users
- Huawei's days in the UK could be Numbered
- NCSC: One Million Phishing Messages Reported in Two Months
- UK Gov Urged to Overhaul "unfit for purpose" Computer Misuse Act
- European Bank suffers biggest PPS DDoS Attack, New Botnet Suspected
- Criminals Intercepted Payment Card details used at Claire’s Online store for Weeks
- Amazon Thwarts Largest ever DDoS Attack
- Ransomware Gang Claims Attack on LG Electronics
- South African Bank to Replaces 12 Million Cards after Employees Stole Master Key
- Snake Ransomware behind Cyberattack that put Brakes on Honda Operations for the Third Time
- Malicious Google Extensions Research points out ‘unintended consequence’ of Cloud Computing
- Lockdown sees rise in RDP Brute Force Attacks, with over 100,000 daily
- Microsoft Patches 129 Vulnerabilities
- Adobe Fixes 18 Critical Vulnerabilities
- Cisco Security Advisories address 47 Flaws, 3 Critical
- High-Severity Bugs Patched in Chrome, Firefox Browsers
- Apple Patches iOS Jailbreak Vulnerability
- North Korea has quietly built a 7,000 Cyber Army
- Dodging AV and endpoint defenses is a ‘snap’ for new Thanos Ransomware
- Ragnar Locker teams up with Maze; Zorab ransomware imitates Decryptor
- Cybercriminals Poised to Attack as Adobe ends support for Magento 1
1 comment:
It is a newsworthy post about cybersecurity. People from the IT security industry would find it useful. Thanks for sharing this with us!
Post a Comment