A newly-detected piece of ransomware nicknamed “Delilah” has been detected in the wild by Israeli intelligence outfit Diskin Advanced Technologies. The malware’s goal is to extort victims into stealing insider information. The tool was found on underground crime forums and relies on a combination of social engineering, extortion and ransomware. Delilah is exclusive and cannot be found on crime ware forums, thus prolonging its […]

A new variant of ransomware has been identified by Sophos names “Zepto”. This variant replicates the locky malware where all files are encrypted, renamed and the file extension of “.zepto” added to each file. This malware is spread by the use of phishing emails claiming to be providing documents / scanned images that have been requested previously. These emails contain […]

In late may 2016 it was reported that the developers behind the Teslacrypt ransomware had decided to shut down and had released the master decrytion key, It is not know what persuaded them tot take this action although, on releasing the master decryption key, they also said that there sorry. There are now a number of free online tools available that […]

Mobile malware is increasingly sophisticated and as such presents a growing threat to organisations as well as consumers. The volume of malware targeting mobile devices in the UK quadrupled in 2015, with Q1 2016 already reaching 50% of 2015 numbers. CERT-UK assesses that the following factors should be taken into consideration when organisations review their mobile devices security policy; Mobile […]

There have been a report of a ransomware attack on a Swindon-based business. The victim received a fake email apparently from the County Court which had a zipped file attached to it. The victim opened the file and with seconds it started to encrypt the files on the computer. After encryption, a message appeared instructing the victim on how to […]

A new phishing campaign has been affecting university students across the UK recently. The fake email claims that the student has been awarded educational grant by the Department of Education. The sender also poses as the financial department of the university the student is attending to add another layer of authenticity. The aim is to persuade the student to click […]

There has been a big increase in fake Microsoft phone calls being made in the Tavistock area of Devon. Criminals posing as Microsoft staff attempt to gain remote access to the victim’s computer. It is suspected that they are working through the “01822” number range. The average age of a victim is 59 with an average reported loss of £210. […]

Earlier this year researchers discovered a new type of ransomware that encrypts a victim’s files and demands an extortionate amount of 13 BTC (Bitcoins), which currently equates to £4153. This has evolved into an improved version called “7ev3n-HONE$T” which is now believed to demand a lower amount of 1 BTC equating to £319. 7ev3n-HONE$T encrypts files and renames them using […]

The SWRCCU are currently investigating a website defacement and network intrusion whereby a large amount of data has been compromised. During the investigation it has been identified that access was gained to the webserver of the company through a vulnerability in an unpatched file upload plugin. The attackers were able to place two shells on the webserver for access at […]

Within the past 24 hours a number of businesses throughout the UK have received extortion demands from a group calling themselves ‘Lizard Squad’. Method of Attack: The group have sent emails demanding payment of 5 Bitcoins, to be paid by a certain time and date. The email states that this demand will increase by 5 Bitcoins for each day that […]

New data released by Action Fraud and the National Fraud Intelligence Bureau which are both run by the City of London Police , shows that increasingly fraudsters are using phishing as a means to defraud people across the UK. Last year (January 2015 – December 2015), the fraud and cybercrime reporting centre received on average 8,000 reports per month, with […]

The information contained within this alert is based on a number of reports made to Action Fraud. The purpose of this alert is to make businesses aware of the problem and to share information with other Law Enforcement Agencies. Within the past 24 hours a number of businesses throughout the UK have received extortion demands from a group calling themselves […]

The Cyber Security Information Sharing Partnership (CiSP), which is run by CERT-UK, is an information sharing platform used to share and publish cyber crime threat information. The aim of the platform is to allow member to take remedial action and modify their organisations to prevent cyber attacks. If you would like to join the CiSP then please sign up at www.cert.gov.uk/cisp […]

The AceKard malware is an online banking and payment Trojan. It first emerged in January – February 2014, though concerns have been raised over its current activity. Attack originally targeted Russia though Europe, Australia and the IS are now under attack. Infection is through cleverly disguised apps such as a fake Adobe Flash player or pornography app. These fake apps […]

A recent report from the City of London Police’s National Fraud Intelligence Bureau (NFIB) shows that over £32 million has been reported to be lost as a result of CEO fraud. From July 2015 until January 2016 there was a marked increase in CEO fraud with a total of 994 reports being made to Action Fraud. How does this scam work? CEO fraud […]

You can take a number of steps to reduce the chances of becoming a victim of the current malware threats: Do not open attachments without double checking who the email is from. Have anti-virus installed and up-to-date Keep operating system up=to-date and patched Be aware of current malicious attacks by reading the news. Ensure software is up-to-date for example internet […]

A solicitor’s in Cheltenham were subject to a PBX hack on their telephone system which resulted in a financial loss of £376. Hackers accessed the system and made calls to a premium rate Japanese telephone number. In Order to prevent you becoming the next victim: Use strong pin/passwords for your voicemail system, ensuring they are changed regularly If you still […]

A number of businesses have been infected with Dridex. To minimise the risk please consider: Only allowing admin privileges to individuals who really need it Ensuring SPAM filters are turned on. Ensuring macros is not automatically enabled. This will ensure you get a prompt to enable macros when an office attachment requiring macros is opened – unless you recognise the […]

The NCSC and Dephrisk went down to London last week to take part in The London Business Show. It was a great success meeting lots of different SMEs from around the country. Dephrisk along with the NCSC performed a live hack which unnerved the audience, but they where reassured with the advice they were given afterwards. If you would like […]