Tag: Cybersecurity
London’s transport cyber-breach is spreading fast
A cyber-attack on the London transport system earlier this month was far more serious than initially reported and is rapidly spreading across the UK. It is also now ringing loud alarm bells on both sides of the Atlantic, particularly in light of the upcoming US elections in November. Transport for London (TfL) has now admitted that over 5,000 customers’ personal details and, in many cases, their financial details have been stolen. TfL added that the breach is also rapidly starting to affect services outside London. The London Underground, the UK capital’s vast underground rail network, like most European metros, has a touchpad automatic electronic payment system using prepaid plastic cards. London also allows travelers simply to use their visa or MasterCard on the touchpads at the London underground barriers. This means that organizations such as TfL have become repositories of millions of commuters’ financial details, making them a tempting target for small-time cyber crooks.
India Enlists Army of 5000 “Cyber Commandos”
The Indian Government is upping the ante with its fight against cybercrime. Indian Union Home Minister Shri Amit Shah this week announced the launch of four major platforms under cyber security program Indian Cyber Crime Coordination Center (I4C), including the training of 5,000 “Cyber Commandos,” to counter the increasing threat of cyber-crime. The Cyber Commando Program will create a special wing in every Central Police Organization, aiming to train 5,000 “Cyber Commandos” over the next five years. Trained Commandos will assist Central Agencies in “securing digital spaces”. Other platforms include a national Suspect Registry, a Cyber Fraud Mitigation Center, and an online portal for cyber-crime data analytics and crime mapping.
EU spyware scandal spreads
This week, Poland’s Supreme Court quashed an ongoing probe into spyware abuses allegedly conducted by its own government - claiming it to be “unconstitutional”. Comprehensive new research, published earlier this month by the Atlantic Council’s Digital Forensic Research (DFR) Labs, also now shows that government abuse of spyware is now widespread across the European Union (EU). The findings of DFR Labs’ research provide a truly damning description of the widespread abuse of spyware by governments across Europe, accusing the EU of effectively turning a blind eye to the widespread abuse of its citizens’ rights despite being made aware of the widespread abuses at least two years ago. In 2022, the European Parliament (EP), frustrated by the Commission’s reluctance to tackle the growing scandal, established the PEGA Committee to investigate the misuse of surveillance spyware.
Cost of AI could rise tenfold – warns Gartner
Gartner issued a stern warning this week to organizations across all sectors that the cost of introducing artificial intelligence (AI) to the workplace could easily balloon by 500 -1,000 percent. Speaking at Gartner's flagship Symposium event in Australia, VP analyst Mary Mesaglio said: “Factors contributing to these inflated costs include vendor price increases and neglecting the expense of utilizing cloud-based resources.”
German Intelligence warns of Russian cyber-attacks
The cyber cold war just became a little warmer, with German Intelligence now publicly crying foul on Monday at Russia for online attacks stretching back to 2020. Germany’s Bundesverfassungsschutz has issued a strong warning against a cyber group belonging to Russian military intelligence (GRU) Unit 29155, which was linked to the 2018 poisonings of a former Russian double agent and his daughter in the UK, claiming that the unit has also been active in carrying out cyberattacks against NATO and EU countries.
Brussels backs down on mass surveillance
The European Union (EU) Council has made a last-minute withdrawal of the EU’s highly controversial planned “Chat Control” legislation, which was due to vote yesterday. This would have effectively introduced mass digital surveillance by means of fully automated real-time monitoring of all messaging and chats. The EU would appear to finally have heeded the harsh warnings that have been coming from the cybersecurity and communication sectors since the controversial ruling was first proposed in 2022. For the six months prior to Thursday’s decision, the EU Belgian Council presidency has been sitting on a deadlock between EU countries. Germany and Poland have heeded privacy experts' warnings of a potential police state. But Ireland and Spain are pressing for draconian new online laws to fight a rise in online child sexual abuse material that has grown since the start of Europe’s widespread lockdowns two and a half years ago.
Secret Service Hot on the Trail of Cybercriminal “Stalin”
The United States Secret Service is doubling down on the search for cybercriminal “Stalin.” On August 26, 2024, the U.S Department of State partnered with the US Secret Service to put out a bounty of up to $2.5 million for information leading to the arrest of Belarusian hacker Volodymyr Kadariya, sometimes going by the alias “Stalin.” Kadariya was allegedly part of a malicious advertising (“malvertising”) ring responsible for transmitting the Angler Exploit Kit, a toolkit utilized by threat actors to exploit vulnerabilities in a system or code.
“Voldemort” impersonates tax authorities worldwide
A threat actor named “Voldemort” is impersonating tax authorities from governments in Europe, Asia, and the US – targeting dozens of organizations worldwide. Cybersecurity company Proofpoint believes “with moderate confidence” that Voldemort’s ultimate goal is cyber-espionage. Since August 5 this year, Voldemort, named after the main villain in J. K. Rowling’s Harry Potter children’s books, has sent over 20,000 messages purported to be from various tax authorities to over 70 organizations around the world. The threat actor poses as the US Internal Revenue Services, the UK’s HM Revenue & Customs, France’s Direction Générale des Finances Publiques, Germany’s Bundeszentralamt für Steuern, Italy’s Agenzia delle Entrate, India‘s Income Tax Department and Japan’s National Tax Agency.
Ex-IT worker arrested for ransomware attack
The US New Jersey District Court has arrested a man accused of conducting a ransomware attack on a former employer, highlighting the growing “insider threat” organizations increasingly face from disgruntled or former employees. It is alleged that Daniel Rhyne, 57, described in court documents as “a core infrastructure engineer,” is alleged to have conducted a $750, 000 ransomware attack on a New Jersey-based industrial company. The as-yet-unidentified organization provides services to various industries, including aquaculture, biopharmaceuticals, chemistry, electronics, food and beverage, healthcare, hydrogen mobility, manufacturing and industrial processing, metals, oil and gas, and pulp and paper companies.
Telegram chief’s arrest ignites global cyber-war
In the wake of Telegram owner and founder Pavel Durov’s shock arrest in Paris on Saturday, the French state is being hit by a growing wave of cyber-attacks designed to cause maximum embarrassment to beleaguered French president Emmanuel Macron. Durov was released from police custody in France on Wednesday and has been transferred to court for questioning ahead of a possible indictment that could result in a long prison sentence. A post on X by SaxX, reportedly the nom de Twitter of cybersecurity consultant Clément Domingo, listed 10 websites in France that bore the brunt of the first wave of cyber-attacks orchestrated by a new online hacktivist group, #opDurov.
The EU bares its teeth – again
The EU has bared its cyber teeth for the second time in a week. Hard on the heels of the arrest of Telegram founder and owner, Pavel Kurov, Uber has been slapped with a $290 million fine for allegedly violating the European Union (EU)’s General Data Protection Regulation (GDPR) by failing to protect personal data of European taxi drivers held on servers located in the US. The Dutch Data Protection Authority (DPA) enforced the regulation by imposing a fine on Uber, which transmitted European drivers’ personal data to the US, including drivers’ account details, taxi licenses, location data, photos, payment details, identity documents and, in some cases, even criminal records and medical data.
Telegram chief arrested in Paris
Speculation is today mounting concerning the arrest of the popular encrypted messaging app Telegram head and founder, Pavel Durov, at Le Bourget airport north of Paris on Saturday evening. The arrest has been widely reported in France, although the authorities have yet to issue a full statement. In the past, the French president. Emmanuel Macron and his team have been enthusiastic users of Telegram, using it to orchestrate their political strategies. But Durov’s arrest on Saturday is now being seen as part of an attempt by the UK and the European Union to curtail the reach and influence of largely unregulated communications platforms such as Telegram and X (formerly Twitter). This theory is born out of sources close to the situation, who believe that Durov will face charges of complicity in drug trafficking, crimes against children, and fraud – all allegedly stemming from a lack of moderation controls on Telegram.