Figures gathered by insurance broker Gallagher – through the Freedom of Information (FoI) Act – have shown that UK local authorities were hit by an average of 800 cyber-attacks every hour in the first six months of this year.

Problem Could Be Bigger Than Figures Show

The figures, which were based upon the 203 (out of 408) local authorities that responded, showed that there were more than 263 million incidents in the first six months of 2019.  This could mean that even though 76 local authorities reported a cyber-attack between January and June 2019, the fact that only half of UK local authorities responded to the FoI request could mean that the problem may be proportionately much worse than even these figures show.

What Kind of Attacks?

Gallagher’s collected information shows that since the beginning of 2017, 17 of the attacks reported by respondents related to loss of data or money, with an average cost to the victim of around £430,000.  Gallagher’s figures also show that only 13% of councils have a standalone cyber insurance policy, meaning that most councils are risking potentially heavy fines under GDPR for any breaches.

Why A Target?

Local authorities and other public sector organisations are attractive targets to cyber-criminals because they hold large quantities of personal data and, perhaps due to a lack of funding and/or getting the most out of IT spending, they may be running older, less secure systems.  Also, they have a large number of employees who may lack education about an training in data and cyber-security.

Education A Target

Universities, colleges and schools are also targets for cyber-criminals because they tend to have large numbers of users spread across many different departments, different facilities and faculties, and data is moved between these, thereby making admin and IT security very complicated.  Also, universities have a lot of valuable intellectual property as well as student and staff personal data within their systems which are tempting targets for hackers.

Back in July, for example, Lancaster University, which offers a GCHQ accredited cyber-security course and has its own Cyber Security Research Centre was hit by a phishing attack, resulting in the leak of the personal data of new university applicants.  Also, in 2018, The Information Commissioner (ICO) fined the University of Greenwich £120,000 for a data breach that left the personal details of thousands of students exposed online.

A National Cyber Security Centre report recently revealed that the UK’s universities lost almost £150m from cyber-attacks in the first six months of 2018 alone.

Lost Mobile Devices

Lost mobile devices, many of which may provide access to cloud-based data, are also known to be a problem for government bodies.  For example, an FoI request in July by MobileIron found that government staff had lost 508 mobile and laptop devices between January and April 2019.

What Does This Mean For Your Business?

These figures make worrying reading, especially at a time when council budgets are very limited.  Local authorities are already facing serious decisions about what to prioritise in terms of investment, but GDPR and a duty to protect the privacy and security of local authority customers and staff should mean that data security is kept high up the agenda. Part of maximising the value of investments in data security for local authorities should include ensuring that training and software are put in place to enable a more proactive approach to attack prevention and that staff are educated about threats, and how to spot (and what to do with) suspicious communications by email, social media or other means.

Gallagher’s figures may also serve as a reminder to local authorities that it may be a good idea to make sure, in the light of the sheer number of threats (only one of which needs to get through), that they have a good cyber insurance policy in place.

In a “post-truth” era, AI is one of the many protective tools and weapons involved in the battles that male up the current, ongoing “fake news” war.

Fake News

Fake news has become widespread in recent years, most prominently with the UK Brexit referendum, the 2017 UK general election, and the U.S. presidential election, all of which suffered interference in the form of so-called ‘fake news’ / misinformation spread via Facebook which appears to have affected the outcomes by influencing voters. The Cambridge Analytica scandal, where over 50 million Facebook profiles were illegally shared and harvested to build a software program to generate personalised political adverts led to Facebook’s Mark Zuckerberg appearing before the U.S. Congress to discuss how Facebook is tackling false reports. A video that was shared via Facebook, for example (which had 4 million views before being taken down), falsely suggested that smart meters emit radiation levels that are harmful to health. The information in the video was believed by many even though it was false.

Government Efforts

The Digital, Culture, Media and Sport Committee has published a report (in February) on Disinformation and ‘fake news’ highlighting how “Democracy is at risk from the malicious and relentless targeting of citizens with disinformation and personalised ‘dark adverts’ from unidentifiable sources, delivered through the major social media platforms”.  The UK government has, therefore, been calling for a shift in the balance of power between “platforms and people” and for tech companies to adhere to a code of conduct written into law by Parliament and overseen by an independent regulator.

Fact-Checking

One way that social media companies have sought to tackle the concerns of governments and users is to buy-in fact-checking services to weed out fake news from their platforms.  For example, back in January London-based, registered charity ‘Full Fact’ announced that it would be working for Facebook, reviewing stories, images and videos to tackle misinformation that could “damage people’s health or safety or undermine democratic processes”.

Moderation

A moderator-led response to fake news is one option, but its reliance upon humans means that this approach has faced criticism over its vulnerability to personal biases and perspectives.

Automation and AI

Many now consider automation and AI to be an approach and a technology that are ‘intelligent’, fast, and scalable enough to start to tackle the vast amount of fake news that is being produced and circulated.  For example, Google and Microsoft have been using AI to automatically assess the truth of articles.  Also, initiatives like the Fake News Challenge (http://www.fakenewschallenge.org/) seeks to explore how AI technologies, particularly machine learning and natural language processing, can be leveraged to combat fake news, and supports the idea that AI technologies hold promise for significantly automating parts of the procedure human fact-checkers use to determine if a story is real or a hoax.

However, the human-written rules underpinning AI, and how AI is ‘trained’ can also lead to bias.

Deepfake Videos

Deepfake videos are an example of how AI can be used to create fake news in the first place.  Deepfake videos use deep learning technology and manipulated images of target individuals (found online), often celebrities, politicians, and other well-known people to create an embarrassing or scandalous video. Deepfake audio can also be manipulated in a similar way.  Deepfake videos aren’t just used to create fake news sources, but they can also be used by cyber-criminals for extortion.

AI Voice

There has also been a case in March this year, where a group of hackers were able to use AI software to mimic an energy company CEO’s voice in order to steal £201,000.

What Does This Mean For Your Business?

Fake news is a real and growing threat, as has been demonstrated in the use of Facebook to disseminate fake news during the UK referendum, the 2017 UK general election, and the U.S. presidential election. State-sponsored politically targeted campaigns can have a massive influence on an entire economy, whereas other fake news campaigns can affect public attitudes to ideas and people and can lead to many other complex problems.

Moderation and automated AI may both suffer from bias, but at least they are both ways in which fake news can be tackled, to an extent.  Through adding fact-checking services, other monitoring, and software-based approaches e.g. through browsers, social media and other tech companies can take responsibility for weeding out and guarding against fake news.

Governments can also help in the fight by putting pressure on social media companies and by collaborating with them to keep the momentum going and to help develop and monitor ways to keep tackling fake news.

That said, it’s still a big problem, no solution is infallible, and all of us as individuals would do well to remember that, especially today, you really can’t believe everything you read and an eye to source and bias of news coupled with a degree of scepticism can often be healthy.

PayPal has announced that it is not going to be a part of the Switzerland-based Libra Association that is overseeing the introduction of Facebook’s Libra cryptocurrency.

What Is Libra?

Libra is a cryptocurrency, designed and coded by Facebook, that will enable payments to be made by a special phone app and by messaging services such as WhatsApp so that spending the new currency could be as easy and fast as texting.  Libra was announced as being targeted at the 1.7 billion adults worldwide who do not have a bank account (unbanked).

Unlike other cryptocurrencies such as Bitcoin, Libra will offer the security from massive value fluctuation by being asset-backed and pegged to other currencies and it will not have a traditional bank ‘middleman’, therefore enabling fast and frictionless transactions.

Units of Libra units can be purchased via Libra’s platforms and stored it in a digital wallet called “Calibra”.

Libra Association

The Libra Association, which PayPal has just left, is a 28-member (now 27) association of multinational companies and non-profits, hoping to grow to 100 or more members.  The Libra Association, based in Switzerland will be responsible for the management of Libra and members of the Association include Mastercard, eBay, Spotify, Uber, Vodafone, and a variety of charities such as Women’s World Banking.

Why Has PayPal Left?

PayPal has not given a clear reason why it has left the Libra Association, but there is speculation among some commentators that it may be due to PayPal wanting to distance its brand from the fact that regulators, particularly in Washington and Brussels, appear to be concerned that the Libra project could be seen as a means to bypass rules relating to money laundering and tax evasion.  There is also speculation that PayPal may have been concerned that Facebook executives haven’t paid attention to PR that could counter much of the initial criticism of Libra.

PayPal has said, however, that “We remain supportive of Libra’s aspirations and look forward to continued dialogue on ways to work together in the future”.

Others?

There are also press reports that other Association members such as Mastercard, Visa, and digital payment platform and processor Stripe may be considering leaving the Libra Association due to concerns about the suggestions that Libra could potentially be used for money laundering to tax evasion.

France Says No

In September, France’s finance minister, Bruno Le Maire, said that the development of Facebook’s Libra cryptocurrency will be blocked in Europe unless concerns over risks to consumers and to the monetary systems of countries can be addressed.

Warnings and Concerns

Back in July, finance chiefs from the Group of Seven democracies warned that cryptocurrencies like Libra would have to address “serious regulatory and systemic concerns” before they would be allowed.  Also, President Trump has said in a Tweet that he isn’t a fan of Libra, and central bank chiefs, including Mark Carney have also expressed concerns about Libra.

Some sceptical commentators have also noted that Libra may be less about money and blockchain anyway but more about gathering more information about the identity of clients.

What Does This Mean For Your Business?

Libra is now coming under increased scrutiny, and the mention of phrases like ‘money laundering’ or ‘tax evasion’ appear to be enough to scare some of the big financial brands away from the Libra project, at least until regulators’ questions have been answered and the heat has died down.  The fact that a big name like PayPal has pulled out, with other big names such as Mastercard and Visa looking likely to follow is undoubtedly going to be a big blow to the image and credibility of Libra, although the Libra Association still has 25+ other members and is hoping to grow this to include 100 or so other big names.

Countries and banks are clearly worried by the possible shift in control to big business that Libra could bring, and this shift in control could have a number of effects on the business environment and the economies of countries if Libra proves to be popular.

Even though Libra users are not intended to be businesses, if Libra does help the ‘unbanked’ this could have a knock-on effect in helping that segment of society to buy more goods and services, thereby helping businesses and the economy.

Security researchers at Skurio Ltd have warned employees and customers of Thomas Cook to be vigilant after it detected the registration of 53 Thomas Cook-related domains in the week after the travel operator went into receivership.

Phishing Risk

The risk is that cyber-criminals may be seeking to exploit a search for information from customers and staff affected by the company’s collapse to launch phishing attacks.  For example, Thomas Cook-related domains that have been registered but don’t have a holding page or landing-page on them could be used to create a legitimate-looking email address as part of phishing attempts.

German Site

One of the Skurio analysts, John Evans, reported finding a .de Thomas Cook-related domain that hosted a page that pretended to be a legitimate business, but was using the Thomas Cook likeness to make money from customer refund claims.

25% Just Piggybacking

The Skurio researchers found that 25% of the domains registered appeared to be just simply piggybacking off the collapse of Thomas Cook, and were using their domains to simply redirect to other websites.

Holding Pages + Advert Clicks

The researchers discovered that 50% of the recently registered domains had holding pages for websites on platforms like Wix or WordPress (awaiting a full live site).  Some other domains were discovered to be used for ad clicks and ad revenue e.g. with adverts for booking a new holiday or finding jobs for Thomas Cook employees.

Thomas Cook Contracted Skurio

Skurio were monitoring the Thomas Cook-related domain situation because (as reported by Skurio) Thomas Cook, had contracted Skurio, long before its collapse, to monitor surface, deep and Dark Web sources in order to provide early data breach detection services.  It was as part this service Skurio was scanning for new domain registrations relating to Thomas Cook services.   According to Scurio, this scanning involved looking for domains set up with subtle spelling errors or additional terms that a customer may expect to see, in order send phishing emails, create fake social media accounts or capture customer details online.

What Does This Mean For Your Business?

It is not uncommon for cyber-criminals to launch campaigns to take advantage of a popular information search by customers after events such as a high-profile security breach or company collapse.  This is because people may let their guard down and may simply not suspect such an underhand tactic, which is the kind of human error based on emotion that cyber-criminals are counting on.

Phishing attacks are all-too-common, and a recent APWG report showed that phishing attacks continued to rise in summer of 2019, with cyber-criminals focusing branded webmail and SaaS providers.

Companies can help guard against phishing attacks by educating and training all staff to be able to spot possible fraudulent tactics, and by encouraging and empowering them to question and refer any suspicious activity that could help to protect the business. Having clear systems for staff to follow, including carefully verifying any new payment requests before authorising them, and continuously promoting online vigilance can be well worth the effort in the fight against phishing, and the generally increasing number of social engineering attacks that companies are facing.

The £240,000 of cryptocurrency confiscated from a teenager who was jailed for hacking ISP TalkTalk has been auctioned by police with the proceeds going towards fighting crime.

TalkTalk Hack

Elliott Gunton, (now 19) was jailed for 20 months in August this year for hacking offences, money laundering and for the breach of a Sexual Harm Prevention Order that was issued to him in 2016 for another offence.  The hack on ISP TalkTalk took place when Gunton was 16 years old, and he is reported to have sold the stolen customer data on the dark web to other cybercriminals for £2,469 in bitcoin.

The total amount that police were able to trace that was raised by sales of the stolen data was around £275,000 worth of cryptocurrency, including Bitcoin Ripple and Ethereum.

Hidden

Mr Gunton is reported to have used sophisticated methods to hide the large amount of cryptocurrency under his control but left several key clues which led to his arrest.  These included describing himself on a Twitter account as a “full-time crypto trader”, tweeting about how he had lots of money without people knowing, and telling a police officer that he was dealing in shares and would soon be a millionaire.

Parents

Mr Gunton’s parents were also charged (at a later date) with helping their son to move some of his cryptocurrency, earned from dark web sales, out of a seized police-bitcoin wallet.

Auction First

The auction of the cryptocurrency, via Wilson’s Auctions, by the Eastern Region Special Operations Unit of the police was the first auction of its kind.  Chief Inspector Martin Peters, of the ERSOU Cyber Crime Unit, is reported as saying that the sale would be a way to instil public confidence in the police force’s method of recouping the proceeds of crime in a way that was secure, innovative and transparent.

What Does This Mean For Your Business?

We often hear reports about hacks and dark web sales of data but we rarely hear about convictions or about what happens to the proceeds of crime for those hackers who have been successfully convicted. For many businesses and individuals who have fallen victim to cybercriminals, a report of this kind may offer some kind of reassurance that something is being done, and in a productive way that puts more money into fighting crime.

For those victims of the TalkTalk hack, who may well have been targeted by cybercriminals after having their details stolen and sold by Gunton, they may well have wished for tighter security by TalkTalk in the first place and may hope that ISPs are investing enough of their own money in keeping their cyber defences up to date.