The National Cyber Security Centre (NCSC) has warned UK organizations to prepare for Russian cyber-attacks amid ongoing geopolitical tensions in Ukraine.

The new guidance follows numerous malicious cyber-incidents in Ukraine in the past month, which the NCSC said corresponds with past Russian behavior. These include more than a dozen Ukrainian government websites getting taken offline in a cyber-attack, while a major malware wiper campaign targeting government, IT and non-profit organizations across the country was recently detected by Microsoft.

The agency noted that such incidents resemble high-profile attacks like NotPetya in 2017 and cyber-attacks against Georgia in 2019, which the UK government attributes to the Russian government.

While no specific threats to the UK have currently been identified, the UK government’s support for Ukraine in the crisis is likely to make it a target of Russian threat actors.

The dispute revolves around Russian concerns that Ukraine will join NATO, and it has built up a substantial force on the border, leading to fears of invasion.

To prepare for potential attacks, the NCSC has urged UK organizations to take action to secure their systems. These include patching systems, enabling multi-factor authentication, implementing an effective incident response plan and checking that backups and restore mechanisms are working. This guidance is primarily aimed at larger organizations. The NCSC has also advised any organization that has fallen victim to a cyber-attack to report the incident to the NCSC’s 24/7 Incident Management team.

Paul Chichester, NCSC director of operations, commented: “The NCSC is committed to raising awareness of evolving cyber-threats and presenting actionable steps to mitigate them. While we are unaware of any specific cyber threats to UK organizations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organizations follow the guidance to ensure they are resilient.

“Over several years, we have observed a pattern of malicious Russian behavior in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”

Commenting on the guidance, David Carroll, MD of Nominet Cyber, said: “Organizations should take heed of the NCSC’s warning today and prioritize its recommendations to increase their cyber-resilience in the wake of worsening relations with Russia. This guidance is in line with the cybersecurity reality that has emerged over the past decade, where geopolitical activity and real-world warfare are increasingly mirrored in the cyber sphere.

“Experience has taught us that government, public sector and private sector organizations can become targets for malicious activity from hostile states and the UK government is right to take a proactive approach to protection. Organizations should prioritize identifying and patching vulnerabilities in their software, which have traditionally been a vector for large-scale attacks in the past, and be actively monitoring for breaches or potentially suspicious activity.”

Bulgarian law enforcement has successfully taken down a network of online investment fraudsters responsible for losses of more than €10m.

The operation, supported by Europol and Eurojust, took place on January 26. This resulted in the arrest of one individual by the Bulgarian National Police on suspicion of defrauding mainly German and Greek investors out of at least €10m. In addition, 24 locations were searched, police officers interviewed 66 witnesses in Sofia and Burgas and a variety of electronic equipment, financial information and recordings were seized.

The scam was conducted by an organized crime group that set up bogus websites and call centers. Call operators speaking German, Greek, English and Spanish posed as financial consultants and contacted potential investors with promises of significant profits. This led to several hundred victims making substantial investments, which they lost entirely.

German and Greek investors who lost their investments notified law enforcement, leading to the investigation and subsequent action.

During the operation, two experts from Europol were on the ground to facilitate the information exchange and provide real-time operational analysis and technical expertise. The joint action was coordinated by Eurojust, who also provided cross-border judicial support.

Europol explained: “In 2019, Bulgarian authorities started investigations and Eurojust set up a joint investigation team (JIT) between Bulgaria, Germany, Greece, Serbia and Europol. Following five coordination meetings with Europol and Eurojust, the JIT members were able to identify the two fraudulent call centers in Bulgaria. The Bulgarian police, supported by the Serbian authorities, dismantled both call centers on the action day.”

Last November, Proofpoint warned consumers of a significant rise in call center threat activity, in which attackers use email alongside call center customer service agents to scam victims, sometimes out of tens of thousands of dollars.

Florida is seeking to outlaw the malicious distribution of sexually explicit images without the subject’s consent. 

New legislation advanced in the Florida Senate Criminal Justice Committee on Tuesday aims to curb the unauthorized digital trafficking of real and deepfake lewd content and establish new regulations around revenge porn.

Senate Bill 1798, introduced by senator Lauren Book, would prohibit someone from knowingly, willfully and maliciously disseminating deepfake sexually explicit images without the permission of the individual(s) pictured. 

It would also criminalize the theft of sexually explicit images from an individual’s phone or digital device with the intent to distribute or benefit from them in some way.  

Additionally, the legislation renames “child pornography” as “child sexual abuse material” to underline that all visual depictions of sexually explicit conduct involving a minor constitute abuse and exploitation. 

Senator Brook said: “This bill will transform the way the state of Florida prosecutes and enforces ‘cyber trafficking,’ where images are uploaded to the darkest corners of the internet for people to buy, sell, trade, and use however else they see fit.”

Brook, whose own childhood was marred by six years of sexual abuse at the hands of her nanny, was also victimized in adulthood when nude photos of her were stolen. The senator became aware of the theft only when a cyber-criminal threatened to expose the images unless she paid a ransom. 

An investigation into the theft revealed that the images had been traded on the internet since 2010. Discussions about the images online included requests for content showing Brook being raped, killed and tortured. 

“Horrifically, once these images are online, they never truly go away,” said Brook. 

“It’s time to give victims some hope and bad actors a reason to think twice.”

The new bill also seeks to allow victims of this form of cybercrime to be entitled to seek civil damages up to $10,000.

Speaking on Tuesday after SB 1798 won the Committee’s approval, Brook said: “Today is an excellent first step at updating our laws to reflect the added layers of terror and victimization that are emerging due to the digital world we live in.”

A configuration error has caused a prolonged data breach at a Florida County’s drug screening laboratory. 

The security incident occurred at St. Lucie County’s Drug Screening Lab (SLC Lab), which supplies drug testing services for employment, court cases and other purposes.

In a statement released January 20 2022, County leaders said that a misconfiguration detected in the lab’s website portal had inadvertently made some of the portal users’ personal data accessible for more than four years.

“Upon learning of this issue, SLC Lab corrected the misconfiguration and immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of incidents,” said the officials. 

“SLC Lab devoted considerable time and effort to determine what information may have been accessible to unauthorized users.”

A digital forensic investigation was launched to determine what data had been exposed by mistake. 

The County said: “SLC Lab discovered on December 28 2021 that the website portal misconfiguration allowed for data to be accessible to certain portal users between June 2 2017 and October 13 2021.”

Data exposed in the incident included full names and one or more of the following: Social Security numbers, dates of birth and limited lab test type and result information.

“To date, SLC Lab is not aware of any reports of identity fraud or improper use of any information as a direct result of this incident,” said the County. 

On January 20, the lab began notifying affected individuals of the security incident by letter and encouraging them to enroll in complimentary credit monitoring services. County leaders did not state how many residents of St. Lucie County may have had their data compromised.

St. Lucie County spokesman Erick Gill told WPTV that the mistake impacted no other data in the care of the county. 

“SLC Lab is committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it,” said Gill. 

He added: “SLC Lab continually evaluates and modifies its practices to enhance the security and privacy of the personal information it maintains.”

An anonymous hacker has raised the alarm after discovering a vulnerability impacting Switzerland’s national railway system.

The flaw allowed the hacker to gain access to personal data belonging to around 500,000 individuals who had purchased tickets to ride on Swiss Federal Railways (SFR).

After detecting a weak spot in SFR’s Swiss Card system, the hacker reported it to the Rundschau show, which airs on Swiss public television, SRF.

Information left vulnerable by the flaw included travelers’ names, dates of birth, the number of first- and second-class tickets they purchased, places of departure and final destinations.

Speaking to the Rundschau program, the hacker said that anyone could have easily viewed the data as no specialist IT knowledge was needed to exploit the flaw. 

“The sensitive data was practically public on the internet,” said the hacker. 

The security breach was reported to Switzerland’s Federal Data Protection Commissioner. 

According to Swiss news site Swiss Info, the data compromised by the hacker was never made public and has since been secured by SFR. 

The hacker said that their motivation in exploiting the flaw was to expose its existence in the hope of averting a potentially malicious cyber-attack. 

“This is a huge meltdown for Swiss Railways,” Otto Hostettler, an author and journalist specializing in cybercrime, told the Rundschau program. 

“Such data can be sold in hacker forums on the dark web. In the wrong hands, it would have great potential for abuse.”

Cyber-criminals have been known to target the Swiss rail industry. In May 2020, hackers stole data from Swiss train manufacturer Stadler Rail and demanded a payment of $6m in Bitcoin for its return.

Following the attack, Stadler released a statement saying that it “is not and has never been willing to make payments to blackmailers and has not entered into negotiations.”

In response to Stadler’s rebuff, the cyber-thieves published images of some of the stolen files on the internet. A message accompanying the images stated that the criminals had swiped no fewer than 10,000 documents from the train maker. 

The company said it had backups of all the data compromised in the attack.