Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.
Here are the most prominent threats which you should be aware of:
Letchworth IT security specialist guilty of blackmailing own employer
An IT security analyst has pleaded guilty to blackmailing the company he was employed by for £300,000 worth of the cryptocurrency Bitcoin.
Ashley Liles, of Fleetwood in Letchworth, was employed as an IT security analyst by an Oxford-based company when the business suffered a cyber security incident in February 2018, which involved unauthorised access to part of the company’s computer systems. The attacker notified senior members of the company and demanded a ransom payment.
Liles began to investigate the incident, and worked alongside colleagues and the police to try to mitigate the incident.
However, unknown to the police, his colleagues and his employer, Liles began a separate and secondary attack against the company.
He accessed a board member’s private emails over 300 times, as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker, said the South East Regional Organised Crime Unit (SEROCU), who investigated the incident.
Liles also created an almost identical email address to the original attacker and began emailing his employer to pressurise them to pay the money.
No payment was made and the unauthorised access to the private emails was noticed. It was identified that this access came from Liles home address.
Specialist police officers from SEROCU’s Cyber Crime Unit arrested Liles and conducted a search of his home address.
Items seized from his address included a computer, laptop, phone and a USB stick.
Liles had wiped all data from his devices just days before his arrest, but the data was recovered, providing direct evidence of his crimes.
Despite the evidence, Liles denied any involvement until last week when, during a hearing at Reading Crown Court on Wednesday, he pleaded guilty to blackmail and unauthorised access to a computer with intent to commit other offences.
The 28-year-old will be sentenced on July 11.
Detective Inspector Rob Bryant, from the SEROCU Cyber Crime Unit, said: “I would like to thank the company and their employees for their support and cooperation during this investigation.
“I hope this sends a clear message to anyone considering committing this type of crime. We have a team of cyber experts who will always carry out a thorough investigation to catch those responsible and ensure they are brought to justice.”
Source – Letchworth IT security specialist guilty of blackmailing own employer
Defence giant Rheinmetall suffers cyberattack by Black Basta ransomware gang
The attack from the Russian gang took place after the company announced it was in talks with Ukraine about building a new tank factory.
The Black Basta ransomware gang has struck again, claiming automotive and defence manufacturer Rheinmetall as its latest victim. The company has confirmed the breach, which has seen screenshots of stolen data posted to Black Basta’s dark web blog.
The attack took place in April, at a time when the company revealed it could build a tank factory in Ukraine. Black Basta is thought to operate out of Russia and may have close ties to the government in Moscow.
Rheinmetall has over 28,000 employees and generated revenue of €6.4bn in 2022.
Rheinmetall cyberattack: Black Basta ransomware gang behind breach
Rheinmetall has confirmed that the Black Basta ransomware gang was behind a cyberattack perpetrated last month.
Screenshots posted to the gang’s dark web victim blog show sensitive data such as passport copies, purchase orders, non-disclosure agreements, letters of confidentiality and other corporate documents is in the hands of cybercriminals. The release of data suggests that negotiations between the cybercrime group and the company have fallen through, though it is not known if a ransom has been demanded or paid.
Tech Monitor has contacted Rheinmetall for more details of how the breach occurred, but a company spokesperson told Bleeping Computer: “Rheinmetall is continuing to work on resolving an IT attack by the ransomware group Black Basta. This was detected on 14 April 2023. It affects the Group’s civilian business.
The spokesperson also claimed that: “Due to the strictly separated IT infrastructure within the Group, Rheinmetall’s military business is not affected by the attack.”
Rheinmetall is in contact with the relevant authorities and has filed a criminal complaint with the Cologne public prosecutor’s office.
Source – Defence giant Rheinmetall suffers cyberattack by Black Basta ransomware gang
Thomas Hardye School in Dorchester hit by cyber attack
DORCHESTER’S Thomas Hardye School’s IT systems have been taken down by a cyber ransom attack.
The school, in a message to parents, says it will be working with partners, including the National Cyber Security Centre and the Police, to get the system working again as soon as possible.
It has not been operating throughout Monday and was still down on Tuesday. It is believed the system was hacked into during Sunday, May 21st and detected before school started on Monday morning.
Exams, which have just started, are not affected and the school says it will remain open with teaching methods being adapted, where necessary.
Anything which operates through the school server has been affected including payments in the canteen, pupil payments for other items which are based on fingerprint technology, electronic diaries, records, and messaging.
The attack, which locks screens and systems, involves a ransom demand payable on the Dark Web, which the school says it will not be doing.
Parents and carers of more than 2,100 pupils have been told that the school has no indication of how long it will take to restore systems.
A message from the headteacher, Nick Rutherford, to parents said: “We are in liaison with our school Data Protection Officer and this data breach has been reported to the Information Commissioners Office (ICO) in line with requirements of the Data Protection Act 2018/GDPR. Every action has been taken to minimise disruption and data loss.
“The school will be working with Wessex Multi-Academy Trust, IT team and other relevant third parties (Department for Education, National Cyber Security Centre and police) to restore functionality and normal working as soon as possible.
“The school will remain open with teaching and learning being adapted accordingly. Please be reassured that examinations will continue to run as normal with contingencies in place for those students who have access arrangements.
“I appreciate that this will cause some problems for parents/carers with regards to school communications and apologise for any inconvenience. Please use the telephone absence line to report student absence, as staff cannot currently receive emails. Please also telephone the school should you wish to report any concerns or speak to a member of staff.
“Staff will not have access to previous emails or online calendars, therefore, should you have made prior arrangements to meet with staff this week it may be worth phoning the school beforehand to check that our colleagues are aware.
We will continue to assess the situation and update parents/carers as necessary by Groupcall until our email is restored.”
The school is part of the Wessex Multi-Academy Trust, with only minor effects on other schools which link into the Thomas Hardye system. It is said that none of them have suffered data loss in the way that Thomas Hardye has.
Attempt to reach the school internet platform continue to be met with a message saying “unable to connect” or “took too long to respond” indicating a problem with the website.
Source –Thomas Hardye School in Dorchester hit by cyber attack