Lockbit Taken Offline By National Crime Agency

Ransomware provider LockBit has been taken offline by a joint operation involving law enforcement agencies from eleven countries.

As of the 20th February, a banner on LockBit’s website declares that the site is now under the control of the UK’s National Crime Agency, part of a coordinated operation to take down the group’s ‘command and control’ infrastructure.

Authorities from the NCA, the FBI, Europol and others from around the world swooped on a number of individuals believed to be involved with Lockbit – making arrests in Poland, Ukraine, and in the United States. Two further named individuals are believed to be Russian nationals.

The combined operation (‘Operation Cronos’) also froze more than two hundred cryptocurrency accounts, took down 34 servers and closed 14,000 rogue accounts.

operation cronos banner from lockbit's website

LockBit made headlines as one of the world’s most successful ‘Ransomware-as-a-service’ providers: offering a toolkit any would-be cyber criminal could use to launch their own cyber extortion operation, demanding more than $120m in ransoms for unlocking encrypted data.

The group behind LockBit, which first emerged on Russian forums in 2020, did not respond to Reuters following requests for comment, but published messages on an encrypted messaging app stating it has backup servers not yet ‘touched’ by law enforcement. Investigations by police in numerous countries also revealed copies of stolen data the group claimed to have deleted after negotiating ransom payments.

More than 1,700 organisations are believed to have been compromised by LockBit, many of which are now listed online – and include Royal Mail, the NHS, Boeing and ICBC, China’s largest bank, among many others.

Decryption tools have so far been released to victims of LockBit in 37 languages, as part of the ‘No More Ransom’ project, with UK authorities pledging to reach out to organisations affected by the ransomware.

 

For Cyber Security expertise and assistance, please contact our team today.


GCHQ Tipping Off Ransomware Targets

British intelligence services are actively providing advance warnings to potential ransomware targets in order to thwart impending cyber attacks. On average, every seventy-two hours for the last three months, a team of cyber security experts within GCHQ has been identifying the initial stages of new ransomware attacks targeting British entities, alerting intended victims and preventing attacks from being carried out.

An innovative system known as ‘Early Warning’, overseen by the National Cyber Security Centre (NCSC), is already believed to have thwarted major attacks, and draws on a range of unknown information sources including exclusive intelligence community feeds, public data, commercial inputs, and proprietary resources not available to the public.

This proactive approach, disclosed by several unnamed sources who spoke to Recorded Future News on the condition of anonymity, demonstrates the potential to curtail a significant number of successful cyber breaches. However, it has been noted by insiders that broader participation from organisations is needed to fully capitalise on the benefits of this system.

Currently, the scheme still has its challenges. Only a small fraction of organisations receive alerts – and it is estimated only 2% of those alerted act on the potential threat.

Ironically, a spokesperson from NCSC acknowledged the difficulties faced, stating, “We often struggle to find the correct contact information, or the person believes they’re speaking to a scammer.” The agency has taken steps to provide guidance on distinguishing official communications from criminal attempts to extract money or sensitive data.

In some cases, the delay in notifying potential victims has been so substantial that by the time NCSC establishes contact with the relevant parties, the ransomware attack has already been unleashed.

However, GCHQ clearly has big plans for developing the scheme further, and is encouraging organisations to sign up for Early Warning. As of the close of 2022, a mere 7,819 organisations had registered for the original service, but the NCSC’s annual report reveals that the system alerted over 5,900 user organisations about threats, more than 2,200 about vulnerabilities on their networks, and 56 received early alerts about ransomware attacks.

 

Learn more about Early Warning here, or speak to our Cyber Security team today.


UK to Test Emergency Alert System

The UK government has announced plans to test the UK emergency alert system that will send a siren-like notification to all mobile phones on 23rd April.

The new system is being trialled for use in the event of an immediate risk to life and enables emergency services to send messages directly to mobile phones when there is a threat to people’s safety. The siren-like notification can only be sent by an authorised government source: phones will vibrate and play a loud sound for up to 10 seconds, accompanied by guidance on how to respond sent from emergency services within a notification on the device’s home screen.

People’s privacy will not be affected as the alerts do not reveal their location or collect personal data. The system will go live on Sunday 23 April and should reach nearly 90% of mobile phones within a defined area.

People can opt-out of the emergency alerts by changing their device settings, but a survey conducted after the tests found that 88% of people wished to receive the alerts in the future. Emergency alerts will be used very rarely and will focus on the most severe weather-related incidents, such as flooding and possible wildfires. The system has already been successfully tested in East Suffolk and Reading.

The UK is following in the footsteps of other countries, such as the US, Canada, the Netherlands, and Japan, that have successfully rolled out similar emergency alert systems credited with saving lives. However, the US state of Hawaii caused panic when it accidentally sent out an alert warning of an incoming ballistic missile to televisions, radios, and mobile phones. Officials blamed miscommunication during a drill at the Hawaii Emergency Management Agency, which caused more than 30 minutes of panic. The UK government aims to strengthen national resilience with the new emergency alert system, which will help to warn and inform people in immediate danger and keep them safe.


Your Official Briefing

We recently attended a special event about the danger of Russian cyber aggression against the UK: here’s the latest guidance from the UK National Cyber Security Centre.

 

Be prepared for changes to Russian strategy

A feared ‘firestorm’ of wholesale attacks on the digital infrastructure of the UK and Ukraine’s other Western allies hasn’t arrived, but the NCSC urges Russia remains extremely unpredictable.

Intelligence agencies are now concerned Russia may launch a new cyber attacks on the West this year, partly as compensation for Russian ground war failures.

Rates of cyber attacks on UK organisations remain ‘steady’, with some very serious incidents reported – and the NCSC has emphasised before how Russian cyber attacks on satellite networks and banking systems in Ukraine have spilled over into multiple countries.

We do know that behind the scenes a number of UK organisations have been carefully briefed to prepare for Russian cyber attacks over the past year – and a ‘handful’ of cyber incidents each year are serious enough to require COBRA meetings.

 

Yes, REALLY unpredictable

Russian strategic aims are often inconsistent. Boldness and risk-taking are known to be favoured in Russian high command – which itself encourages reckless cyber operations, experimental techniques and surprise attacks – but also corners-cut and operational errors.

Much like the Russian ground offensive, many of the most aggressive Russian cyber attacks – such as the widespread use of destructive Wiper malware – appear to have been ‘front-loaded’ during March/April, preparing for a quick victory which did not materialise even as Ukrainian systems have been hardened.

Far less technical attacks also appear to have crept into the mix – alongside a curious quality gap in the actual work of Russian operatives, as if threat actors are being supplemented by other personnel. Recent incidents have highlighted the names of known Russian intelligence officers visible within the code of malware, and fascinating research by Mandiant even suggests attempts by the GRU to recruit assistance from amateur hacktivist volunteers via covert pro-Russian Telegram channels.

However, the NCSC emphasises that ineptitude or failure is not a barrier to the further attacks by Russia – the individuals behind the attacks are shameless, and cyber attacks remain a convenient way to highlight weaknesses from policy makers in other countries.

Essentially ‘nothing is off-limits’ – an approach that is also exacerbated by the internal competition between Russian service branches, with the FSB, FDR, GRU and others often seeking to outdo each other.

 

Who is a target in the UK?

Past experience suggest Russian cyber operations often include a key psychological element – following infamous KGB tradition.

As a result, the Russian military likes to target ‘pressure points’ in particular: critical infrastructure, the energy sector, transport, media organisations, senior politicians and especially companies with visible public-facing operations – anything that might generate panic among the public, suggest democratic policy makers are weak, undermine the West’s resolve to support Ukraine, or provoke a widespread feeling of vulnerability.

Ukraine provides some clues as to Russian strategy, but the NCSC emphasises that espionage attacks can often involve gaining access for no specific purpose – and (for example: obtaining privileged administrator access to systems) are simply a contingency for the future.

 

Organisations that plan ahead suffer less pain

Official advice is clear: organisations that prepare even the most basic disaster-contingency plans recover more quickly and suffer much less financial pain in the event of a cyber attack.

Even very simple crisis management steps like agreeing ‘who is in charge’ in advance, confirming ‘where are the backups’, and keeping printed copies of essential preparations for an emergency, all help radically minimise the damage, disruption and time to recovery.

However, this too comes with an NCSC warning: five years of IT improvement won’t be squeezed into your crisis remediation – better to have a roadmap for improving your cybersecurity as part of your existing business plans.

 

EDR is a Must

Forensic engines included in modern Endpoint Detection & Response (EDR) software help provide rapid information about the scale of hacks during incident response – this provides essential time for first responders to mitigate further threats, limit damage, and give the NCSC information about the threat to others.

The NCSC argues that British resilience will rely not just on small organisations across the country remaining vigilant, but gathering a wider pool of information on the centre’s behalf – the grassroots feeds into the ‘bigger picture’ of national security, and defending the UK is a team effort.

Services like the Signpost Cyber Incident Service now allow smaller organisations to report cyber attacks centrally.

 

Ransomware is THE threat.

NCSC guidance, right from the top of the organisation’s CEO remains the same:

“Even with a war raging in Ukraine, the biggest global cyber threat we still face is ransomware” – Lindy Cameron, NCSC CEO, June 2022.

 

Useful Links:

  • NCSC Early Warning System – Early Warning helps organisation investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds
  • NCSC Exercise in a Box – A free online tool which helps organisation find out how resilience they are to cyber attacks & practice their response in a safe environment.
  • Incident Management – cyber incident response plan NCSC guidance to create your own cyber incident response plan
  • The UK National Cyber Strategy – setting out five key pillars in the UK’s Cyber Planning.

 

For cyber security and technical expertise, please contact our team today.


UK Gigabit Voucher Scheme FAQs

Qualifying businesses in many rural parts of the UK are eligible for a Voucher worth up to £3,500 to help get new leased-line fibre broadband installed under the UK Gigabit Voucher scheme.

The Government recently urged SMEs to apply, with Digital Minister Matt Warman MP arguing the £70m pot is “still there for the taking.”

But what is the Gigabit voucher scheme, and how does it work?

 

How fast is gigabit?

Gigabit broadband is 1,000 megabits/per second (around twenty-times the download speed of a normal domestic FTTC connection) and unlike conventional broadband, supports a ‘symmetrical’ upload rate that is equally as fast as the download.

In most cases however, SMEs will deliberately opt for a more limited connection speed on a gigabit ‘bearer’ (eg: 200Mbit/s up and down) to keep costs manageable, while retaining the capacity and option of regrading up to a maximum of 1,000 Mbit/s at a later date if needed.

 

What does the voucher get used for?

Most connectivity providers charge an installation cost on new Leased Line installations – normally based on the length of fibre cabling that must be ‘dug in’ to connect the business. The voucher is a refund to help offset this upfront cost. Businesses must pay the ongoing monthly connectivity charges as normal, but the voucher is intended to help firms overcome the initial barrier-to-entry.

 

I’d like £3,500 please.

Quite! Although the the voucher is paid direct to your chosen supplier. Once your business has applied and been deemed eligible, your supplier will submit your voucher with your details when you place the initial order for your leased line. After your fibre is dug-in and connected, the scheme will check that your service is live before paying your supplier the due amount.

If your install is less than £3,500 you are likely to only be awarded the relevant cost, rather than the full amount. In most cases businesses will be signing a leased-line term with their provider for the ongoing cost of connectivity – normally between one and five years.

 

Can I use my voucher via Lineal?

Yes! We use Gamma Telecom Ltd for fibre leased-line connectivity, who are an approved supplier under the Gigabit Voucher Scheme.

 

Why is this funding being offered?

Successive Governments have reasoned that investing in better broadband is good for UK business growth, but the logistics of physically digging in fibre cabling is left to third-parties such as Openreach. Those providers insist ‘hard-to-reach’ properties are not economic to connect under the regional FTTC and FTTP broadband roll-outs because of the upfront cost of this installation work, or that gigabit fibre to the entire country is only achievable over the long term. For the best return on investment, the Government wants to prioritise upgrading businesses that already suffer slow speeds.

Gigabit fibre installations to commercial properties are also a capital project – the physical fibre, once ‘dug-in’ to a business premises, may end up being used for years to come by future businesses who take over the site, allowing more companies to benefit from widespread upgrades to the existing infrastructure.

 

What are other businesses doing?

To date around £90m worth of vouchers have been awarded so far, and around 29,000 connections have already gone live. The Government’s election pledge during 2019 was for gigabit fibre for the whole of the UK by 2025, a target which is widely expected to be missed.

This leaves rural businesses dependant on inclusion in their regional fibre-to-the-cabinet broadband roll-out as a stopgap, hoping to be included in an early tranche of Openreach’s future FTTP roll-out, or looking to fund the upgrade to a leased lined themselves.

 

Help! We really are out in the sticks!

If the cost of your install is still too large, there are other options: such as pooling your vouchers with neighbouring eligible businesses, accessing faster connections via 4G or point-to-point link. Speak to us to learn more.

 

How do I find out more?

You can learn more about eligibility and how to apply for your voucher via the UK Government’s Gigabit Voucher Scheme website here: https://gigabitvoucher.culture.gov.uk/ or get in touch with Lineal for more information.


Lockdown Articles We Wish We’d Written

This defining moment of the 21st century has provided ample inspiration for the world’s writers, bloggers and journalists – so far, 2020 has been a big year for tech.

Here’s some of our favourite technology articles from across the internet in recent weeks:

 


1. “… By now the silence from the UK government about the NHS app was deafening. What was going on?”

Due for release in June, but then suddenly scuppered, the story of how the Government’s £11.8m promised Covid app sank without trace.

What went wrong with the UK’s Contact Tracing App? – BBC News


2. “… the crooks behind the attack brought along a 280 MB Windows XP virtual machine to run it in (and a copy of Oracle VirtualBox to run that).”

A terrifying new ransomware that fires up its own anti-virus free virtual machine to infect the host – Sophos shines a spotlight on Ragnar Locker.

The Ransomware that Attacks your from inside a Virtual Machine – Sophos


3. “… In the rest of the building, only three people tested positive out of 927”

A fascinating diagrammatic look at how Covid spread through a single floor of a 19-story office building; researchers conclude duration of interaction is the critical danger to workplace safety.

An Analysis of three Covid-19 outbreaks, how they happened, and how they can be avoided – El Pais


4. “… In fact, Zoom is using its own definition of the term.”

Forced to hurriedly address security promises in recent updates: how Zoom’s original claims about call encryption in March turned out to be less than true.

Zoom meetings aren’t end-to-end encrypted, despite misleading marketing – The Intercept


5. “… My screen hours now actually exceed my waking hours.”

Is it possible to live a fulfilled ‘real-life’ entirely online? Many of us have been trying it without realising.

The Internet, mon amour – Economist, 1843 Magazine


 

 

For IT Support and technical expertise, contact our team today.


ISPs Lift Data Caps on Home Broadband

The UK’s biggest telecoms providers have agreed to remove data caps from Home broadband packages during the Coronavirus lockdown.

Although most UK home broadband packages now come with an ‘unlimited’ data allowance (subject to fair usage), many legacy products still enforce a data limit which may incur financial penalties if exceeded. Much like mobile data contracts, historically these were usually set at a specific monthly data usage, eg: 200GB.

The move follows discussions with the Government and telecoms regulator Ofcom, who are seeking to support vulnerable customers during the Coronavirus lockdown.

The Department for Culture, Media and Sport has also stated that the measure will be ‘effective immediately’ and help ‘people to stay connected whilst they stay at home.’

In particular, the BBC notes that many ISPs offer cut-price, limited broadband packages for those receiving benefits – although some limits on gaming, streaming and other high data-usage activities may remain in place for these packages.

Providers lifting data caps include BT (EE & Openreach), Virgin Media, Sky, TalkTalk, O2, Vodafone, Three, Hyperoptic, Gigaclear and KCOM.

 

For technology expertise and support, please contact Lineal today.


Lineal join Omnis for Web Engineering Day

Members of Lineal’s Software Development Team were recently invited to join the Omnis Software Engineering Team for a special 2-day visit focusing on development work regarding web features within SQLWorks.

Software engineers from both companies focused the dedicated day on the implementation and deployment of Lineal’s recent online work including business-to-business (B2B) trade ordering portals and online user survey systems.

The SQLWorks Team at Lineal wanted to thank the staff at Omnis for being excellent hosts and helping to craft an extremely useful and informative visit.

Omnis Software recently celebrated 40 Years in the industry, having been founded in 1979 by Blyth Computers Ltd. Co-founder Paul Wright.

Omnis technology has underpinned Lineal’s SQLWorks Business Management Software (integrating accounting, stock control, CRM and manufacturing) since the early 1980s. Lineal’s Managing Director Mike Matthews is a part of the international Omnis Technical Committee, and Lineal staff regularly help coordinate and take part in EurOmnis, the international Omnis software developer conference.

 

For Software development advice and expertise today, please contact our team today.


$100,000 top prize pledged for 2018 Imagine Cup

Microsoft is seeking student UK technology developers to enter the 2018 Imagine Cup – with a chance to win $100,000.

The prestigious technology trophy, awarded every year to a team of three young people who develop a groundbreaking technology idea, are currently accepting entries for 2018’s Imagine Cup UK finals.

UK finalists are expected to be chosen in March (top prize $5000) with global finalists travelling to Redmond, Virginia (the home of Microsoft) for 2018’s worldwide finals, and a chance at a grand prize of $100,000.

The winning entry must be an original technology project, created from an initial idea to implementation and run from the Microsoft Azure cloud platform. Entries can be on any theme, although recent competitions have been dominated by inventions designed to not only demonstrate innovation, but contribute to human well-being.

Entries from the UK will be judged by an expert panel, including Clare Barclay Chief Operating Office of Microsoft UK; Haiyan Zhang, Innovation Director at Microsoft Research; Michael Wignall, National Technology Office at Microsoft UK; and Rob Fraser, Commercial Software Engineering Lead at Microsoft UK.

Microsoft’s insistence on the final solution operating via Microsoft Azure no doubt reflects their ‘cloud-first’ business approach, in addition to a recognition that the ‘global’ finalist’s winning idea should be a truly global possibility.

Winning Imagine Cup entries from previous years include a solution to help those with diabetes manage symptoms, a charity donation app that embeds into news articles, and the ‘Emma Watch’ – recently featured on the BBC for assisting those with Parkinson’s in reducing limb tremors.

Teams can learn more, and enter the competition, here.

 

Lineal are a certified Microsoft Gold Partner – learn more.


Are you in the 46%? Studying 2017’s UK Govt. Cyber Security Report

DCMS has published this year’s 2017 UK Government Cyber Security Report, suggesting a staggering 46% of businesses have been hit by a cyber security breach in the past year.

The average cost of a cyber security breach is reported to be £1,570, although larger businesses (of which 68% reported falling victim) show figures of £20,000 or higher.

The polling, conducted by research institute Ipsos Mori, suggests businesses are increasingly seeking external IT or security advice as insurance against potential losses – particularly basic training for non-specialist staff and information on specific threats to their industry.

Certain positives jump out: basic technical standards laid out in the Government’s ‘Cyber Essentials’ scheme have been rolled out by half of all firms (although this was always a low bar, and the report admits that fewer than one in twenty firms have referred to public sector sources for security advice)

More encouragingly, the most common cyber breaches all involve an element of preventable human error: those reporting a breach in cyber security cited the most common cause as staff clicking links in fraudulent emails (72%) with other typical risks including viruses, spyware & ransomware (33%) and impersonation (27%.)

Specific dangers identified included:

  • Less than 40% of businesses have segregated WiFi networks, or any rules for encrypting personal data.
  • More than 70% do not have any input from someone responsible for IT security at a senior level.
  • Only 20% have run any kind of cyber security training in the last 12 months.

 

With the planned changes next year brought about by the introduction of the General Data Protection Regulations (GDPR), the potential costs associated with a data breach could be set to rise. Having measures in place to mitigate this risk well in advance is sound advice.

 

For IT Security support and advice, contact Lineal today: 01271 375999


Microsoft opens new UK Data Centres

UK data centres –

Microsoft’s Office 365 Team have announced the availability of multiple UK data centres for customer data.

The move follows increasingly strict rules on data compliance in the financial, security, health and public sectors – with more cloud IT users looking to ensure their data remains safely located in the UK.

Prospective customers considering the implications of Office 365 are able to view the locations of Microsoft’s uk data centres with this online ‘Where Is My Data?’ map, which now displays both the additional data centres and the Microsoft cloud services they support, in both London and Durham, with a third site anticipated for Cardiff.

Office365 and Azure Users will also have the ability to ‘re-locate’ their data from regional data centres (in most cases based within mainland Europe) to the new UK service.

In addition to the security and legal advantages for protecting sensitive data, cloud users of Office 365 are likely to benefit from lower costs, online backups and collaborative, remote access to files.

For now, the ability to re-locate Office365 or Azure data to the UK is likely to be restricted, with priority expected to be given to high-profile UK public sector customers including NHS Trusts and the Ministry of Defence – the latter mirroring many customers belated move to the cloud, upgrading legacy on-site systems in use since 2005.

The new infrastructure has been widely praised, with Microsoft clearly investing heavily in addressing the doubts many have about moving their IT to the cloud; reducing Office365 downtime to just 4 hours per year, and now re-locating data within country of origin for compliance with a high standard of data protection.

 

Contact Lineal for advice on moving to the cloud, or for a free trial of Microsoft Office 365 Business Premium, click here.