Middlesbrough Council Targeted, Interpol Cyber Operation, Unaware Employees Risk
We are back again with your weekly dose of cybernews. From the deadliest cyberattacks to expert suggestions and preventive measures, we bring it all just for you. This week, we will talk about cyber-unaware employees who are putting companies at risk, the second blow on Middlesbrough Council, and the massive cyber-fraud operation launched by Interpol.
Middlesbrough Council is targeted by threat actors two times within a week!
Cybercriminals targeted the Middlesbrough Council in the UK twice within a week. The authorities have already investigated the previous attack, but the second one caught everyone by surprise.
The official website of the Middlesbrough Council was impacted by the dual cyberattack. The first attack was on Wednesday, while the second was on Sunday. It was a DDoS or Distributed Denial of Services attack.
The authority believes that no personal data or Council details have been impacted. The website is fully operational at present. The Middlesbrough Council is working in close coordination with the National Cyber Security Center to investigate the attack and nab the perpetrators.
Experts revealed that the Middlesbrough Council is among the multiple attacks launched by threat actors. The involvement of state-sponsored threat actors is also possible in this case.
The official website of the Council was taken down to investigate the attack closely. It started operating normally again in 3 days. Clive Heaphy, the Middlesbrough Council interim Chief Executive, has assured the citizens that their data is completely safe. He went ahead and apologized for any kind of inconvenience caused during the temporary website shutdown.
Massive cyber-fraud operation executed by Interpol
Interpol has been conducting a massive cyber-fraud operation named HAECHI V for the last five months. The operation involved 40 nations and regions. In these five months, Interpol has nabbed 5,500 financial crime suspects and seized assets worth $400 million.
The operation started in July 2024 and lasted until November. Through this operation, Interpol targeted seven different types of cyber-attacks: online sextortion, e-commerce fraud, voice phishing, romance scams, business email compromise fraud, and illegal gambling.
Korea was an active participant in this operation and managed to crack a voice-phishing syndicate. The same group was responsible for losses worth $1.1 billion.
During the operation, Interpol issued a Purple Notice to spread awareness about cryptocurrency cyber frauds involving stablecoin. A Purple Notice can be used to provide and seek details about procedures, modus operandi, criminals’ hideouts, and so on.
The operation also involved spreading awareness against the USDT Token Approval scam. This scam involves threat actors who target victims’ cryptocurrency wallets and gain illegitimate access to them.
Valdecy Urquiza, the Secretary General of Interpol, said that they understand the sense of devastation felt by cyberattack victims. Such attacks wipe out people’s life savings, destroy their reputations, dismantle their businesses, and break their trust in financial institutions and digital platforms. That’s exactly why it is important to curb such cyber-fraud activities.
Urquiza emphasized the borderless nature of cyberattacks and highlighted the significance of international police cooperation. The success of the HAECHI V operation hints at the endless possibilities that can be achieved when countries come together, join hands, and work closely.
Cyber-unaware employees may add to your company’s cyber risk!
Is your company not secure enough even after investing in high-end cybersecurity setups? Your employees can be the reason behind the fragility of your cybersecurity mechanism.
A recent survey was conducted in which over 14,000 employees from multiple industries participated. The core result of the survey highlights employee behavior as a major catalyst to organizational risk.
According to the survey, about 80% of the surveyed employees access workplace applications from their personal devices, leading to increased cyber risks. Also, privileged access beyond IT admins can also be a major reason for cyberattacks on companies. A whopping 30% of the respondents are in a position to make large financial transactions without requiring the involvement of an authority figure.
Poor cybersecurity practices, such as reusing the same login credentials across different work applications, interfering with cybersecurity policies just for the sake of convenience, and using the same credentials for both personal and professional purposes, can cause severe damage beyond your imagination.
The introduction of AI tools without proper training is further adding to these cyber malpractices. Around 72% of employees use AI, and the risk keeps increasing as more and more sensitive details are shared with AI. 38% of the employees avoid intricate guidelines while feeding data to AI for ease and swiftness of work.
The survey is a staggering reminder that cyber training should be mandatory in this digital age. No state-of-the-art cybersecurity mechanism can prevent threat attacks until and unless your employees are well-trained and prepared to combat cybercriminals and their malicious moves.
Implementing SPF, DKIM, and DMARC helps protect against email-based cyberattacks, ensuring email authenticity and reducing risks.