Issue 34: UK Hacker Nets Millions in Stock Scheme; Sellafield Fined £332,500 for Cybersecurity Breach & LockBit Faces Global Crackdown

Top stories 04 October 2024:

1. UK Hacker Nets Millions in Stock Trading Scheme
2. Sellafield Fined £332,500 for Serious Cyber Security Failings
3. Global Crackdown on LockBit Ransomware Gang: Four Arrested

UK Hacker Nets Millions in Stock Trading Scheme

Robert Westbrook, a 39-year-old UK national, has been charged with hacking into five public companies to steal corporate earnings information, netting approximately $3.75 million from stock trades.

Between January 2019 and August 2020, Westbrook allegedly accessed Office365 email accounts of senior executives by resetting their passwords. He used the stolen information to trade stocks ahead of 14 earnings announcements.

Westbrook also set up auto-forwarding rules to send emails from compromised accounts to his own. This allowed him to receive emails from specific accounts without having to re-access them enabling him to maintain ongoing surveillance without raising suspicion.

If the compromised companies had better logging and detection rules in place, this would have been caught earlier. This is why businesses should implement extensive security tools like advanced threat detection systems and automated alerts for suspicious behaviour. These tools can monitor unusual login patterns, flag unauthorised forwarding rules, and detect anomalies in email traffic.

The US is seeking his extradition on charges of wire fraud, securities fraud, and computer fraud. If convicted, he faces decades in prison. The Securities and Exchange Commission (SEC) is demanding he return the illicit gains and pay civil penalties. Westbrook attempted to hide his identity using anonymous emails, VPNs, and Bitcoin trades.

TLDR;

• Robert Westbrook, a UK national, faces extradition to the U.S. for hacking companies to steal earnings data for stock trades, profiting $3.75 million, and now faces charges of fraud and SEC penalties.

Sellafield Fined £332,500 for Serious Cyber Security Failings

The operator of Europe’s largest nuclear waste site, Sellafield, has been fined £332,500 for significant cyber security breaches. The Cumbrian-based company pleaded guilty to three offences under the Nuclear Industries Security Regulations 2013, following an investigation by the Office for Nuclear Regulation (ONR) covering 2019 to 2023.

The breaches, described as “serious” by senior district judge Paul Goldspring, were not momentary lapses but persistent issues that could have allowed hackers to view and extract sensitive data or execute malicious code, such as ransomware.

Despite no evidence of actual harm or successful cyber attacks, the vulnerabilities were deemed severe enough to potentially compromise sensitive nuclear information. For example, a successful phishing attack could compromise key systems of data causing operational disruptions.

The ONR highlighted that Sellafield had failed to conduct annual computer system health checks, even though they had promised to do so. The company has since made major improvements to its systems, network, and structures to strengthen their cybersecurity. The fines include £53,253 in prosecution costs and a £190 court surcharge. Energy Secretary Ed Miliband has sought assurances from the Nuclear Decommissioning Authority to prevent future occurrences.

TLDR;

• Sellafield, Europe's largest nuclear waste site, was fined £332,500 for serious and persistent cybersecurity breaches between 2019 and 2023, though no actual harm occurred, leading to major system improvements being required.

Global Crackdown on LockBit Ransomware Gang: Four Arrested

Law enforcement from 12 countries have arrested four suspects tied to the LockBit ransomware gang, including a developer, a bulletproof hosting service administrator, and two affiliates. Led by the UK’s National Crime Agency (NCA) under Operation Cronos, this investigation began in April 2022 and included the seizure of LockBit's infrastructure servers.

Since its inception in 2019, LockBit have been responsible for many high profile cyber attacks, including Bank of America and Boeing. Known for its highly effective ransomware-as-a-service (RaaS) model, LockBit encrypts victim data, then demands hefty ransoms for decryption. The group has become one of the most prolific and feared ransomware operators globally.

In August 2024, French authorities requested the arrest of a suspected LockBit developer, while the NCA apprehended two individuals, one for affiliation and another for money laundering. Spain’s Guardia Civil also arrested the hosting service administrator at Madrid airport. Australia, the UK, and the U.S. have imposed sanctions on individuals linked to LockBit and Evil Corp, including 15 Russian nationals.

These actions followed a February 2024 disruption of LockBit's infrastructure, resulting in the seizure of 34 servers and more than 2,500 decryption keys. The U.S. Department of Justice and the NCA estimate LockBit has extorted up to $1 billion from over 7,000 attacks between June 2022 and February 2024.

TLDR;

• The UK’s National Crime Agency led an investigation resulting in the arrests of four suspects linked to the LockBit ransomware gang, which has executed numerous high-profile cyberattacks since 2019, extorting up to $1 billion from over 7,000 attacks.

6 Key Precautions to Prevent Insider Threat Attacks

Whether its a departing employee, a careless mistake, or a malicious insider, businesses must prevent data exfiltration from insider threat attacks.

So, we've put together this blog with real-world examples, to help you protect your business from this growing threat. Read it here.

That's all folks!

Thank you for reading Critical Chatter, CloudGuard’s weekly roundup of security articles curated by Guardians. This week’s news flash has been curated by Atif Chaudry (SOC Analyst).

If you like what you've read, subscribe so you don't miss next week's roundup!