11/05/2021: Cybersecurity & Tech News Roundup

The Colonial Pipeline hackers are very very sorry for what they've done

The group behind the ransomware attack on the Colonial Pipeline has taken to the dark web to issue an apology for the damage they've caused. DarkSide - the group in question, issued the following statement:

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives. Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

What's the motivation behind this apology? Genuine remorse, or pressure from the FBI's security team closing in on them? While the group claims to be independent, and not part of a larger nation-state attack force, however a little research indicates that the hackers do not target systems that are running in Russian and Eastern European languages. Read more here.

West Midlands Railway are in hot water after sending a fake phishing email to staff

Keeping your staff's security awareness training up to date is a must for all organisations that don't want nasty surprises later down the line. The overwhelming majority of cyber-attacks begin with a phishing email, so ensuring your staff know how to spot and avoid clicking on or downloading from one is crucial. With that said though, it's important to make sure the fake email you send is tasteful.

West Midlands Railway has been criticised recently for sending out a fake phishing email to over 2,500 staff. It offered all staff a bonus for their "hard work" during over the course of the pandemic. When staff clicked the link, they were then told that they had actually clicked a phishing test - ice cold. Union bosses are now calling for Midlands Railway to actually deliver on the bonuses mentioned in the email, but we'll have to wait and see if they do actually pay up. Read more here.

Twitter has launched a new tipping feature

Would you pay money for good tweets? In a new bid to monetise the platform, Twitter has introduced its Tip Jar feature as "an easy way to support the incredible voices that make up the conversation" on the social network. As it stands, the only people who can receive tips via twitter is a select group of journalists, experts, and non-profit organisations, but we have a feeling that this guest list will soon expand to include influencers and celebrities.

The feature has caused some security concerns though, as the payment is made through external systems like PayPal, Venmo, or Cash App - so the tip sender's postal address can be seen by the recipient, and the recipient's email address can be seen by the sender, even if they don't actually send out any money. Hopefully Twitter can iron out these kinks. Read more here.

Want the latest technology news? Check out our Twitter page for upcoming tech world developments and data breach news, or get in contact with a member of our team to see how our security services can keep your organisation out of the headlines.