IT Security Analyst Jailed for Impersonating as a Hacker in Own Company

July 18, 2023

A 28 years old Former IT security analyst of an Oxford-based company has been sentenced to three years for deceiving the company to extort money.

On 27 February 2018, the man impersonated a ransomware group that targeted the company at the time and exploited this opportunity for his benefit.

South East Regional Organised Crime shared the article that Ashley Liles, of Fleetwood, Letchworth Garden City, Hertfordshire, was sentenced for blackmail and unauthorized access to a computer with intent to commit other offenses at Crown Court.

During the primary attack, Ashley worked on the incident response team and traced that the attacker demanded ransom payment through email.

Taking advantage of this, he commenced a secondary attack on his company and accessed the emails of senior members over 300 times.

He modified the original email from the attacker by adding his payment details and sender email address and sent that email to his company to demand ransom.

However, the company refused to pay the ransom and discovered an unauthorized access attempt to the private emails.

In the event of an investigation, it was identified that the access had originated from Liles’s home address.

Detective Inspector Rob Bryant, from the SEROCU Cyber Crime Unit, said: “This has been a complex and challenging investigation, and I am incredibly grateful for all the officers and staff that were involved for their commitment and dedication over five years.

Officers from the South East Regional Organised Crime Unit’s (SEROCU’s) Cyber Crime Unit arrested Liles and seized his computer, laptop, phone, and USB stick.

Liles had wiped the data from his devices just a few days before his arrest. However, officers were able to provide the evidence by recovering his system.

Also, SEROCU encourages all the victims of cybercrime, irrespective of businesses or individuals, to report to Action Fraud.

For Daily Security Updates, Follow us on Linkedin, Twitter, and Facebook.

The post IT Security Analyst Jailed for Impersonating as a Hacker in Own Company appeared first on Cyber Security News.

Cyber Security News

361 million stolen accounts leaked on Telegram added to HIBP

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. […] Read More

New WordPress Malware as Cache Plugin Creates Rogue Admin Account

A novel kind of malware that acts as a sophisticated backdoor that can carry out several operations while impersonating a legitimate plugin has been identified.

The malware has several features, including the ability to modify files, create an admin account, remotely activate and deactivate plugins, add filters to prevent itself from being listed among the activated plugins, and pinging functionality to check if the script is still active.

Document

FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

WordPress Malware as Cache Plugin

The malicious file has access to standard WordPress functionality just like other plugins since it operates as a plugin inside of the WordPress environment, reports Defiant, the company behind the WordPress security plugin Wordfence.

Malicious User Creation

The code above shows the creation of a new user account with the username ‘superadmin’ and a hardcoded password with admin-level privileges. When it is no longer required, the next function is designed to delete the superadmin account.

Bot detection code is frequently seen in malware that presents average content to specific users while diverting them to malicious websites or presenting malicious content to other types of users.

This hook is frequently used to insert other desirable stuff into posts or pages, alter excerpt lengths, or append disclaimers to posts or pages.

The malware is used to activate and deactivate arbitrary plugins remotely. Additionally, it contains other cleanup functions to remove malicious content from the database.

Plugin activation/deactivation code

Remote Invocation

It looks for a certain user agent string that is required to manage this backdoor’s functionalities.

Entry Point

“Taken together, these features provide attackers with everything they need to remotely control and monetize a victim site, at the expense of the site’s own SEO rankings and user privacy”, researchers said.

Defiant’s malware scanner protects Premium, Care, and Response users during file uploads against the upload of this sample and many of its variations.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

The post New WordPress Malware as Cache Plugin Creates Rogue Admin Account appeared first on Cyber Security News.

Cyber Security News

Norway recommends replacing SSL VPN to prevent breaches

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. […] Read More

Related

Related Posts

Deploy Advanced AI-Powered Email Security Solution

WordPress Malware as Cache Plugin

Remote Invocation