Incidents

OK to bring down a server by sending large quantities of e-mail?

A report today highlights an interesting ruling made in a UK court concerning the scope of the Computer Misuse Act, 1990. This is the legislation typically used in the UK to charge those suspected of distributing a virus, worm or Trojan.

The magistrate ruled that the actions of a teenager accused of sending millions of emails to his employer could not be considered a breach of the Computer Misuse Act, since it did not cause unauthorised changes to a computer as defined in the act.

The magistrate went on to add that so-called DoS (Denial of Service) attacks would also not be illegal under the act.

Clearly an act created 15 years ago, a PC world dominated by DOS, floppy disks and bulletin boards, is not the most effective legislation for a ‘wired’ world. There have been increasing calls for existing computer crime legislation in the UK to be overhauled: and this case will undoubtedly strengthen the case for change.

OK to bring down a server by sending large quantities of e-mail?

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox