The £2.4 million UK / South Korean 5G challenge

  • UK and South Korean businesses to pilot 5G technology on Seoul subways

  • Augmented Reality (AR) trials could revolutionise tourism sector

  • Competition will help drive South Korean investment in the UK and create new opportunities for UK businesses in South Korea

A new UK / South Korea 5G competition has been launched by Digital Minister Margot James to help prepare the UK for a future 5G rollout. Businesses are now being encouraged to apply for a unique opportunity to trial new content and services on South Korea’s transport networks.

The UK and South Korean Governments are funding a £2.4 million project to support businesses in the two countries and develop 5G technology. The project will live test content and services on the Seoul metropolitan subway system.

5G is the next generation of mobile connectivity, providing speeds up to 20 times faster than current 4G technology.

Minister for Digital, Margot Jamessaid:
“We want the UK to be a world leader in 5G services, and this collaboration with South Korea will create new opportunities for UK businesses abroad and encourage more inward investment. The UK has a huge pool of 5G scientific research and engineering talent, and I would encourage all businesses in this field to enter this innovative competition.”

The trials will enable businesses and researchers to investigate and address a number of user and technical challenges that are crucial to the future roll out of 5G.

These could include:

  • Augmented Reality (AR) experiences in busy public spaces, giving tourists and commuters a dramatic new insight to the city and the way in which they experience it.

  • Optimisation of traffic management systems, to better manage commuter flows, reduce overcrowding, improve safety and better protect the environment.

  • Providing uninterrupted infotainment services for commuters such as interactive content, video streaming and gaming, with more reliable and faster services across the subway network.

Chairman of 5G Forum Executive Committee, Prof. DongKu Kim said:
“British businesses are renowned for their creative content, design and innovation. We welcome the chance for our technologists and researcher and collaborate with them to create the next generation of mobile entertainment and services.”
Additional benefits this innovative collaboration will deliver include:

  • New industry partnerships between UK and South Korean institutions to further trade opportunities for UK companies in South Korea.

  • New South Korean investment opportunities in the UK, helping to diversify the UK telecoms supply chain.
  • Greater access for UK Industry and academia to South Korean technology, hardware, software and intellectual property.
The funding competition is part of the UK’s 5G Testbed & Trials (5GTT) Programme, which aims to maximise the opportunities for UK businesses, especially SMEs, to develop new 5G applications and services for both domestic and global markets. It is a key part of the Government’s modern Industrial Strategy – making sure that the UK has the right infrastructure in place to be a world leader in new 5G technology.
The deadline for applying is 1st June and the competition is being managed by UK5G on behalf of DCMS.



Home Office apologises for EU citizen data breach

The Home Office has apologised to hundreds of EU citizens seeking settled status in the UK after accidentally sharing their details.

It blamed an “administrative error” for sending an email that revealed 240 personal email addresses – a likely breach of the Data Protection Act.

The Home Office sent the email on Sunday 7 April asking applicants, who had already struggled with technical problems, to resubmit their information. But it failed to use the “blind CC” box on the email, revealing the details of other applicants.

Commenting on the news, Shlohmie Liberow, Technical Program Manager at HackerOne, said:

“Whilst it is important to ensure staff are appropriately trained, there should be an assumption that “administrative errors” will inevitably occur. It is therefore crucial to implement technical controls too when handling sensitive data, to avoid such a scenario.”



Egress Software’s CEO, Tony Pepper comments on Windrush compensation scheme data breach

The Home Office has admitted to exposing the email addresses of migrants involved in the Windrush compensation scheme and breaching data protection regulations. Immigration Minister Caroline Nokes released a statement apologising for the data breach which exposed some 500 email addresses. Egress Software‘s CEO, Tony Pepper comments:

“Immigration minister, Caroline Nokes, has again apologised to the Windrush generation after about 500 private email addresses were mistakenly shared with recipients of a mailing list for the compensation scheme. When this accidental incident occurred, there was no safety net and no way of alerting the sender of the mistake. This is a common error that we’ve also seen in our recent research, where 45% of employees who accidentally shared information sent it to the wrong person.

Traditional solutions to prevent inbound and outbound data breaches – such as firewalls, endpoint security, encryption and malware scanning – have little to no impact on accidental incidents, as they can’t stop someone from doing something like sending an email to multiple recipients using To/Cc instead of Bcc. This is because they can’t tell the difference between ‘good’ and ‘bad’ user behaviour (whether accidental or malicious).

While organisations typically prioritise the malicious outsider over the accidental insider threat, the latter has been fundamentally underestimated. With intelligently applied machine learning and big data analysis combined with a people-centric approach to technology and awareness programmes, it is possible to mitigate against such human errors and enhance organisations’ cybersecurity.”



Cybercriminals Attack Cloud Server Honeypot Within 52 Seconds, According to Sophos Global Report

Sophos study of 10 cloud server honeypots placed worldwide reveals the need for visibility and security to protect what businesses put into hybrid and all-cloud platforms 
Key Report Findings:
·         Cloud server honeypots across 10 global locations attacked within 40 minutes, on average
·         Cloud servers were subjected to 13 attempted attacks per minute, per honeypot, on average
·         More than 5 million attempted attacks on all cloud server honeypots in a 30-day period
 Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced the findings of its report, Exposed: Cyberattacks on Cloud Honeypots, which reveals that cybercriminals attacked one of the cloud server honeypots in the study within 52 seconds of the honeypot going live in Sao Paulo, Brazil. On average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot. The honeypots were set up in 10 of the most popular Amazon Web Services (AWS) data centers in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period. A honeypot is a system intended to mimic likely targets of cyberattackers, so that security researchers can monitor cybercriminal behaviors.
In the study, more than 5 million attacks were attempted on the global network of honeypots in the 30-day period, demonstrating how cybercriminals are automatically scanning for weak open cloud buckets. If attackers are successful at gaining entry, organizations could be vulnerable to data breaches. Cybercriminals also use breached cloud servers as pivot points to gain access onto other servers or networks.
“The Sophos report, Exposed: Cyberattacks on Cloud Honeypots, identifies the threats organizations migrating to hybrid and all-cloud platforms face. The aggressive speed and scale of attacks on the honeypots shows how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organization’s cloud platforms. In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud,” said Matthew Boddy, security specialist, Sophos. “The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing.”
Visibility into Weaknesses
Continuous visibility of public cloud infrastructure is vital for businesses to ensure compliance and to know what to protect. However, multiple development teams within an organization and an ever-changing, auto-scaling environment make this difficult for IT security.
Sophos is addressing security weaknesses in public clouds with the launch of Sophos Cloud Optix, which leverages artificial intelligence (AI) to highlight and mitigate threat exposure in cloud infrastructures. Sophos Cloud Optix is an agentless solution that provides intelligent cloud visibility, automatic compliance regulation detection and threat response across multiple cloud environments.
“Instead of inundating security teams with a massive number of undifferentiated alerts, Sophos Cloud Optix significantly minimizes alert fatigue by identifying what is truly meaningful and actionable,” said Ross McKerchar, CISO, Sophos. “In addition, with visibility into cloud assets and workloads, IT security can have a far more accurate picture of their security posture that allows them to prioritize and proactively remediate the issues flagged in Sophos Cloud Optix.”
Key features in Sophos Cloud Optix include: 
·         Smart Visibility Provides automatic discovery of an organization’s assets across AWS, Microsoft Azure and Google Cloud Platform (GCP) environments, via a single console, allowing security teams complete visibility into everything they have in the cloud and to respond and remediate security risks in minutes
·         Continuous Cloud Compliance – Keeps up with continually changing compliance regulations and best practices policies by automatically detecting changes to cloud environments in near-time
·         AI-Based Monitoring and Analytics – Shrinks incident response and resolution times from days or weeks to just minutes. The powerful artificial intelligence detects risky resource configurations and suspicious network behavior with smart alerts and optional automatic risk remediation
“Migrating several petabytes of data and many applications to AWS and Azure made it necessary to transition from a manual to automated process for security monitoring. Sophos Cloud Optix’s multi-cloud security and compliance platform capabilities provided real-time cloud workload protection status in seconds. The AI-powered monitoring and alerts helped reduce the noise and allowed our teams to focus on delivering value to the business,” said Aaron Peck, vice president and CISO, Shutterfly, Inc., a Sophos customer, based in Redwood City, Calif.
“Our goal is to provide the most comprehensive and highly-effective cyber security services to all of our clients. Whether in technology, manufacturing or utilities, our customers want to maximize their investments and protect their data in the cloud. The partnership with Sophos and the ability to offer Sophos Cloud Optix is important to us because it allows us to provide continuous compliance coupled with intelligent cloud visibility and immediate threat response. With Cloud Optix, our growing customer-base will have the opportunity to solve the toughest challenges in cloud security,” said Rajeev Khanolkar, president and CEO, SecurView Inc., a Sophos partner based in Edison, New Jersey.
Sophos Cloud Optix leverages AI-powered technology from Avid Secure, which Sophos acquired in January 2019. Founded in 2017 by a team of highly distinguished leaders in IT security, Avid Secure revolutionized the security of public cloud environments by providing effective end-to-end protection in cloud services, such as AWS, Azure and Google.
Pricing and availability details are available from Sophos partners worldwide.
For more information on Sophos’ findings, please read the full Exposed: Cyberattacks on Cloud Honeypots report and accompanying Naked Security article, Knock and Don’t Run: The Tale of the Relentless Hackerbots. Additional information on Sophos Cloud Optix is available on



Defrauded NHS trust is paid back £1.2m under POCA

A payment of £1.2 million has been received by Lincolnshire Partnership NHS Foundation Trust, as a result of a Proceeds of Crime compensation order and collaboration between agencies to tackle fraud.

Substantial payments have also been awarded by the courts to other NHS trusts who fell victim to the same organised crime group: North Essex Partnership NHS Foundation Trust has received £298,219.79 and Tees, Esk & Wear Valleys NHS Foundation Trust has received £216,584.76.

The original fraud and money laundering investigation, Operation Tarlac, was led by Lincolnshire Police Economic Crime Unit (ECU), closely assisted by the national NHS counter fraud service and its Forensic Computing Unit, all now part of the NHS Counter Fraud Authority. The Forensic Computing Unit’s specialist software allowed over 90,000 documents and files to be analysed rapidly and remotely.

Operation Tarlac revealed that a criminal group defrauded £12 million from various public bodies including a number of NHS bodies, councils and housing associations around the UK. The Guernsey government was also targeted, losing £2.6 million. The fraudsters employed forged letters, emails and faxes to masquerade as a legitimate firm and divert payments to themselves.

The investigation resulted in over 50 years of prison sentences in total. The 14th member of the crime group to be convicted, Bayo Awonorin, was sentenced in January this year to nine years and six months’ imprisonment, after pleading guilty to conspiracy to defraud and conspiracy to launder money. He had fled the UK whilst on bail but was tracked down in the US by Lincolnshire Police and extradited.

Another conspirator was sentenced to three-and-a-half-years imprisonment in January 2018, after being detained in Germany on a European Arrest Warrant. Oil and gas executive Walter Wagbatsoma was identified by Lincolnshire Police ECU and extradited to the UK.

The international nature of the case went further: funds were laundered through business accounts in the UK, Dubai, Turkey and Poland and some of those funds were later moved back to the UK.

One of the conspirators, Oluwatoyin Allison, remains wanted. He was convicted in his absence in April 2017 and jailed for seven years.

Operation Tarlac began back in September 2011, with a complaint of fraud from Lincolnshire Partnership NHS Foundation Trust. A payment to a building firm of £1.28 million towards a new mental health rehabilitation unit had gone missing. A further 20 linked offences and total losses of £12.6 million suffered by various parties were identified. In sentencing, Judge Philip Head, described it as a “sophisticated and widespread fraud in its conception and execution” with the loss failing on the tax payer.

Sue Frith, Interim CEO of the NHS Counter Fraud Authority, said today:

“I commend the excellent work by Lincolnshire Police. Close collaboration between the NHSCFA, police forces and other authorities is vital to root out NHS fraud, especially by professional criminals. These recoveries for the NHS, and the original investigation, are good examples of how NHS counter fraud work helps to curb crimes against the taxpayer even beyond the NHS. Our Forensic Computing Unit, intelligence, fraud investigation and financial investigation specialists all played important roles in Operation Tarlac.”

Det Sgt Mike Billam, of Lincolnshire Police ECU, said today:

“Recovering the stolen funds has always been a key objective in this investigation and so I am particularly pleased that LPFT has now received the full value of their loss which I know will be used to benefit our communities. The NHS forensic computing unit provided exceptional and invaluable support to this investigation, managing data and saving costs – an outstanding example of partnership working. The Economic Crime team at Lincolnshire Police have worked relentlessly since the defendants were convicted to recover the value of the frauds from those responsible through the Proceeds of Crime Act. This work is ongoing and it is hoped that further funds will be recovered.”

More than 50 computer devices and 200 mobile phones were seized by police during Tarlac. NHSCFA’s Forensic Computing Unit is equipped with the latest technology, which allows terabytes of data to be forensically imaged and processed rapidly. FCU can provide a secure remote data review service, allowing data to be presented to multiple investigators regardless of their physical location.

If you suspect that anyone is committing fraud or another economic crime against the NHS, tell NHSCFA about it – you can call our 24-hour, confidential reporting line 0800 028 40 60 or visit our main website to report online:

“NHS fraud. Spot it, report it, together we stop it”