Weekly Threat Report 9th June 2017

Fireball malware

More than 250 million computers worldwide have been infected with malicious adware called Fireball, according to recent reporting.  Produced by Rafotec, a Beijing-based digital marketing firm, the malware is spread mostly via bundling. That is, when a user downloads a product they want, the Fireball malware is ‘bundled’ in without the user’s knowledge or consent.

Once infected, Fireball hijacks the user’s browser, installs extra plug-ins and…

Link: Weekly Threat Report 9th June 2017
Source: NCSC Reports

Weekly Threat Report 2nd June 2017

Android app malware

According to IT security company Check Point, as many as 36 million Android devices may have been infected with ad-click malware. The malware, dubbed Judy, is reported to have been present in approximately 50 apps in Google’s play store, but the total number of infections cannot be accurately determined as it is not known for how long the apps have been malicious.

Those responsible generate money through ad-clicks – in this instance Judy silently imitated a…

Link: Weekly Threat Report 2nd June 2017
Source: NCSC Reports

Weekly Threat Report 26th May 2017

Russian government reaction to cyber criminals

This week Russia revealed it had arrested a cyber crime gang in November last year for a campaign that raised nearly USD900, 000. The gang was nicknamed ‘Cron’ after the malware it used, which infected over a million Android mobile devices of Russian bank customers. Users unwittingly downloaded the malware via fake mobile banking apps, pornography and e-commerce programmes. The ‘Cron’ gang exploited a Russian bank service…

Link: Weekly Threat Report 26th May 2017
Source: NCSC Reports

Weekly Threat Report 19th May 2017

WannaCry ransomware attack illustrates risk of using unlicensed software

The WannaCry international ransomware attack has highlighted the risks of relying on unpatched software. The scale of the outbreak has been blamed in part on the widespread use of unlicensed software. Pirated software is often insecure as it does not benefit from manufacturers’ updates to fix vulnerabilities.

Several of the countries reported by cyber security companies to be worst affected are also amongst the…

Link: Weekly Threat Report 19th May 2017
Source: NCSC Reports

Weekly Threat Report 12th May 2017

International cyber incident affecting the NHS

On Friday a set of global cyber attacks took place against thousands of organisations, including the NHS, and individuals in dozens of countries.

The NCSC statement on the incident can be read here and guidance on how to defend your organisation against ransomware can be found here.
 

US restaurant chain payment process system compromised

A US restaurant chain, Chipotle Mexican Grill, recently announced that unauthorised activity…

Link: Weekly Threat Report 12th May 2017
Source: NCSC Reports

Weekly Threat Report 5th May 2017

Google and Facebook were victims of Business Email Compromise (BEC) or ‘CEO Fraud’

Google and Facebook have been identified as the victims of an email phishing attack for which a Lithuanian man was charged in March 2017.

The attack relied upon social engineering methods rather than technical intrusion techniques. However, the individual was still able to trick the organisations into transferring over $100 million between 2013-2015, highlighting how cyber-enabled social…

Link: Weekly Threat Report 5th May 2017
Source: NCSC Reports

Weekly Threat Report 28th April 2017

Increase in Homographic Phishing Attacks

Recent media reporting highlights a threefold increase in homographic phishing attacks over the past fourteen months.

Homographic attacks have been widely known about for many years, and rely on the fact there are visual similarities between many different Unicode characters to spoof well-known web addresses using similar-looking Punycode domains. For example, by registering the Unicode domain “www.xn--googl-z8a.com” an attacker would be in…

Link: Weekly Threat Report 28th April 2017
Source: NCSC Reports

Weekly Threat Report 21st April 2017

Hajime – What is the intent of this IoT Botnet?

In October 2016 the security research group at Rapidity Networks discovered a new malware, called Hajime, with similarities to the Mirai botnet: it targets Internet of Things (IoT or internet-connected) devices by scanning the Internet for devices with network vulnerabilities and attempts to connect to them using known default username/password combinations. According to Symantec, Hajime is believed to have infected between 130, 000 and…

Link: Weekly Threat Report 21st April 2017
Source: NCSC Reports

Weekly Threat Report 7th April 2017

Threat to Managed Service Providers

A major cyber campaign against Managed Service providers has been detected that may present risks to organisations using outsourced IT services. Please see the following report for further details. Further information can also be found via the Cyber-Security Information Sharing Partnership (CISP) forum.

Media references to terrorist cyber capability

There have been numerous reports on the recently imposed restrictions on electronic devices larger than a…

Link: Weekly Threat Report 7th April 2017
Source: NCSC Reports

Weekly Threat Report 31st March 2017

Criminals target US healthcare sector

The cyber division of the FBI recently issued an alert warning of criminal activity targeting File Transfer Protocol (FTP) servers operating in ‘anonymous’ mode, associated with the US medical and dental facilities.

The criminals involved are reportedly motivated by the potential to access protected health information (PHI) and personally identifiable information (PII). This data is then used by criminals to extort healthcare business owners…

Link: Weekly Threat Report 31st March 2017
Source: NCSC Reports