Weekly Threat Report 29th September 2017

Compromise of Deloitte

The Guardian this week reported that the global accountancy firm Deloitte had been hit by a cyber attack that has revealed client email addresses. The hackers may have also accessed usernames, passwords and personal details.

Deloitte provides auditing, tax consultancy and cyber security advice to some of the world’s biggest banks, multi-national companies, media enterprises, pharmaceutical firms and US government agencies. According to the Guardian, Deloitte…

Link: Weekly Threat Report 29th September 2017
Source: NCSC Reports

Weekly Threat Report 22nd September 2017

CCleaner supply chain compromise

A version of the widely used utility software CCleaner has reportedly been delivering malware via a recent software update. This tactic of targeting through supply chains, exploiting the trust between consumers and suppliers, provides wide scope for infection, as illustrated by the case of NotPetya malware which spread via Ukrainian accounting software.

Avast, the parent company of CCleaner developers Piriform, initially reported that 2.27 million…

Link: Weekly Threat Report 22nd September 2017
Source: NCSC Reports

Weekly Threat Report 15th September 2017

Phishing scam targeting UK university students

Media reporting earlier this month highlighted a warning by Action Fraud of a phishing campaign against university students. The scam involves fake emails claiming that the Student Loans Company have suspended the victim’s account. Victims are asked to provide credentials and bank account details, which is used to carry out identity theft and fraud. 

Cyber criminals often seek to exploit seasonal events, such as the start of…

Link: Weekly Threat Report 15th September 2017
Source: NCSC Reports

Weekly Threat Report 8th September 2017

Universities under cyber attack

This week, various media outlets have reported on the high number of cyber attacks suffered by UK universities.

Universities are of interest to a range of attackers. Highly skilled hacking groups conduct cyber espionage, seeking to acquire cutting-edge research and intellectual property in areas such as defence, energy, and artificial intelligence. Most academics have detailed web pages describing themselves and their research interests, giving attackers more…

Link: Weekly Threat Report 8th September 2017
Source: NCSC Reports

Weekly Threat Report 1st September 2017

300% increase in attacks on Microsoft cloud services

Microsoft has revealed that the frequency of attacks against users of its cloud services, including Microsoft Azure and Office 365, has increased by 300% over the last year.

“A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services,” said Microsoft in its ‘Security and Intelligence’…

Link: Weekly Threat Report 1st September 2017
Source: NCSC Reports

Weekly Threat Report 25th August 2017

Data breach affects NHS administrative information

An individual affiliating themselves with the hacktivist collective Anonymous claims to have stolen UK NHS patient data. The attacker claims to have exploited unpatched vulnerabilities in software provided by SwiftQueue, a vendor responsible for managing a number of hospital appointment booking systems.

SwiftQueue have confirmed an unauthorised party accessed 32,501 lines of administrative data. This is likely to include personally…

Link: Weekly Threat Report 25th August 2017
Source: NCSC Reports

Weekly Threat Report 18th August 2017

Hotels targeted across Europe and the Middle-East

Recent media reporting has highlighted a campaign targeting the hospitality sector.

The campaign, which reportedly started in July 2017 and may be linked to a similar campaign carried out during the autumn of 2016, is allegedly being carried out by Fancy Bear, also known as APT28. The group has also been implicated in the hack-and-leak campaign against the Democratic National Committee (DNC) during the 2016 US Presidential Elections.

Using…

Link: Weekly Threat Report 18th August 2017
Source: NCSC Reports

Weekly Threat Report 11th August 2017

Steganography is becoming increasingly popular

According to the cyber security company Kaspersky Lab, steganography is becoming increasingly popular with cyber actors and is used to conceal malware, data exfiltration and for command and control (C&C) communications. 

Steganography is the technique of concealing data within other, seemingly innocuous, information. In a digital context, it generally refers to hiding data within a media file. Image files are the most common, but…

Link: Weekly Threat Report 11th August 2017
Source: NCSC Reports

Weekly Threat Report 4th August 2017

Cyber incidents affecting airlines

Some North American airlines have issued statements regarding cyber security incidents in recent days. There is currently no evidence to suggest that these incidents are connected but these examples highlight the prevalence of such activity:

Virgin airlines detected unauthorised 3rd party access to their databases containing employee and contractor data in March 2017, including corporate credentials. In addition, over 100 individuals may have had further…

Link: Weekly Threat Report 4th August 2017
Source: NCSC Reports

Weekly Threat Report 28th July 2017

NotPetya’s continuing impact on businesses

Businesses that fell victim to the NotPetya ransomware attack in June are warning of financial consequences and continuing disruption.

The potential impacts of a cyber breach to business have long been known: they may include lost sales, share price declines, reputational damage, regulatory fines for data losses, and clean-up costs. Businesses usually quote one large estimate when commenting on a cyber breach’s cost. However, in NotPetya…

Link: Weekly Threat Report 28th July 2017
Source: NCSC Reports