Weekly Threat Report 12th May 2017

International cyber incident affecting the NHS

On Friday a set of global cyber attacks took place against thousands of organisations, including the NHS, and individuals in dozens of countries.

The NCSC statement on the incident can be read here and guidance on how to defend your organisation against ransomware can be found here.
 

US restaurant chain payment process system compromised

A US restaurant chain, Chipotle Mexican Grill, recently announced that unauthorised activity…

Link: Weekly Threat Report 12th May 2017
Source: NCSC Reports

Weekly Threat Report 5th May 2017

Google and Facebook were victims of Business Email Compromise (BEC) or ‘CEO Fraud’

Google and Facebook have been identified as the victims of an email phishing attack for which a Lithuanian man was charged in March 2017.

The attack relied upon social engineering methods rather than technical intrusion techniques. However, the individual was still able to trick the organisations into transferring over $100 million between 2013-2015, highlighting how cyber-enabled social…

Link: Weekly Threat Report 5th May 2017
Source: NCSC Reports

Weekly Threat Report 28th April 2017

Increase in Homographic Phishing Attacks

Recent media reporting highlights a threefold increase in homographic phishing attacks over the past fourteen months.

Homographic attacks have been widely known about for many years, and rely on the fact there are visual similarities between many different Unicode characters to spoof well-known web addresses using similar-looking Punycode domains. For example, by registering the Unicode domain “www.xn--googl-z8a.com” an attacker would be in…

Link: Weekly Threat Report 28th April 2017
Source: NCSC Reports

Weekly Threat Report 21st April 2017

Hajime – What is the intent of this IoT Botnet?

In October 2016 the security research group at Rapidity Networks discovered a new malware, called Hajime, with similarities to the Mirai botnet: it targets Internet of Things (IoT or internet-connected) devices by scanning the Internet for devices with network vulnerabilities and attempts to connect to them using known default username/password combinations. According to Symantec, Hajime is believed to have infected between 130, 000 and…

Link: Weekly Threat Report 21st April 2017
Source: NCSC Reports

Weekly Threat Report 7th April 2017

Threat to Managed Service Providers

A major cyber campaign against Managed Service providers has been detected that may present risks to organisations using outsourced IT services. Please see the following report for further details. Further information can also be found via the Cyber-Security Information Sharing Partnership (CISP) forum.

Media references to terrorist cyber capability

There have been numerous reports on the recently imposed restrictions on electronic devices larger than a…

Link: Weekly Threat Report 7th April 2017
Source: NCSC Reports

Weekly Threat Report 31st March 2017

Criminals target US healthcare sector

The cyber division of the FBI recently issued an alert warning of criminal activity targeting File Transfer Protocol (FTP) servers operating in ‘anonymous’ mode, associated with the US medical and dental facilities.

The criminals involved are reportedly motivated by the potential to access protected health information (PHI) and personally identifiable information (PII). This data is then used by criminals to extort healthcare business owners…

Link: Weekly Threat Report 31st March 2017
Source: NCSC Reports

Weekly Threat Report 24th March 2017

Yahoo breach indictments

The FBI has indicted four individuals for unauthorised access to Yahoo’s networks. According to the indictment, two were alleged cyber criminals and two were members of Russia’s Federal Security Service (FSB) who “conspired to protect, direct, facilitate and pay criminal hackers to collect information through computer intrusions in the USA and elsewhere”.

The intrusion into Yahoo’s networks, and the group’s subsequent exploitation…

Link: Weekly Threat Report 24th March 2017
Source: NCSC Reports

Weekly Threat Report 17th March 2017

Ransomware for political ends

Cyber security company PaloAlto networks has recently identified a new type of ransomware, seemingly designed for political ends. Ransomware is generally used by cyber criminals for monetary gain, encrypting data and forcing infected users to pay a financial ransom to decrypt their files. However, in this case, ‘RanRan’ ransomware demanded a political statement in return for the encryption key. The victim was supposed to create a sub-domain of their…

Link: Weekly Threat Report 17th March 2017
Source: NCSC Reports

Weekly Threat Report 10th March 2017

Yahoo breach highlights cookie security issues

Last year Yahoo reported several data breaches occurring between 2013 and 2016 which affected a large number of user accounts.  Personal information stolen could have included email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers.

Following forensic investigations Yahoo has revealed that fake cookies were a probable method used by attackers to access user accounts…

Link: Weekly Threat Report 10th March 2017
Source: NCSC Reports