Weekly Threat Report 3rd March 2017

Drone-enabled hacking

An organisation’s most sensitive information is often stored on ‘air-gapped’ computers, which are physically separated from the internet.  The lack of a connection protects them from most external attackers, and even if the machine is infected with malware, the data is difficult to exfiltrate.

An Israeli researcher has demonstrated a new technique for transmitting information out of air-gapped computers, using malware to force LEDs to flash in a…

Link: Weekly Threat Report 3rd March 2017
Source: NCSC Reports

Weekly Threat Report 24th February 2017

Ex-employee threats to business

A disgruntled former system administrator at a US paper and packing manufacturing company was recently sentenced to 34 months in prison for causing the company $1.1 million worth of losses.
His network accesses were not revoked when he was fired in 2014, enabling him to establish a VPN connection to the industrial plant. Through this, he was able to send commands over a two-week period that caused ‘significant damage to Georgia-Pacific and its operations’….

Link: Weekly Threat Report 24th February 2017
Source: NCSC Reports

Weekly Threat Report 17th February 2017

Official Launch of the National Cyber Security Centre

February 14th marked the official launch of the National Cyber Security Centre (NCSC) HQ by Her Majesty the Queen. The Centre will work to make the UK the safest place to live and do business online.

 

In acknowledgement that Government alone cannot protect the public from cyber attacks, the Chancellor announced the launch of the Industry 100 initiative. Industry 100 will see the centre invite expertise from industry to collaborate…

Link: Weekly Threat Report 17th February 2017
Source: NCSC Reports

Weekly Threat Report 13th February 2017

Polish banks in watering hole attack

The Polish financial sector has been hit by what is being described as the most serious incident in the history of Polish banking. A web server of the Polish financial regulator Komisja Nadzoru Finansowego (KNF) was probably compromised in early October 2016, but it wasn’t until early February that Polish banks noticed unusual network activity and unauthorised files on several workstations. Investigations revealed that the KNF website had been used…

Link: Weekly Threat Report 13th February 2017
Source: NCSC Reports

Weekly Threat Report 3rd February 2017

Shamoon 2

The Saudi Arabian Government warned on 23 January that the destructive wiper malware Shamoon 2 had been detected on its government networks.

Shamoon 2 is an updated version of Shamoon, the disk-wiping malware that disabled thousands of computers at Saudi state-linked energy company Saudi Aramco in 2012.

The Saudi authorities are reporting on these latest compromises publicly and have provided reassurance that the damage is currently limited and mitigation is in place.

The re-…

Link: Weekly Threat Report 3rd February 2017
Source: NCSC Reports

Weekly Threat Report 27th January 2017

Twitterbots spreading fake news on the internet

Recent reports suggest social media bots are widely spreading fake news on the Internet.

A Twitterbot is a bot program used to create accounts and automated tweets that requires little or no human intervention. This typically means that not all accounts have to be created by humans. Twitterbots can be used for entertainment, marketing, spamming, manipulating Twitter’s trending topics list and public opinion, trolling, fake followers, malware…

Link: Weekly Threat Report 27th January 2017
Source: NCSC Reports

Weekly Threat Report 20th January 2017

Password security

In November 2016, a study of user passwords exposed by a Yahoo data breach revealed that “123456” was the most common password, followed closely by “password” at number two. A more recent report on the most commonly used passwords revealed that “123456” was still number one, followed by the ‘more complex’ “123456789”.

These reports highlight ongoing problems associated with conventional password policies, which tend to promote the use of complicated passwords that are…

Link: Weekly Threat Report 20th January 2017
Source: NCSC Reports

Weekly Threat Report 13th January 2017

The year of ransomware…

…is how 2016 has been widely described in the cyber security media.

There has been numerous UK incidents targeting academia, Government departments, industry, CNI sectors and individual users.  Using ransomware as an attack technique has become popular because it is easy to carry out and can be financially lucrative.

Ransomware can infect a system via  unpatched software vulnerabilities or duping unsuspecting users into installing the ransomware…

Link: Weekly Threat Report 13th January 2017
Source: NCSC Reports

Weekly Threat Report 6th January 2017

Vulnerabilities in travel booking systems

Security researchers presented findings at a recent cyber security conference highlighting a range of vulnerabilities in travel bookings systems known as Global Distribution Systems (GDS). GDS are databases used by a range of companies, including travel agencies, airlines, hotels and car hire companies, to hold the travel information collectively known as the Passenger Name Record (PNR).

Researchers noted that GDS can be accessed in many cases with…

Link: Weekly Threat Report 6th January 2017
Source: NCSC Reports

Weekly Threat Report 16th December 2016

Successful take-down of DDoS for hire service

Recent joint international law enforcement operations have resulted in the arrests of 34 suspected users of for-hire Distributed Denial of Service (DDoS) attack services. Twelve of the arrests were made in the UK, following a National Crime Agency (NCA)-led operation. The operation targeted Netspoof, an organisation which offered stresser packages to disable web servers and websites by flooding them with enormous volumes of internet traffic….

Link: Weekly Threat Report 16th December 2016
Source: NCSC Reports