Author: Pulse Assent

Threat assessment and trend analysis

Yahoo Data Breach largest on record 

The scale of the 2014 Yahoo data breach has been exposed as Yahoo have confirmed that over 500 million accounts have been compromised. Data leaked includes names, email addresses, telephone numbers, dates of birth and encrypted passwords and is believed to be the biggest public breach of personal data ever recorded. Yahoo have stated that the attack was “state-sponsored”, although this has been…

Link: Weekly Threat Report 29th September 2016
Source: NCSC Reports

Threat assessment and trend analysis

Shadow Broker’s Cisco vulnerabilities in the wild

Cisco’s Product Security Incident Response Team (PSIRT) has become aware that some of its customers have been targeted through the exploitation of one of the ‘zero-day’ vulnerabilities, leaked this summer by the hacking group known as Shadow Brokers.

The vulnerability [CVE-2016-6415] was found in the IKEv1 (Internet Key Exchange version 1) packet processing code and affects…

Link: Weekly Threat Report 23rd September 2016
Source: NCSC Reports

Our second Annual Report covering the period April 2015 – March 2016 is now live.

The report covers an overview of the incidents we have dealt with this year with a breakdown by type and sector, as well as analysis of malware in the UK, a look at our predictions from last year and a new set for the coming year and a piece on the importance of automated sharing.

CiSP members can also access the Amber Annexe posted on the platform which contains more technical information including…

Link: CERT-UK Annual Report 2015/16
Source: NCSC Reports

Introduction

The NCSC has produced technical analysis on the Turla group, a prevalent cyber threat group targeting the UK. The report contains indicators of compromise for tools used by the group, and signatures that will enable the information security community to search for the intrusions on their networks.
 

Background

The NCSC has observed the Turla group using the Neuron and Nautilus malicious tools designed to operate on Microsoft Windows platforms, primarily targeting mail…

Link: Turla group malware
Source: NCSC Alerts

Black Friday online seasonal scams

Although ostensibly a US tradition of the Thanksgiving holiday weekend, Black Friday has been adopted in the UK by many retailers who heavily discount goods to kick start the Christmas shopping season. The surge of bargain hunters seeking good deals on the high street and online inevitably attracts criminals looking to exploit this seasonal activity.

Last year, victims reported losing nearly £16 million to Christmas shopping fraudsters, increasing…

Link: Weekly Threat Report 24th November 2017
Source: NCSC Reports

Imgur compromise

Image-sharing website Imgur has been alerted to a security breach in which the email addresses and passwords of 1.7 million users worldwide were compromised in 2014. Investigations are ongoing but in a public blog post, the company’s CEO has  said that, although passwords were hashed using SHA-256 at the time, users should still take precautions such as using a different password for every site and application.

The website does not hold any other personal data on…

Link: Weekly Threat Report 1st December 2017
Source: NCSC Reports

Data stolen from UK-based global shipping company

On 29 November, the UK-based global shipping company Clarksons, reported that it had experienced a cyber security breach, resulting in the theft of confidential data. The company has publicly warned that the data may be leaked by whoever is responsible for the breach and has contacted potentially affected customers.

Clarksons provides a range of services to the maritime industry including shipbroking, investment banking and research services…

Link: Weekly Threat Report 8th December 2017
Source: NCSC Reports

Increase in HTTPS phishing attacks

Over the past few years website owners have been encouraged to adopt HTTPS website domains rather than HTTP. With HTTPS, data in transit is encrypted; this provides additional security for transiting data, such as login credentials, which may contain information of use to attackers.

HTTPS domains are verified by SSL Certificate Authorities, who issue and authenticate certificates. The padlock symbol in the URL field links to the certificate provider’s…

Link: Weekly Threat Report 15th December 2017
Source: NCSC Reports

Ransomware fears cause companies to hoard Bitcoin

Companies are reportedly stockpiling cryptocurrencies to hedge against the possible need to pay off cyber criminals. Some firms are said to be investing in Bitcoin and Ethereum to ensure that they have cryptocurrency funds available if they are affected by a ransomware attack. A survey carried out earlier this year by Citrix found that 42% of companies surveyed were building cryptocurrency stockpiles for ransomware payments, with 28%…

Link: Weekly Threat Report 22nd December 2017
Source: NCSC Reports

‘Meltdown’ and ‘Spectre’ vulnerabilities to microprocessors

Reports of new security flaws affecting microprocessors called ‘Meltdown’ and ‘Spectre’ surfaced this week. Processors in most devices employ a range of techniques to speed up their operation, and the vulnerabilities allow some of these techniques to be abused to obtain information about areas of memory not normally visible to an attacker. As a result, normally difficult actions – such as recovering passwords…

Link: Weekly Threat Report 5th January 2018
Source: NCSC Reports