Weekly Threat Report 12th January 2018

Winter Olympics phishing campaign

The information security company, McAfee, recently identified spear-phishing activity targeting the February 2018 Winter Olympics due to be held in South Korea.  

This highly tailored campaign was aimed at a number of South Korean organisations supporting the Games and made use of custom-made fileless malware and steganography. The phishing emails were written in the Korean language and purported to be from the South Korean National Counter Terrorism…

Link: Weekly Threat Report 12th January 2018
Source: NCSC Reports

Weekly Threat Report 19th January 2018

NCA and Trend Micro partnership leads to conviction

A man responsible for creating two crypting services has pleaded guilty in court following a joint investigation by the National Crime Agency (NCA) and Trend Micro.

Goncalo Esteves pleaded guilty on three charges on Monday 15 January 2018 and will be sentenced in February.

Esteves was responsible for creating two crypting services (Cryptex Reborn and Cryptex Lite). These were designed to modify a program, such as malware, so that it avoids…

Link: Weekly Threat Report 19th January 2018
Source: NCSC Reports

Weekly Threat Report 25th January 2018

Two-factor authentication usage

Open source reports quote remarks made by a Google software engineer who revealed at a recent security conference that fewer than 10 per cent of Gmail users enabled Two-Factor Authentication (2FA). 

The benefit of 2FA is that it provides an extra layer of security.  The user has to provide standard login details of a password and username and also something that only that user has access to.  This might be a physical token, keyfob device,…

Link: Weekly Threat Report 25th January 2018
Source: NCSC Reports

Weekly Threat Report 26th January 2018

Two-factor authentication usage

Open source reports quote remarks made by a Google software engineer who revealed at a recent security conference that fewer than 10 per cent of Gmail users enabled Two-Factor Authentication (2FA). 

The benefit of 2FA is that it provides an extra layer of security.  The user has to provide standard login details of a password and username and also something that only that user has access to.  This might be a physical token, keyfob device,…

Link: Weekly Threat Report 26th January 2018
Source: NCSC Reports

Weekly Threat Report 2nd February 2018

World’s largest cryptocurrency heist

Last week saw the world’s largest cryptocurrency heist, with Coincheck reporting that hackers had stolen 523 million NEM (XEM) cryptocurrency (approx. £376.5 million). Coincheck is Japan’s largest Bitcoin exchange and deals with various other cryptocurrencies.

Coincheck have reassured customers that they would reimburse any losses. They are reporting that at present the attack methods deployed by the hackers are unknown and that…

Link: Weekly Threat Report 2nd February 2018
Source: NCSC Reports

Weekly Threat Report 9th February 2018

Meltdown and Spectre – Updated Advice

Malware making use of Meltdown and Spectre, the two CPU vulnerabilities highlighted back in January, is now being seen in the wild. Security researchers are reporting they have seen over 140 malware samples based on the proof of concept code. Whilst there have not been instances of Meltdown and Spectre actually being leveraged to compromise a system, it is a timely reminder that miscreants will take published security vulnerabilities and weaponise…

Link: Weekly Threat Report 9th February 2018
Source: NCSC Reports

Weekly Threat Report 16th February 2018

Cryptocurrency mining update

On 11 February 2018, the NCSC made a statement to reassure the public that, whilst some government websites had been affected by malware designed to illegally mine cryptocurrency, no one was at risk of having their money stolen. The only possible effect on users’ machines was reduced performance.

The NCSC then followed up with guidance detailing how a compromised third party JavaScript library called Browsealoud had caused visitors to websites with the…

Link: Weekly Threat Report 16th February 2018
Source: NCSC Reports

Weekly Threat Report 23rd February 2018

Cloud security – FedEx data leak from AW

Adoption of cloud computing (the process of providing applications, processing power and storage through remote servers over the internet) is increasing amongst medium and large organisations. However, as cloud is adopted, the securing of services in the cloud as well as the security claims of the cloud provider become mission critical priorities for both private and public-sector enterprises.

Media reports that scanned documents containing the…

Link: Weekly Threat Report 23rd February 2018
Source: NCSC Reports

Weekly Threat Report 2nd March 2018

Ransomware infects Colorado Department of Transportation IT system

International media reports suggest that ransomware infected computers at the Colorado Department of Transportation (CDOT) on 21 February, encrypting files and requesting payment in Bitcoin to restore them. CDOT is responsible for managing and maintaining roads as well as monitoring traffic in the US state of Colorado, but no critical operational IT systems are believed to have been affected.

The organisation has taken 2,000…

Link: Weekly Threat Report 2nd March 2018
Source: NCSC Reports

Weekly Threat Report 9th March 2018

Largest reported DDoS attacks mitigated 

The largest ever reported Distributed Denial of Service (DDoS) occurred in early March 2018, according to Netscout Arbor. A peak of 1.7 Terabits per second (Tbps) was recorded, although the attack was mitigated. This followed a recent attack against GitHub on 28 February, with a peak of 1.35 Tbps. The largest known attack previously took place in 2016 against the US DNS provider DYN, which peaked at 1.2 Tbps.

The method used for these attacks is…

Link: Weekly Threat Report 9th March 2018
Source: NCSC Reports