Weekly Threat Report 16th March 2018

CCleaner update

Cyber security company Avast continues to investigate the 2017 supply chain attacks involving clean-up tool CCleaner. For a month last summer, Advanced Persistent Threat (APT) attackers are reported to have maliciously modified versions of CCleaner and CCleaner Cloud at source, before being downloaded by 2.27 million customers worldwide. The attackers then selected a small number of high profile technology and telecommunications companies to receive a secondary payload.

Avast…

Link: Weekly Threat Report 16th March 2018
Source: NCSC Reports

Weekly Threat Report 23rd March 2018

Money laundering valued at up to $200 billion through cryptocurrencies

A joint report between Surrey University and researchers at security vendor Bromium estimates that the proceeds of cyber crime make up to 8-10% of total illegal profits laundered globally, believed to be valued at up to $200 billion.

The report surmises that virtual currencies such as Bitcoin are becoming the primary tool used by criminals to launder proceeds. While Bitcoin has long been viewed as the criminal’s…

Link: Weekly Threat Report 23rd March 2018
Source: NCSC Reports

Weekly Threat Report 6th April 2018

Ransomware attacks in the US

Recent media reports have highlighted the continued ransomware threat to public and private sector organisations. These included a ransomware attack against Atlanta City that took much of the city’s internal and external services offline.

The services impacted included customer-facing applications used to pay bills or access court-related information. SamSam ransomware was reported to have been used in this attack.

Elsewhere, the City of Baltimore’s 911…

Link: Weekly Threat Report 6th April 2018
Source: NCSC Reports

Weekly Threat Report 13th April 2018

Recent data breaches: GWR and Sodexo

Great Western Rail has advised customers to change their passwords after unauthorised attempts to access GWR.com accounts. The attack likely used password data harvested from other areas of the internet. GWR confirmed that around 1,000 users have been directly affected.

Separately, the facilities management company Sodexo confirmed a targeted attack on its cinema voucher platform Filmology. As the breach resulted in unauthorised access to payment card…

Link: Weekly Threat Report 13th April 2018
Source: NCSC Reports

Weekly Threat Report 20th April 2018

Cyber criminal groups identified on social media

Last week Facebook deleted around 120 private discussion groups – equating to more than 300,000 members – that were promoting a host of illicit cyber criminal activities, including spamming, selling stolen debit and credit account credentials, phony tax refunds, DDoS-for-hire services and botnet creation tools.

The groups had reportedly been operating on Facebook for an average of two years, although some had been in operation for up to nine…

Link: Weekly Threat Report 20th April 2018
Source: NCSC Reports

Weekly Threat Report 27th April 2018

Cost of ransomware attack on Atlanta

As reported in the Weekly Threat Report of 6 April 2018, the US city of Atlanta recently fell victim to an attack by the SamSam ransomware, which exploits a vulnerability in Java servers.

New reports indicate the city spent in the region of $2.66m responding to the attack. Costs included incident response, recovery and crisis management, but the city did not pay the ransom demand, reported to be approximately $55,000. There was also a broader cost in…

Link: Weekly Threat Report 27th April 2018
Source: NCSC Reports

Weekly Threat Report 4th May 2018

‘Orangeworm’ Group Targeting Healthcare Industry

Symantec have reported that a group they have tracked as ‘Orangeworm’ since 2015 are targeting the healthcare industry in the United States, Asia and Europe, including the UK.

40% of their attacks focus on the healthcare industry. Other industries targeted are either closely related to healthcare or part of the supply chain, including IT, manufacturing, logistics and agriculture. It is likely that the supply chain has been…

Link: Weekly Threat Report 4th May 2018
Source: NCSC Reports

Weekly Threat Report 11th May 2018

UK cyber criminal pleads guilty to selling customer credentials on the Dark Web

A cyber criminal who hacked into the online networks of at least 200 companies worldwide recently pleaded guilty to multiple offences in court.

Grant West, 25, who operated under the pseudonym ‘Courvoisier’, was detained in September 2017 following a two-year investigation by Scotland Yard. He was arrested on a train whilst logging on to his dark web marketplace account.

Southwark Crown Court heard…

Link: Weekly Threat Report 11th May 2018
Source: NCSC Reports

Weekly Threat Report 18th May 2018

It’s not just production that needs securing

Most large companies will use an online development environment to build and test code prior to deployment on outward and inward facing networks.

Much of the code found in development environments is sensitive and critical to running and managing a business. The unauthorised disclosure of code could allow cyber actors to identify exploitable weaknesses.

Recent open source reporting has highlighted a compromise of a company’s…

Link: Weekly Threat Report 18th May 2018
Source: NCSC Reports