Category: NCSC

Ransomware attacks in the US

Recent media reports have highlighted the continued ransomware threat to public and private sector organisations. These included a ransomware attack against Atlanta City that took much of the city’s internal and external services offline.

The services impacted included customer-facing applications used to pay bills or access court-related information. SamSam ransomware was reported to have been used in this attack.

Elsewhere, the City of Baltimore’s 911…

Link: Weekly Threat Report 6th April 2018
Source: NCSC Reports

New banking trojan discovered

Security researchers have discovered a new trojan targeting customers of banks, payment card providers, mobile service providers, payroll, webmail and e-commerce sites. Known as IcedID, the malware uses web browser manipulation techniques to trick users into entering their login credentials and payment authorisation details into malicious webpages. The malware affects systems infected by the highly persistent Emotet banking trojan that hijacks computers to form…

Link: Weekly Threat Report 17th November 2017
Source: NCSC Reports

NotPetya’s continuing impact on businesses

Businesses that fell victim to the NotPetya ransomware attack in June are warning of financial consequences and continuing disruption.

The potential impacts of a cyber breach to business have long been known: they may include lost sales, share price declines, reputational damage, regulatory fines for data losses, and clean-up costs. Businesses usually quote one large estimate when commenting on a cyber breach’s cost. However, in NotPetya…

Link: Weekly Threat Report 28th July 2017
Source: NCSC Reports

Criminals target US healthcare sector

The cyber division of the FBI recently issued an alert warning of criminal activity targeting File Transfer Protocol (FTP) servers operating in ‘anonymous’ mode, associated with the US medical and dental facilities.

The criminals involved are reportedly motivated by the potential to access protected health information (PHI) and personally identifiable information (PII). This data is then used by criminals to extort healthcare business owners…

Link: Weekly Threat Report 31st March 2017
Source: NCSC Reports

Mirai targets router vulnerability

On Sunday 27th November 900,000 Deutsche Telekom customers were impacted by an attack from an adapted version of the Mirai worm. The attack resulted in customers being unable to connect to the Internet. This was followed by reports on Thursday 1st December that 100,000 Post Office customers had been similarly impacted as were UK customers of the Internet Service Provider (ISP) TalkTalk. The attack used the Mirai code, which scans and comprises IoT devices…

Link: Weekly Threat Report 2nd December 2016
Source: NCSC Reports

Increase in HTTPS phishing attacks

Over the past few years website owners have been encouraged to adopt HTTPS website domains rather than HTTP. With HTTPS, data in transit is encrypted; this provides additional security for transiting data, such as login credentials, which may contain information of use to attackers.

HTTPS domains are verified by SSL Certificate Authorities, who issue and authenticate certificates. The padlock symbol in the URL field links to the certificate provider’s…

Link: Weekly Threat Report 15th December 2017
Source: NCSC Reports

Recent data breaches: GWR and Sodexo

Great Western Rail has advised customers to change their passwords after unauthorised attempts to access GWR.com accounts. The attack likely used password data harvested from other areas of the internet. GWR confirmed that around 1,000 users have been directly affected.

Separately, the facilities management company Sodexo confirmed a targeted attack on its cinema voucher platform Filmology. As the breach resulted in unauthorised access to payment card…

Link: Weekly Threat Report 13th April 2018
Source: NCSC Reports