Category: NCSC

Money laundering valued at up to $200 billion through cryptocurrencies

A joint report between Surrey University and researchers at security vendor Bromium estimates that the proceeds of cyber crime make up to 8-10% of total illegal profits laundered globally, believed to be valued at up to $200 billion.

The report surmises that virtual currencies such as Bitcoin are becoming the primary tool used by criminals to launder proceeds. While Bitcoin has long been viewed as the criminal’s…

Link: Weekly Threat Report 23rd March 2018
Source: NCSC Reports

What is it?

This vulnerability could allow a malicious actor to send specially crafted data to trigger a stack overflow in the getaddrinfo() function in the glibc DNS client resolver code (‘resolv/nss_dns’) and execute arbitrary code on the target system. The code will run with the privileges of the target application using the glibc library.

This vulnerability has been assigned CVE-2015-7547 (https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html) but was introduced in…

Link: GlibC Vulnerability affecting Linux
Source: NCSC Alerts

Cyber incidents affecting airlines

Some North American airlines have issued statements regarding cyber security incidents in recent days. There is currently no evidence to suggest that these incidents are connected but these examples highlight the prevalence of such activity:

Virgin airlines detected unauthorised 3rd party access to their databases containing employee and contractor data in March 2017, including corporate credentials. In addition, over 100 individuals may have had further…

Link: Weekly Threat Report 4th August 2017
Source: NCSC Reports

Threat to Managed Service Providers

A major cyber campaign against Managed Service providers has been detected that may present risks to organisations using outsourced IT services. Please see the following report for further details. Further information can also be found via the Cyber-Security Information Sharing Partnership (CISP) forum.

Media references to terrorist cyber capability

There have been numerous reports on the recently imposed restrictions on electronic devices larger than a…

Link: Weekly Threat Report 7th April 2017
Source: NCSC Reports

Infected routers vulnerable to further attacks?

A small number of TalkTalk and Post Office domestic Wi-Fi routers are reportedly vulnerable to a new variant of the Mirai malware known as ‘Annie’. The denial of service experienced by TalkTalk and Post Office customers last week is said to have been an unintended consequence of the attacker, who goes by the name ‘BestBuy’. The attack sought to infect vulnerable routers with ‘Annie’.

Recently, BestBuy also…

Link: Weekly Threat Report 9th December 2016
Source: NCSC Reports

Data stolen from UK-based global shipping company

On 29 November, the UK-based global shipping company Clarksons, reported that it had experienced a cyber security breach, resulting in the theft of confidential data. The company has publicly warned that the data may be leaked by whoever is responsible for the breach and has contacted potentially affected customers.

Clarksons provides a range of services to the maritime industry including shipbroking, investment banking and research services…

Link: Weekly Threat Report 8th December 2017
Source: NCSC Reports

Ransomware attacks in the US

Recent media reports have highlighted the continued ransomware threat to public and private sector organisations. These included a ransomware attack against Atlanta City that took much of the city’s internal and external services offline.

The services impacted included customer-facing applications used to pay bills or access court-related information. SamSam ransomware was reported to have been used in this attack.

Elsewhere, the City of Baltimore’s 911…

Link: Weekly Threat Report 6th April 2018
Source: NCSC Reports