Category: NCSC

Executive summary

Multiple critical vulnerabilities have been reported in a number of different security products from Symantec, affecting both enterprise and consumer products.

These vulnerabilities include a ‘100% reliable remote exploit’ and a ‘wormable’ flaw that requires no user interaction by the victim for an attacker to exploit.

The vulnerabilities have been fixed by Symantec and performing a manual ‘LiveUpdate’ will update the software to the…

Link: Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities
Source: NCSC Alerts

Data breach affects NHS administrative information

An individual affiliating themselves with the hacktivist collective Anonymous claims to have stolen UK NHS patient data. The attacker claims to have exploited unpatched vulnerabilities in software provided by SwiftQueue, a vendor responsible for managing a number of hospital appointment booking systems.

SwiftQueue have confirmed an unauthorised party accessed 32,501 lines of administrative data. This is likely to include personally…

Link: Weekly Threat Report 25th August 2017
Source: NCSC Reports

Google and Facebook were victims of Business Email Compromise (BEC) or ‘CEO Fraud’

Google and Facebook have been identified as the victims of an email phishing attack for which a Lithuanian man was charged in March 2017.

The attack relied upon social engineering methods rather than technical intrusion techniques. However, the individual was still able to trick the organisations into transferring over $100 million between 2013-2015, highlighting how cyber-enabled social…

Link: Weekly Threat Report 5th May 2017
Source: NCSC Reports

The year of ransomware…

…is how 2016 has been widely described in the cyber security media.

There has been numerous UK incidents targeting academia, Government departments, industry, CNI sectors and individual users.  Using ransomware as an attack technique has become popular because it is easy to carry out and can be financially lucrative.

Ransomware can infect a system via  unpatched software vulnerabilities or duping unsuspecting users into installing the ransomware…

Link: Weekly Threat Report 13th January 2017
Source: NCSC Reports

Introduction

The NCSC has produced technical analysis on the Turla group, a prevalent cyber threat group targeting the UK. The report contains indicators of compromise for tools used by the group, and signatures that will enable the information security community to search for the intrusions on their networks.
 

Background

The NCSC has observed the Turla group using the Neuron and Nautilus malicious tools designed to operate on Microsoft Windows platforms, primarily targeting mail…

Link: Turla group malware
Source: NCSC Alerts

Largest reported DDoS attacks mitigated 

The largest ever reported Distributed Denial of Service (DDoS) occurred in early March 2018, according to Netscout Arbor. A peak of 1.7 Terabits per second (Tbps) was recorded, although the attack was mitigated. This followed a recent attack against GitHub on 28 February, with a peak of 1.35 Tbps. The largest known attack previously took place in 2016 against the US DNS provider DYN, which peaked at 1.2 Tbps.

The method used for these attacks is…

Link: Weekly Threat Report 9th March 2018
Source: NCSC Reports

Summary

QuickTime for Microsoft Windows is no longer supported by Apple and the current advice is to remove it from all Windows OS Devices devices.

The removal instructions can be found here https://support.apple.com/HT205771

QuickTime for Mac OSX is unaffected, can be considered to still be supported, and subject to security patches as required.

Further details

Two vulnerabilities have been found and published by the TippingPoint Zero Day Initiative (ZDI) and, as per their rules,…

Link: Apple QuickTime for Windows
Source: NCSC Alerts

Hotels targeted across Europe and the Middle-East

Recent media reporting has highlighted a campaign targeting the hospitality sector.

The campaign, which reportedly started in July 2017 and may be linked to a similar campaign carried out during the autumn of 2016, is allegedly being carried out by Fancy Bear, also known as APT28. The group has also been implicated in the hack-and-leak campaign against the Democratic National Committee (DNC) during the 2016 US Presidential Elections.

Using…

Link: Weekly Threat Report 18th August 2017
Source: NCSC Reports

Increase in Homographic Phishing Attacks

Recent media reporting highlights a threefold increase in homographic phishing attacks over the past fourteen months.

Homographic attacks have been widely known about for many years, and rely on the fact there are visual similarities between many different Unicode characters to spoof well-known web addresses using similar-looking Punycode domains. For example, by registering the Unicode domain “www.xn--googl-z8a.com” an attacker would be in…

Link: Weekly Threat Report 28th April 2017
Source: NCSC Reports

Vulnerabilities in travel booking systems

Security researchers presented findings at a recent cyber security conference highlighting a range of vulnerabilities in travel bookings systems known as Global Distribution Systems (GDS). GDS are databases used by a range of companies, including travel agencies, airlines, hotels and car hire companies, to hold the travel information collectively known as the Passenger Name Record (PNR).

Researchers noted that GDS can be accessed in many cases with…

Link: Weekly Threat Report 6th January 2017
Source: NCSC Reports