Category: NCSC

‘Meltdown’ and ‘Spectre’ vulnerabilities to microprocessors

Reports of new security flaws affecting microprocessors called ‘Meltdown’ and ‘Spectre’ surfaced this week. Processors in most devices employ a range of techniques to speed up their operation, and the vulnerabilities allow some of these techniques to be abused to obtain information about areas of memory not normally visible to an attacker. As a result, normally difficult actions – such as recovering passwords…

Link: Weekly Threat Report 5th January 2018
Source: NCSC Reports

Cost of ransomware attack on Atlanta

As reported in the Weekly Threat Report of 6 April 2018, the US city of Atlanta recently fell victim to an attack by the SamSam ransomware, which exploits a vulnerability in Java servers.

New reports indicate the city spent in the region of $2.66m responding to the attack. Costs included incident response, recovery and crisis management, but the city did not pay the ransom demand, reported to be approximately $55,000. There was also a broader cost in…

Link: Weekly Threat Report 27th April 2018
Source: NCSC Reports

Bad Rabbit ransomware

This week, ‘Bad Rabbit’ ransomware infections have been reported in countries including Russia, Ukraine, Bulgaria, Turkey, Germany and Japan. The NCSC has not received any reports that the UK has been affected by this latest malware attack. The majority of infections have been in Russia, where media organisations were worst affected. Russia’s Interfax News Agency suffered outages to several of its services, including its news portal….

Link: Weekly Threat Report 27th October 2017
Source: NCSC Reports

Following reported attempts by hackers to compromise parliamentary email accounts in June, scammers have recently attempted to gain information by cold-calling (or vishing) MPs and their staff. Posing as staff from the Houses of Parliament’s IT department, the scammers have reportedly been requesting the usernames and passwords of MPs. Vishing, like its online equivalent, phishing, attempts to illicit sensitive information, such as passwords, or encourage victims to visit particular (…

Link: Weekly threat report 7th July 2017
Source: NCSC Reports

A new threat report, jointly written by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), provides an in-depth analysis of the evolving threat, together with an overview of the practical steps the UK can take together.

Read the report

Link: The Cyber Threat to UK Business
Source: NCSC Reports

Threat assessment and trend analysis

Old Tricks, New Bot

In September, the National Cyber Security Centre was made aware of a new banking Trojan called TrickBot, targeting the customers of online financial institutions in Australia and New Zealand. The latest version has added functionality and has primarily targeted the UK. Once infected, the attackers use web browser injects and redirection attacks to harvest banking credentials. TrickBot is distributed through both malvertising and spam…

Link: Weekly Threat Report 11th November 2016
Source: NCSC Reports

Winter Olympics phishing campaign

The information security company, McAfee, recently identified spear-phishing activity targeting the February 2018 Winter Olympics due to be held in South Korea.  

This highly tailored campaign was aimed at a number of South Korean organisations supporting the Games and made use of custom-made fileless malware and steganography. The phishing emails were written in the Korean language and purported to be from the South Korean National Counter Terrorism…

Link: Weekly Threat Report 12th January 2018
Source: NCSC Reports

‘Orangeworm’ Group Targeting Healthcare Industry

Symantec have reported that a group they have tracked as ‘Orangeworm’ since 2015 are targeting the healthcare industry in the United States, Asia and Europe, including the UK.

40% of their attacks focus on the healthcare industry. Other industries targeted are either closely related to healthcare or part of the supply chain, including IT, manufacturing, logistics and agriculture. It is likely that the supply chain has been…

Link: Weekly Threat Report 4th May 2018
Source: NCSC Reports

KRACK – a fundamental flaw in Wi-Fi security

Security researchers from Belgium have found that the majority of Wi-Fi connections are potentially vulnerable to exploitation because of a fundamental weakness in the wireless security protocol – WPA2. The exploit is called “KRACK”, which is short for Key Reinstallation Attack. Reports suggest that at most risk are Linux operating systems, Internet of Things (IoT) devices and 41% of Android devices. However, many of these,…

Link: Weekly Threat Report 20th October 2017
Source: NCSC Reports

Password challenges

Passwords have been in the news again recently. Most notably, on Friday 23 June accounts with weak passwords on the UK Parliamentary network were compromised; however less than 1% of the system’s 9,000 accounts were directly affected. Attention was also drawn this week to router password vulnerabilities, as Virgin Media advised customers with Virgin Super Hub 2 home routers to reset their passwords. This followed concerns that the routers had a relatively weak eight-…

Link: Weekly Threat Report 30th June 2017
Source: NCSC Reports