Weekly Threat Report 26th May 2017

Russian government reaction to cyber criminals

This week Russia revealed it had arrested a cyber crime gang in November last year for a campaign that raised nearly USD900, 000. The gang was nicknamed ‘Cron’ after the malware it used, which infected over a million Android mobile devices of Russian bank customers. Users unwittingly downloaded the malware via fake mobile banking apps, pornography and e-commerce programmes. The ‘Cron’ gang exploited a Russian bank service…

Link: Weekly Threat Report 26th May 2017
Source: NCSC Reports

Weekly Threat Report 3rd February 2017

Shamoon 2

The Saudi Arabian Government warned on 23 January that the destructive wiper malware Shamoon 2 had been detected on its government networks.

Shamoon 2 is an updated version of Shamoon, the disk-wiping malware that disabled thousands of computers at Saudi state-linked energy company Saudi Aramco in 2012.

The Saudi authorities are reporting on these latest compromises publicly and have provided reassurance that the damage is currently limited and mitigation is in place.

The re-…

Link: Weekly Threat Report 3rd February 2017
Source: NCSC Reports

Weekly Threat Report 29th September 2016

Threat assessment and trend analysis

Yahoo Data Breach largest on record 

The scale of the 2014 Yahoo data breach has been exposed as Yahoo have confirmed that over 500 million accounts have been compromised. Data leaked includes names, email addresses, telephone numbers, dates of birth and encrypted passwords and is believed to be the biggest public breach of personal data ever recorded. Yahoo have stated that the attack was “state-sponsored”, although this has been…

Link: Weekly Threat Report 29th September 2016
Source: NCSC Reports

Weekly Threat Report 16th February 2018

Cryptocurrency mining update

On 11 February 2018, the NCSC made a statement to reassure the public that, whilst some government websites had been affected by malware designed to illegally mine cryptocurrency, no one was at risk of having their money stolen. The only possible effect on users’ machines was reduced performance.

The NCSC then followed up with guidance detailing how a compromised third party JavaScript library called Browsealoud had caused visitors to websites with the…

Link: Weekly Threat Report 16th February 2018
Source: NCSC Reports

Quadrooter vulnerability affecting Android

Executive summary

A number of vulnerabilities have been discovered in the Qualcomm chipsets used in many Android handsets from many of the leading manufacturers. Exploitation of these vulnerabilities could allow an unauthorised user to take full control of an Android device but in order to do so an authorised user would first need to install a malicious app.

Google have stated that three of the four vulnerabilities have been patched with the fourth due in September, although updates will…

Link: Quadrooter vulnerability affecting Android
Source: NCSC Alerts

Weekly Threat Report 8th September 2017

Universities under cyber attack

This week, various media outlets have reported on the high number of cyber attacks suffered by UK universities.

Universities are of interest to a range of attackers. Highly skilled hacking groups conduct cyber espionage, seeking to acquire cutting-edge research and intellectual property in areas such as defence, energy, and artificial intelligence. Most academics have detailed web pages describing themselves and their research interests, giving attackers more…

Link: Weekly Threat Report 8th September 2017
Source: NCSC Reports

Weekly Threat Report 19th May 2017

WannaCry ransomware attack illustrates risk of using unlicensed software

The WannaCry international ransomware attack has highlighted the risks of relying on unpatched software. The scale of the outbreak has been blamed in part on the widespread use of unlicensed software. Pirated software is often insecure as it does not benefit from manufacturers’ updates to fix vulnerabilities.

Several of the countries reported by cyber security companies to be worst affected are also amongst the…

Link: Weekly Threat Report 19th May 2017
Source: NCSC Reports

Weekly Threat Report 27th January 2017

Twitterbots spreading fake news on the internet

Recent reports suggest social media bots are widely spreading fake news on the Internet.

A Twitterbot is a bot program used to create accounts and automated tweets that requires little or no human intervention. This typically means that not all accounts have to be created by humans. Twitterbots can be used for entertainment, marketing, spamming, manipulating Twitter’s trending topics list and public opinion, trolling, fake followers, malware…

Link: Weekly Threat Report 27th January 2017
Source: NCSC Reports

Weekly Threat Report 23rd September 2016

Threat assessment and trend analysis

Shadow Broker’s Cisco vulnerabilities in the wild

Cisco’s Product Security Incident Response Team (PSIRT) has become aware that some of its customers have been targeted through the exploitation of one of the ‘zero-day’ vulnerabilities, leaked this summer by the hacking group known as Shadow Brokers.

The vulnerability [CVE-2016-6415] was found in the IKEv1 (Internet Key Exchange version 1) packet processing code and affects…

Link: Weekly Threat Report 23rd September 2016
Source: NCSC Reports

Weekly Threat Report 23rd February 2018

Cloud security – FedEx data leak from AW

Adoption of cloud computing (the process of providing applications, processing power and storage through remote servers over the internet) is increasing amongst medium and large organisations. However, as cloud is adopted, the securing of services in the cloud as well as the security claims of the cloud provider become mission critical priorities for both private and public-sector enterprises.

Media reports that scanned documents containing the…

Link: Weekly Threat Report 23rd February 2018
Source: NCSC Reports