Category: NCSC

Malware-infected ATMs compromise Indian debit cards

Indian media have reported that 3.2 million debit cards may have been compromised by ATM malware in what has been described as the “biggest ever cyber security breach” in the Indian banking sector. The Economic Times reported that debit cards belonging to large banks such as the State Bank of India (SBI), HDFC Bank, Yes Bank and ICICI Bank may have been compromised.

Although some reports indicate that the breach may have…

Link: Weekly Threat Report 28th October 2016
Source: NCSC Reports

Two-factor authentication usage

Open source reports quote remarks made by a Google software engineer who revealed at a recent security conference that fewer than 10 per cent of Gmail users enabled Two-Factor Authentication (2FA). 

The benefit of 2FA is that it provides an extra layer of security.  The user has to provide standard login details of a password and username and also something that only that user has access to.  This might be a physical token, keyfob device,…

Link: Weekly Threat Report 25th January 2018
Source: NCSC Reports

It’s not just production that needs securing

Most large companies will use an online development environment to build and test code prior to deployment on outward and inward facing networks.

Much of the code found in development environments is sensitive and critical to running and managing a business. The unauthorised disclosure of code could allow cyber actors to identify exploitable weaknesses.

Recent open source reporting has highlighted a compromise of a company’s…

Link: Weekly Threat Report 18th May 2018
Source: NCSC Reports

We are aware of reports that some customers of TalkTalk are suffering problems with their home routers. We have been in contact with the company who are working to resolve the problem. We will continue to monitor the situation and will provide an update if required.

TalkTalk are offering help and support on their website.

Link: TalkTalk Alert
Source: NCSC Alerts

Whole Foods Market credit card data breach

Whole Foods Market, a US-headquartered supermarket with a small UK presence, has reported it is investigating a credit card breach. The store warned of unauthorised access to the credit card data of customers using restaurants and ‘tap rooms’ in its stores. The cards used by customers at store checkouts are not thought to have been affected. Investigations are still underway; however, it is likely the card data was acquired through…

Link: Weekly Threat Report 6th October 2017
Source: NCSC Reports

Mouseover malware masquerading in Powerpoint files

According to media reports, a new method of delivering malware has surfaced. ‘Zusy’ malware, according to IT company ExtremeTech, is a banking trojan whose intention is to steal credentials. The reports suggest that simply hovering your mouse over a link will lead to infection without requiring you to click on anything. However, several stages are required to successfully infect a user.

What is interesting about this malware is that the…

Link: Weekly Threat Report 16th June 2017
Source: NCSC Reports

Ex-employee threats to business

A disgruntled former system administrator at a US paper and packing manufacturing company was recently sentenced to 34 months in prison for causing the company $1.1 million worth of losses.
His network accesses were not revoked when he was fired in 2014, enabling him to establish a VPN connection to the industrial plant. Through this, he was able to send commands over a two-week period that caused ‘significant damage to Georgia-Pacific and its operations’….

Link: Weekly Threat Report 24th February 2017
Source: NCSC Reports

Threat assessment and trend analysis

Online Shoppers getting more than they bargained for.

A recent study has revealed an increase in the number of e-commerce websites infected with card-‘skimming’ malware.

Attackers have reportedly been exploiting unpatched software vulnerabilities in commonly used e-commerce software to modify the site’s source code. The modified JavaScript code then exfiltrates card details in real-time. These details are transferred to an off-shore…

Link: Weekly Threat Report 24th October 2016
Source: NCSC Reports

Two-factor authentication usage

Open source reports quote remarks made by a Google software engineer who revealed at a recent security conference that fewer than 10 per cent of Gmail users enabled Two-Factor Authentication (2FA). 

The benefit of 2FA is that it provides an extra layer of security.  The user has to provide standard login details of a password and username and also something that only that user has access to.  This might be a physical token, keyfob device,…

Link: Weekly Threat Report 26th January 2018
Source: NCSC Reports

Executive Summary

A vulnerability has been discovered in the Linux kernel which could give untrusted users unfettered root access. This vulnerability has been present in the Linux kernel for nine years but has only just been discovered. The vulnerability allows for privilege escalation that can be exploited easily and reliably. The fact that this flaw exists in nearly every version of Linux from at least the last nine years means this vulnerability should be taken seriously and patched as…

Link: ‘Dirty COW’ Linux privilege escalation vulnerability being actively exploited
Source: NCSC Alerts