Category: NCSC

Fake speeding notices deliver malware

Police forces around the UK are warning motorists not to be taken in by a phishing email falsely informing them that they need to pay a speeding fine. The realistic-looking email, entitled ‘Notice of Prosecution’, claims to have ‘photographic’ evidence, but clicking on the associated link will upload banking malware to the victim’s device.

The email appears official, with the logos of either the local police force or ‘…

Link: Weekly Threat Report 3rd November 2017
Source: NCSC Reports

China to ban personal VPNs

The Chinese government has told state-owned telecoms companies to block individuals’ access to virtual private networks (VPNs) by 1 February 2018, according to media reports. The ban will greatly restrict individuals’ unfettered access to the Internet. VPNs have often been used to circumvent China’s Great Firewall and communicate securely with servers outside of China. The Chinese government has increasingly cracked down on them in pursuit of…

Link: Weekly Threat Report 14th July 2017
Source: NCSC Reports

Ransomware for political ends

Cyber security company PaloAlto networks has recently identified a new type of ransomware, seemingly designed for political ends. Ransomware is generally used by cyber criminals for monetary gain, encrypting data and forcing infected users to pay a financial ransom to decrypt their files. However, in this case, ‘RanRan’ ransomware demanded a political statement in return for the encryption key. The victim was supposed to create a sub-domain of their…

Link: Weekly Threat Report 17th March 2017
Source: NCSC Reports

Carbanak is Back

It is being reported that the hospitality sector is being targeted by the cyber-crime group Carbanak (also known as Anunak). The Carbanak gang were first identified by Kaspersky and are best known for a campaign in 2014 where they allegedly stole $1 billion from over 100 financial institutions worldwide. Security researchers at Trustwave have reported that Carbanak are now targeting the U.S. hospitality and restaurant industry’s point of sale systems.

The campaign…

Link: Weekly Threat Report 18th November 2016
Source: NCSC Reports

‘Meltdown’ and ‘Spectre’ vulnerabilities to microprocessors

Reports of new security flaws affecting microprocessors called ‘Meltdown’ and ‘Spectre’ surfaced this week. Processors in most devices employ a range of techniques to speed up their operation, and the vulnerabilities allow some of these techniques to be abused to obtain information about areas of memory not normally visible to an attacker. As a result, normally difficult actions – such as recovering passwords…

Link: Weekly Threat Report 5th January 2018
Source: NCSC Reports

Cost of ransomware attack on Atlanta

As reported in the Weekly Threat Report of 6 April 2018, the US city of Atlanta recently fell victim to an attack by the SamSam ransomware, which exploits a vulnerability in Java servers.

New reports indicate the city spent in the region of $2.66m responding to the attack. Costs included incident response, recovery and crisis management, but the city did not pay the ransom demand, reported to be approximately $55,000. There was also a broader cost in…

Link: Weekly Threat Report 27th April 2018
Source: NCSC Reports

Bad Rabbit ransomware

This week, ‘Bad Rabbit’ ransomware infections have been reported in countries including Russia, Ukraine, Bulgaria, Turkey, Germany and Japan. The NCSC has not received any reports that the UK has been affected by this latest malware attack. The majority of infections have been in Russia, where media organisations were worst affected. Russia’s Interfax News Agency suffered outages to several of its services, including its news portal….

Link: Weekly Threat Report 27th October 2017
Source: NCSC Reports

Following reported attempts by hackers to compromise parliamentary email accounts in June, scammers have recently attempted to gain information by cold-calling (or vishing) MPs and their staff. Posing as staff from the Houses of Parliament’s IT department, the scammers have reportedly been requesting the usernames and passwords of MPs. Vishing, like its online equivalent, phishing, attempts to illicit sensitive information, such as passwords, or encourage victims to visit particular (…

Link: Weekly threat report 7th July 2017
Source: NCSC Reports

A new threat report, jointly written by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), provides an in-depth analysis of the evolving threat, together with an overview of the practical steps the UK can take together.

Read the report

Link: The Cyber Threat to UK Business
Source: NCSC Reports

Threat assessment and trend analysis

Old Tricks, New Bot

In September, the National Cyber Security Centre was made aware of a new banking Trojan called TrickBot, targeting the customers of online financial institutions in Australia and New Zealand. The latest version has added functionality and has primarily targeted the UK. Once infected, the attackers use web browser injects and redirection attacks to harvest banking credentials. TrickBot is distributed through both malvertising and spam…

Link: Weekly Threat Report 11th November 2016
Source: NCSC Reports