Category: Sources

Yahoo breach indictments

The FBI has indicted four individuals for unauthorised access to Yahoo’s networks. According to the indictment, two were alleged cyber criminals and two were members of Russia’s Federal Security Service (FSB) who “conspired to protect, direct, facilitate and pay criminal hackers to collect information through computer intrusions in the USA and elsewhere”.

The intrusion into Yahoo’s networks, and the group’s subsequent exploitation…

Link: Weekly Threat Report 24th March 2017
Source: NCSC Reports

ATMS in Europe targeted by cyber criminals

The cyber security firm, Group-IB, recently published a report on Cobalt, a suspected criminal group, that has been using a novel method to steal money from banks across Europe, including the UK, via ATMs.  According to Group-IB, Cobalt target banking organisations by using spear-phishing emails with malicious attachments that exploit software vulnerabilities. Once an attachment is opened the attackers can move through a bank’s network and…

Link: Weekly Threat Report 25th November 2016
Source: NCSC Reports

Ransomware fears cause companies to hoard Bitcoin

Companies are reportedly stockpiling cryptocurrencies to hedge against the possible need to pay off cyber criminals. Some firms are said to be investing in Bitcoin and Ethereum to ensure that they have cryptocurrency funds available if they are affected by a ransomware attack. A survey carried out earlier this year by Citrix found that 42% of companies surveyed were building cryptocurrency stockpiles for ransomware payments, with 28%…

Link: Weekly Threat Report 22nd December 2017
Source: NCSC Reports

Cyber criminal groups identified on social media

Last week Facebook deleted around 120 private discussion groups – equating to more than 300,000 members – that were promoting a host of illicit cyber criminal activities, including spamming, selling stolen debit and credit account credentials, phony tax refunds, DDoS-for-hire services and botnet creation tools.

The groups had reportedly been operating on Facebook for an average of two years, although some had been in operation for up to nine…

Link: Weekly Threat Report 20th April 2018
Source: NCSC Reports

Fake speeding notices deliver malware

Police forces around the UK are warning motorists not to be taken in by a phishing email falsely informing them that they need to pay a speeding fine. The realistic-looking email, entitled ‘Notice of Prosecution’, claims to have ‘photographic’ evidence, but clicking on the associated link will upload banking malware to the victim’s device.

The email appears official, with the logos of either the local police force or ‘…

Link: Weekly Threat Report 3rd November 2017
Source: NCSC Reports

China to ban personal VPNs

The Chinese government has told state-owned telecoms companies to block individuals’ access to virtual private networks (VPNs) by 1 February 2018, according to media reports. The ban will greatly restrict individuals’ unfettered access to the Internet. VPNs have often been used to circumvent China’s Great Firewall and communicate securely with servers outside of China. The Chinese government has increasingly cracked down on them in pursuit of…

Link: Weekly Threat Report 14th July 2017
Source: NCSC Reports

Ransomware for political ends

Cyber security company PaloAlto networks has recently identified a new type of ransomware, seemingly designed for political ends. Ransomware is generally used by cyber criminals for monetary gain, encrypting data and forcing infected users to pay a financial ransom to decrypt their files. However, in this case, ‘RanRan’ ransomware demanded a political statement in return for the encryption key. The victim was supposed to create a sub-domain of their…

Link: Weekly Threat Report 17th March 2017
Source: NCSC Reports

Carbanak is Back

It is being reported that the hospitality sector is being targeted by the cyber-crime group Carbanak (also known as Anunak). The Carbanak gang were first identified by Kaspersky and are best known for a campaign in 2014 where they allegedly stole $1 billion from over 100 financial institutions worldwide. Security researchers at Trustwave have reported that Carbanak are now targeting the U.S. hospitality and restaurant industry’s point of sale systems.

The campaign…

Link: Weekly Threat Report 18th November 2016
Source: NCSC Reports

‘Meltdown’ and ‘Spectre’ vulnerabilities to microprocessors

Reports of new security flaws affecting microprocessors called ‘Meltdown’ and ‘Spectre’ surfaced this week. Processors in most devices employ a range of techniques to speed up their operation, and the vulnerabilities allow some of these techniques to be abused to obtain information about areas of memory not normally visible to an attacker. As a result, normally difficult actions – such as recovering passwords…

Link: Weekly Threat Report 5th January 2018
Source: NCSC Reports

Cost of ransomware attack on Atlanta

As reported in the Weekly Threat Report of 6 April 2018, the US city of Atlanta recently fell victim to an attack by the SamSam ransomware, which exploits a vulnerability in Java servers.

New reports indicate the city spent in the region of $2.66m responding to the attack. Costs included incident response, recovery and crisis management, but the city did not pay the ransom demand, reported to be approximately $55,000. There was also a broader cost in…

Link: Weekly Threat Report 27th April 2018
Source: NCSC Reports