Category: Sources

Two-factor authentication usage

Open source reports quote remarks made by a Google software engineer who revealed at a recent security conference that fewer than 10 per cent of Gmail users enabled Two-Factor Authentication (2FA). 

The benefit of 2FA is that it provides an extra layer of security.  The user has to provide standard login details of a password and username and also something that only that user has access to.  This might be a physical token, keyfob device,…

Link: Weekly Threat Report 26th January 2018
Source: NCSC Reports

Executive Summary

A vulnerability has been discovered in the Linux kernel which could give untrusted users unfettered root access. This vulnerability has been present in the Linux kernel for nine years but has only just been discovered. The vulnerability allows for privilege escalation that can be exploited easily and reliably. The fact that this flaw exists in nearly every version of Linux from at least the last nine years means this vulnerability should be taken seriously and patched as…

Link: ‘Dirty COW’ Linux privilege escalation vulnerability being actively exploited
Source: NCSC Alerts

Compromise of Deloitte

The Guardian this week reported that the global accountancy firm Deloitte had been hit by a cyber attack that has revealed client email addresses. The hackers may have also accessed usernames, passwords and personal details.

Deloitte provides auditing, tax consultancy and cyber security advice to some of the world’s biggest banks, multi-national companies, media enterprises, pharmaceutical firms and US government agencies. According to the Guardian, Deloitte…

Link: Weekly Threat Report 29th September 2017
Source: NCSC Reports

Fireball malware

More than 250 million computers worldwide have been infected with malicious adware called Fireball, according to recent reporting.  Produced by Rafotec, a Beijing-based digital marketing firm, the malware is spread mostly via bundling. That is, when a user downloads a product they want, the Fireball malware is ‘bundled’ in without the user’s knowledge or consent.

Once infected, Fireball hijacks the user’s browser, installs extra plug-ins and…

Link: Weekly Threat Report 9th June 2017
Source: NCSC Reports

Official Launch of the National Cyber Security Centre

February 14th marked the official launch of the National Cyber Security Centre (NCSC) HQ by Her Majesty the Queen. The Centre will work to make the UK the safest place to live and do business online.

 

In acknowledgement that Government alone cannot protect the public from cyber attacks, the Chancellor announced the launch of the Industry 100 initiative. Industry 100 will see the centre invite expertise from industry to collaborate…

Link: Weekly Threat Report 17th February 2017
Source: NCSC Reports

New Trojan used in financial attacks

Symantec recently reported on a malware variant ‘Trojan.Odinaff’ which has been involved in a number of discreet campaigns targeting global financial organisations since January 2016. Organisations involved in banking, securities, trading and payroll appear to be the primary targets, with organisations providing the support services to these industries also of interest.

According to the report, US institutions have been most frequently targeted, followed…

Link: Weekly Threat Report 17th October 2016
Source: NCSC Reports

World’s largest cryptocurrency heist

Last week saw the world’s largest cryptocurrency heist, with Coincheck reporting that hackers had stolen 523 million NEM (XEM) cryptocurrency (approx. £376.5 million). Coincheck is Japan’s largest Bitcoin exchange and deals with various other cryptocurrencies.

Coincheck have reassured customers that they would reimburse any losses. They are reporting that at present the attack methods deployed by the hackers are unknown and that…

Link: Weekly Threat Report 2nd February 2018
Source: NCSC Reports

Summary

CERT-UK is aware of reports of an attack on the technology firm Yahoo in which up to 500 million user accounts were breached.

In August 2016, a hacker known as “Peace” was reportedly attempting to sell information from 200 million Yahoo accounts breached in an attack from 2014. Initially believed to be speculation, Yahoo has now revealed that a breach did take place compromising the data of 500 million accounts. This is believed to be the biggest public breach of…

Link: Data breach of 500m Yahoo accounts
Source: NCSC Alerts

CCleaner supply chain compromise

A version of the widely used utility software CCleaner has reportedly been delivering malware via a recent software update. This tactic of targeting through supply chains, exploiting the trust between consumers and suppliers, provides wide scope for infection, as illustrated by the case of NotPetya malware which spread via Ukrainian accounting software.

Avast, the parent company of CCleaner developers Piriform, initially reported that 2.27 million…

Link: Weekly Threat Report 22nd September 2017
Source: NCSC Reports

Android app malware

According to IT security company Check Point, as many as 36 million Android devices may have been infected with ad-click malware. The malware, dubbed Judy, is reported to have been present in approximately 50 apps in Google’s play store, but the total number of infections cannot be accurately determined as it is not known for how long the apps have been malicious.

Those responsible generate money through ad-clicks – in this instance Judy silently imitated a…

Link: Weekly Threat Report 2nd June 2017
Source: NCSC Reports