Weekly Threat Report 13th April 2018

Recent data breaches: GWR and Sodexo

Great Western Rail has advised customers to change their passwords after unauthorised attempts to access GWR.com accounts. The attack likely used password data harvested from other areas of the internet. GWR confirmed that around 1,000 users have been directly affected.

Separately, the facilities management company Sodexo confirmed a targeted attack on its cinema voucher platform Filmology. As the breach resulted in unauthorised access to payment card…

Link: Weekly Threat Report 13th April 2018
Source: NCSC Reports

Weekly Threat Report 6th April 2018

Ransomware attacks in the US

Recent media reports have highlighted the continued ransomware threat to public and private sector organisations. These included a ransomware attack against Atlanta City that took much of the city’s internal and external services offline.

The services impacted included customer-facing applications used to pay bills or access court-related information. SamSam ransomware was reported to have been used in this attack.

Elsewhere, the City of Baltimore’s 911…

Link: Weekly Threat Report 6th April 2018
Source: NCSC Reports

Weekly Threat Report 23rd March 2018

Money laundering valued at up to $200 billion through cryptocurrencies

A joint report between Surrey University and researchers at security vendor Bromium estimates that the proceeds of cyber crime make up to 8-10% of total illegal profits laundered globally, believed to be valued at up to $200 billion.

The report surmises that virtual currencies such as Bitcoin are becoming the primary tool used by criminals to launder proceeds. While Bitcoin has long been viewed as the criminal’s…

Link: Weekly Threat Report 23rd March 2018
Source: NCSC Reports

Weekly Threat Report 16th March 2018

CCleaner update

Cyber security company Avast continues to investigate the 2017 supply chain attacks involving clean-up tool CCleaner. For a month last summer, Advanced Persistent Threat (APT) attackers are reported to have maliciously modified versions of CCleaner and CCleaner Cloud at source, before being downloaded by 2.27 million customers worldwide. The attackers then selected a small number of high profile technology and telecommunications companies to receive a secondary payload.

Avast…

Link: Weekly Threat Report 16th March 2018
Source: NCSC Reports

Weekly Threat Report 9th March 2018

Largest reported DDoS attacks mitigated 

The largest ever reported Distributed Denial of Service (DDoS) occurred in early March 2018, according to Netscout Arbor. A peak of 1.7 Terabits per second (Tbps) was recorded, although the attack was mitigated. This followed a recent attack against GitHub on 28 February, with a peak of 1.35 Tbps. The largest known attack previously took place in 2016 against the US DNS provider DYN, which peaked at 1.2 Tbps.

The method used for these attacks is…

Link: Weekly Threat Report 9th March 2018
Source: NCSC Reports

Weekly Threat Report 2nd March 2018

Ransomware infects Colorado Department of Transportation IT system

International media reports suggest that ransomware infected computers at the Colorado Department of Transportation (CDOT) on 21 February, encrypting files and requesting payment in Bitcoin to restore them. CDOT is responsible for managing and maintaining roads as well as monitoring traffic in the US state of Colorado, but no critical operational IT systems are believed to have been affected.

The organisation has taken 2,000…

Link: Weekly Threat Report 2nd March 2018
Source: NCSC Reports

Weekly Threat Report 23rd February 2018

Cloud security – FedEx data leak from AW

Adoption of cloud computing (the process of providing applications, processing power and storage through remote servers over the internet) is increasing amongst medium and large organisations. However, as cloud is adopted, the securing of services in the cloud as well as the security claims of the cloud provider become mission critical priorities for both private and public-sector enterprises.

Media reports that scanned documents containing the…

Link: Weekly Threat Report 23rd February 2018
Source: NCSC Reports

Weekly Threat Report 16th February 2018

Cryptocurrency mining update

On 11 February 2018, the NCSC made a statement to reassure the public that, whilst some government websites had been affected by malware designed to illegally mine cryptocurrency, no one was at risk of having their money stolen. The only possible effect on users’ machines was reduced performance.

The NCSC then followed up with guidance detailing how a compromised third party JavaScript library called Browsealoud had caused visitors to websites with the…

Link: Weekly Threat Report 16th February 2018
Source: NCSC Reports

Weekly Threat Report 9th February 2018

Meltdown and Spectre – Updated Advice

Malware making use of Meltdown and Spectre, the two CPU vulnerabilities highlighted back in January, is now being seen in the wild. Security researchers are reporting they have seen over 140 malware samples based on the proof of concept code. Whilst there have not been instances of Meltdown and Spectre actually being leveraged to compromise a system, it is a timely reminder that miscreants will take published security vulnerabilities and weaponise…

Link: Weekly Threat Report 9th February 2018
Source: NCSC Reports

Weekly Threat Report 2nd February 2018

World’s largest cryptocurrency heist

Last week saw the world’s largest cryptocurrency heist, with Coincheck reporting that hackers had stolen 523 million NEM (XEM) cryptocurrency (approx. £376.5 million). Coincheck is Japan’s largest Bitcoin exchange and deals with various other cryptocurrencies.

Coincheck have reassured customers that they would reimburse any losses. They are reporting that at present the attack methods deployed by the hackers are unknown and that…

Link: Weekly Threat Report 2nd February 2018
Source: NCSC Reports