Weekly Threat Report 18th November 2016

Carbanak is Back

It is being reported that the hospitality sector is being targeted by the cyber-crime group Carbanak (also known as Anunak). The Carbanak gang were first identified by Kaspersky and are best known for a campaign in 2014 where they allegedly stole $1 billion from over 100 financial institutions worldwide. Security researchers at Trustwave have reported that Carbanak are now targeting the U.S. hospitality and restaurant industry’s point of sale systems.

The campaign…

Link: Weekly Threat Report 18th November 2016
Source: NCSC Reports

Weekly Threat Report 25th November 2016

ATMS in Europe targeted by cyber criminals

The cyber security firm, Group-IB, recently published a report on Cobalt, a suspected criminal group, that has been using a novel method to steal money from banks across Europe, including the UK, via ATMs.  According to Group-IB, Cobalt target banking organisations by using spear-phishing emails with malicious attachments that exploit software vulnerabilities. Once an attachment is opened the attackers can move through a bank’s network and…

Link: Weekly Threat Report 25th November 2016
Source: NCSC Reports

Weekly Threat Report 2nd December 2016

Mirai targets router vulnerability

On Sunday 27th November 900,000 Deutsche Telekom customers were impacted by an attack from an adapted version of the Mirai worm. The attack resulted in customers being unable to connect to the Internet. This was followed by reports on Thursday 1st December that 100,000 Post Office customers had been similarly impacted as were UK customers of the Internet Service Provider (ISP) TalkTalk. The attack used the Mirai code, which scans and comprises IoT devices…

Link: Weekly Threat Report 2nd December 2016
Source: NCSC Reports

Weekly Threat Report 9th December 2016

Infected routers vulnerable to further attacks?

A small number of TalkTalk and Post Office domestic Wi-Fi routers are reportedly vulnerable to a new variant of the Mirai malware known as ‘Annie’. The denial of service experienced by TalkTalk and Post Office customers last week is said to have been an unintended consequence of the attacker, who goes by the name ‘BestBuy’. The attack sought to infect vulnerable routers with ‘Annie’.

Recently, BestBuy also…

Link: Weekly Threat Report 9th December 2016
Source: NCSC Reports

Weekly Threat Report 16th December 2016

Successful take-down of DDoS for hire service

Recent joint international law enforcement operations have resulted in the arrests of 34 suspected users of for-hire Distributed Denial of Service (DDoS) attack services. Twelve of the arrests were made in the UK, following a National Crime Agency (NCA)-led operation. The operation targeted Netspoof, an organisation which offered stresser packages to disable web servers and websites by flooding them with enormous volumes of internet traffic….

Link: Weekly Threat Report 16th December 2016
Source: NCSC Reports

Weekly Threat Report 6th January 2017

Vulnerabilities in travel booking systems

Security researchers presented findings at a recent cyber security conference highlighting a range of vulnerabilities in travel bookings systems known as Global Distribution Systems (GDS). GDS are databases used by a range of companies, including travel agencies, airlines, hotels and car hire companies, to hold the travel information collectively known as the Passenger Name Record (PNR).

Researchers noted that GDS can be accessed in many cases with…

Link: Weekly Threat Report 6th January 2017
Source: NCSC Reports

Weekly Threat Report 13th January 2017

The year of ransomware…

…is how 2016 has been widely described in the cyber security media.

There has been numerous UK incidents targeting academia, Government departments, industry, CNI sectors and individual users.  Using ransomware as an attack technique has become popular because it is easy to carry out and can be financially lucrative.

Ransomware can infect a system via  unpatched software vulnerabilities or duping unsuspecting users into installing the ransomware…

Link: Weekly Threat Report 13th January 2017
Source: NCSC Reports

Weekly Threat Report 20th January 2017

Password security

In November 2016, a study of user passwords exposed by a Yahoo data breach revealed that “123456” was the most common password, followed closely by “password” at number two. A more recent report on the most commonly used passwords revealed that “123456” was still number one, followed by the ‘more complex’ “123456789”.

These reports highlight ongoing problems associated with conventional password policies, which tend to promote the use of complicated passwords that are…

Link: Weekly Threat Report 20th January 2017
Source: NCSC Reports

Weekly Threat Report 27th January 2017

Twitterbots spreading fake news on the internet

Recent reports suggest social media bots are widely spreading fake news on the Internet.

A Twitterbot is a bot program used to create accounts and automated tweets that requires little or no human intervention. This typically means that not all accounts have to be created by humans. Twitterbots can be used for entertainment, marketing, spamming, manipulating Twitter’s trending topics list and public opinion, trolling, fake followers, malware…

Link: Weekly Threat Report 27th January 2017
Source: NCSC Reports

Weekly Threat Report 3rd February 2017

Shamoon 2

The Saudi Arabian Government warned on 23 January that the destructive wiper malware Shamoon 2 had been detected on its government networks.

Shamoon 2 is an updated version of Shamoon, the disk-wiping malware that disabled thousands of computers at Saudi state-linked energy company Saudi Aramco in 2012.

The Saudi authorities are reporting on these latest compromises publicly and have provided reassurance that the damage is currently limited and mitigation is in place.

The re-…

Link: Weekly Threat Report 3rd February 2017
Source: NCSC Reports