Weekly Threat Report 13th February 2017

Polish banks in watering hole attack

The Polish financial sector has been hit by what is being described as the most serious incident in the history of Polish banking. A web server of the Polish financial regulator Komisja Nadzoru Finansowego (KNF) was probably compromised in early October 2016, but it wasn’t until early February that Polish banks noticed unusual network activity and unauthorised files on several workstations. Investigations revealed that the KNF website had been used…

Link: Weekly Threat Report 13th February 2017
Source: NCSC Reports

Weekly Threat Report 17th February 2017

Official Launch of the National Cyber Security Centre

February 14th marked the official launch of the National Cyber Security Centre (NCSC) HQ by Her Majesty the Queen. The Centre will work to make the UK the safest place to live and do business online.

 

In acknowledgement that Government alone cannot protect the public from cyber attacks, the Chancellor announced the launch of the Industry 100 initiative. Industry 100 will see the centre invite expertise from industry to collaborate…

Link: Weekly Threat Report 17th February 2017
Source: NCSC Reports

Weekly Threat Report 24th February 2017

Ex-employee threats to business

A disgruntled former system administrator at a US paper and packing manufacturing company was recently sentenced to 34 months in prison for causing the company $1.1 million worth of losses.
His network accesses were not revoked when he was fired in 2014, enabling him to establish a VPN connection to the industrial plant. Through this, he was able to send commands over a two-week period that caused ‘significant damage to Georgia-Pacific and its operations’….

Link: Weekly Threat Report 24th February 2017
Source: NCSC Reports

Weekly Threat Report 3rd March 2017

Drone-enabled hacking

An organisation’s most sensitive information is often stored on ‘air-gapped’ computers, which are physically separated from the internet.  The lack of a connection protects them from most external attackers, and even if the machine is infected with malware, the data is difficult to exfiltrate.

An Israeli researcher has demonstrated a new technique for transmitting information out of air-gapped computers, using malware to force LEDs to flash in a…

Link: Weekly Threat Report 3rd March 2017
Source: NCSC Reports

Weekly Threat Report 10th March 2017

Yahoo breach highlights cookie security issues

Last year Yahoo reported several data breaches occurring between 2013 and 2016 which affected a large number of user accounts.  Personal information stolen could have included email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers.

Following forensic investigations Yahoo has revealed that fake cookies were a probable method used by attackers to access user accounts…

Link: Weekly Threat Report 10th March 2017
Source: NCSC Reports

Weekly Threat Report 17th March 2017

Ransomware for political ends

Cyber security company PaloAlto networks has recently identified a new type of ransomware, seemingly designed for political ends. Ransomware is generally used by cyber criminals for monetary gain, encrypting data and forcing infected users to pay a financial ransom to decrypt their files. However, in this case, ‘RanRan’ ransomware demanded a political statement in return for the encryption key. The victim was supposed to create a sub-domain of their…

Link: Weekly Threat Report 17th March 2017
Source: NCSC Reports

Weekly Threat Report 24th March 2017

Yahoo breach indictments

The FBI has indicted four individuals for unauthorised access to Yahoo’s networks. According to the indictment, two were alleged cyber criminals and two were members of Russia’s Federal Security Service (FSB) who “conspired to protect, direct, facilitate and pay criminal hackers to collect information through computer intrusions in the USA and elsewhere”.

The intrusion into Yahoo’s networks, and the group’s subsequent exploitation…

Link: Weekly Threat Report 24th March 2017
Source: NCSC Reports

Weekly Threat Report 31st March 2017

Criminals target US healthcare sector

The cyber division of the FBI recently issued an alert warning of criminal activity targeting File Transfer Protocol (FTP) servers operating in ‘anonymous’ mode, associated with the US medical and dental facilities.

The criminals involved are reportedly motivated by the potential to access protected health information (PHI) and personally identifiable information (PII). This data is then used by criminals to extort healthcare business owners…

Link: Weekly Threat Report 31st March 2017
Source: NCSC Reports

Weekly Threat Report 7th April 2017

Threat to Managed Service Providers

A major cyber campaign against Managed Service providers has been detected that may present risks to organisations using outsourced IT services. Please see the following report for further details. Further information can also be found via the Cyber-Security Information Sharing Partnership (CISP) forum.

Media references to terrorist cyber capability

There have been numerous reports on the recently imposed restrictions on electronic devices larger than a…

Link: Weekly Threat Report 7th April 2017
Source: NCSC Reports