Weekly Threat Report 30th June 2017

Password challenges

Passwords have been in the news again recently. Most notably, on Friday 23 June accounts with weak passwords on the UK Parliamentary network were compromised; however less than 1% of the system’s 9,000 accounts were directly affected. Attention was also drawn this week to router password vulnerabilities, as Virgin Media advised customers with Virgin Super Hub 2 home routers to reset their passwords. This followed concerns that the routers had a relatively weak eight-…

Link: Weekly Threat Report 30th June 2017
Source: NCSC Reports

Weekly threat report 7th July 2017

Following reported attempts by hackers to compromise parliamentary email accounts in June, scammers have recently attempted to gain information by cold-calling (or vishing) MPs and their staff. Posing as staff from the Houses of Parliament’s IT department, the scammers have reportedly been requesting the usernames and passwords of MPs. Vishing, like its online equivalent, phishing, attempts to illicit sensitive information, such as passwords, or encourage victims to visit particular (…

Link: Weekly threat report 7th July 2017
Source: NCSC Reports

Weekly Threat Report 14th July 2017

China to ban personal VPNs

The Chinese government has told state-owned telecoms companies to block individuals’ access to virtual private networks (VPNs) by 1 February 2018, according to media reports. The ban will greatly restrict individuals’ unfettered access to the Internet. VPNs have often been used to circumvent China’s Great Firewall and communicate securely with servers outside of China. The Chinese government has increasingly cracked down on them in pursuit of…

Link: Weekly Threat Report 14th July 2017
Source: NCSC Reports

Weekly Threat Report 21st July 2017

New SMB protocol exploit effective against most windows operating systems 

An EternalSynergy based exploit has now been developed which can compromise newer (unpatched) versions of Windows. The original ETERNALSYNERGY exploit released by The Shadow Brokers in April exploited an SMB protocol vulnerability, CVE-2017-0143, to allow attackers to inject code onto Windows machines but only worked on versions up to Windows 8.

A security researcher has now modified and upgraded ETERNALSYNERGY…

Link: Weekly Threat Report 21st July 2017
Source: NCSC Reports

Weekly Threat Report 28th July 2017

NotPetya’s continuing impact on businesses

Businesses that fell victim to the NotPetya ransomware attack in June are warning of financial consequences and continuing disruption.

The potential impacts of a cyber breach to business have long been known: they may include lost sales, share price declines, reputational damage, regulatory fines for data losses, and clean-up costs. Businesses usually quote one large estimate when commenting on a cyber breach’s cost. However, in NotPetya…

Link: Weekly Threat Report 28th July 2017
Source: NCSC Reports

Weekly Threat Report 4th August 2017

Cyber incidents affecting airlines

Some North American airlines have issued statements regarding cyber security incidents in recent days. There is currently no evidence to suggest that these incidents are connected but these examples highlight the prevalence of such activity:

Virgin airlines detected unauthorised 3rd party access to their databases containing employee and contractor data in March 2017, including corporate credentials. In addition, over 100 individuals may have had further…

Link: Weekly Threat Report 4th August 2017
Source: NCSC Reports

Weekly Threat Report 11th August 2017

Steganography is becoming increasingly popular

According to the cyber security company Kaspersky Lab, steganography is becoming increasingly popular with cyber actors and is used to conceal malware, data exfiltration and for command and control (C&C) communications. 

Steganography is the technique of concealing data within other, seemingly innocuous, information. In a digital context, it generally refers to hiding data within a media file. Image files are the most common, but…

Link: Weekly Threat Report 11th August 2017
Source: NCSC Reports

Weekly Threat Report 18th August 2017

Hotels targeted across Europe and the Middle-East

Recent media reporting has highlighted a campaign targeting the hospitality sector.

The campaign, which reportedly started in July 2017 and may be linked to a similar campaign carried out during the autumn of 2016, is allegedly being carried out by Fancy Bear, also known as APT28. The group has also been implicated in the hack-and-leak campaign against the Democratic National Committee (DNC) during the 2016 US Presidential Elections.

Using…

Link: Weekly Threat Report 18th August 2017
Source: NCSC Reports

Weekly Threat Report 25th August 2017

Data breach affects NHS administrative information

An individual affiliating themselves with the hacktivist collective Anonymous claims to have stolen UK NHS patient data. The attacker claims to have exploited unpatched vulnerabilities in software provided by SwiftQueue, a vendor responsible for managing a number of hospital appointment booking systems.

SwiftQueue have confirmed an unauthorised party accessed 32,501 lines of administrative data. This is likely to include personally…

Link: Weekly Threat Report 25th August 2017
Source: NCSC Reports

Weekly Threat Report 1st September 2017

300% increase in attacks on Microsoft cloud services

Microsoft has revealed that the frequency of attacks against users of its cloud services, including Microsoft Azure and Office 365, has increased by 300% over the last year.

“A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services,” said Microsoft in its ‘Security and Intelligence’…

Link: Weekly Threat Report 1st September 2017
Source: NCSC Reports