Pulse.Assent

Universities under cyber attack

This week, various media outlets have reported on the high number of cyber attacks suffered by UK universities.

Universities are of interest to a range of attackers. Highly skilled hacking groups conduct cyber espionage, seeking to acquire cutting-edge research and intellectual property in areas such as defence, energy, and artificial intelligence. Most academics have detailed web pages describing themselves and their research interests, giving attackers more…

Link: Weekly Threat Report 8th September 2017
Source: NCSC Reports

Phishing scam targeting UK university students

Media reporting earlier this month highlighted a warning by Action Fraud of a phishing campaign against university students. The scam involves fake emails claiming that the Student Loans Company have suspended the victim’s account. Victims are asked to provide credentials and bank account details, which is used to carry out identity theft and fraud. 

Cyber criminals often seek to exploit seasonal events, such as the start of…

Link: Weekly Threat Report 15th September 2017
Source: NCSC Reports

CCleaner supply chain compromise

A version of the widely used utility software CCleaner has reportedly been delivering malware via a recent software update. This tactic of targeting through supply chains, exploiting the trust between consumers and suppliers, provides wide scope for infection, as illustrated by the case of NotPetya malware which spread via Ukrainian accounting software.

Avast, the parent company of CCleaner developers Piriform, initially reported that 2.27 million…

Link: Weekly Threat Report 22nd September 2017
Source: NCSC Reports

Compromise of Deloitte

The Guardian this week reported that the global accountancy firm Deloitte had been hit by a cyber attack that has revealed client email addresses. The hackers may have also accessed usernames, passwords and personal details.

Deloitte provides auditing, tax consultancy and cyber security advice to some of the world’s biggest banks, multi-national companies, media enterprises, pharmaceutical firms and US government agencies. According to the Guardian, Deloitte…

Link: Weekly Threat Report 29th September 2017
Source: NCSC Reports

Whole Foods Market credit card data breach

Whole Foods Market, a US-headquartered supermarket with a small UK presence, has reported it is investigating a credit card breach. The store warned of unauthorised access to the credit card data of customers using restaurants and ‘tap rooms’ in its stores. The cards used by customers at store checkouts are not thought to have been affected. Investigations are still underway; however, it is likely the card data was acquired through…

Link: Weekly Threat Report 6th October 2017
Source: NCSC Reports

Cyber-enabled theft from Taiwanese bank

On 5th October 2017 Taiwan’s Far Eastern International Bank (FEIB) reported that it had fallen victim to a cyber-enabled theft. It is not yet known how much the attackers attempted to steal, but open source reports this figure could be as high as 60 million USD. FEIB states that, owing to errors by the criminals in their SWIFT[1] messaging configuration and efforts to recover the stolen money, estimated losses are less than 500,000 USD…

Link: Weekly Threat Report 13th October 2017
Source: NCSC Reports

KRACK – a fundamental flaw in Wi-Fi security

Security researchers from Belgium have found that the majority of Wi-Fi connections are potentially vulnerable to exploitation because of a fundamental weakness in the wireless security protocol – WPA2. The exploit is called “KRACK”, which is short for Key Reinstallation Attack. Reports suggest that at most risk are Linux operating systems, Internet of Things (IoT) devices and 41% of Android devices. However, many of these,…

Link: Weekly Threat Report 20th October 2017
Source: NCSC Reports

Bad Rabbit ransomware

This week, ‘Bad Rabbit’ ransomware infections have been reported in countries including Russia, Ukraine, Bulgaria, Turkey, Germany and Japan. The NCSC has not received any reports that the UK has been affected by this latest malware attack. The majority of infections have been in Russia, where media organisations were worst affected. Russia’s Interfax News Agency suffered outages to several of its services, including its news portal….

Link: Weekly Threat Report 27th October 2017
Source: NCSC Reports

Fake speeding notices deliver malware

Police forces around the UK are warning motorists not to be taken in by a phishing email falsely informing them that they need to pay a speeding fine. The realistic-looking email, entitled ‘Notice of Prosecution’, claims to have ‘photographic’ evidence, but clicking on the associated link will upload banking malware to the victim’s device.

The email appears official, with the logos of either the local police force or ‘…

Link: Weekly Threat Report 3rd November 2017
Source: NCSC Reports

Dating apps may put users’ personal data at risk

Researchers at Kaspersky Labs report that several popular online dating apps suffer from vulnerabilities in securing personal data. Users may be at risk of being deanonymized with their locations trackable and personally identifiable information (PII) in danger of being intercepted. Attackers could use the data for a variety of malicious purposes.

Poor security during data transmission is a common problem. For example, some apps upload…

Link: Weekly Threat Report 10th November 2017
Source: NCSC Reports