Tag: information security

Winter Olympics phishing campaign

The information security company, McAfee, recently identified spear-phishing activity targeting the February 2018 Winter Olympics due to be held in South Korea.  

This highly tailored campaign was aimed at a number of South Korean organisations supporting the Games and made use of custom-made fileless malware and steganography. The phishing emails were written in the Korean language and purported to be from the South Korean National Counter Terrorism…

Link: Weekly Threat Report 12th January 2018
Source: NCSC Reports

‘Orangeworm’ Group Targeting Healthcare Industry

Symantec have reported that a group they have tracked as ‘Orangeworm’ since 2015 are targeting the healthcare industry in the United States, Asia and Europe, including the UK.

40% of their attacks focus on the healthcare industry. Other industries targeted are either closely related to healthcare or part of the supply chain, including IT, manufacturing, logistics and agriculture. It is likely that the supply chain has been…

Link: Weekly Threat Report 4th May 2018
Source: NCSC Reports

KRACK – a fundamental flaw in Wi-Fi security

Security researchers from Belgium have found that the majority of Wi-Fi connections are potentially vulnerable to exploitation because of a fundamental weakness in the wireless security protocol – WPA2. The exploit is called “KRACK”, which is short for Key Reinstallation Attack. Reports suggest that at most risk are Linux operating systems, Internet of Things (IoT) devices and 41% of Android devices. However, many of these,…

Link: Weekly Threat Report 20th October 2017
Source: NCSC Reports

Password challenges

Passwords have been in the news again recently. Most notably, on Friday 23 June accounts with weak passwords on the UK Parliamentary network were compromised; however less than 1% of the system’s 9,000 accounts were directly affected. Attention was also drawn this week to router password vulnerabilities, as Virgin Media advised customers with Virgin Super Hub 2 home routers to reset their passwords. This followed concerns that the routers had a relatively weak eight-…

Link: Weekly Threat Report 30th June 2017
Source: NCSC Reports

Yahoo breach highlights cookie security issues

Last year Yahoo reported several data breaches occurring between 2013 and 2016 which affected a large number of user accounts.  Personal information stolen could have included email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers.

Following forensic investigations Yahoo has revealed that fake cookies were a probable method used by attackers to access user accounts…

Link: Weekly Threat Report 10th March 2017
Source: NCSC Reports

The use of social media for cyber-enabled fraud is on the increase

Social media is increasingly used to commit cyber-enabled fraud according to recent reporting (by cyber security company Easy Solutions). Many of the 80 million fake social media profiles are reportedly used to facilitate cyber attacks. According to cyber security company, Proofpoint, 19% of accounts with top global brands are fake.

Social media attacks also recently tricked major UK banks’ customers into revealing…

Link: Weekly Threat Report 4th November 2016
Source: NCSC Reports

NCA and Trend Micro partnership leads to conviction

A man responsible for creating two crypting services has pleaded guilty in court following a joint investigation by the National Crime Agency (NCA) and Trend Micro.

Goncalo Esteves pleaded guilty on three charges on Monday 15 January 2018 and will be sentenced in February.

Esteves was responsible for creating two crypting services (Cryptex Reborn and Cryptex Lite). These were designed to modify a program, such as malware, so that it avoids…

Link: Weekly Threat Report 19th January 2018
Source: NCSC Reports

UK cyber criminal pleads guilty to selling customer credentials on the Dark Web

A cyber criminal who hacked into the online networks of at least 200 companies worldwide recently pleaded guilty to multiple offences in court.

Grant West, 25, who operated under the pseudonym ‘Courvoisier’, was detained in September 2017 following a two-year investigation by Scotland Yard. He was arrested on a train whilst logging on to his dark web marketplace account.

Southwark Crown Court heard…

Link: Weekly Threat Report 11th May 2018
Source: NCSC Reports

A spokesperson for the National Cyber Security Centre said:

“We are aware of a cyber incident and we are working with NHS Digital and the National Crime Agency to investigate.”

Advice on protecting yourself from ransomware is available here. 

UPDATE

A statement from the NCSC on the international cyber incident can be read here.

Link: NHS Alert
Source: NCSC Alerts

Cyber-enabled theft from Taiwanese bank

On 5th October 2017 Taiwan’s Far Eastern International Bank (FEIB) reported that it had fallen victim to a cyber-enabled theft. It is not yet known how much the attackers attempted to steal, but open source reports this figure could be as high as 60 million USD. FEIB states that, owing to errors by the criminals in their SWIFT[1] messaging configuration and efforts to recover the stolen money, estimated losses are less than 500,000 USD…

Link: Weekly Threat Report 13th October 2017
Source: NCSC Reports