Link: The Communications Act 2003 and the Digital Economy Act 2017 (Consequential Amendments to Secondary Legislation) Regulations 2017
Source: Legislation .gov.uk
Press release: Government celebrates cyber security successes in Manchester
The First Secretary of State, Damian Green, spoke at the landmark opening of the new global headquarters of the NCC Group in Manchester, marking the first anniversary of the creation of the National Cyber Security Strategy (NCSS).
The NCSS was launched a year ago in response to the growing cyber security challenges and threats faced by the UK and to define the Government’s ambitions for the future.
As a part of this world-leading strategy the government invested £1.9 billion in establishing the innovative National Cyber Security Centre (NCSC), demonstrating a long-term commitment to keeping the UK safe. Since its launch the NCSC has responded to over 590 significant cyber incidents: providing support to victims, sharing information with intelligence and law enforcement, and setting up incident management structures to ensure essential services are up and running once incidents have occurred.
The First Secretary spoke at the headquarters of the NCC Group – a global expert in cyber security and risk mitigation. The newly built headquarters in Manchester equipped with state of the art technology will employ more than 500 cyber security experts providing Britain’s and Europe’s largest companies with cyber security consultancy and cyber incident response.
Damian Green, First Secretary of State and Minister for the Cabinet Office said:
This Government is committed to tackling the growing threat of cyber security and will continue to invest in the future of our defence programme.
The Government’s Cyber Schools programme aims to provide skills to nearly 6,000 young people in order to secure the UK’s position as a world leader in cyber security for generations to come.
I am delighted that a global cyber security expert has chosen to open their headquarters in Manchester – fuelling the success of the Northern Powerhouse.
Brian Tenner, Interim CEO at NCC Group said:
NCC Group continues to play a pivotal role in advising government and helping to implement national initiatives which are strengthening the UK’s cyber security posture and helping to improve the country’s technical capabilities in this area. The First Secretary’s visit is recognition of this continuing support and we were delighted to welcome him to our company headquarters today.
The threat of cyber crime is an ever-evolving issue that is increasing in severity every day. It is encouraging that the UK Government is treating this as a priority and putting concrete strategies in place to address this. We will continue to offer our assistance and work closely with the UK Government on these new initiatives in order to improve the UK’s ability to defend against modern cyber threats.
Link: Press release: Government celebrates cyber security successes in Manchester
Source: Gov Press Releases
ISO/IEC 27007:2017 Information technology. Security techniques. Guidelines for information security management systems auditing
ISO/IEC 27034-5:2017 Information technology. Security techniques. Application security Protocols and application security controls data structure
Data breach of 500m Yahoo accounts
Summary
CERT-UK is aware of reports of an attack on the technology firm Yahoo in which up to 500 million user accounts were breached.
In August 2016, a hacker known as “Peace” was reportedly attempting to sell information from 200 million Yahoo accounts breached in an attack from 2014. Initially believed to be speculation, Yahoo has now revealed that a breach did take place compromising the data of 500 million accounts. This is believed to be the biggest public breach of…
Link: Data breach of 500m Yahoo accounts
Source: NCSC Alerts
Weekly Threat Report 22nd September 2017
CCleaner supply chain compromise
A version of the widely used utility software CCleaner has reportedly been delivering malware via a recent software update. This tactic of targeting through supply chains, exploiting the trust between consumers and suppliers, provides wide scope for infection, as illustrated by the case of NotPetya malware which spread via Ukrainian accounting software.
Avast, the parent company of CCleaner developers Piriform, initially reported that 2.27 million…
Link: Weekly Threat Report 22nd September 2017
Source: NCSC Reports
Weekly Threat Report 2nd June 2017
Android app malware
According to IT security company Check Point, as many as 36 million Android devices may have been infected with ad-click malware. The malware, dubbed Judy, is reported to have been present in approximately 50 apps in Google’s play store, but the total number of infections cannot be accurately determined as it is not known for how long the apps have been malicious.
Those responsible generate money through ad-clicks – in this instance Judy silently imitated a…
Link: Weekly Threat Report 2nd June 2017
Source: NCSC Reports
Weekly Threat Report 13th February 2017
Polish banks in watering hole attack
The Polish financial sector has been hit by what is being described as the most serious incident in the history of Polish banking. A web server of the Polish financial regulator Komisja Nadzoru Finansowego (KNF) was probably compromised in early October 2016, but it wasn’t until early February that Polish banks noticed unusual network activity and unauthorised files on several workstations. Investigations revealed that the KNF website had been used…
Link: Weekly Threat Report 13th February 2017
Source: NCSC Reports
Weekly Threat Report 10th October 2016
Threat assessment and trend analysis
Dresscode Masquerading as Legitimate Android App
Risk of Trojanised Android apps
A family of mobile malware known as ‘Dresscode’ has been masquerading as legitimate Android apps since April, according to cybersecurity researchers. Over 3000 apps with embedded Trojans, including games, skins and phone optimisation tools, have been identified on sale from Android app stores, including 400 in the Google Play store alone.
How dresscode works
Once…
Link: Weekly Threat Report 10th October 2016
Source: NCSC Reports
Weekly Threat Report 9th February 2018
Meltdown and Spectre – Updated Advice
Malware making use of Meltdown and Spectre, the two CPU vulnerabilities highlighted back in January, is now being seen in the wild. Security researchers are reporting they have seen over 140 malware samples based on the proof of concept code. Whilst there have not been instances of Meltdown and Spectre actually being leveraged to compromise a system, it is a timely reminder that miscreants will take published security vulnerabilities and weaponise…
Link: Weekly Threat Report 9th February 2018
Source: NCSC Reports