Link: The Communications Act 2003 and the Digital Economy Act 2017 (Consequential Amendments to Secondary Legislation) Regulations 2017
Source: Legislation .gov.uk
Press release: Government celebrates cyber security successes in Manchester
The First Secretary of State, Damian Green, spoke at the landmark opening of the new global headquarters of the NCC Group in Manchester, marking the first anniversary of the creation of the National Cyber Security Strategy (NCSS).
The NCSS was launched a year ago in response to the growing cyber security challenges and threats faced by the UK and to define the Government’s ambitions for the future.
As a part of this world-leading strategy the government invested £1.9 billion in establishing the innovative National Cyber Security Centre (NCSC), demonstrating a long-term commitment to keeping the UK safe. Since its launch the NCSC has responded to over 590 significant cyber incidents: providing support to victims, sharing information with intelligence and law enforcement, and setting up incident management structures to ensure essential services are up and running once incidents have occurred.
The First Secretary spoke at the headquarters of the NCC Group – a global expert in cyber security and risk mitigation. The newly built headquarters in Manchester equipped with state of the art technology will employ more than 500 cyber security experts providing Britain’s and Europe’s largest companies with cyber security consultancy and cyber incident response.
Damian Green, First Secretary of State and Minister for the Cabinet Office said:
This Government is committed to tackling the growing threat of cyber security and will continue to invest in the future of our defence programme.
The Government’s Cyber Schools programme aims to provide skills to nearly 6,000 young people in order to secure the UK’s position as a world leader in cyber security for generations to come.
I am delighted that a global cyber security expert has chosen to open their headquarters in Manchester – fuelling the success of the Northern Powerhouse.
Brian Tenner, Interim CEO at NCC Group said:
NCC Group continues to play a pivotal role in advising government and helping to implement national initiatives which are strengthening the UK’s cyber security posture and helping to improve the country’s technical capabilities in this area. The First Secretary’s visit is recognition of this continuing support and we were delighted to welcome him to our company headquarters today.
The threat of cyber crime is an ever-evolving issue that is increasing in severity every day. It is encouraging that the UK Government is treating this as a priority and putting concrete strategies in place to address this. We will continue to offer our assistance and work closely with the UK Government on these new initiatives in order to improve the UK’s ability to defend against modern cyber threats.
Link: Press release: Government celebrates cyber security successes in Manchester
Source: Gov Press Releases
ISO/IEC 27007:2017 Information technology. Security techniques. Guidelines for information security management systems auditing
ISO/IEC 27034-5:2017 Information technology. Security techniques. Application security Protocols and application security controls data structure
NHS Alert
A spokesperson for the National Cyber Security Centre said:
“We are aware of a cyber incident and we are working with NHS Digital and the National Crime Agency to investigate.”
Advice on protecting yourself from ransomware is available here.
UPDATE
A statement from the NCSC on the international cyber incident can be read here.
Link: NHS Alert
Source: NCSC Alerts
Weekly Threat Report 13th October 2017
Cyber-enabled theft from Taiwanese bank
On 5th October 2017 Taiwan’s Far Eastern International Bank (FEIB) reported that it had fallen victim to a cyber-enabled theft. It is not yet known how much the attackers attempted to steal, but open source reports this figure could be as high as 60 million USD. FEIB states that, owing to errors by the criminals in their SWIFT[1] messaging configuration and efforts to recover the stolen money, estimated losses are less than 500,000 USD…
Link: Weekly Threat Report 13th October 2017
Source: NCSC Reports
Weekly Threat Report 23rd June 2017
Fake airline websites distributed by social media
Scammers are using the brands of major global airlines to lure users to fake websites and then encourage them to share links to the sites with friends. When a user clicks through to the sites they are prompted to answer a few simple questions and provide personal information to get free flights. Once they give away their name, email, phone, date of birth and address they are then told they will receive the flights, only once they ‘like…
Link: Weekly Threat Report 23rd June 2017
Source: NCSC Reports
Weekly Threat Report 3rd March 2017
Drone-enabled hacking
An organisation’s most sensitive information is often stored on ‘air-gapped’ computers, which are physically separated from the internet. The lack of a connection protects them from most external attackers, and even if the machine is infected with malware, the data is difficult to exfiltrate.
An Israeli researcher has demonstrated a new technique for transmitting information out of air-gapped computers, using malware to force LEDs to flash in a…
Link: Weekly Threat Report 3rd March 2017
Source: NCSC Reports
Weekly Threat Report 28th October 2016
Malware-infected ATMs compromise Indian debit cards
Indian media have reported that 3.2 million debit cards may have been compromised by ATM malware in what has been described as the “biggest ever cyber security breach” in the Indian banking sector. The Economic Times reported that debit cards belonging to large banks such as the State Bank of India (SBI), HDFC Bank, Yes Bank and ICICI Bank may have been compromised.
Although some reports indicate that the breach may have…
Link: Weekly Threat Report 28th October 2016
Source: NCSC Reports
Weekly Threat Report 25th January 2018
Two-factor authentication usage
Open source reports quote remarks made by a Google software engineer who revealed at a recent security conference that fewer than 10 per cent of Gmail users enabled Two-Factor Authentication (2FA).
The benefit of 2FA is that it provides an extra layer of security. The user has to provide standard login details of a password and username and also something that only that user has access to. This might be a physical token, keyfob device,…
Link: Weekly Threat Report 25th January 2018
Source: NCSC Reports