Link: The Communications Act 2003 and the Digital Economy Act 2017 (Consequential Amendments to Secondary Legislation) Regulations 2017
Source: Legislation .gov.uk
Press release: Government celebrates cyber security successes in Manchester
The First Secretary of State, Damian Green, spoke at the landmark opening of the new global headquarters of the NCC Group in Manchester, marking the first anniversary of the creation of the National Cyber Security Strategy (NCSS).
The NCSS was launched a year ago in response to the growing cyber security challenges and threats faced by the UK and to define the Government’s ambitions for the future.
As a part of this world-leading strategy the government invested £1.9 billion in establishing the innovative National Cyber Security Centre (NCSC), demonstrating a long-term commitment to keeping the UK safe. Since its launch the NCSC has responded to over 590 significant cyber incidents: providing support to victims, sharing information with intelligence and law enforcement, and setting up incident management structures to ensure essential services are up and running once incidents have occurred.
The First Secretary spoke at the headquarters of the NCC Group – a global expert in cyber security and risk mitigation. The newly built headquarters in Manchester equipped with state of the art technology will employ more than 500 cyber security experts providing Britain’s and Europe’s largest companies with cyber security consultancy and cyber incident response.
Damian Green, First Secretary of State and Minister for the Cabinet Office said:
This Government is committed to tackling the growing threat of cyber security and will continue to invest in the future of our defence programme.
The Government’s Cyber Schools programme aims to provide skills to nearly 6,000 young people in order to secure the UK’s position as a world leader in cyber security for generations to come.
I am delighted that a global cyber security expert has chosen to open their headquarters in Manchester – fuelling the success of the Northern Powerhouse.
Brian Tenner, Interim CEO at NCC Group said:
NCC Group continues to play a pivotal role in advising government and helping to implement national initiatives which are strengthening the UK’s cyber security posture and helping to improve the country’s technical capabilities in this area. The First Secretary’s visit is recognition of this continuing support and we were delighted to welcome him to our company headquarters today.
The threat of cyber crime is an ever-evolving issue that is increasing in severity every day. It is encouraging that the UK Government is treating this as a priority and putting concrete strategies in place to address this. We will continue to offer our assistance and work closely with the UK Government on these new initiatives in order to improve the UK’s ability to defend against modern cyber threats.
Link: Press release: Government celebrates cyber security successes in Manchester
Source: Gov Press Releases
ISO/IEC 27007:2017 Information technology. Security techniques. Guidelines for information security management systems auditing
ISO/IEC 27034-5:2017 Information technology. Security techniques. Application security Protocols and application security controls data structure
Weekly Threat Report 17th November 2017
New banking trojan discovered
Security researchers have discovered a new trojan targeting customers of banks, payment card providers, mobile service providers, payroll, webmail and e-commerce sites. Known as IcedID, the malware uses web browser manipulation techniques to trick users into entering their login credentials and payment authorisation details into malicious webpages. The malware affects systems infected by the highly persistent Emotet banking trojan that hijacks computers to form…
Link: Weekly Threat Report 17th November 2017
Source: NCSC Reports
Weekly Threat Report 28th July 2017
NotPetya’s continuing impact on businesses
Businesses that fell victim to the NotPetya ransomware attack in June are warning of financial consequences and continuing disruption.
The potential impacts of a cyber breach to business have long been known: they may include lost sales, share price declines, reputational damage, regulatory fines for data losses, and clean-up costs. Businesses usually quote one large estimate when commenting on a cyber breach’s cost. However, in NotPetya…
Link: Weekly Threat Report 28th July 2017
Source: NCSC Reports
Weekly Threat Report 31st March 2017
Criminals target US healthcare sector
The cyber division of the FBI recently issued an alert warning of criminal activity targeting File Transfer Protocol (FTP) servers operating in ‘anonymous’ mode, associated with the US medical and dental facilities.
The criminals involved are reportedly motivated by the potential to access protected health information (PHI) and personally identifiable information (PII). This data is then used by criminals to extort healthcare business owners…
Link: Weekly Threat Report 31st March 2017
Source: NCSC Reports
Weekly Threat Report 2nd December 2016
Mirai targets router vulnerability
On Sunday 27th November 900,000 Deutsche Telekom customers were impacted by an attack from an adapted version of the Mirai worm. The attack resulted in customers being unable to connect to the Internet. This was followed by reports on Thursday 1st December that 100,000 Post Office customers had been similarly impacted as were UK customers of the Internet Service Provider (ISP) TalkTalk. The attack used the Mirai code, which scans and comprises IoT devices…
Link: Weekly Threat Report 2nd December 2016
Source: NCSC Reports
Weekly Threat Report 15th December 2017
Increase in HTTPS phishing attacks
Over the past few years website owners have been encouraged to adopt HTTPS website domains rather than HTTP. With HTTPS, data in transit is encrypted; this provides additional security for transiting data, such as login credentials, which may contain information of use to attackers.
HTTPS domains are verified by SSL Certificate Authorities, who issue and authenticate certificates. The padlock symbol in the URL field links to the certificate provider’s…
Link: Weekly Threat Report 15th December 2017
Source: NCSC Reports
Weekly Threat Report 13th April 2018
Recent data breaches: GWR and Sodexo
Great Western Rail has advised customers to change their passwords after unauthorised attempts to access GWR.com accounts. The attack likely used password data harvested from other areas of the internet. GWR confirmed that around 1,000 users have been directly affected.
Separately, the facilities management company Sodexo confirmed a targeted attack on its cinema voucher platform Filmology. As the breach resulted in unauthorised access to payment card…
Link: Weekly Threat Report 13th April 2018
Source: NCSC Reports