Tag: information security

Bad Rabbit ransomware

This week, ‘Bad Rabbit’ ransomware infections have been reported in countries including Russia, Ukraine, Bulgaria, Turkey, Germany and Japan. The NCSC has not received any reports that the UK has been affected by this latest malware attack. The majority of infections have been in Russia, where media organisations were worst affected. Russia’s Interfax News Agency suffered outages to several of its services, including its news portal….

Link: Weekly Threat Report 27th October 2017
Source: NCSC Reports

Following reported attempts by hackers to compromise parliamentary email accounts in June, scammers have recently attempted to gain information by cold-calling (or vishing) MPs and their staff. Posing as staff from the Houses of Parliament’s IT department, the scammers have reportedly been requesting the usernames and passwords of MPs. Vishing, like its online equivalent, phishing, attempts to illicit sensitive information, such as passwords, or encourage victims to visit particular (…

Link: Weekly threat report 7th July 2017
Source: NCSC Reports

A new threat report, jointly written by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), provides an in-depth analysis of the evolving threat, together with an overview of the practical steps the UK can take together.

Read the report

Link: The Cyber Threat to UK Business
Source: NCSC Reports

Threat assessment and trend analysis

Old Tricks, New Bot

In September, the National Cyber Security Centre was made aware of a new banking Trojan called TrickBot, targeting the customers of online financial institutions in Australia and New Zealand. The latest version has added functionality and has primarily targeted the UK. Once infected, the attackers use web browser injects and redirection attacks to harvest banking credentials. TrickBot is distributed through both malvertising and spam…

Link: Weekly Threat Report 11th November 2016
Source: NCSC Reports

Winter Olympics phishing campaign

The information security company, McAfee, recently identified spear-phishing activity targeting the February 2018 Winter Olympics due to be held in South Korea.  

This highly tailored campaign was aimed at a number of South Korean organisations supporting the Games and made use of custom-made fileless malware and steganography. The phishing emails were written in the Korean language and purported to be from the South Korean National Counter Terrorism…

Link: Weekly Threat Report 12th January 2018
Source: NCSC Reports

‘Orangeworm’ Group Targeting Healthcare Industry

Symantec have reported that a group they have tracked as ‘Orangeworm’ since 2015 are targeting the healthcare industry in the United States, Asia and Europe, including the UK.

40% of their attacks focus on the healthcare industry. Other industries targeted are either closely related to healthcare or part of the supply chain, including IT, manufacturing, logistics and agriculture. It is likely that the supply chain has been…

Link: Weekly Threat Report 4th May 2018
Source: NCSC Reports

KRACK – a fundamental flaw in Wi-Fi security

Security researchers from Belgium have found that the majority of Wi-Fi connections are potentially vulnerable to exploitation because of a fundamental weakness in the wireless security protocol – WPA2. The exploit is called “KRACK”, which is short for Key Reinstallation Attack. Reports suggest that at most risk are Linux operating systems, Internet of Things (IoT) devices and 41% of Android devices. However, many of these,…

Link: Weekly Threat Report 20th October 2017
Source: NCSC Reports

Password challenges

Passwords have been in the news again recently. Most notably, on Friday 23 June accounts with weak passwords on the UK Parliamentary network were compromised; however less than 1% of the system’s 9,000 accounts were directly affected. Attention was also drawn this week to router password vulnerabilities, as Virgin Media advised customers with Virgin Super Hub 2 home routers to reset their passwords. This followed concerns that the routers had a relatively weak eight-…

Link: Weekly Threat Report 30th June 2017
Source: NCSC Reports

Yahoo breach highlights cookie security issues

Last year Yahoo reported several data breaches occurring between 2013 and 2016 which affected a large number of user accounts.  Personal information stolen could have included email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers.

Following forensic investigations Yahoo has revealed that fake cookies were a probable method used by attackers to access user accounts…

Link: Weekly Threat Report 10th March 2017
Source: NCSC Reports

The use of social media for cyber-enabled fraud is on the increase

Social media is increasingly used to commit cyber-enabled fraud according to recent reporting (by cyber security company Easy Solutions). Many of the 80 million fake social media profiles are reportedly used to facilitate cyber attacks. According to cyber security company, Proofpoint, 19% of accounts with top global brands are fake.

Social media attacks also recently tricked major UK banks’ customers into revealing…

Link: Weekly Threat Report 4th November 2016
Source: NCSC Reports