Tag: information security

Our second Annual Report covering the period April 2015 – March 2016 is now live.

The report covers an overview of the incidents we have dealt with this year with a breakdown by type and sector, as well as analysis of malware in the UK, a look at our predictions from last year and a new set for the coming year and a piece on the importance of automated sharing.

CiSP members can also access the Amber Annexe posted on the platform which contains more technical information including…

Link: CERT-UK Annual Report 2015/16
Source: NCSC Reports

Ransomware infects Colorado Department of Transportation IT system

International media reports suggest that ransomware infected computers at the Colorado Department of Transportation (CDOT) on 21 February, encrypting files and requesting payment in Bitcoin to restore them. CDOT is responsible for managing and maintaining roads as well as monitoring traffic in the US state of Colorado, but no critical operational IT systems are believed to have been affected.

The organisation has taken 2,000…

Link: Weekly Threat Report 2nd March 2018
Source: NCSC Reports

Executive summary

Multiple critical vulnerabilities have been reported in a number of different security products from Symantec, affecting both enterprise and consumer products.

These vulnerabilities include a ‘100% reliable remote exploit’ and a ‘wormable’ flaw that requires no user interaction by the victim for an attacker to exploit.

The vulnerabilities have been fixed by Symantec and performing a manual ‘LiveUpdate’ will update the software to the…

Link: Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities
Source: NCSC Alerts

Data breach affects NHS administrative information

An individual affiliating themselves with the hacktivist collective Anonymous claims to have stolen UK NHS patient data. The attacker claims to have exploited unpatched vulnerabilities in software provided by SwiftQueue, a vendor responsible for managing a number of hospital appointment booking systems.

SwiftQueue have confirmed an unauthorised party accessed 32,501 lines of administrative data. This is likely to include personally…

Link: Weekly Threat Report 25th August 2017
Source: NCSC Reports

Google and Facebook were victims of Business Email Compromise (BEC) or ‘CEO Fraud’

Google and Facebook have been identified as the victims of an email phishing attack for which a Lithuanian man was charged in March 2017.

The attack relied upon social engineering methods rather than technical intrusion techniques. However, the individual was still able to trick the organisations into transferring over $100 million between 2013-2015, highlighting how cyber-enabled social…

Link: Weekly Threat Report 5th May 2017
Source: NCSC Reports

The year of ransomware…

…is how 2016 has been widely described in the cyber security media.

There has been numerous UK incidents targeting academia, Government departments, industry, CNI sectors and individual users.  Using ransomware as an attack technique has become popular because it is easy to carry out and can be financially lucrative.

Ransomware can infect a system via  unpatched software vulnerabilities or duping unsuspecting users into installing the ransomware…

Link: Weekly Threat Report 13th January 2017
Source: NCSC Reports

Introduction

The NCSC has produced technical analysis on the Turla group, a prevalent cyber threat group targeting the UK. The report contains indicators of compromise for tools used by the group, and signatures that will enable the information security community to search for the intrusions on their networks.
 

Background

The NCSC has observed the Turla group using the Neuron and Nautilus malicious tools designed to operate on Microsoft Windows platforms, primarily targeting mail…

Link: Turla group malware
Source: NCSC Alerts

Largest reported DDoS attacks mitigated 

The largest ever reported Distributed Denial of Service (DDoS) occurred in early March 2018, according to Netscout Arbor. A peak of 1.7 Terabits per second (Tbps) was recorded, although the attack was mitigated. This followed a recent attack against GitHub on 28 February, with a peak of 1.35 Tbps. The largest known attack previously took place in 2016 against the US DNS provider DYN, which peaked at 1.2 Tbps.

The method used for these attacks is…

Link: Weekly Threat Report 9th March 2018
Source: NCSC Reports

Summary

QuickTime for Microsoft Windows is no longer supported by Apple and the current advice is to remove it from all Windows OS Devices devices.

The removal instructions can be found here https://support.apple.com/HT205771

QuickTime for Mac OSX is unaffected, can be considered to still be supported, and subject to security patches as required.

Further details

Two vulnerabilities have been found and published by the TippingPoint Zero Day Initiative (ZDI) and, as per their rules,…

Link: Apple QuickTime for Windows
Source: NCSC Alerts

Hotels targeted across Europe and the Middle-East

Recent media reporting has highlighted a campaign targeting the hospitality sector.

The campaign, which reportedly started in July 2017 and may be linked to a similar campaign carried out during the autumn of 2016, is allegedly being carried out by Fancy Bear, also known as APT28. The group has also been implicated in the hack-and-leak campaign against the Democratic National Committee (DNC) during the 2016 US Presidential Elections.

Using…

Link: Weekly Threat Report 18th August 2017
Source: NCSC Reports