Tag: information security

Hotels targeted across Europe and the Middle-East

Recent media reporting has highlighted a campaign targeting the hospitality sector.

The campaign, which reportedly started in July 2017 and may be linked to a similar campaign carried out during the autumn of 2016, is allegedly being carried out by Fancy Bear, also known as APT28. The group has also been implicated in the hack-and-leak campaign against the Democratic National Committee (DNC) during the 2016 US Presidential Elections.

Using…

Link: Weekly Threat Report 18th August 2017
Source: NCSC Reports

Increase in Homographic Phishing Attacks

Recent media reporting highlights a threefold increase in homographic phishing attacks over the past fourteen months.

Homographic attacks have been widely known about for many years, and rely on the fact there are visual similarities between many different Unicode characters to spoof well-known web addresses using similar-looking Punycode domains. For example, by registering the Unicode domain “www.xn--googl-z8a.com” an attacker would be in…

Link: Weekly Threat Report 28th April 2017
Source: NCSC Reports

Vulnerabilities in travel booking systems

Security researchers presented findings at a recent cyber security conference highlighting a range of vulnerabilities in travel bookings systems known as Global Distribution Systems (GDS). GDS are databases used by a range of companies, including travel agencies, airlines, hotels and car hire companies, to hold the travel information collectively known as the Passenger Name Record (PNR).

Researchers noted that GDS can be accessed in many cases with…

Link: Weekly Threat Report 6th January 2017
Source: NCSC Reports

Black Friday online seasonal scams

Although ostensibly a US tradition of the Thanksgiving holiday weekend, Black Friday has been adopted in the UK by many retailers who heavily discount goods to kick start the Christmas shopping season. The surge of bargain hunters seeking good deals on the high street and online inevitably attracts criminals looking to exploit this seasonal activity.

Last year, victims reported losing nearly £16 million to Christmas shopping fraudsters, increasing…

Link: Weekly Threat Report 24th November 2017
Source: NCSC Reports

CCleaner update

Cyber security company Avast continues to investigate the 2017 supply chain attacks involving clean-up tool CCleaner. For a month last summer, Advanced Persistent Threat (APT) attackers are reported to have maliciously modified versions of CCleaner and CCleaner Cloud at source, before being downloaded by 2.27 million customers worldwide. The attackers then selected a small number of high profile technology and telecommunications companies to receive a secondary payload.

Avast…

Link: Weekly Threat Report 16th March 2018
Source: NCSC Reports

Executive summary

A newly discovered OpenSSL security vulnerability, dubbed DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), enables a 20 year old and long deprecated security protocol, Secure Sockets Layer (SSLv2), to be used to attack modern websites.

An attack exploiting this could decrypt secure HTTPS communications, which can be used to protect sensitive data in transit between your browser and the server. It is estimated that at least one-third of all websites could be…

Link: DROWN vulnerability
Source: NCSC Alerts

Steganography is becoming increasingly popular

According to the cyber security company Kaspersky Lab, steganography is becoming increasingly popular with cyber actors and is used to conceal malware, data exfiltration and for command and control (C&C) communications. 

Steganography is the technique of concealing data within other, seemingly innocuous, information. In a digital context, it generally refers to hiding data within a media file. Image files are the most common, but…

Link: Weekly Threat Report 11th August 2017
Source: NCSC Reports

Hajime – What is the intent of this IoT Botnet?

In October 2016 the security research group at Rapidity Networks discovered a new malware, called Hajime, with similarities to the Mirai botnet: it targets Internet of Things (IoT or internet-connected) devices by scanning the Internet for devices with network vulnerabilities and attempts to connect to them using known default username/password combinations. According to Symantec, Hajime is believed to have infected between 130, 000 and…

Link: Weekly Threat Report 21st April 2017
Source: NCSC Reports

Successful take-down of DDoS for hire service

Recent joint international law enforcement operations have resulted in the arrests of 34 suspected users of for-hire Distributed Denial of Service (DDoS) attack services. Twelve of the arrests were made in the UK, following a National Crime Agency (NCA)-led operation. The operation targeted Netspoof, an organisation which offered stresser packages to disable web servers and websites by flooding them with enormous volumes of internet traffic….

Link: Weekly Threat Report 16th December 2016
Source: NCSC Reports

Imgur compromise

Image-sharing website Imgur has been alerted to a security breach in which the email addresses and passwords of 1.7 million users worldwide were compromised in 2014. Investigations are ongoing but in a public blog post, the company’s CEO has  said that, although passwords were hashed using SHA-256 at the time, users should still take precautions such as using a different password for every site and application.

The website does not hold any other personal data on…

Link: Weekly Threat Report 1st December 2017
Source: NCSC Reports