Weekly Threat Report 9th February 2018

Meltdown and Spectre – Updated Advice

Malware making use of Meltdown and Spectre, the two CPU vulnerabilities highlighted back in January, is now being seen in the wild. Security researchers are reporting they have seen over 140 malware samples based on the proof of concept code. Whilst there have not been instances of Meltdown and Spectre actually being leveraged to compromise a system, it is a timely reminder that miscreants will take published security vulnerabilities and weaponise…

Link: Weekly Threat Report 9th February 2018
Source: NCSC Reports

Multiple vulnerabilities in various products

Executive summary

On 15 August 2016, CERT-UK was made aware of a list of exploits posted online. These exploits are targeted at vulnerabilities in software found in Cisco switches, routers and firewall products, Fortinet’s Fortiguard, Watchguard and TopSec. Whilst Fortninet and Watchgaurd determined the vulnerabilities were patched years ago, of the two Cisco vulnerabilities, one has been confirmed as a zero-day.

Vulnerabilities – Cisco

The two vulnerabilities affecting Cisco…

Link: Multiple vulnerabilities in various products
Source: NCSC Alerts

Weekly Threat Report 15th September 2017

Phishing scam targeting UK university students

Media reporting earlier this month highlighted a warning by Action Fraud of a phishing campaign against university students. The scam involves fake emails claiming that the Student Loans Company have suspended the victim’s account. Victims are asked to provide credentials and bank account details, which is used to carry out identity theft and fraud. 

Cyber criminals often seek to exploit seasonal events, such as the start of…

Link: Weekly Threat Report 15th September 2017
Source: NCSC Reports

Weekly Threat Report 26th May 2017

Russian government reaction to cyber criminals

This week Russia revealed it had arrested a cyber crime gang in November last year for a campaign that raised nearly USD900, 000. The gang was nicknamed ‘Cron’ after the malware it used, which infected over a million Android mobile devices of Russian bank customers. Users unwittingly downloaded the malware via fake mobile banking apps, pornography and e-commerce programmes. The ‘Cron’ gang exploited a Russian bank service…

Link: Weekly Threat Report 26th May 2017
Source: NCSC Reports

Weekly Threat Report 3rd February 2017

Shamoon 2

The Saudi Arabian Government warned on 23 January that the destructive wiper malware Shamoon 2 had been detected on its government networks.

Shamoon 2 is an updated version of Shamoon, the disk-wiping malware that disabled thousands of computers at Saudi state-linked energy company Saudi Aramco in 2012.

The Saudi authorities are reporting on these latest compromises publicly and have provided reassurance that the damage is currently limited and mitigation is in place.

The re-…

Link: Weekly Threat Report 3rd February 2017
Source: NCSC Reports

Weekly Threat Report 29th September 2016

Threat assessment and trend analysis

Yahoo Data Breach largest on record 

The scale of the 2014 Yahoo data breach has been exposed as Yahoo have confirmed that over 500 million accounts have been compromised. Data leaked includes names, email addresses, telephone numbers, dates of birth and encrypted passwords and is believed to be the biggest public breach of personal data ever recorded. Yahoo have stated that the attack was “state-sponsored”, although this has been…

Link: Weekly Threat Report 29th September 2016
Source: NCSC Reports

Weekly Threat Report 16th February 2018

Cryptocurrency mining update

On 11 February 2018, the NCSC made a statement to reassure the public that, whilst some government websites had been affected by malware designed to illegally mine cryptocurrency, no one was at risk of having their money stolen. The only possible effect on users’ machines was reduced performance.

The NCSC then followed up with guidance detailing how a compromised third party JavaScript library called Browsealoud had caused visitors to websites with the…

Link: Weekly Threat Report 16th February 2018
Source: NCSC Reports

Quadrooter vulnerability affecting Android

Executive summary

A number of vulnerabilities have been discovered in the Qualcomm chipsets used in many Android handsets from many of the leading manufacturers. Exploitation of these vulnerabilities could allow an unauthorised user to take full control of an Android device but in order to do so an authorised user would first need to install a malicious app.

Google have stated that three of the four vulnerabilities have been patched with the fourth due in September, although updates will…

Link: Quadrooter vulnerability affecting Android
Source: NCSC Alerts

Weekly Threat Report 8th September 2017

Universities under cyber attack

This week, various media outlets have reported on the high number of cyber attacks suffered by UK universities.

Universities are of interest to a range of attackers. Highly skilled hacking groups conduct cyber espionage, seeking to acquire cutting-edge research and intellectual property in areas such as defence, energy, and artificial intelligence. Most academics have detailed web pages describing themselves and their research interests, giving attackers more…

Link: Weekly Threat Report 8th September 2017
Source: NCSC Reports

Weekly Threat Report 19th May 2017

WannaCry ransomware attack illustrates risk of using unlicensed software

The WannaCry international ransomware attack has highlighted the risks of relying on unpatched software. The scale of the outbreak has been blamed in part on the widespread use of unlicensed software. Pirated software is often insecure as it does not benefit from manufacturers’ updates to fix vulnerabilities.

Several of the countries reported by cyber security companies to be worst affected are also amongst the…

Link: Weekly Threat Report 19th May 2017
Source: NCSC Reports