A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021.
Think Before You LinkedIn!
Business social media platform LinkedIn is being exploited by nation-state threat actors to target UK citizens. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles. MI5 said the faked LinkedIn accounts are created and operation by nation-state spy agencies, with an intent to recruit individuals or gather sensitive information. MI5 released a campaign video called "Think Before You Link" to raise awareness of the threat.
The personal information of 11 million UK Facebook profiles were been found on a hackers website, with the social media giant seemingly dismissing the significance of the data within a statement, "This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019". However, personal information is rarely historic data that losses significance to the person it is associated with. In this case, the leaked Facebook data included full names, locations, birthdates, email addresses, Facebooks IDs, and even phones numbers. Such personal data is unlikely to have changed for the vast majority of people in the last couple of years, therefore this data is of concern to its owners, and also remains of good value to scammers. You can check if your phone number or email address is part of this Facebook data leak and other data breaches on the Have I Been Pwned website. Facebook faces a privacy regulation investigation over this data breach.
The Ransomware Scourge
The Institute for Science and Technology 'Ransomware Task Force' (RTF), which is a collaboration of more than 60 stakeholders, finally released its ransomware framework, which comprised of 48 strategies to tackle the ransomware problem. “Ransomware attacks will only continue to grow in size and severity unless there is a coordinated, comprehensive, public-private response,” the 80-page report says. “It will take nothing less than our total collective effort to mitigate the ransomware scourge.”
The RFT listed its top-five priority strategies, which are:
- Co-ordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
- The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
- Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
- An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
- The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.
The RFT report concludes, “Despite the gravity of their crimes, the majority of ransomware criminals operate with near-impunity, based out of jurisdictions that are unable or unwilling to bring them to justice. “This problem is exacerbated by financial systems that enable attackers to receive funds without being traced.”
The UK Government have chipped in £3.68 million of a £10.4 million bill for Redcar and Cleveland Council on the back of a ransomware attack that took the Councils IT systems down in February last year. The ransom was said not to have been paid by the Council, in a statement, LibDem Council leader Mary Lanigan said "No money was handed over to these criminals and we continue to hope that they will eventually be brought to justice.".
A freedom of information request revealed the Scottish Environment Protection Agency (Sepa) spent £790,000 to recover from a Christmas Eve Conti ransomware attack. Cybercriminals stole over 4,000 files, but Sepa also refused to pay the ransom.
Meanwhile, on the other side of the pond, it was reported that Russian-speaking ransomware gang Babuk had infiltrated Washington D.C. Met Police, and with the gang threatening to disclose confidential information via Twitter, including suspected gang member informants. The REvil ransomware gang are also reported to be demanding a hefty ransom payment from Apple, else 15 unreleased MacBook schematics and gigabytes of stolen personal data would be leaked online. The ransomware gang said it was seeking a $50 million ransom to be paid by 27th April, else the ransom would increase to $100 million.
Millions in the UK Targeted by Malware via a DHL Scam Text Message
Millions of UK citizens received a scam text message (aka smashing) which impersonated DHL in April. The message said "DHL: Your parcel is arriving, track here <link>". That link would attempt to install spyware called Flubot, malware designed to steal online banking data from Android devices.
A Vodafone spokesman said, "We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it's something that needs awareness to stop the spread".
If you receive any Text Message which includes a web link, "Think before you Click!", and if you have any doubt about message origin, always better to stay safe and delete it, or to report the message to your network provider, by forwarding to 7726.
How Strong is Your Password?
Millions of British people are using their pet's name as an online password, despite it being an easy target for hackers to work out, according to a National Cyber Security Centre (NCSC) survey. The NCSC said 15% of brits use their pets names, while 14% use a family member's name, and 13% pick a notable date. A favourite sports team accounted for 6% of passwords, while a favourite TV show accounted for 5%. Most concerning is that 6% of people are still using "password" as all, or a part of their password.
"Millions of accounts could be easily breached by criminals using trial-and-error techniques," the NCSC warned. The NCSC urges people to choose random words that cannot be guessed instead. An example they give is "RedPantsTree", which is unlikely to be used anywhere else online.
BLOG
- Which is more Important: Vulnerability Scans Or Penetration Tests?
- Should Doctors Receive a Cybersecurity Education?
- The Future of Service Management in the DevOps Era
- Flexibility and Security, You Can Have it All!
- Adapting Security Awareness to the Post-Pandemic World
- Important Strategies for Aligning Security With Business Objectives
- Building a Security Conscious Workforce
- Cyber Security Roundup for April 2021
- Nation-State Threat Actors used Fake LinkedIn Profiles to Lure 10,000 UK Citizens
- Facebook details of 11 Million UK Users Found on Website for Hackers
- The Scottish Environment Protection Agency Spent nearly £800,000 on Cyber Attack Response
- Redcar Cyber-Attack: UK Government to Cover £3.68 Million of the Costs
- Ransomware Gang Babuk claims DC’s Metropolitan Police Attack
- Flubot: Warning over SMS “Package Delivery” Scam Message which Delivers Android Malware
- Ransomware Task Force releases Recommendations
- REvil seeks to Extort Apple and Hits Supplier with $50 Million Ransom
- Hackers Hit Nine Countries, Expose 623,036 Payment Card Records
VULNERABILITIES AND SECURITY UPDATES
- More Critical Patches for Microsoft Exchange Server (Versions 2013, 2016, & 2019)
- Microsoft Warns of Damaging Vulnerabilities in Dozens of IoT Operating Systems
- Critical Microsoft Patches 108 Vulnerabilities, 20 Rated as Critical
- Unpatched Fortinet VPN Devices Vulnerable to New Cring Ransomware
- Microsoft SharePoint Vulnerability and China Chopper Web Shell used in Ransomware Attacks
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- Hackers Exploit Unpatched Vulnerabilities, Zero Day to Attack Governments and Contractors
- Phishing Scammers imitate Windows logo with HTML Tables to Slip through Email Gateways
- Ransomware Group Targeted SonicWall Vulnerability Pre-Patch
- Malware Operators Leverage TLS in 46% of Detected Communications
- Pets’ Names used as Passwords by Millions, NCSC Study Finds
No comments:
Post a Comment