Cyber Security and Data Breach Threat Round Up: 20 March 2020
Welcome to the sixth in our series of fortnightly blogs which comprises of information gleaned from the National Cyber Security Centre (NCSC).
These blogs bring together the latest cyber security threat reports. Please feel free to share this information with your own customer base.
In this threat round up blog…..
Attackers using the Coronavirus as a phishing trap
The coronavirus outbreak is being used in phishing attacks according to researchers at Proofpoint.
Attackers are taking advantage of the widespread concern about the virus to lure people into phishing traps using conspiracy theories about “unreleased” cures. One example describes a ‘confidential cure solution’ before giving users the option to follow a link through to a fake website asking for credentials.
Phishing attacks are untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.
Unfortunately, it is relatively common for cyber criminals to take advantage of situations like the coronavirus outbreak to prey upon people’s concerns.
Report claims human error is major cause of UK breaches
Showing just how tempting it can be to think that complex problems have a single, ‘simple’ cause: Cybsafe announced that 90% of data breaches in the UK are caused by human error.
The report has analysed data from breaches reported to the Information Commissioner’s Office (ICO) in 2019. Their findings report that nine out of ten of the 2,376 breaches report to the ICO were due to “mistakes by users”. Phishing was named as the main cause of breaches which was 45% of all the reports to the ICO.
Unauthorised access, brute force password attacks and ransomware were also highlighted in the report.
‘Human error’ is often used as a convenient umbrella term when we don’t understand (or don’t want to acknowledge) the things that really make it difficult for people to behave securely. Making it easier for people to engage in their organisation’s security culture can improve the effectiveness of cyber security measures.
Code repository used to host and distribute malware
It is being reported that the code repository platform, Bitbucket, is being used by cyber criminals to host and distribute malware in a number of campaigns.
Criminals have been delivering an “unprecedented number of malware” via Bitbucket according to a report by Cybereason researchers. The malicious repositories mentioned in the linked blog post were deactivated within a few hours following communication between the researchers and Bitbucket.
Cybereason report that attackers create and cycle different accounts, which are then frequently updated to avoid detection.
Users that have downloaded cracked versions of commercial software like Microsoft Office and Adobe photoshop may have been affected.
NCSC issue advice as home working increases across the UK
In response to the coronavirus (COVID-19) outbreak, and following official guidance, more employers are asking staff to work from home.
Latest government advice urges employers to enable their workforce to work remotely, where possible, to help stop the spread of COVID-19. Employers and business should heed the advice issued on GOV.UK.
Many will have worked from home before, but this could be a new concept for others. The NCSC has this week published advice for organisations and staff looking to work from home, which gives guidance on:
Preparation for home working
Setting up new accounts and accesses
Controlling access to corporate systems
Helping staff to look after devices
Reducing the risk from removable media
This week we also flagged a campaign of phishing attacks aimed at exploiting fears over the COVID-19 outbreak. Cyber security researchers at Recorded Future say they’ve observed an increase in the number of instances where the coronavirus has been used as an attack vector.
We've previously published advice about spotting and dealing with suspicious emails, with signs to look out for.
Cyber security researchers warn of new TrickBot module
Earlier this week cyber security researchers at Bitdefender revealed they’d discovered a new TrickBot module targeting telecom organisations, among others, in the US and Hong Kong.
According to the findings this new module, which Bitdefender has been tracking since the end of January, brute forces Remote Desktop Protocol (RDP) for a specific list of victims.
TrickBot is widely recognised as a banking Trojan and is normally spread through phishing campaigns and used as a vehicle to drop ransomware.
In February the NCSC published an advisory on how organisations can protect their networks from TrickBot. Advice on how to mitigate malware and ransomware attacks has also been published.
For information about protecting your devices at home, please read guidance especially for individuals and families. Smaller organisations should consider the tips presented in the NCSC's Small Business Guide.
Ready to join the revolution?
If you are in the cyber or cloud space and want to generate more demand for your existing products and services, Boost Technology Group can help. Our award-winning team can help your cyber and cloud organisation improve your chances of winning business through the provision of specialist demand generation marketing, sales education and sales enablement services.
To find out more contact us and book a FREE discovery call.
Call: 0203 740 4074