Cyber News and Threats – 20 March 2017
Here are some of the latest updates on cyber threats and news that we’ve picked up in the last couple of weeks, including the NCSC weekly update for 17th March. All updates are open source and links given:
- Ransomware for political ends – Cyber security company PaloAlto networks has recently identified a new type of ransomware, seemingly designed for political ends. Ransomware is generally used by cyber criminals for monetary gain, encrypting data and forcing infected users to pay a financial ransom to decrypt their files. However, in this case, ‘RanRan’ ransomware demanded a political statement in return for the encryption key. The NCSC provides guidance on protecting your organisation against ransomware threats.
- Researchers investigate zero-day vulnerabilities – RAND Corporation has published a report into zero-day exploits, estimating their lifespan and the likelihood of vulnerabilities being discovered by multiple researchers independently. A vulnerability or exploit is called ‘zero-day’ if it is not yet publicly known, and a patch is not available.bMost attacks target well known vulnerabilities on unpatched systems, or socially engineer users into inadvertently compromising their own machines. Regular patching, and the other elements in the NCSC’s 10 Steps to Cyber Security, remain best practice.
- Joint NCA and NCSC annual report launched – e first joint National Cyber Security Centre (NCSC) and National Crime Agency (NCA) annual report was published this week. ‘Cyber threat to UK business 2016’ provides an in-depth analysis of evolving threats.
- Vulnerabilities – the main headline this week is the Apache Struts remote code execution vulnerability for which an emergency patch was released last week [CVE-2017-5638]. An advisory has been released on CiSP for this vulnerability and readers are encouraged to read this and refer to the linked thread on CiSP for up-to-date findings, IOCs and discussion with the rest of the community.
For the full text of the NCSC weekly Threat Report please go to https://www.ncsc.gov.uk/report/weekly-threat-report-17th-march-2017