Cyber News and Threats – 4th July 2017
Here are some of the latest updates on cyber threats and news that we’ve picked up in the last couple of weeks, including the NCSC weekly update for 30 June. All updates are open source and links given:
Passwords have been in the news again recently. Most notably, on Friday 23 June accounts with weak passwords on the UK Parliamentary network were compromised; however less than 1% of the system’s 9,000 accounts were directly affected. Attention was also drawn last week to router password vulnerabilities, as Virgin Media advised customers with Virgin Super Hub 2 home routers to reset their passwords. This followed concerns that the routers had a relatively weak eight-character default password consisting of lower case letters that could be cracked in four days, potentially allowing access to other home devices. Routers supplied by other service providers may also come with default passwords.
Passwords also featured in Ciaran Martin’s interview with BBC’s Today programme (Friday 30 June, 0810) where he recommended that two-factor authentication be used so that a stolen password is much less valuable to a criminal.
National Cyber Security Centre (NCSC) password guidance can be found here.
A portion of Microsoft Windows 10 Source code leaked online
Microsoft have confirmed a portion of its source code has been leaked online. The initial source of the leak is unknown; however, the content was posted to Beta Archive, one of the largest online ‘Beta and Abandonware’ repositories for prototype software. The leaked content was 1.2GB in size and has since been removed from the Beta Archive site.
While Microsoft has responded to this incident, questions have been raised about how the source code was originally obtained.
Disgruntled ex-employee conducts Smart Meter Network attack
A former radio frequency engineer used information about systems he had worked on to disable meter reading equipment at several US water utility companies. The individual has since been convicted of two counts of “unauthorized access to a protected computer and thereby recklessly causing damage” and has been sentenced to 12 months in prison.
Cyber crime trends and statistics in 2016
The FBI have recently published their annual internet crime report. The trending topics for 2016 were Business Email Compromise (BEC), ransomware, technical support fraud and extortion.
A total of 298,728 complaints were received, with reported losses in excess of $1.3 billion. The FBI estimate that only 15 percent of fraud victims in the US report their crimes to law enforcement.
The UK’s National Crime Agency (NCA) considers underreporting a huge barrier to understanding the true scale and cost of cyber crime. The reasons for underreporting include reputational damage; not knowing who to report the crime to; what constitutes a cyber crime; and being unaware that a crime has taken place.
Although figures in the FBI report are not directly comparable with UK statistics, they do indicate similarities in overall trends such as the increase in ransomware crimes, BEC compromise and technical support fraud.
The NCSC has guidance for businesses in understanding the cybercrime model and for members on the public how to protect against cyber crime and what to do if you think you have been the victim of a cyber crime.
Ransomware tool causes widespread disruption
On Tuesday 27 June, widespread disruption was caused in Ukraine by a ransomware tool that spread to other organisations worldwide via trusted networks. The ransomware tool, with similarities to the Petya ransomware that first struck in early 2016, was inserted into a compulsory software update for Ukrainian financial and government institutions.
The NCSC announced on Thursday 29 June that while managing the impact to the UK, its experts had found evidence that questioned initial judgements that the intention of this malware was to collect a ransom. The NCSC is investigating with the NCA and industry whether the intent was to disrupt rather than for any financial gain.
The malware has spread to a number of organisations worldwide that do business with Ukraine, including Russia’s oil firm Rosneft, Danish shipping concern Maersk and a large UK advertising agency.
Whilst this latest ransomware infection is more limited in scale than the WannaCry, it is assessed that the success of these two incidents are likely to motivate other actors who aim to cause widespread disruption to employ “ransomware” to do so.