Weekly Threat Report - 23rd March 2018
Report's are drawn from recent open source reporting, see the latest report here:.
Money laundering valued at up to $200 billion through cryptocurrencies
A joint report between Surrey University and researchers at security vendor Bromium estimates that the proceeds of cyber crime make up to 8-10% of total illegal profits laundered globally, believed to be valued at up to $200 billion.
The report surmises that virtual currencies such as Bitcoin are becoming the primary tool used by criminals to launder proceeds. While Bitcoin has long been viewed as the criminal’s choice for cryptocurrency, they have been seen moving to other virtual currencies appearing to offer greater anonymity, including Monero and Zcash.
The purchasing of digital items within computer games is also being used to launder profits, offering many different platforms for exchanging funds. Digital payment systems add an extra layer of complexity for law enforcement to unravel.
National Lottery in “credential stuffing” attack
On the 16th of March, The National Lottery advised its 10.5 million account holders to change their passwords after reporting they had been the subject of a ‘credential stuffing’ cyber attack.
Camelot UK Lotteries confirmed that approximately 150 accounts suffered an unauthorised login, although fewer than ten had actual unauthorised activity within the account. Camelot has reported that no customer has suffered any financial loss.
Credential stuffing is where previously stolen username (often an email address) and password combinations are used to attempt account logins on other websites. This relies on users’ poor cyber security practices - in this case the re-use of the same username or email address and password combinations across multiple sites.
Cyber criminals employ automated tools to attempt these logins in the hope that a successful login is achieved. Internet provider Akamai estimate that almost half (43%) of the 17 billion login attempts they tracked in a two-month period in 2017 were fraudulent in nature. In this instance, due to the type of data involved, the NCSC’s advice for National Lottery customers with online accounts is to follow Camelot’s advice and reset the password on any service where you’ve used a similar password.
The NCSC previously published password guidance, which individuals and organisations can use to help keep their online accounts secure.
If you are generally concerned, you can look on services like haveibeenpwned.comto see if your username or email address has been involved in a breach.
Users should always enable two-factor authentication (also known as two-step authentication or two-step login) where services support it.
Even if you are not a Camelot customer but have used a service that’s previously reported a data breach, you should reset the password on every service where you’ve used a similar password.
Phishing emails deemed number one threat by UK Businesses
Industry research by security company Clearswift has reported that malicious links within emails are perceived as posing the biggest cyber threat to UK businesses, with 59% of business decision makers highlighting this as their chief concern. This is indicated to be far more than any other cyber threat.
The research surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia.
When asked what they see as the biggest threat to their organisation, business decision makers ranked phishing emails as the top threat in all four surveyed regions:
Cyber Threatscape Top 10
Malicious links within emails – 59%
Employees sharing usernames/passwords – 33%
USB memory sticks/removable storage – 31%
Users not following protocol/data protection policies – 30%
Ex-employees retaining access to network – 28%
Infection via malware from personal devices – 26%
Hackers – 25%
Employees using non-authorised tools/applications for work purposes (personal email drives/file sharing) – 25%
Social media viruses – 24%
Critical information on stolen devices – 23%
The survey findings are aligned to previous NCSC assessments; email remains a popular tool for attackers to launch cyber attacks, distribute ransomware and other forms of malware, or to commit fraud via business email compromise. The NCSC has published guidance covering the concerns above, a selection of which can be found below:
Avoiding phishing attacks
Removable media controls
Protecting bulk personal data
Identity and access management
BYOD – Enterprise Considerations
Data at Rest
Cyber Essentials Scheme
Android Fakebank malware
Researchers at Symantec have discovered a new variant of the Fakebank malware which can be installed on Android devices.
This new variant can now intercept a user's calls to their bank, instead redirecting them to the fraudsters’ number. It can also make incoming calls from scammers appear to be calls from the bank.
Applications infected with the Fakebank malware are being distributed via social media and third-party Android markets. Symantec report that 22 applications have been infected with this malware.
To date, the Fakebank malware has only been seen targeting South Korean banking customers; however, if the tactic proves successful it is likely to be deployed into other locations.
Users and businesses that use Android devices are encouraged to keep their software as up-to-date as possible and to only download applications from trusted sources, paying close attention to the permissions requested by applications. Important data should be regularly backed-up.
The NCSC’s guidance for end-user devices can be found here.
The Cyber Security Information Sharing Partnership (CiSP) is a great way of learning more about threat information as well as engaging with industry and government counterparts. Follow the link below for more information.