Weekly Threat Report - 18th May 2018
Report's are drawn from recent open source reporting, see the latest report here:
It’s not just production that needs securing
Most large companies will use an online development environment to build and test code prior to deployment on outward and inward facing networks.
Much of the code found in development environments is sensitive and critical to running and managing a business. The unauthorised disclosure of code could allow cyber actors to identify exploitable weaknesses.
Recent open source reporting has highlighted a compromise of a company’s development environment, resulting in unauthorised access to two million lines of code, application programme interfaces and secret access keys to Amazon Web Services.
A security researcher allegedly gained access to the development environment because both the username and password were set to “admin”, which was most likely the default setting for the environment.
The latest incident follows on from other reported incidents around insecure repositories and third party storage solutions, where users have failed to alter the default settings and/or configure the environments incorrectly and subsequently exposed large volumes of sensitive data.
The failure to secure development environments poses a number of threats to an organisation including:
Stealing of sensitive information (such as encryption and access keys, passwords, knowledge of security controls or intellectual property)
An attacker embedding malicious code in your project without your knowledge
Using a compromised development device as a proxy to further attack your build and deployment pipeline, through to production
Understanding how your sensitive applications work - a first step in the planning of an attack
The NCSC has previously issued guidance on securing development environments as well as approaching enterprise technology with cyber security in mind.
GDPR-inspired phishing scams
The imminent arrival of the new EU General Data Protection Regulation (GDPR) has gifted scammers with a new hook for sending phishing emails.
Many internet users are now receiving emails from organisations that they have online dealings with, explaining the new regulations and asking them for permission to carry on storing their information.
Scammers have taken advantage of this to send fake GDPR-themed emails in an attempt to spread malware or steal personal data.
Apple customers, for example, have been sent a link advising users that their accounts had been “limited” due to unusual activity and then asking them to update their security information.
Users are then directed to a fraudulent webpage where they are asked to input security information. Once this has been completed, users are then directed back to a legitimate Apple web page.
The scammers also used Advanced Encryption Standard (AES) protocols when directing users to the page controlled by them, bypassing anti-phishing tools embedded in some antivirus software.
GDPR comes into effect on 25th May 2018, so the scammers have a short window in which to use GDPR as cover for their activities.
The NCSC has published phishing guidance and you can also read the GDPR security outcomesthat have been developed by the NCSC and the Information Commissioners Office (ICO). The ICO is the UK's supervisory authority for the GDPR and has published a lot of helpful guidance on its website.