Weekly Threat Report - 30th November 2018
Further increase in criminals use of HTTPS phishing sites
In December 2017, the NCSC wrote about criminals using SSL certificates to try to legitimise phishing websites. Recent reports have indicated 49% of phishing sites were using the padlock, up from 25% a year ago and 35% in the second quarter of 2018.
HTTPS sites are verified by TLS (previously known as SSL) Certificate Authorities and the padlock links to the certificate providers’ website. The padlock symbol indicates that the data being communicated has been encrypted.
Although individuals were historically advised to look for the padlock, the December 2017 report highlighted the padlock could no longer be trusted as this does not guarantee that the webpage is legitimate or authentic.
The recent reports has shown that this threat has increased significantly and that criminals are increasingly using legitimate means to obtain information.
The NCSC has previously blogged about the importance of using HTTPS to protect data.
Responsible vulnerability disclosure
City of York Council has thanked a security researcher for discovering a flaw in a council app which allowed personal data to be breached.
An external developer discovered that phone numbers, addresses and encrypted passwords of One Planet York users could be found on the app, which allowed users to check bin collection dates and recycling advice. The developer reportedly did not do anything to exploit the vulnerability of the app, and immediately informed the council. The One Planet York app has since been removed from app stores and the council's website, and the authority has urged remaining users to delete it from their devices.
The local authority revised its stance after initially contacting North Yorkshire Police after the data breach was reported. On Monday, the council tweeted:
"Despite attempts to contact [the hacker], they did not respond and as a result of what appears to be a deliberate and unauthorised access we informed the police.”
The council subsequently confirmed that the person who had identified the issue with the app had tried to contact them but their email had not been received due to security settings. North Yorkshire Police's digital investigation and intelligence unit said the developer had "acted correctly".
The NCSC supports responsible disclosure and is working to help UK government and industry have a mechanism for reporting vulnerabilities.
SamSam: FBI indicts two Iranian men for global ransomware infection
You may remember back in August we wrote about a report on SamSam ransomware, targeting public and private sector organisations around the world.
This week, two Iranian men have been charged for the alleged deployment of the malicious software, infecting more than 200 victims – mainly in the US and Canada.
According to the six-count FBI indictment, 27-year-old Mohammad Mehdi Shah Mansouri and 34-year-old Faramarz Shahi Savandi are thought to have earned more than $6m in victim payments since their campaign started in December 2015.
The pair are accused of using either brute force attacks or stolen credentials to infect servers and once users discovered their computers were encrypted, they were instructed to make Bitcoin payments through a Tor hidden site. After payment was made, they would be sent tools to help decrypt their network.
Ransomware is a growing cyber threat and your level of preparation can mean the difference between a minor irritation or a wide-scale disruption. The NCSC has published guidance on how to protect your organisation from ransomware.