Weekly Threat Report - 9th August 2019
University students at risk of phishing attacks
University students are at risk from phishing scams because many top universities are not following best practices to block fraudulent emails, according to research by Proofpoint.
The security firm found that 65% of the UK’s top 20 universities were not using any form of an industry-recommended email authentication tool. Whilst 35% had published a DMARC record, only one university in the top 20 was using the recommended level of DMARC protection.
The NCSC works closely with the academic sector to improve their security practices and help protect education establishments from cyber threats.
Email spoofing is much harder if domain owners adopt DMARC. The NCSC has advice available for everyone interested in configuring DMARC for domains. If you are a public sector organisation then you can also use Mail Check to help with reporting. Mail Check is the NCSC’s platform for assessing email security compliance.
In order to mitigate the risk of phishing attacks, people should be vigilant around any message that purports to be from an organisation they deal with – including universities. This is particularly important when emails ask for personal information, banking details or contains unexpected mistakes, attachments or links. The NCSC has published a guide to spotting and dealing with phishing emails.
The NCSC strongly encourages anyone who believes they have been a victim of this or other similar activity to report it to Action Fraud.
Companies overlooking the importance of cloud security
Cyber security firm Symantec has published its first Cloud Security Threat Report. The report suggests that that many companies are not focused on the fastest growing threats when it comes to cloud computing security.
The company polled 1,250 IT decision-makers in 11 countries. Key findings include:
73% of firms had cloud incidents due to immature security
63% of security incidents have occurred in the cloud in the past 12 months
69% of survey respondents think their data is likely already on the dark web for sale
The NCSC has published guidance on how to configure, deploy and use cloud services securely.
Journalist data leaked by E3 website
The personal data of more than 2,000 journalists was recently leaked via a spreadsheet found on the website of the Electronic Entertainment Expo (E3).
E3, a global video game trade show, took place in Los Angeles back in June and it attracts video game journalists from across the world to see, play and report on the latest developments and releases.
Following the event, YouTube content creator, Sophie Narwitz, reported that she had found names, addresses, emails and phone numbers on a spreadsheet linked to E3’s registration process entitled, ‘Registered media list’. A simple click of the public link would then reveal the personal information.
The link now returns a 404 with Narwitz commenting: “It has since been removed given I contacted the ESA, but this is a massive breach of trust and privacy,”
The ESA (Entertainment Software Association) have since responded by commenting, “ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again.”
Keeping personal data safe and secure is of course something that all organisations large and small should take very seriously. The General Data Protection Regulation (GDPR) requires that personal data is processed securely using appropriate technical and organisational measures. The NCSC has worked with the Information Commissioner’s Office (ICO) to develop a set of GDPR Security Outcomes.
For anyone affected by the breach, the NCSC would recommend reading our advice around the phishing threat following data breaches such as this.
Researcher discloses BlueKeep Exploit
A security researcher under the Twitter handle @zerosum0x0 has recently disclosed his Remote Desktop Protocol (RDP) exploit for the BlueKeep vulnerability to Metasploit.
The disclosure, once made available to the public, is anticipated to increase the amount of RDP scanning actively, increasing the chances of attempted exploitation of unpatched systems.
The BlueKeep vulnerability was first noted by the NCSC in May. According to a recent report from cyber security firm BitSight, ‘approximately 788,214 systems remain vulnerable’ to the exploit.
The NCSC advise patching to resolve the BlueKeep vulnerability; links for which can be found below or alternatively you can use Windows Update:
Windows 7 / Server 2008 / Server 2008 R2
Windows XP / Server 2003
Furthermore, Microsoft has published its own additional advice and guidance.