Weekly Threat Report - 15th November 2019
Cyber attacks impact UK political parties
This week has seen widely reported cyber attacks affecting UK political parties ahead of the General Election on 12th December 2019.
On Tuesday, the Labour Party reported to the NCSC that its website had suffered a distributed denial of service (DDoS) attack. The attack was not successful, and the party took the necessary steps to mitigate the incident.
It’s not always possibly to fully mitigate against the risk of a DoS attack, but the NCSC’s guidance sets out practical steps for organisations to follow to understand, prepare and handle a DoS attack. Following this week’s incidents, the NCSC published a summary of the five practical steps to take to prepare for an attack.
The NCSC has worked closely with political parties for several years to advise them on how to protect and defend against a wide range of cyber threats. We will continue to support all political parties, local authorities and individuals to ensure they have access to advice and guidance.
Election guidance for local authorities
Guidance for political parties
Guidance for individuals in politics
WebEx meeting invitations targeted by phishing scam
A cyber security researcher has discovered a phishing scam posing as a WebEx meeting invitation. Victims of this scam received an authentic-looking invite which, when clicked, directs users to a website that downloads malicious software onto their computer. This software, the WarZone remote access Trojan, is then able to take over webcams, delete files, log keystrokes and download software. This scam took advantage of a security flaw on the WebEx website – known as an open redirect - that causes a failure to properly authenticate URLs. This allowed attackers to introduce their own URLs, directing users to a malicious website. Mitigating against phishing attacks requires a multi-layered approach. Effective defences rely on combining the technological, process, and people-based aspects of organisations. The NCSC has produced guidance to help organisations improve their resilience and defend against phishing attacks.
Hackers demand millions in ransom from oil company
Mexico’s state-owned oil company, Pemex, was targeted in a ransomware attack. Hackers have demanded $4.9m in bitcoin in order to decrypt the company’s files. The attack, reported to have been detected earlier this week, allegedly forced the shut down of systems across the country. A ransom note posted online suggests that the DoppelPaymer ransomware was used, which is a derivative of BitPaymer. Ransomware attacks vary in their approach. One of the most common methods is through phishing, which tricks users into opening a file that looks legitimate. More aggressive forms of attack can exploit unpatched vulnerabilities to infect computers. Once ransomware has infected a computer a common action is for it to encrypt users’ files. These files can typically only be decrypted using a key that only the attacker holds. Ransomware is a growing cyber security threat and the NCSC has guidance on how to protect your organisation. Earlier this year, we also published our first e-learning training package: 'Stay Safe Online: Top Tips for Staff.