Weekly Threat Report - 3rd January 2020
New year, smarter resolutions
Many of us want to kick off the New Year by implementing good habits and this week several technical publications have helpfully provided some resolutions for smart devices.
Despite becoming the new normal in our homes, we know that if not properly protected smart devices are potentially vulnerable to hackers, and your data and privacy could be at risk.
In our Boxing Day blog, NCSC Technical Director Dr Ian Levy, highlighted how to keep your Christmas gadgets safe with tips including:
Protect devices with a strong password
Turn on two-factor authentication (2FA)
Always accept automatic updates
He also reminded us that every product should be safe to use as soon as it comes out of the box. That’s why the NCSC and the Department for Digital, Culture, Media and Sport (DCMS) have been campaigning for manufacturers to make security a key priority - and have developed a code of practice for them to follow.
We have some year-round top tips for staying secure online available, and some advice on dealing with common cyber problems.
US Coast Guard hit by Ryuk ransomware
Earlier this week it was revealed that the US Coast Guard was hit by a ransomware infection.
According to a security bulletin posted by the agency before Christmas the malware was identified as Ryuk, which affected an unnamed port for more than 30 hours. It’s believed the point of entry was a phishing email containing a malicious link.
Ryuk was first seen in August 2018 and has been responsible for multiple attacks around the world. This is a targeted ransomware, where demands are set according to the victim’s perceived ability to pay.
The ransomware is often not noticed until a period after the initial infection, which can range from days to months. This allows the actor time to carry out reconnaissance inside an infected network, identifying and targeting critical network systems and therefore maximising the impact of the attack.
In June 2019 the NCSC published an advisory on Ryuk, following investigations into global ransomware campaigns. More information, including indicators of compromise and mitigation, can be found there.
Phishing is still a common method used by attackers to get initial access to a system. Advice on how to spot a phishing email and guidance for larger organisations and SMEs can be found on the NCSC website.