Weekly Threat Report - 28th February 2020
Council confirms ransomware attack
Earlier this week Redcar and Cleveland Borough Council confirmed its IT servers had been affected by a ransomware attack. The NCSC has been providing support to the council in the wake of this incident and is advising on how to minimise the risk of such an attack occurring in future.
We’ve recently updated our guidance, Mitigating malware and ransomware attacks, which outlines how organisations can defend their systems. We’d encourage all organisations to read this advice and as an immediate step, ensure offline back-ups of servers are in place. Further guidance on how to effectively detect, respond to and resolve cyber incidents is also available here on the NCSC website.
Rise in the number of Office 365 phishing scams
Cyber security researchers have uncovered an increase in the number of low-quality phishing scams that aim to trick users into revealing their credentials. According to a new report from Cofense, there has been a surge in scam attempts using illegitimate and badly created Office 365 credentials update forms. Potential victims receive an email claiming to be from their organisation’s IT team that tells them their account will expire unless they click the link and update their details. Cofense note that the criminals behind the scam went to great lengths to appear legitimate. The phishing email originates from a compromised company email account, which allows the scam to bypass basic email security checks. However, the forms that potential victims are directed to are often littered with grammatical and spelling mistakes. Phishers use a wide variety of techniques to try and scam users into revealing sensitive data about themselves or the businesses they work for. The NCSC has published guidance on how the public and organisations can defend themselves against such attacks. The NCSC has also published advice on securely configuring Office 365 to protect against the rise in credential stealing attacks.