NCSC (National Cyber Security Centre) - Weekly Threat Report @ncsc #cybersecurity
Updated: Apr 6
Weekly Threat Report - 3rd April 2020
New COVID-19 phishing scam spotted
A new phishing campaign pretending to be from a local hospital in the US has been spotted in an unfortunate trend of coronavirus-related scams. Phishing is when criminals try to convince you to click on links within a scam email or text message, or to give sensitive information away (such as bank details). The scam email in question preys upon COVID-19 fears by suggesting the recipient has been exposed to the virus via a friend or relative. The victim is then prompted to open an attachment and select ‘enable content’ but this allows malware to be installed on the victim’s computer. You can see some examples of the scam here (external link). Unfortunately, cyber criminals are preying upon the fears of coronavirus and there have been scams spotted that claim to have a 'cure' for the virus, offer a financial reward, or encourage you to donate. The NCSC has recently updated and published advice for the general public which will help them to spot, deal with and report phishing scams such as this. With the coronavirus forcing many to work from home, the NCSC has also published guidance for organisations looking to help their staff adapt to life away from the office and keep themselves secure.
Microsoft warns coronavirus-hit hospitals of ransomware threat
Microsoft has warned dozens of hospitals that vulnerabilities in their VPN and network gateway devices are being targeted by human-operated ransomware campaigns, according to a blog post by the firm. With healthcare providers under huge pressure due to the coronavirus pandemic and with more people using VPNs to work from home, Microsoft took the unprecedented move to alert the organisations to the threat and to strongly advise them to apply security updates. With healthcare providers under huge pressure due to the coronavirus pandemic and with more people using VPNs to work from home, Microsoft took the unprecedented move to alert the organisations to the threat and to strongly advise them to apply security updates. Ransomware is a type of malware that makes data or systems unusable until the victim makes a payment. The strain of ransomware known as REvil, or Sodinokibi, is thought to be actively looking to target exploits, according to Microsoft. The NCSC has reported on REvil exploiting Windows vulnerabilities previously.
Two of the most important steps you can take to protect yourself from malware is to apply security updates, also known as patching, and make regular backups. For more information, the NCSC has published guidance on how to mitigate ransomware attacks and on how to securely set up VPN technologies.
Hotel chain Marriott suffers another serious data breach
Hotel chain Marriott International has suffered its second major data breach in 18 months, exposing personal information belonging to 5.2 million customers. In an incident notification published on its website, the company said it spotted unusual activity on an app typically used by guests to access services in February, with the login credentials of two Marriott employees found to have accessed “an unexpected amount” of guest data.
In November 2018, Marriott reported a breach where records for 339 million customers were exposed. At the time, the NCSC issued advice for Marriott customers affected. Marriott has said that information exposed in the recent breach included the email addresses and phone numbers of guests belonging to its Bonvoy loyalty scheme as well as details such as names and birth dates.
It is not thought that account passwords or payment details have been exposed. However, the firm has advised affected customers to change their Bonvoy account password and to enable two-factor authentication as a precaution. The NCSC reiterates this advice, in line with our top tips for staying secure online, and advises customers affected by such data breaches to remain vigilant when it comes to unexpected phone calls or targeted emails that seem suspicious.