NCSC (National Cyber Security Centre) - Weekly Threat Report @ncsc #cybersecurity
Weekly Threat Report - 17th April 2020
Bumper “Patch Tuesday” releases from Microsoft
Amongst the 113 security updates in the April release from Microsoft were patches for 3 zero-day vulnerabilities. This follows a similarly large release of 115 fixes in March.
Using the latest versions of software, applications and operating systems on your devices immediately improves your security. Users should check that their device is set to update automatically.
The current COVID-19 pandemic has also seen Microsoft extend the end of life support for some Windows 10 1809 and Windows 10 1709 products. More information can be found on the Microsoft website.
The NCSC has produced some guidance to help you manage the period while you are still relying on obsolete software and platforms.
US issues North Korean cyber threat warning
Officials in the United States have issued new guidance on the cyber threat posed by North Korea. The report - jointly published by the US Departments of State, the Treasury, Homeland Security, and the FBI - highlights the threat posed by North Korea and gives advice on how to stay safe online. Americans and their allies have particularly been warned to look out for crypto jacking, extortion campaigns, cyber-enabled financial theft, and money-laundering scams. It is thought that North Korea is using the funding from cyber crime to strengthen their military capability, as well as to disrupt the stability of the international financial system. This report follows on the heels of a joint report between UK and US security officials warning of the rise in COVID-19 related cyber crime, which was published last week.
Hackers claim to hold European energy giant EDP to ransom
Researchers are reporting that cyber attackers have stolen sensitive files belonging to Energias de Portugal (EDP) using the Ragnar Locker ransomware.
In a new web post, hackers claim that they have downloaded more than 10TB of private information. They threaten to release this information if EDP doesn’t pay a ransom of €10 million.
Screenshots of the data stolen, that are included in the post, indicate that the attackers already have access to a large amount of data. In a ransom note, the attackers claim to have access to confidential information on billing, contracts, transactions and more. In a statement published by Current+, EDP confirmed that it was hit by a cyber attack on April 16th and continues to develop its response. Ragnar Locker is a ransomware that can attack Windows-based systems. Attackers first began using the ransomware in a series of attacks against compromised networks in December of last year.
Guidance on dealing with the effects of ransomware can be found in the NCSC’s Mitigating malware and ransomware attacks guidance, but a recent blog post has also been published which may be helpful in the event of a ransomware attack: