Weekly Threat Report - 21st August 2020
Microsoft to pull back support for Internet Explorer
Microsoft has announced that all Microsoft 365 apps and services will no longer support Internet Explorer 11 (IE 11) by 2021.
In a tech community blog published this week, the company said that the Microsoft Teams web app will no longer support IE 11 from this November. From August 17th next year, support for the remaining Office 365 apps and services will cease.
IE 11 users will have degraded experiences or be unable to connect to Office 365 applications after these cut-off dates.
Microsoft are encouraging all IE 11 and Microsoft Edge Legacy users to switch over to the new version of Edge that was launched in January. Microsoft will stop issuing security updates for the Microsoft Edge Legacy desktop app after March 9th next year. Switching browsers isn’t always simple though, particularly for organisations that rely on legacy applications. Acknowledging this, Microsoft has put an Internet Explorer mode into the current version of Edge to let users access legacy apps within the modern browser. It’s important for individuals and organisations to use the most up to date software and hardware. Older versions are more likely to be unsecure, especially if they’re out-of-support and not receiving security updates that patch vulnerabilities.
Our guidance on obsolete software and devices offers advice to organisations who are unable to fully migrate from obsolete products before their end-of-support dates. Microsoft has also published guidance for organisations that are deploying Microsoft Edge in an enterprise environment.
HMRC investigating COVID-19 phishing scams
More than 10,000 phishing scams are being investigated by Her Majesty’s Revenue & Custom (HMRC).
HMRC does offer support for individuals and businesses coping with the COVID-19 crisis. However, its role in programmes introduced to support businesses and people during lockdown have also made it an attractive lure for criminals to use in phishing scams. In May alone more than 5,000 scams were reported to HMRC by the public. A rise of 337% if compared to March figures, when lockdown began. During the month, HMRC asked internet service providers to remove 292 scam websites to help combat the issue.
This isn’t the first time we have reported on cyber criminals taking advantage of the coronavirus and the scamming opportunities it presents. These scams prey on concerns about the pandemic but there are ways you can protect yourself and your organisation from phishing scams.
There is also plenty of published advice which will help you to stay secure online:
The NCSC’s top tip for staying secure online
Phishing attacks: how to deal with suspicious messages and emails
Securing your devices
Update to Huawei advice following US August announcement
This week the US announced further changes to the sanctions on Huawei. The NCSC is assessing the impact to owners of Huawei and Honor-branded devices. The change may have an impact on services used by your device and software updates; for some products these may cease. Therefore, owners of devices manufactured by Huawei, such as a smartphones, tablets, laptops, or other connected consumer devices should continue to follow our Cyber Aware guidance and update the devices while updates remain available and turn on backup to ensure you can access your data from other devices. If you use a personal Huawei device for work, you should talk to your employer about whether that should continue if your device ceases to receive security updates or access other services. Organisations where employees use personal Huawei devices to access business data and applications, such as email, instant messaging, and office applications, should read our guidance on BYOD. See the NCSC’s updated information on Huawei and what you need to know for more detail. The advisory can be read on the NSA website.
Topics Cyber threat