Weekly Threat Report - 11th September 2020
Newcastle University suffers a serious cyber incident
Newcastle University confirmed this week that ongoing issues with its IT systems will take several weeks to address. Many of the university’s services are not operational and those that are may be taken down without notice.
System issues first started last week and the university has been taking measures to secure its IT estate and investigate the impact since then. The university has published FAQs which offer advice and guidance to its staff and students.
The NCSC is aware of the incident and providing support; we regularly work to protect the academia sector from threats and improve its security practices. Ransomware operators DoppelPaymer have claimed that they are responsible for breaching the university’s network. The university has not confirmed this claim and a criminal investigation is ongoing.
The NCSC has recently updated its guidance on mitigating malware and ransomware attacks. Those looking to secure their online accounts should follow the NCSC’s Cyber Aware advice. Anyone concerned about their personal data being compromised may find our guidance on the phishing threat following data breaches helpful.
EPPlus generated macros provide novel way to help malware evade detection
NVISO Labs have recently identified a new threat actor which they’ve named ‘Epic Manchego’. It appears to be experimenting with a new technique which uses the .NET library EPPlus to generate malicious Excel spreadsheets in Office Open XML format. This method ensures that VBA code present in Microsoft’s Office software is missing, giving the malware a low detection rate and an increased chance of avoiding security systems. The malicious documents (also called maldocs) contain a macro script, that if opened and enabled, can download and install harmful malware on to the victim’s system. It is alleged that the group are experimenting with this particular technique and will continue to develop this type of attack.
Many organisations currently rely on Office macros for day-to-day business functions, including where they’re used to interact with external partners. Organisations that are still using macros should develop a strategy for replacing them and NCSC details approaches you can take to protect your systems.
Topics Cyber threat