Weekly Threat Report - 5th January 2018
Report's are drawn from recent open source reporting, see the latest report here:.
'Meltdown' and 'Spectre' vulnerabilities to microprocessors
Reports of new security flaws affecting microprocessors called ‘Meltdown’ and ‘Spectre’ surfaced this week. Processors in most devices employ a range of techniques to speed up their operation, and the vulnerabilities allow some of these techniques to be abused to obtain information about areas of memory not normally visible to an attacker. As a result, normally difficult actions - such as recovering passwords - are theoretically made easier.
However, an attacker would still need to run code on a device. Access would typically be gained via well-known means, such as phishing attacks or browsing malicious websites. At this stage there has been no evidence of any malicious exploitation and patches are being produced for the major platforms. The NCSC has pro-actively advised that all organisations and home users continue to protect their systems from threats by installing patches as soon as they become available, and has recommended that home users enable automatic updates so future security measures are installed.
Further advice for enterprise administrators and home users can be found on this website.
Cyber-enabled fraud: an increasing threat for 2018
Media reporting highlights an alleged attempt by hackers to steal funds from Russian bank Globex. The hackers appear to have used legitimate credentials to access the SWIFT international payment system to attempt fraudulent wire transfer requests valued at 55 million roubles (c. £700,000).
This attempted theft highlights that poor end user security is still a problem for some global financial institutions.
Increasingly, cyber thieves are attempting to harvest legitimate login credentials, and then commit fraudulent activity using the accesses that these legitimate credentials provide. Most notoriously, around US $81 million was stolen from Bangladesh Bank in February 2016.
Analysis of the Bangladesh Bank theft indicates that the hackers responsible likely implanted malware into the banks servers to steal legitimate SWIFT credentials, which were then used to conduct the fraudulent transactions.
Most organisations in the UK finance sector will have sufficient cyber security measures in place to protect against the type of fraud which occurred against the Bangladesh and Globex banks, however, globally, this trend of cyber-enabled fraud, which seeks to acquire and then abuse legitimate credentials, is likely to continue throughout 2018, and it is likely to be attempted against UK organisations across all sectors.
Cyber attack forces US hospital offline
The Jones Memorial Hospital in the US state of New York was hit by a cyber attack this week impacting some of its information services. The hospital stated that they used standard computer downtime procedures in response, and they believe no patients’ financial or medical information has been compromised.
The exact cause of the incident was not revealed, although similarities can be drawn to previous ransomware attacks against healthcare providers in the US. While all sectors are vulnerable to such attacks, healthcare organisations in the US are more likely to be specifically targeted by cyber criminals because they operate privately, for profit and have a high reliance on access to data. As a result, these organisations also tend to have appropriate response and backup procedures in place, enabling them to limit the operational and financial impact of cyber attacks.
The NCSC has published guidance on how to prevent a ransomware incident and what to do if your organisation is infected.
National Cyber Security Centre Threat Reports