Weekly Threat Report - 6th April 2018
Report's are drawn from recent open source reporting, see the latest report here:.
Ransomware attacks in the US
Recent media reports have highlighted the continued ransomware threat to public and private sector organisations. These included a ransomware attack against Atlanta City that took much of the city's internal and external services offline.
The services impacted included customer-facing applications used to pay bills or access court-related information. SamSam ransomware was reported to have been used in this attack.
Elsewhere, the City of Baltimore’s 911 system was taken offline by undisclosed ransomware. The Computer-Aided Dispatch (CAD) system was offline over the weekend as the IT team worked to isolate the breach. It is not clear whether these two cases were related.
The NCSC guidance on mitigating ransomware and other forms of malware can be found here.
US data leaks and breaches
The company that owns the MyFitnessPal app has announced it suffered a data breach affecting 150 million users.
The unidentified attacker was able to obtain email addresses, usernames and hashed passwords, although no payment card details were reportedly taken. The company has been in contact with affected customers and has issued supporting guidance and information.
In an unrelated case, customer data of the US bakery/café chain Panera Bread was accidentally leaked over a period of several months. Reports on the number of customers affected have varied, with some commentators suggesting that millions of customers may have been affected.
There are a number of steps you can take to reduce the impact of data breaches on yourself or your customers.
The NCSC has issued guidance aimed at organisations of all sizes: Phishing Attacks: Defending Your Organisation. The NCSC has also issued password guidance Password Guidance: Simplifying Your Approach.
Attempted SWIFT fraud against Malaysian central bank
Last week, Malaysia’s central bank, Bank Negara Malaysia, reported that they detected and foiled an attack in which unauthorised SWIFT payment messages had been attempted.
SWIFT, the Society for Worldwide Interbank Financial Telecommunications, is a messaging network used by financial institutions to securely transmit information and instructions through a standardised system of codes.
The bank reports that it did not suffer any financial loss as a result of the incident, and that security measures in place had effectively protected the bank and its associated payment and settlement systems.
Bank Negara Malaysia said that working closely with SWIFT and other financial institutions had ensured a prompt and speedy response to the attack. There is an ongoing investigation into the incident.
There are often media reports of attacks on the SWIFT messaging system. However, it is important to note that in this and previous cases, the SWIFT system itself was not breached; rather, local infrastructure was targeted, enabling the acquisition of valid local operator credentials.
SWIFT has issued mitigation guidance along with its basic cyber hygiene standards and recommends multi-factor authentication for all administrations of payments systems. Nevertheless, it remains an attractive and lucrative target for cyber criminals.
National Cyber Security Centre Threat Reports