Weekly Threat Report - 23rd November 2018
The phishing threat and how to protect yourself
Phishing emails are not new. The malware they often try to deliver to your computers and devices is constantly being upgraded and improved, however the actual content and structure of the phishing email does not evolve much.
Cyber criminals will send an email that looks to be from someone you know, or is familiar to you, such as a high street brand or bank. Within the email, there may be an attachment or link for you to click. This is when most phishing emails strike. The link or attachment will be loaded with malicious code, which when clicked, will then download malware to your device and infect you.
There’s nothing to be ashamed about being tricked into clicking on a phishing email. It happens. When our very own Dr Ian Levy was targeted by a prankster, he nearly fell for the bait. They are tricky to identify, and they often employ emotive tactics to get you to drop your guard and click on the bait.
Often the attachment will be disguised as a genuine Word document but will have malicious malware embedded inside. A recent phishing campaign has been identified, that was trying to infect users with TrickBot - a piece of malware used by cyber criminals to access online accounts, in order to steal log in credentials to facilitate identity fraud. Potential victims were sent an email purporting to be from a UK high street bank, the email address used looks very close to what one might think it could be. Once the email is opened, there is a letter attachment which when clicked on, runs a malicious macro downloading TrickBot and installing it.
The NCSC has previously blogged about phishing, offering advice on how to train yourself and your staff in how to spot phishing emails.
The NCSC has also published phishing guidance aimed at organisations. Technical controls such as keeping your devices up to date and using anti-malware software can also be effective in reducing the impact of a phishing attack such as TrickBot. Organisations should refer to our End User Devices and Office Macro guidance for further advice.
Malicious scripts make websites malicious
Malicious scripts are pieces of code which can be injected into a website or browser by a nefarious actor to steal sensitive information.
Another company recently admitted to suffering a data breach, with a fake Google script being the apparent cause. Almost 10,000 people had their personal data compromised with 6,600 having financial data, including CVV number (sometimes called security code, which is found on the back of your card) compromised.
The most recent breach comes after a number of high profile data breaches this year, such as British Airways and Newegg, in which malicious scripts were used on websites or cloud servers to compromise customer data.
In the run up to Black Friday and the Christmas trading period, companies should ensure that their websites are secure and individuals should ensure that they do not send personal or financial information on illegitimate websites.
The NCSC recommends that all online services undergo regular security reviews – including pentests – and public sector websites can benefit from the NCSC Web Check configuration and vulnerability scanning service.
The NCSC has also published seven tips for staying safe online before, during and after bagging Black Friday bargains. You can also learn more about how to stay safe before, during, and after making online purchases in a new series of podcasts.
National Cyber Security Centre Threat Reports