|
|
Software supply chain attacks
Cyber actors linked to the Democratic People’s Republic of Korea (DPRK) are increasingly targeting software supply chain products to attack organisations around the world, the UK and the Republic of Korea have warned.
The actors have been observed leveraging zero-day vulnerabilities (i.e. those which were previously unknown) and exploits in third-party software to gain access to specific targets or indiscriminate organisations via their supply chains.
|
|
> Advice
A new joint advisory, available on the NCSC website, describes techniques and tactics used by DPRK state-linked cyber actors carrying out software supply chain attacks. The UK’s National Cyber Security Centre and Republic of Korea’s National Intelligence Service warn that such attacks are growing in sophistication and volume.
Organisations are encouraged to put security measures in place to reduce the chance of systems and data being compromised.
|
|
|
|
Social Engineering
A technique an attacker uses to manipulate people into carrying out specific actions, or divulging information.
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) recently released an advisory detailing how the Scattered Spider ransomware group is adept at using social engineering tactics to gain initial network access on large organisations.
These tactics include targeting a company's employees by posing as IT or help-desk staff and tricking them into providing credentials or even direct network access. One increasingly popular technique is called 'MFA Fatigue'. Multi-factor Authentication (MFA) involves an additional layer of security when logging in, such as supplying a randomly generated code from an app or using biometrics.
When an organisation's MFA is configured to use 'push' notifications, the employee sees a prompt on their mobile device when someone tries to log in with their credentials. These MFA push notifications ask the user to verify the login attempt and will show where the login is being attempted. An MFA Fatigue attack is where attackers run scripts that attempts to log in with stolen credentials repeatedly, resulting in an overwhelming number of MFA push requests to be sent to the account owner's linked device. This causes fatigue regarding the prompts, and makes it more likely that employees will approve requests, especially when combined with other social engineering techniques.
After establishing footholds, the group then uses a range of software tools for further reconnaissance and movement, before deploying malicious software and/or stealing sensitive data.
|
|
> Advice
The Scattered Spider group is more likely to target large organisations, however many of the tactics, techniques and procedures used by those individuals are used by others. The advisory above contains mitigation advice (albeit on a technical level).
For guidance on how to combat Social Engineering attacks, this Phishing section on the National Cyber Security Centre (NCSC) website provides a lot of useful guidance. There are also a lot of other applicable resources on the rest of the website.
Our Protect team also offer bespoke workshops which focus on techniques used in Social Engineering such as our Phishing Masterclass. Details of these workshops ore on our website.
|
|
|
> Reporting
If you think you have been a victim of cyber crime, please report the incident to Action Fraud via phone (0300 123 2040) or website at https://www.actionfraud.police.uk
If you've received a suspicious email, please forward it to the NCSC's Suspicious Email Reporting Service (SERS) at 'report@phishing.gov.uk'. More information, including advice on how to protect yourself against phishing, can be found on the NCSC website.
|
|
|
|
Bristol Business Expo, 30th Nov
Another expo is on the horizon, and we're very much looking forward to exhibiting at the Bristol Business Expo! Come along to stand 65 and talk to our Protect team about how we can help your organisation stay protected against cyber crime, and pick up some of our free resources!
Grab your tickets at the Bristol Business Expo website.
|
|
|
SWRCCU Virtual Technical Meetup, 6th Dec, 10:00 - 12:30
Following on from the success of our in-person meetup in May 2023, our second meetup will be a half day virtual session.
This session is open to technical leads from organisations of all sizes and sectors across the South West. Bringing together speakers from private industry and law enforcement to discuss cyber security topics, attendees will learn more about current threats and how they can protect their organisation from them.
We are delighted to welcome Armour Communications, who will be talking about threats with mobile devices and how to manage them. We will then hear from the UK Cyber Security Council, who will explain some of the work they have carried out, what's next, and why this is important going forward.
The session will also include an update from our Protect & Prepare team and time for networking.
Register now at our Eventbrite page!
|
|
|
National Lead Force launches strategy for fraud, economic and cyber crime
The City of London Police officially launched its five-year National Policing Strategy for Fraud, Economic and Cyber Crime recently, building on fraud and cybercrime being included in the strategic policing requirement earlier this year.
The new strategy has been developed to guide and support local, regional and national policing to deliver a better service for victims and sets out the actions under three objectives to improve outcomes for victims, proactively pursue offenders and protect people and businesses from threat. You can read more about the strategy on the City of London Police website.
|
|
|
British Library: Employee data leaked in cyber attack
Law enforcement and judicial authorities from eleven countries have delivered a major blow to one of the most dangerous ransomware operations of recent years. This action targeted the Ragnar Locker ransomware group who were responsible for numerous high-profile attacks against critical infrastructure across the world. Read more at BBC.
|
|
|
Black Friday tips to stay safe and avoid scams while shopping online
According to the National Cyber Security Centre (NCSC), shoppers lost more than £10m to cyber criminals over last year's festive shopping period. With Black Friday sales under way and Christmas on the horizon, this Sky News article looks at advice on how best to stay safe and avoid scams this year. Read more at Sky News.
|
|
|
|
|
|
|
