Weekly Threat Report 6th September 2019
The NCSC's weekly threat report is drawn from recent open source reporting.
BEC becomes the main cause of cyber insurance claims, and GDPR is having an impact
In 2018, business email compromise (BEC) accounted for 23% of cyber insurance claims received from Europe, the Middle East and Asia, according to statistics released by AIG.
Ransomware at 18% and data breaches at 14% of total claims were relegated to second and third places. Total claims in 2018 amounted to more than those in 2016 and 2017 combined.
Insurers in the US now advise victims to pay ransom demands and then make a cyber insurance claim. As a result, insurance companies are making smaller payouts to cover ransom costs rather than large payments to cover the price of completely rebuilding a compromised network.
Whether or not to pay a ransom is a decision for the company affected, however we do have guidance on protecting your organisation from ransomware. Public sector organisations in the UK can sign up to the NCSC’s Mail Check service to help control email processing and manage security.
AIG also noted an impact on claims caused by the General Data Protection Regulation (GDPR) brought in by the European Union in 2018. Companies are making claims to offset some of the costs of the fines they face after reporting a data breach as is required under the legislation. Some 20% of claims cite GDPR notification.
The NCSC developed technical security outcomes with the Information Commissioners Office (ICO) to help organisations implement appropriate measures to prevent personal data from being accidentally or deliberately compromised.
Sophisticated spam attack targeting UK users looking for jobs and extra income
Compromised devices are used to act as proxies forwarding a malicious base64-encoded PHP script to vulnerable web servers in a new spam campaign active since May.
The compromised web servers in turn send an email, with link to the scam sites, to specific email addresses. Although currently used for directing the email recipients to scam news and cryptocurrency sites, by using a PHP shell the attackers could exploit the web server even after patching.
The NCSC would advise following our password guidance and ensuring that default vendor-supplied passwords that come with any system, software or device are changed before deployment. While you cannot stop every phishing email from getting through to your inbox there are some things that can be done to help secure organisations from email phishing attacks.
Horizons in Manchester opened by bus travel app hack
Claiming disgruntlement with private control of public transport a hacker collective made a copy of First Bus Manchester’s ticket app and reverse engineered it. In the process they discovered that the RSA private keys to sign the QR code were embedded in the app itself.
Rather than disclosing the issue to the developer the hacker collective has released a ride-buses-for-free code.
This vulnerability may have been caused by immature development practises. The NCSC has issued guidance for developers on building software and systems and deploying it securely.
Developers who discover a vulnerability in a government website can report it to the NCSC via our programme with HackerOne. See details on our website.