Stay cyber-savvy. Each month, we deliver the latest security stories and simple tips to help keep your organisation safe.
Part of GCHQ and the UK’s bulwark against cyber threats, the National Cyber Security Centre (NCSC) plays a vital role in keeping individuals and UK organisations safe online. In 2022, it has been helping Ukraine thwart Russia’s cyber-attacks and keep British assets safe in a time of war. It has also just released its annual review for 2022.
Here are four key points you should know:
- Eighteen ransomware incidents required a nationally coordinated response, including attacks on a supplier to NHS 111 and another on South Staffordshire Water
- There were 2.7 million reported/known cyber-related frauds in the 12 months to March 2022
- Commercially available malicious cyber tools are expected to be widely used by state and non-state actors in the future
- China’s increasing cyber capabilities have seen it target third-party technology and supply chain vulnerabilities. In fact, China’s tech evolution is likely to be the single biggest factor affecting the UK’s cyber security.
What can you do with this information? One thing. Take the threat seriously. We’re not in the business of scaring clients or casual visitors to our blog. But if you aren’t giving cyber security the attention it deserves, now is the time to get started.
4 Simple Cyber Security Steps
In other news, October marked Cyber Security Month in the EU and US. There are lots of resources available for individuals and businesses to stay safe online. Here are four key takeaways:
- Think before you click on any suspicious emails
- Update your software regularly
- Use strong passwords
- Enable Multi-Factor Authentication for your online accounts
Although NCSC/GCHQ haven’t been promoting Cyber Security Awareness Month in the same way as their American and European counterparts, they do have lots of great advice on their Cyber Aware campaign.
Latest Vulnerabilities
Dropbox hit by a phishing scam
Dropbox recently suffered a data breach where a threat actor hacked a staff member’s GitHub account through a successful phishing attempt. Exposed assets include API keys and thousands of employee names and email addresses.
Lenovo releases vital security patch
Lenovo has just come out with patches to fix two vulnerabilities that affect ThinkPad, Yoga and IdeaPad devices. The security flaws can help hackers get past the basic security on a user’s OS. These devices are mostly used by businesses and could leave employees exposed.
This vulnerability is firmly on our radar, and we are working hard to ensure all our client devices have been patched.
Sucuri websites compromised
The Sucuri blog announced 15,000 PHP and WordPress websites were compromised via a malicious SEO campaign. Sucuri researchers have uncovered a spike in WordPress malware that redirects website visitors to fake Q&A sites.
Russian Cyber-Warfare
It’s a sign of the times that we’re dedicating a section exclusively to Russian activity. We believe the below is good for you to know.
Credential roaming
A Russian espionage group has compromised an undisclosed European Diplomatic network via ‘Credential Roaming’. APT29 (aka Cozy Bear, aka Iron Hemlock, aka The Dukes), believed to be operated by Russia’s Foreign Intelligence Service (SVR), hacked into the network, presumably for international intelligence gathering.
Microsoft Security Threat Intelligence (MSTIC) identifies Russian actor ‘IRIDIUM’ using new ransomware to target Ukraine and Poland
MSTIC have hinted at Russian state involvement in a “novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload.” IRIDIUM and Russian state-backed group Sandworm appear connected.
Reporting Fraud Emails
You can report a fraud email to the NCSC who have the power to investigate and remove scam email addresses and websites.
Intersys is a cyber security specialist offering everything from remedial support post breach to comprehensive security operations centre services.
Take a look at our services and case studies to see what we offer and what others say about us.