Cyber Intelligence Bulletin

Optimising Information Security

How to defend yourself against SamSam ransomware

SamSam is different from most other ransomware – it’s used sparingly, in a relatively small number of targeted attacks by a skilled team or individual. They break into and survey a victim’s network before deploying and running the ransomware, just like a sysadmin deploying legitimate software. Those unusual tactics create advantages for both attacker and defender.
The good news is that the SamSam attackers aren’t looking for a challenge. They want easy targets, which means that getting a few of the basics right gives you a very good chance of keeping them out.
The bad news is that if they do get a foothold in your organisation they can dig in quickly. They don’t deploy the SamSam malware until they’re able to act as a Domain Admin, which gives them high ground from which to attack. This article covers the strategy you can adopt to “be the smallest possible target”, “follow the principle of least privilege” and what to do “if an attack is successful”

Read full article. 

Cyber Attack! Would your firm handle it better than this?

Technology of Business eavesdropped on a “war games” exercise hosted by cyber security firm Forcepoint that was based on lots of real-life experiences.
In the experience IT staff at fictional High Street optician Blink Wink’s head office have been suckered by a phishing email. Someone clicked on a link to a spoof website because they thought the email looked legitimate. It wasn’t. That was two months ago. Today, the proverbial hits the fan…
Richard Ford, chief scientist at Forcepoint, says: “Reacting late has put Blink Wink on the back foot. You need to move quickly in these situations otherwise the attackers dictate the pace. A poor knowledge of data breach laws has made the company vulnerable. They clearly didn’t have a breach policy in place nor did they know who was responsible for each role or what they should be doing.” How would your company cope in Blink Wink’s situation?

Read full article.

Dixons Carphone: 10m customers hit by data breach – investigation

Dixons Carphone said an investigation into a massive data breach has found personal data belonging to 10 million customers may have been accessed last year, nearly 10 times as many as initially thought. The electronics retailer had estimated the attack involved unauthorised access to 1.2m personal records, when it first reported the breach in June. It said there was no evidence of any fraud. The company said records containing personal data such as names, addresses or email addresses had been accessed, but not financial information. It is writing to customers to apologise for the data breach, but does not plan to pay compensation as there is no evidence that anyone has suffered any financial loss.

Read full article. 

Reddit’s hack response causes concern

The site said it discovered in June that hackers compromised several employees’ accounts to gain access to databases and logs. They were able to obtain usernames and corresponding email addresses – information that could make it possible to link activity on the site to real identities. The hackers were also able to access encrypted passwords from a separate database of credentials from 2007.
Reddit said it would inform those affected by the loss of historic data, but would not be getting in touch with those impacted by the potentially much larger breach – a decision which has baffled prominent, independent security researchers. “This is personally identifiable data that’s been exposed in what is unequivocally a data breach, why on earth wouldn’t you notify people?” said renowned security researcher Troy Hunt, a specialist in data breaches affecting consumers. Here’s what Reddit has to say about the breach.

Read full article. 

Prisoners Exploit tablet vulnerability to steal nearly $225K

The inmates transferred nearly $225K into their JPay accounts, according to the Associated Press. The handheld tablets are used in prisons across the country, where inmates use them to stay in touch with the outside world via money transfers, emailing families and friends, buying and listening to music, video visitation, parole and probation payments, and downloading and playing games. The devices are made available through a contract between JPay and CenturyLink. Inmates can pay for entertainment, games and additional services with JPay credits. The transfer scam was discovered earlier in the month by a special investigations unit. the largest amount swindled by a single inmate was a little under $10,000. Fifty of the inmates transferred amounts exceeding $1,000 into their accounts.

Read full article.

NHS trusts sign up to Darktrace threat-hunting software

Milton Keynes University Hospital NHS Foundation Trust, Royal Free London NHS Foundation Trust, Luton and Dunstable Hospital University Hospital NHS Foundation Trust, and West Suffolk NHS Foundation Trust are the latest organisations to ink deals with Darktrace, which provides machine learning-driven security software. The firm’s technology, branded the Enterprise Immunise System, uses a system of algorithms to detect and automatically fight back against threats that enter a computer network. Within the NHS, the tool is being used to build on the ability of organisations to respond to cyber-attacks and protect patient data, a topic that has made its way to the top of board agendas since the WannaCry outbreak in 2017.

Read full article.

From July 24th, Google Chrome starts marking all non-HTTPS sites ‘Not Secure’

So if you are still running an insecure HTTP (Hypertext Transfer Protocol) website, many of your visitors might already be greeted with a ‘Not Secure’ message on their Google Chrome browser warning them that they can’t trust your website to be secure. By displaying ‘Not Secure,’ Google Chrome means that your connection is not secure because there is no SSL Certificate to encrypt your connection between your computer and the website’s server. So, anything sent over a non-HTTPS connection is in plain text, like your password or payment card information, allowing attackers to snoop or tamper with your data. The non-https connection has been considered dangerous particularly for web pages that transfer sensitive information—like login pages and payment forms—as it could allow a man-in-the-middle attacker to intercept passwords, login session, cookies and credit card details as they travel across the network.

Read full article. 

+44 (0) 20 7517 3900