📡 InfoSec Radar #5 – Feb ’21

Written by Chris Hepple, Head of Information and Cyber Security | Posted in News on 12 February 2021

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” Stephane Nappo

👉 Foreword

The National Cyber Security Centre (NCSC) is a Government organisation that provides advice and support for the public and private sector regarding security threats. I encourage all colleagues and clients to follow their reporting as it publishes current threats that could affect our businesses, products and services. I have focussed this post on the most relevant articles to our business and industry.

💰 Ongoing threat of Ransomware

The Scottish Environment Protection Agency (SEPA) confirmed it was the victim of an ongoing ransomware attack. The NCSC has been supporting investigations to understand the impact of this incident.

Ransomware is a serious cyber threat. Cybercriminals can often threaten the publication of data if a payment fails to take place. Law enforcement does not encourage, endorse, nor condone paying ransom demands. 

If you do pay the ransom:

  • There is no guarantee that you will get access to your data or computer
  • Your computer will still be infected
  • You will be paying criminal groups
  • You will likely be targeted again in the future

Organisations should take steps to protect themselves from the loss of access to their data by ransomware and the risk of data theft.

The following guidance from the NCSC can help with this:

Protecting bulk personal data

Logging and protective monitoring

Mitigating malware and ransomware attacks

👨‍💻 HICS comment – The financial sector, just like many other industries, could fall victim to ransomware. This threat will never cease and will continue to come to the forefront of reporting time and time again. At Banking Works, we ensure we have controls and supporting process implemented and tested to be effective. We protect the data source and ensure sufficient and timely backups are taken and stored in secure off-site locations. We carry out appropriate rollback tests to ensure backups will work as expected.

📱 Fake apps responsible for increased attacks targeting remote devices

The number of organisations experiencing malware attacks on remote devices has increased over the past year since the COVID-19 global pandemic began, as reported in a recent Cloud Security Report by Wandera.

Some of the attacks on remote workers involved targeting victims by using phishing emails. If clicked, the emails tricked victims into downloading malicious applications disguised as tools to help improve productivity at home but instead allowed attackers to gain access to corporate devices.

This report states that around a third of devices compromised in this type of attack continue to access work email, while 10% continue to access cloud services. This situation could potentially give the attackers even more access to corporate networks.

The NCSC’s home working and mitigating malware and ransomware guidance explains how organisations can protect themselves against cyber-attacks whilst working online.

👨‍💻 HICS comment –Phishing is an attack vector that can be used against all businesses who process personal data, especially those in the financial sector. At Banking Works, we have effective filters and tools that quarantine external email threats prior to delivering malicious content to the user. We promote a robust security culture and ensure staff are educated and aware of security-related threats, including the identification and reporting of anything suspicious.

We build all remote processing devices throughout the business to secure standards, ensuring users cannot modify installed applications mitigating this risk. We also implement Multi-Factor Authentication in conjunction with industry best standards connectivity channels when accessing business environments.

👀 Vigilance urged following COVID-19 vaccine scams.

Cyber-criminals are attempting to scam the public by taking advantage of the COVID-19 vaccine roll-out.

As of January 7th, Action Fraud had received 57 reports regarding vaccine scams and want to raise awareness. The scam comes in the form of email or SMS and uses the lure of being vaccinated by tricking victims into sharing personal and financial details. Some scams even use forms that look very similar to those used by the NHS.

Important things to remember:

  • The vaccine is completely free of charge.
  • The NHS will never ask you for your bank account or card details.
  • The NHS will never ask you for your PIN or banking password.
  • The NHS will never arrive unannounced at your home to administer the vaccine.
  • The NHS will never ask you to prove your identity by sending copies of personal documents such as your passport, driving license, bills or payslips.
  • If you believe you have received a scam email regarding the vaccine, then you can report it directly to the NCSC using the Suspicious Email Reporting Service (SERS) by forwarding the email to report@phishing.gov.uk.

If you have received a suspicious text message, then you can forward this to 7726. This free-of-charge service allows an investigation to take place and take action if found to be malicious.

The NCSC has published advice on how to deal with suspicious phone calls, messages and emails.

👨‍💻 HICS comment – Although this report focusses on the COVID pandemic, it can quickly redevelop to catch out the financial industry. Attackers have and will continue to, fraudulently represent as financial institutes/services to unlawfully obtain sensitive information for customers. At Banking Works, we have effective processes and formal procedures for completing activities. We also have a responsive and effective process for dealing with incidents like this. We store logs and activities to ensure they will fully cooperate with any subsequent investigations by any supervisory or lawful agency.

👮‍♀️ Enforcement Action by the ICO

A motor industry employee was prosecuted for passing the personal information of service users to an accident claims management firm without authorisation.

Kim Doyle of Village Lane, Higher Whitley, pleaded guilty to charges of conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data. She was sentenced at Manchester Crown Court on January eight 2021 to eight months imprisonment, suspended for two years.

Doyle unlawfully compiled lists of road traffic accident data including partial names, mobile phone numbers and registration numbers despite having no permission from her employers. Doyle then unlawfully transferred the data she obtained, to William Shaw, director of an accident claims management firm. For more information visit the ICO Report

👨‍💻 HICS commentAt Banking Works we have applied separation of duties to ensure, where appropriate, responsibilities are shared. We employ Role-Based Access Controls so that only those with a business need can access specific data. We also retain user activities and use monitoring tools to ensure users conduct themselves as expected by the Company. We have disabled the use of USB to mitigate the risk of copying and extracting large portions of data. All access to our business environments are via an MFA secure connection, with no ability to access any personal accounts/environments during the same session.

For further InfoSec guidance, check out our previous posts:

InfoSec Radar #4

Infosec Radar #3

InfoSec Radar #2

InfoSec Radar #1