🚹InfoSec Monthly – NCSC warns of rise in ransomware attacks

Written by Chris Hepple, Head of Information and Cyber Security | Posted in News on 2 August 2020

🗓 Your monthly InfoSec update from our Head of Information and Cyber Security, Chris Hepple. Giving a heads-up on the latest issues we all need to be aware of.

It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it. Stephane Nappo

NCSC warns UK academia of rise in number of cyber attacks

This month the NCSC issued an alert to support UK academia. Since August, the NCSC has investigated an increased number of ransomware attacks. These attacks target UK schools, colleges, and universities. It’s important that other business sectors are aware of these types of attacks. Ensure your teams and colleagues know to be alert to any suspicious communications and activity.

Ransomware attackers deploy many infection vectors to gain access to a victim network. By adjusting their tactics, cyber criminals exploit the vulnerabilities they find. In recent incidents, the NCSC has observed malicious actors targeting vulnerabilities related to:

  • Remote Desktop Protocol (RDP) configurations
  • Unpatched software and unsecured devices
  • Phishing emails

Business Email Scammers want more, more, more

Cyber criminals will demand up-to $80,000 following a business email compromise (BEC). This was the staggering fact reported this week.

BEC scams usually begin with a phishing attempt. For example, a company employee receives a scam email asking them to pay a fake invoice. These kinds of attacks are common. So, it is important that organisations put cyber security at the top of their priority list. They can do this by ensuring employee support in the event of an attack is high on the agenda.

EPPlus generated macros provide novel way to help malware evade detection

NVISO Labs have identified a new threat actor which they’ve named “Epic Manchego”. This actor is experimenting with a new technique which uses the .NET library EPPlus. The technique generates malicious Excel spreadsheets in Office Open XML format. This results in Malware being less effective, by making VBA code in MS Office disappear. Leading to low detection rates and an increased chance for the threat to pass under the radar.

HICS Recommendations

  • Security testing is paramount for any system. So make your activity in mitigating these vulnerabilities a priority.
  • Patching and asset management processes remains an imperative. So ensure it is top of your business agenda.
  • Phishing, both personal and business, is the easiest way to fall victim. Attackers have developed creative methods to imitate official communications. So, if you’re unsure of something you receive, it pays to refer to the service providers website. Or, if you know the sender (colleague/friend), engage with them direct.NEVER use the contact information contained in the message. If the email is malicious, the contact details are too!
  • Avoid the use of macros. When this is unavoidable, ensure you complete thorough script checks.