Cyber Security Newsletter Week 7
FBI issues QR code scam warning
The FBI’s Internet Crime Complaint Center (IC3) has issued an alert warning of the malicious use of QR codes. According to the public service announcement, cyber criminals have been tampering with QR codes to redirect users from legitimate websites to fraudulent ones where their data and money is at risk of being stolen. Businesses worldwide have turned increasingly towards using QR codes to continue offering their services, but this mechanism can be exploited and even used to embed malware onto a user’s device. The FBI has published advice to users. Anyone who thinks they have been a victim of cybercrime should report details to their bank and Action Fraud (for England, Wales and Northern Ireland) or Police Scotland (for Scotland).
The NCSC have published top tips for staying secure online which can help you remain safe even if have you have followed a QR code or link to a malicious destination.
Solutions:
• Multi Factor Authentication (MFA)
• Antivirus, firewall and patching
• Web protection
White Rabbit ransomware threat
A hard to detect form of ransomware, White Rabbit, has been reported on by researchers and linked back to a crime group known for targeting finance. White Rabbit was utilised in December 2021 in an attack against a US bank and researchers at Trend Micro believe the tactics have been seen before with the cybercriminal group, FIN8. The technique is discreet because its payload binary requires a specific command-line password before triggering the ransomware and encryption routine. This means it remains discreet until triggered. The file is also very small (100kb) and appears to show no activity making it harder to spot. Ransomware is a growing threat within cyber security. Criminals can use the attack to lock down files and systems before demanding payment for access, but there’s never a guarantee that paying the ransom will work.
The NCSC has published guidance which can help organisations protect themselves from ransomware.
Solutions:
• End-point Protection
• Cyber Consultancy
• Ransomware Protection
Inquiry into two cyber-attacks at Gloucester City Council
An investigation will take place into how a local authority was hit by cyber hackers twice in the past decade. Gloucester City Council became aware of its latest cyber-attack on 20 December, disrupting online revenue and benefits, planning and customer services. It could take months to fix affected servers and systems need to be rebuilt. The National Crime Agency and National Cyber Security are investigating, with insiders believing there could be links to hackers in the former Soviet Union. The software, known as sleeper malware, made its way into the local authority's system embedded in an email that had been sent to a council officer. Services, including online applications forms used to claim housing benefit, test and trace support payments, discretionary housing payments and council tax support, have been delayed or are unavailable.
According to the Local Democracy Reporting Service (LDRS), opposition councilors at the Conservative-led council are extremely concerned as it is the second time in recent years the authority has been hacked.
Solutions:
• Web protection
• Consultancy Service
• Awareness Training
Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans
A spate of account takeover hacks has prompted the English Premier League to promise to introduce two-factor authentication (2FA) controls to its official Fantasy Premier League game (FPL) from next season. FPL has more than eight million players, who sign up with a standard email address and password, although 2FA is not offered as an option. A wave of hacks this season has seen attackers seemingly targeting successful teams ranked in the top 100,000. The precise number of account takeover attempts is unclear, but simply searching for the term ‘hack’ on FantasyPL Reddit shows many people are claiming to have been affected, and the problem is far from isolated. In some cases, accounts have been deleted and many victims have struggled or failed to get back lost fantasy football league points. The FPL game is free to enter and the chances of winning a prize, such as a trip to see a football game or Premier League merchandise, is slim to none. Nonetheless, many FPL participants devote considerable time in researching and selecting their team over a period of months, in an effort to outscore and outrank their friends and colleagues in the many private leagues that are a feature of the game. The game has also spawned a vibrant community of YouTube channels, discussion, and (several subscription-based) team aid selection websites.
“We would like to take this opportunity to remind all FPL managers that using the same email address and password combination on other sites puts the security of your FPL team at risk”
Solutions:
• Multi Factor Authentication (MFA)
• Regularly update passwords and emails
• Email Protection (Mimecast)
The FBI’s Internet Crime Complaint Center (IC3) has issued an alert warning of the malicious use of QR codes. According to the public service announcement, cyber criminals have been tampering with QR codes to redirect users from legitimate websites to fraudulent ones where their data and money is at risk of being stolen. Businesses worldwide have turned increasingly towards using QR codes to continue offering their services, but this mechanism can be exploited and even used to embed malware onto a user’s device. The FBI has published advice to users. Anyone who thinks they have been a victim of cybercrime should report details to their bank and Action Fraud (for England, Wales and Northern Ireland) or Police Scotland (for Scotland).
The NCSC have published top tips for staying secure online which can help you remain safe even if have you have followed a QR code or link to a malicious destination.
Solutions:
• Multi Factor Authentication (MFA)
• Antivirus, firewall and patching
• Web protection
White Rabbit ransomware threat
A hard to detect form of ransomware, White Rabbit, has been reported on by researchers and linked back to a crime group known for targeting finance. White Rabbit was utilised in December 2021 in an attack against a US bank and researchers at Trend Micro believe the tactics have been seen before with the cybercriminal group, FIN8. The technique is discreet because its payload binary requires a specific command-line password before triggering the ransomware and encryption routine. This means it remains discreet until triggered. The file is also very small (100kb) and appears to show no activity making it harder to spot. Ransomware is a growing threat within cyber security. Criminals can use the attack to lock down files and systems before demanding payment for access, but there’s never a guarantee that paying the ransom will work.
The NCSC has published guidance which can help organisations protect themselves from ransomware.
Solutions:
• End-point Protection
• Cyber Consultancy
• Ransomware Protection
Inquiry into two cyber-attacks at Gloucester City Council
An investigation will take place into how a local authority was hit by cyber hackers twice in the past decade. Gloucester City Council became aware of its latest cyber-attack on 20 December, disrupting online revenue and benefits, planning and customer services. It could take months to fix affected servers and systems need to be rebuilt. The National Crime Agency and National Cyber Security are investigating, with insiders believing there could be links to hackers in the former Soviet Union. The software, known as sleeper malware, made its way into the local authority's system embedded in an email that had been sent to a council officer. Services, including online applications forms used to claim housing benefit, test and trace support payments, discretionary housing payments and council tax support, have been delayed or are unavailable.
According to the Local Democracy Reporting Service (LDRS), opposition councilors at the Conservative-led council are extremely concerned as it is the second time in recent years the authority has been hacked.
Solutions:
• Web protection
• Consultancy Service
• Awareness Training
Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans
A spate of account takeover hacks has prompted the English Premier League to promise to introduce two-factor authentication (2FA) controls to its official Fantasy Premier League game (FPL) from next season. FPL has more than eight million players, who sign up with a standard email address and password, although 2FA is not offered as an option. A wave of hacks this season has seen attackers seemingly targeting successful teams ranked in the top 100,000. The precise number of account takeover attempts is unclear, but simply searching for the term ‘hack’ on FantasyPL Reddit shows many people are claiming to have been affected, and the problem is far from isolated. In some cases, accounts have been deleted and many victims have struggled or failed to get back lost fantasy football league points. The FPL game is free to enter and the chances of winning a prize, such as a trip to see a football game or Premier League merchandise, is slim to none. Nonetheless, many FPL participants devote considerable time in researching and selecting their team over a period of months, in an effort to outscore and outrank their friends and colleagues in the many private leagues that are a feature of the game. The game has also spawned a vibrant community of YouTube channels, discussion, and (several subscription-based) team aid selection websites.
“We would like to take this opportunity to remind all FPL managers that using the same email address and password combination on other sites puts the security of your FPL team at risk”
Solutions:
• Multi Factor Authentication (MFA)
• Regularly update passwords and emails
• Email Protection (Mimecast)