Top 5 Security Issues This Week
1. NCSC (National Cyber Security Centre) encourage UK organisations to ensure effective cyber resiliency in response to the current RUS/UKR situation.
The NCSC has urged all UK organisations to shore up their cyber security in response to significantly increased cyber incidents, in and around Ukraine. There are similarities in Tactics, Techniques, and Procedures (TTPs) between this current increased activity, and the attacks against Georgia in 2017 (this includes the destructive NotPetya attacks).
Whilst there is no specific indication of any threat to UK organisations, the NCSC and GCHQ have provided guidance to help organisations ensure a sufficient level of cyber resiliency. This includes:
- Patching and updates systems
- Improving access controls and enabling multi-factor authentication
- Implementing an incident response plan
- Test and confirm backups and business continuity and disaster recovery plans
- Test and confirm security posture
- Ensure industry-relevant threat intelligence capability
2. New-look Cyber Essentials scheme is launched.
The NCSC, along with the only Cyber Essentials awarding body IASME, have released their updated and improved Cyber Essentials scheme as of the 24th of January 2022. Cyber Essentials is a scheme, designed by the NCSC, to ensure that a minimum baseline of cyber security is maintained by organisations. This commitment to cyber security is certified and audited by IASME and its certifying bodies. It is already a requirement for all Government tenders and is fast being adopted by the private sector to help strengthen their supply chain security.
The new updates include (amongst others);
- Access control and secure configuration controls for cloud services (such as Microsoft 365, Salesforce, etc)
- Home working perimeter controls
- Password and multi-factor authentication requirements
- More defined scoping guidance
3. British Council data leak includes over 10 000 student records
The “soft arm” of UK Foreign policy suffered an embarrassing data breach when an unsecured Microsoft Azure Blog storage account was discovered. The storage account, which could be accessed by anyone on the Internet without authentication, includes files containing student information such as full name, email address, student ID, duration of study, etc.
This latest incident brings the total number of disclosed major incidents in the past five years to three (two ransomware and this data breach). There have also been six unsuccessful ransomware attacks in that time.
The British Council have assured their users that the correct security controls have now been put in place.
4. Deadbolt ransomware gang target QNAP NAS devices
A newcomer to the ransomware scene, Deadbolt is hellbent on causing QNAP and QNAP owners as much chaos as possible. Not attributed to any advanced persistent threat (APT) or nation-state actor yet, this new strain of device-specific ransomware seems to be primarily targeting all internet-facing QNAP NAS devices in Europe and the US.
The gang are extorting not only affected QNAP owners but are also piling the pressure on the Taiwan-based QNAP to make payments (up to 5BTC – around $1.86m), to gain access to the zero-day vulnerability that’s being exploited (zero-day vulnerabilities are unknown by the vendors, and therefore have no fix for them), and the ransomware decryption key.
QNAP NAS devices have long been the target for ransomware attacks, most notably Qlocker and ech0raix.
5. Third of employees admit to taking data with them when they leave their jobs
New research from email security vendor Tessian suggests that nearly a third of employees (29%) admit to taking company data with them when they terminate their employment.
According to the survey of around 2000 UK companies, the top motivation (58%) was employees believed the data would help them in their new job. This was followed closely (53%) by the belief that the information belonged to that employee because they created or worked on the document. And finally, 44% wanted to share the data with their new employer.
Organisations should make it clear to their employees, both on employment and termination, their position on the removal and transfer of company data. This includes any intellectual property issues and data protection issues.
