Weekly Briefing. July 1 st 2016 NOT PROTECTIVELY MARKED

Similar documents
Specific recommendations

Online Cash Manager Security Guide

SPEAR PHISHING UNDERSTANDING THE THREAT

Spear phishing campaign targeting staff to perform wire transfers

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Desktop and Laptop Security Policy

UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY

Best Practices Guide to Electronic Banking

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Conducting an Phishing Campaign

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Protecting your business from fraud

Trust the Innovator to Simplify Cloud Security

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Information Security for the Rest of Us

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Presentation Objectives

NATIONAL CYBER SECURITY AWARENESS MONTH

Common Cyber Threats. Common cyber threats include:

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Information Security Awareness

Corporate Account Takeover & Information Security Awareness. Customer Training

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Malware & Botnets. Botnets

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Electronic Fraud Awareness Advisory

Fraud Advice for Businesses

Protecting Your Organisation from Targeted Cyber Intrusion

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Security from the Cloud

FACT SHEET: Ransomware and HIPAA

Protect yourself online

Who s Doing the Hacking?

Cybersecurity Best Practices

User Documentation Web Traffic Security. University of Stavanger

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

Almost 400 million people 1 fall victim to cybercrime every year.

Retail/Consumer Client. Internet Banking Awareness and Education Program

V ISA SECURITY ALERT 13 November 2015

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

TECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Internet threats: steps to security for your small business

Cyber Security. Maintaining Your Identity on the Net

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Boston University Security Awareness. What you need to know to keep information safe and secure

Cybersecurity Awareness. Part 1

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks

Streamlining Web and Security

Securing end devices

Infocomm Sec rity is incomplete without U Be aware,

Using Windows Update for Windows XP

IT Security Incident Management Policies and Practices

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Practical guide for secure Christmas shopping. Navid

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

Corporate Account Takeover & Information Security Awareness

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Website Security: It s Not all About the Hacker Anymore

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

New Systems and Services Security Guidance

Top tips for improved network security

Presented by: Mike Morris and Jim Rumph

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Best Practices: Reducing the Risks of Corporate Account Takeovers

UNCLASSIFIED. General Enquiries. Incidents Incidents

Remote Deposit Quick Start Guide

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

TMCEC CYBER SECURITY TRAINING

Why The Security You Bought Yesterday, Won t Save You Today

Learn to protect yourself from Identity Theft. First National Bank can help.

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

National Cyber Security Month 2015: Daily Security Awareness Tips

SPEAR-PHISHING ATTACKS

Presented by: Islanders Bank

Cyber Essentials Scheme

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

CKAHU Symposium Cyber-Security

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

EMERGING TRENDS IN FRAUD: CRIMINALS HAVE FOUND THE WEAKEST LINK

ONLINE PAYMENT PRIVACY POLICY

Deception scams drive increase in financial fraud

Version: 2.0. Effective From: 28/11/2014

Using Windows Update for Windows Me

Evaluation Report. Office of Inspector General

Your security is our priority

October Is National Cyber Security Awareness Month!

Network Security Policy

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Franchise Data Compromise Trends and Cardholder. December, 2010

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

Transcription:

Weekly Briefing July 1 st 2016

Current Threats Whaling attacks Advice Apocalypse Ransomware Advice Symantec Incident Reports - South West Ransomware - Chippenham Miscellaneous CiSP Cyber Crime Threats Shared

Whaling attacks The SWRCCU has recently identified an increase in the number of whaling attacks targeting companies in the region. A whaling attack is a type of spear-phishing attack and involves targeting high level executives, CEOs and CFOs with forged emails asking for urgent payments. Usually the emails are spoofed so that they appear to come from a trusted colleague or business partner. Last month a CEO of an Austrian aircraft parts manufacturer was sacked after losing the company 31million in a whaling attack (the CFO also lost their job). Spear-phishing attacks target all industries and are on the increase as cyber criminals use large databases of personal information and automated tools to personalise these emails on a mass scale.

Whaling attacks To reduce the chances of becoming a victim of this type of offence please consider the following: Employee awareness Finance, payroll and human resources departments should be alert to these scams as nearly 50% target the CFO and 25% target HR inboxes. Messages often ask employees to keep things confidential and bypass normal approval channels employees should be suspicious if they receive a request for unusual information or wire transfer via email. Practical steps Check the reply-to and return path email address (in spoofed emails this will differ from the from address and show the suspect s email address). Always call to confirm the request with the requester. Follow/ establish policies relating to dual authorisation before large payments can be made.

Apocalypse Ransomware One of the latest trends in ransomware is to leverage the Remote Desktop Protocol (RDP) to infect targeted machines. Apocalypse ransomware was first identified in May but has since evolved. It exploits weak passwords on insecurely configured Windows servers running the Remote Desktop Service. The SWRCCU have investigated attacks which have utilised RDP to gain access to networks. Through RDP the malware can brute force its way into a computer, while attackers can interact with the compromised system as if they had physical access to it. By infecting a system, the ransomware checks whether the default system language is set to Russian, Ukrainian or Belarusian, and terminates itself if it is. If not, the malware encrypts files and appends.securecrypted to the filename.

RDP Ransomware To reduce the chances of becoming a victim of this type of attack please consider the following: The most important line of defence is a proper password policy that is enforced for all user accounts with remote access to the system. Password policies should include things such as complexity, length, account lockout, and maximum password age. Use IP address based restrictions to allow access to these services from trusted networks only. Install and configure HIPS IDS and IPS systems can detect and prevent the communication attempts that the malware uses to create the public and private encryption keys required to encrypt the data. Disable Remote Desktop or Terminal Services completely if not required. Deploy and maintain a comprehensive backup solution this is the fastest way to regain access to your critical files. Backups should take place not only for files housed on a server, but also for files that reside locally on a workstation. If a dedicated piece of backup software is not an option, simply copying your important files to some sort of removable media and then removing that media from the system will provide a safeguard.

Symantec / Norton Vulnerabilities This week computer security company Symantec has patched eight security vulnerabilities discovered in its own security software. Researchers at Google s Project Zero informed Symantec of multiple critical vulnerabilities which they said were as bad as it gets. Symantec advise that fixes are currently in place, and updates are now available for customers to install. Advice It is recommended Symantec customers using products such as Norton Antivirus update their software as soon as possible in order to patch these vulnerabilities.

Ransomware Chippenham We have received a report of a ransomware attack affecting a school based in Chippenham. A demand of 2000 was requested for the data to be decrypted. Advice Make sure you have anti-virus software installed and ensure it is up-to-date and running in real time. Keep browsers, operating systems, Adobe and other applications up-to-date and patched against vulnerabilities. Backups are an absolute necessity in protecting your data. Back files up regularly, store the backups on external storage and physically disconnect the storage from the computer and network between backups. Ensure you verify the backups. There are many fake emails with malicious attachments circulating the internet. If you receive an uninvited email containing an attachment then do not open it unless you are sure of its origin. Beware of unsolicited emails asking you to click on links. In the unfortunate case of infection, pull the plug on the computer and internet access. Do not pay the ransom as a first response - report to Action Fraud as soon as possible. The SWRCCU advises against the payment of ransom demands. This is for three reasons: - You are not guaranteed to get your data de-crypted. - Further extortion demands may follow. - It encourages further attacks against other victims.

CiSP - Cyber Crime Threats Shared The Cyber Security Information Sharing Partnership (CiSP), which is run by CERT- UK, is an information sharing platform used to share and publish cyber crime threat information. The aim of the platform is to allow members to take remedial action and modify their organisations to prevent cyber attacks. If you would like to join the CiSP then please sign up at www.cert.gov.uk/cisp and contact us as we can sponsor you. Our South West Regional node has now been launched and we welcome you to join our group. This is a place for all businesses and individuals based in the South West to share threat intelligence and updates surrounding cyber security.

This document has been given the protective marking of NOT PROTECTIVELY MARKED and may be disseminated outside law enforcement with no restriction. If you know anyone else who would like to receive this, please send us their e- mail address and we will add them to the distribution list. If you would like to be removed from the list please send an email to the address below to let us know. Any comments or queries please email South West Regional Cyber Crime Unit at: swrccu@avonandsomerset.pnn.police.uk www.swcybercrimeunit.co.uk

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information