This week the NCSC issued an alert to support UK academia. Since the beginning of August, the NCSC has been investigating an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges, and universities.
Ransomware attackers can gain access to a victim network through a number of infection vectors. Cyber criminals adjust their tactics depending on the vulnerabilities they find.
In recent incidents, the NCSC has observed malicious actors targeting vulnerabilities related to:
- Remote Desktop Protocol (RDP) configurations
- unpatched software and unsecured devices
- phishing emails
The alert recommends that organisations follow the recently updated NCSC guidance on mitigating against malware and ransomware attacks and implementing a ‘defence in depth’ strategy to help protect against these attacks.
Remote workers access company data on personal devices
A study conducted by Trend Micro has highlighted that 39% of workers use their personal devices to access corporate data.
Research shows that personal devices such as smartphones, tablets, and laptops are not configured to the same level of security when compared with corporate devices. The NCSC has guidance on how to safely use personal devices for work purposes.
The recent pandemic has increased the need for remote working and highlighted the need to improve online security outside of the office. The NCSC has published guidance on working from home and detailed advice on how to connect smart devices securely.
Vulnerabilities discovered across multiple travel company websites
Tech consultancy, 6point6, have discovered multiple vulnerabilities on a number of airline, hotel and travel booking company websites.
The research has drawn attention to the potential weaknesses that attackers could exploit to target customer systems and access sensitive or personal data.
Examples of how the vulnerabilities could be used include the creation of fake log-in accounts and hijacking browser sessions.
Companies are being urged to strengthen their ability to protect their customers and their data or face sanctions imposed by the ICO, which could include substantial fines.
The NCSC has produced the Vulnerability Disclosure Toolkit which gives organisations the essential components to help customers easily report vulnerabilities.
Microsoft aware of Netlogon vulnerability
The NCSC is aware of an escalation of privilege vulnerability affecting Microsoft Windows Netlogon (CVE-2020-1472).
The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest patches as soon as practicable.
The August 2020 security update fixes a number of security vulnerabilities and, following its installation, Domain Controller (DC) enforcement mode can be deployed.
Further reading regarding this vulnerability is available in Tenable and GitHub blog-posts.
