NCSC (National Cyber Security Centre) - Weekly Threat Report @ncsc #cybersecurity
- ASKET Operations Team
- Aug 6, 2020
- 3 min read
Weekly Threat Report - 7th August 2020
Hundreds targeted by TV License scam
This week hundreds of UK consumers have been targeted with a text message scam offering a free TV license for over 75s. The was identified by Parliament Street Researchers who describe it as, "fraud designed to steal the personal financial data of victims". Victims are asked to enter various pieces of personal information including name, date of birth, home address and banking details, which are then stolen.
Cyber criminals have exploited recent changes to TV license requirements for the over 75s and used it to target vulnerable users.
Throughout the pandemic there has been an increase in phishing attacks, so it is important to remain vigilant. The NCSC has produced guidance that will help you deal with suspicious emails, phone calls, or phishing attacks. Suspicious text messages can be forwarded to 7726. If you do become a victim of an attack, then we recommend contacting Action Fraud.
Surge in online viewing figures
Surge in online viewing Ofcom have reported large increases in both online and TV viewing figures during the coronavirus lockdown.
The report said 9 million people joined streaming services they hadn’t used before and 3 million more signed up having never used an online service. Viewing figures were 71% up on the equivalent period in 2019.
The NCSC would encourage people using any online streaming services to ensure that they follow the password advice in the Cyber Aware guidance.
Families more used to online gaming may want to follow our guidance on protecting your personal details when gaming online.
Punishing users for cyber security mishaps increases anxiety and reduces productivity
In a survey of UK businesses CybSafe found that cyber security mishaps, such as falling for simulated phishing scams, are regularly punished through actions such as naming and shaming, decreasing access privileges, locking computers until training is completed and informing an individual’s line manager.
CybSafe’s lab-based experiments looking at the impacts of the punishments showed them to be highly detrimental; increasing anxiety, reducing productivity and potentially leading to resentment, stress and scepticism about cyber security.
The NCSC has recently added exercises for home and remote working to its free Exercise in a Box toolkit which lets businesses test and practise their responses to a cyber attack. The NCSC has also long advocated growing a healthy and positive security culture to support and enable businesses.
British Dental Association reveals cyber attack on network
This week the British Dental Association (BDA) revealed it had suffered a cyber attack. As a precaution, the organisation says it has taken some systems offline, including its website. The NCSC is working with partners to assess the full impact of this incident. There has been widespread media coverage of high-profile incidents recently, including ransomware attacks and data theft. Incidents can and will happen, so it's important to be prepared for them.
We have previously published a collection of guidance on how to effectively detect, respond to and resolve cyber incidents.
Advice on mitigating malware and ransomware attacks can also be found here.
US warns of attacks on Critical National Infrastructure
Our international partners at the National Security Agency (NSA) and Cybersecurity Infrastructure Security Agency (CISA) have recently warned that cyber actors are targeting critical assets by exploiting internet-enabled operation technology (OT).
Tactics, Techniques, and Procedures (TTPs) observed include spear phishing, deployment of commodity ransomware and connecting to internet-accessible systems, without requiring authentication.
NSA and CISA have advised on mitigation of this activity and the NCSC would recommend that UK-based Critical National Infrastructure (CNI) ensure they have resilience plans for OT in place. Organisations should harden their defences by reducing remote connectivity and external exposure of OT as far as possible, and mitigating unwanted internet connections immediately.
Exercising is also one of the most effective ways an organisation can test how it responds to cyber incidents and identify areas for improvement. By practicing your defence and response mechanisms, you can understand how effective they really are and where there are areas for improvement.
The NCSC continues to work closely with international partners to help strengthen defences against those who seek to do us harm online.
Topics Cyber threat
Commentaires