Cyber Round-up

Cyber Round-up for 14th December

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.

UK Businesses Seek Greater Cyber Support from Government

A recent survey commissioned by RedSeal found that Business in the UK is generally feeling let down by the Government when it comes to Cyber Security.

The research took place during November 2018 and sought the insight of over 500 UK IT professionals at Director Level and above. This research revealed some key concerns for UK businesses:

  • 68% of those surveyed had suffered a security incident in the last year;
  • 1 in 5 stated that they had no defined response plans to deal with a cyberattack;
  • 65% claimed that Senior management or board members had little involvement with cyber security.
  • While a third of the survey participants felt that Her Majesty’s Government did not provide UK business with enough guidance or support on matters of cyber security.

These numbers provide more evidence that UK business is not doing enough to protect themselves when it comes to Cyber and Information Security. We see a new headline in the news every week, highlighting another data breach or cyberattack that results in huge costs and implications for the companies involved.

Business owners and senior managers, for organisations large or small, need to understand the importance of having a strong security strategy, that’s aligned and proportionate to their overall business objectives.

The National Cyber Security Centre (NCSC), a division of the UK intelligence service GHCQ, was established by HMG in 2016 to provide such support for the public and private sector organisations, as well critical national infrastructure.

Although the NCSC has made great steps forward with providing simple advice and guidance to help protect the UK from cyberattack, it is clear through this survey, and our engagement with Small to Medium businesses that more needs to be done, as the large majority still do not know about NCSC or what they offer.

We believe that the NCSC are on the right track, but it seems they still have some way to go before they become a household name and truly have a positive impact in helping to secure the UK and its businesses.

New Office 365 Phishing Emails on the Loose

Research carried out by the SANS ISC team has found a new Phishing attack in the wild that targets Microsoft Office 365 users, through fake Non-Delivery Report (NDR) emails.

We have witnessed many phishing emails in the last year related to Office 365, but so far none that look this convincing, and none that have used this NDR method.

Check out our short blog on this phishing threat, which includes what to do, what to look for and how to prevent this threat from compromising your Office 365 service.

https://www.ironshare.co.uk/security-advisory/office-365-phishing-non-delivery-notifications/

MS Patch Tuesday – December 18

Tuesday 11th December saw the release of Microsoft’s scheduled monthly security updates. Included in this month’s release were a total of 9 Critical and 29 Important security updates.

The release covers updates in Windows, Office Products, Internet Explorer & Edge browsers, the .Net framework and the Chakra scripting engine.

5 of the 9 Critical vulns, relate to memory corruption issues in the Chakra scripting engine, and how they are handled in the memory of the Edge browser. These can be exploited by tricking a user to visit a specially crafted web page and allows the attacker to launch remote code on the victim’s machine.

A critical remote code execution vulnerability also exists in the Windows DNS Server component when it fails to handle DNS requests properly. By sending malicious requests, an attacker can exploit this vuln and run arbitrary code under the local system account on Windows servers (2012 and later) that are configured with the DNS server feature.

Rounding out the critical updates are memory corruption vulns in the Internet Explorer and Edge browsers, and a remote code injection vuln in .Net framework, that can lead to an attacker hijacking an affected system.

Staying up to date with security patches for your operating systems and software, is a critical part of delivering and maintaining a strong security posture, please ensure you test and update as quickly as possible to prevent exploitation and stay secure.

The December Patch Tuesday release notes can be found here while the Security Guidance and CVEs can be found here.

Critical Vulnerabilities in Adobe Acrobat Reader

Adobe have released a security bulletin for a number of critical and important vulnerabilities in Acrobat Reader that were discovered by research teams in Cisco Talos, Trend Micro and Palo Alto Networks.

Adobe Acrobat Reader stands as the most popular PDF reader in use today and is an integrated part of common web browsers such as Google Chrome and Microsoft Edge.

When exploited these vulnerabilities can allow an attacker to launch malicious code execution under the context of the logged in user.

Security updates are available for the affected products in both Windows and MacOS. Updates should be performed automatically by the product in most situations, but please verify these have been completed, especially in enterprise environments where direct internet access is not permitted, and auto updates may not complete successfully.

Stay Safe when Christmas Shopping

Our final message for this week continues to spread the word of staying clear of scams and fake purchases while shopping online for those coveted Christmas gifts. With one in five people being scammed when buying Christmas presents online, we expect to see another increase this year, which could eclipse the £11million online fraud of Christmas 2017.

Check out our previous round-up posts on the 23rd November and 30th November, where we discussed the pitfalls of Holiday Season scams and what to look out for.

Please be aware of the heightened threat of fraudulent activities during the weeks before, and directly after Christmas, and follow the advice provided by Action Fraud and our previous posts above.

Remember that if the deal looks too good to be true, its likely to be fake.

If you have been a victim of fraud, it is important to ensure that you report it to Action Fraud either online or by calling 0300 123 2040. #fightfestivefraud

And that’s it for this week, please don’t forget to tune in for our next instalment.

Sign Up

To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList

You can also follow us using the social media links provided.

If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview

 

Ironshare – Security Simplified

 

Edition #21 – 14th December 2018