Weekly Threat Report - 8th January 2021:
The NCSC’s weekly threat report is drawn from recent open source reporting.
HMRC warn of COVID-19 scam text messages:
Cyber criminals are continuing to exploit COVID-19 concerns - this time with scam text messages about a non-existent government grant.
The message offers the prospect of financial support as the UK moves into another lockdown, but no such grant exists and HMRC has warned people to be vigilant to this threat.
The phishing scam takes the victim to a fake website masquerading as GOV.UK which asks for financial information. A number of spelling and grammatical mistakes in the message give a clue that it is a scam.
It’s important to know that HMRC will never offer a tax refund by text, email or phone. HMRC have issued some advice for those concerned about this particular scam.
275 HMRC-related scams have been uncovered since March with HMRC taking action against 254 scam webpages. They have also responded to more than 300,000 reports of phone scams from the public.
The NCSC has also published advice on how to spot and deal with suspicious text messages, emails and phone calls. Don’t forget that you can also report phishing emails direct to the NCSC using the Suspicious Email Reporting Service (SERS).
Suspicious text messages can also be sent to Ofcom on 7726 for free.
PPE company’s operations disrupted by former employee:
Before leaving the PPE company that employed him, a disgruntled Vice President created a fake staff account.
The medical equipment packaging company revoked his legitimate staff accounts, but the ex-employee used his fake account to damage over 100,000 company records - which took months to fix.
He was jailed for a year and a day and ordered to pay over $220,000 in reparation.
Organisations should ensure that they have good logging and monitoring processes in place to establish patterns of normal activity so that indicators of compromise can be identified, and if the worst happens, help identify the source and extent of the compromise.
The NCSC has produced some help on logging through our Logging Made Easy project. Our Cyber Security Design principles can also assist when setting up networks, as can the system administration guidance help in implementing a strategy to protect the most sensitive data. There is additional advice on logging and monitoring in the Mobile Device Guidance.
The Centre for the Protection of National Infrastructure (CPNI) has also produced some guidance on managing the insider threat. https://www.cpni.gov.uk/insider-threat and https://www.cpni.gov.uk/reducing-insider-risk.
Hackney council cyber attack update:
Cyber criminals have published documents on the dark web that they claim were stolen from Hackney Council in a cyber attack.
In a statement published on hackney.gov.uk, the council said it understands that the vast majority of sensitive and personal data it holds is unaffected. Concerned residents should contact the council’s Data Protection Officer.
The NCSC has been providing support to the council and working with partners to understand the impact of this incident. The National Crime Agency (NCA) are coordinating the law enforcement response to this incident.
The NCSC has guidance available on how to effectively detect, respond to, and resolve cyber incidents.