Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label NCSC. Show all posts
Threats from Technology
Britain Cyberattack cyberattacks trending news Data Theft NCSC News Technology Threats from Technology

UK Faces Growing Cyber Threats from Russia and China, Warns NCSC Head

The UK is facing an increasing number of cyberattacks from Russia and China, with serious cases tripling in the past year, according to a new report by the National Cyber Security Centre (NCSC). On Tuesday, Richard Horne, the new NCSC chief, stated that the country is at a critical point in safeguarding its essential systems and services from these threats.

Rising Threats and Attacks

The report reveals a disturbing rise in sophisticated cyber threats targeting Britain’s public services, businesses, and critical infrastructure. Over the past year, the agency responded to 430 cyber incidents, a significant increase from 371 the previous year. Horne highlighted notable incidents such as the ransomware attack on pathology provider Synnovis in June, which disrupted blood supplies, and the October cyberattack on the British Library. These incidents underscore the severe consequences these cyber threats have on the UK.

Challenges and Alliances

Similar challenges are being faced by the UK’s close allies, including the U.S., with whom the country shares intelligence and collaborates on law enforcement. Horne emphasized the UK’s deep reliance on its digital infrastructure, which supports everything from powering homes to running businesses. This dependency has made the UK an appealing target for hostile actors aiming to disrupt operations, steal data, and cause destruction.

“Our critical systems are the backbone of our daily lives—keeping the lights on, the water running, and our businesses growing. But this reliance also creates vulnerabilities that our adversaries are eager to exploit,” Horne stated.

Cybersecurity Challenges from Russia and China

According to the report, Russia and China remain at the forefront of the UK’s cybersecurity challenges. Russian hackers, described as “reckless and capable,” continue to target NATO states, while China’s highly advanced cyber operations aim to extend its influence and steal critical data. Horne called for swift and decisive action, urging both the government and private sector to enhance their defenses.

Recommendations for Strengthening Cybersecurity

Horne emphasized the need for more robust regulations and mandatory reporting of cyber incidents to better prepare for future threats. He stressed that a coordinated effort is necessary to improve the UK’s overall cybersecurity posture and defend against adversaries’ growing capabilities.

Read more »
TLS
C2 Chinese Hackers Chinese Threat Actors Cyber Attacks Malware Attack NCSC Sophos TLS

NCSC Unveils “Pigmy Goat” Malware Targeting Sophos Firewalls in Advanced Chinese Cyberattack

 

The National Cyber Security Centre (NCSC) recently disclosed the presence of a Linux malware, “Pigmy Goat,” specifically designed to breach Sophos XG firewall devices. This malware, allegedly developed by Chinese cyber actors, represents a significant evolution in network infiltration tactics due to its complexity and advanced evasion methods. 

This revelation follows Sophos’ recent “Pacific Rim” reports, which detail a five-year campaign involving Chinese threat actors targeting network devices at an unprecedented scale. Among the identified tools, “Pigmy Goat” stands out as a rootkit crafted to resemble legitimate Sophos product files, making it challenging to detect. This strategy is known to use stealth by masking its identity within commonly named system files to evade basic detection protocols. “Pigmy Goat” enables threat actors to establish persistent, unauthorized access to the target’s network. Using the LD_PRELOAD environment variable, it embeds itself in the SSH daemon (sshd), allowing it to intercept and alter incoming connections. 

The malware seeks specific sequences called “magic bytes” to identify backdoor sessions, which it redirects through a Unix socket, thereby concealing its presence from standard security monitoring. Once a connection is established, it communicates with command and control (C2) servers over TLS. The malware cleverly mimics Fortinet’s FortiGate certificate, blending into networks where Fortinet devices are prevalent, to avoid suspicion. This backdoor offers threat actors multiple capabilities to monitor, control, and manipulate the network environment. Through commands from the C2, attackers can remotely open shell access, track network activity, adjust scheduled tasks, or even set up a SOCKS5 proxy, which helps them remain undetected while maintaining control over the network. These actions could allow unauthorized data access or further exploitation, posing significant threats to organizational cybersecurity. 

The NCSC report aligns “Pigmy Goat” with tactics used in “Castletap” malware, which cybersecurity firm Mandiant has linked to Chinese nation-state actors. The report’s insights reinforce concerns over the evolving sophistication in state-sponsored cyber tools aimed at infiltrating critical network infrastructure worldwide. Detection and prevention of “Pigmy Goat” are crucial to mitigating its impact. The NCSC report provides tools for identifying infection, including file hashes, YARA rules, and Snort rules, which can detect specific sequences and fake SSH handshakes associated with the malware. 

Additionally, monitoring for unusual files and behaviours, such as encrypted payloads in ICMP packets or the use of ‘LD_PRELOAD’ within the sshd process, can be effective. These insights empower network defenders to recognize early signs of compromise and respond swiftly, reinforcing defences against this sophisticated threat.
Read more »
US Space Industry
Aerospace Cyber Attacks Cyberattacks NCSC new technologies satellite infrastructure space-based assets US Space Industry

U.S. Intelligence Reports: Spies and Hackers are Targeting US Space Industry


U.S. intelligence agencies have recently issued a warning against foreign spies who are targeting the American space industry and executing cyberattacks against the country’s satellite infrastructure.

The U.S. Office of the Director of National Intelligence's National Counterintelligence and Security Center (NCSC) issued a bulletin on August 18, alerting the public that foreign intelligence agencies may use cyberattacks, front companies, or traditional espionage to gather sensitive data about American space capabilities or cutting-edge technologies. The threat also mentions the employment of counter space technologies, such as hacking or jamming of satellites, to interfere with or harm American satellite systems.

As noted by the NCSC bulletin, foreign intelligence agencies "recognize the importance of the commercial space industry to the U.S. economy and national security, including the growing dependence of critical infrastructure on space-based assets." 

A set of guidelines is provided in the statement to assist private enterprises in minimizing any potential harm that these espionage attempts may create. The warning comes as funding for the U.S. space sector is rising rapidly with America’s satellite infrastructure expanding at an unparalleled rate.

NCSC further mentions a number of ways that foreign intelligence can seek to gain access to space agencies, to get hold of their insights and new technologies. Some of these methods appeared innocent enough, such as approaching space industry professionals at conferences or getting in touch with them through online forums to get information.

Other methods were more linked to ‘business dealings,’ through which foreign intel agencies frequently try to obtain access to sensitive information by investing in space companies through joint ventures or shell companies, or by buying their way into the supply chain that American aerospace companies rely on for the sourcing of parts and materials.

Some of the other methods mentioned were more explicit in nature, like carrying out cyberattacks or breaching private networks to steal intellectual property.

Moreover, the NCSC's bulletin warned the private space sector and stated that foreign intelligence agencies can compromise American national security by "collecting sensitive data related to satellite payloads, disrupting and degrading U.S. satellite communications, remote sensing and imaging capabilities," and targeting American commercial space infrastructure during interstate hostilities.  

Read more »
NCSC
ANSSI Cyber Attacks Data protection Hackers-for-hire Law Firms NCSC

Hackers for Hire Going After Law Firms, Alert French and UK Watchdogs

Hackers for hire targeting law firms

According to French and British authorities, law firms are increasingly targeted by mercenary hackers hired to steal data that could affect legal disputes. Reports from the UK's National Cyber Security Centre (NCSC) and France's cyber watchdog agency ANSSI emphasize the different digital dangers law firms face.

Mercenary hackers are on the rise

The cyber watchdog authorities of France and the United Kingdom documented a range of digital challenges law firms face in recent publications, including those posed by ransomware and hostile insiders. Both emphasized the risks presented by mercenary hackers hired by litigants to steal sensitive info from their adversaries in court.

The consequences on legal firms

The increasing number of mercenary hackers targeting law firms threatens the credibility of legal cases. These hackers can tip the scales in favor of their clients by collecting essential data from competing parties. It breaks down the legal system's fairness and has significant consequences for persons involved in legal disputes.

Law firms must take precautions to safeguard themselves against these dangers. Examples of this are implementing effective cybersecurity measures and teaching personnel to spot and avoid typical cyber risks. Firms must also closely monitor their networks for signs of penetration and respond fast to any breaches.

The increase in hackers-for-hire targeting law firms is a concerning trend that must be addressed. Law firms must take precautions to protect themselves from these threats, while authorities must seek to stop these criminal acts. Only through collaboration can we maintain the integrity of our legal system and safeguard it from these grave cyber attacks.

How users may defend themselves

1. Maintain software updates: Check that your operating system and all software have the most recent security patches.

2. Use strong passwords: For all accounts, use unique, complicated passwords, and enable two-factor authentication whenever possible.

3. When opening emails, use caution: Open emails from unknown senders with caution, and avoid clicking on links or attachments in emails.

4. Make a backup of your data: Back up important files regularly to an external hard drive or a cloud storage service.

5. Use antivirus software: Install and keep up-to-date trusted antivirus software on your devices.


Read more »
Ransomware
cyber attack Cyber Attacks Cyberwarfare Nation-State Attack NCSC NHS Ransomware

Russians Hackers May Have Breached NHS Trust With 2.5 Million Patients

 

Intelligence authorities are currently engaged in an investigation into a suspected cyber attack targeting a prominent NHS trust, which serves a vast patient population of 2.5 million individuals. This incident involves a notorious group specializing in ransomware attacks, who have asserted that they possess significant volumes of sensitive data extracted from Barts Health NHS Trust. 

The attackers have issued a deadline of Monday, after which they intend to publicly disclose the pilfered information. On Friday, a group known as BlackCat or ALPHV made a statement asserting that they have successfully breached the security of the targeted organization, gaining unauthorized access to sensitive employee information such as CVs and financial data, including credit card details. 

Additionally, they claimed to have obtained confidential documents pertaining to individuals' identities. The exact nature of the information involved in the incident remains uncertain, including whether it includes patient data or if the hacking group has effectively infiltrated the trust's systems. 

Nevertheless, the situation introduces the possibility that private data belonging to the extensive patient population of approximately 2.5 million individuals served by Barts Health NHS Trust may be exposed on the dark web. In response to these developments, the trust, which encompasses six hospitals and ten clinics in East London, expressed its immediate commitment to conducting a thorough investigation into the claims. 

BlackCat emerged onto the radar in 2021 and has gained a reputation as one of the most advanced malware operations to date. According to reports, the group responsible for BlackCat managed to infiltrate approximately 200 organizations during the period spanning November 2021 to September 2022. 

The gang's modus operandi involves employing various extortion techniques against their victims. These tactics include issuing individualized ransom demands, which encompass requests for decryption keys to unlock infected files, threats of publishing stolen data, and warnings of launching denial of service attacks. 

According to sources at The Telegraph, The National Cyber Security Centre (NCSC), which operates under the purview of GCHQ, is actively involved in the ongoing investigation. Ransomware attacks employ specialized software to either extract sensitive data from the victim or restrict their access to it. 

In certain instances, the attackers employ encryption techniques to lock the targeted files, subsequently demanding a ransom in exchange for providing the decryption key. In 2017, the NHS experienced a significant and widespread impact from the global "Wannacry" ransomware attack, resulting in a temporary halt of operations within the healthcare system. 

The severity of the situation necessitated the urgent transfer of critical patients from affected hospitals to alternative facilities. Notably, the hacking group did not make any mention of an encryption key in their communication. 

Experts in the field have put forward a hypothesis that this omission could potentially indicate that the gang has not encrypted the pilfered information. Instead, they might be employing a strategy commonly seen in such cases, aiming for a swift payment from the targeted organization. This tactic has become increasingly prevalent in recent times.
Read more »
Ukraine
Cyber Security CyberFirst National Cyber Security Centre NCSC Ukraine

Ukraine’s Cyber-Defenses Have Been Exemplary, Says Lindy Cameron


It has always been a necessary task to defend one’s digital life in order to secure critical systems and services. In recent years, the UK has witnessed a range of online threats, varying from ransomware threats, and online frauds, to the cybersecurity risks that the country garnered with the return of war in Europe.

Considering the changes in the entire cybersecurity landscape over the past year, the UK needs a whole-of-society response to combat the ever-evolving online threats, risks, and vulnerability, in order to secure the nation’s online status. 

Working with allies and partners in both the public and private sectors, the National Cyber Security Centre (NCSC) has contributed to a significant effort to increase our country's resilience at each level. Along with reflecting on significant achievements and challenges faced over the past, its Annual Review sheds light on what can we learn from the past year to combat the threats and perplexities that lie ahead. 

The invasion of Ukraine was one of the biggest problems for cybersecurity. While Russia's harsh and devastating war aimed to change the world's physical geography, its effects were felt everywhere, including in cyberspace. 

“While Russia’s brutal war has sought to redraw the physical map, its consequences have been felt in cyberspace,” says Lindy Cameron, CEO of the National Cyber Security Centre. 

NCSC, as a part of GCHQ, could monitor cybersecurity threats and has cautioned of increased cyber risks because of Russian hostility from the beginning of 2022. It has additionally published expert guidelines to aid organizations strengthen their defenses, and has collaborated extensively with partners to make sure that vital enterprises, infrastructure, and society as a whole are as robust as possible. 

Ransomware continues to present one of the greatest risks to UK businesses and organizations, and we have already witnessed the adverse repercussions that attacks may have on operations, finances, and reputations of organizations, resulting in the widespread wreck for consumers. 

The NCSC has published expert guidance to aid organizations to take measures to secure themselves online and continues to urge CEOs to take the matter seriously and should not be left to the technical experts. 

Since last year, NCSC has helped contain hundreds of thousands of upstream cyberattacks, while as well reinforcing preparedness for the same. Moreover, helping organizations and institutions gain a better understanding of the nature of threats, risks, and vulnerabilities downstream. 

By addressing these challenges, NCSC ensures the UK to emerge as a global cyber-power in the future. Its overall plan for doing so is outlined in the National Cyber Strategy, which acknowledges that thriving cyber skill and growth in the ecosystem is important to maintain this advantage and support the diversity of talent at its core. 

In the past year, initiatives like CyberFirst have collaborated with thousands of young people from all across the country, while NCSC has supported businesses for Startup programs, generating hundreds of millions of pounds in investments. 

“This is a source of great optimism for me and my team as we look ahead to 2023. But cybersecurity is a team sport and it is only through mobilising the whole of society that we can achieve our goal of making the UK a safe place to live and work online,” adds Cameron.  

Read more »
User Privacy
Cyber Crime NCSC NSA Software Supply Chain Attack User Privacy

UK Issued New Cybersecurity Guidelines on Emerging Supply Chain Attacks

A surge in the number of instances has prompted cyber security experts to issue a fresh warning about the danger of supply chain hacks. Businesses have been advised by the UK's cybersecurity agency to take additional precautions against supply chain assaults. In response to what it claims to be a recent increase in supply chain threats, the National Cyber Security Center (NCSC) has produced fresh advice for enterprises.

Although the advice is applicable to businesses in all industries, it was released in collaboration with the Cross-Market Operational Resilience Group (CMORG), which promotes the enhancement of the operational resilience of the financial sector. The advice, which is intended to assist medium-sized and larger enterprises, evaluates the cyber risks of collaborating with suppliers and provides confirmation that mitigation techniques are in effect for vulnerabilities related to doing business with suppliers.

The 2020 hack on SolarWinds' software build system, the 2021 ransomware attack on Kaseya clients, and the 2017 NotPetya attack via a Ukraine accounting program are a few notable recent incidents. President Joe Biden of the United States issued an executive order to improve cybersecurity in response to SolarWinds.

In a document titled 'Defending the Pipeline' published by NCSC in February, the agency recommended businesses and programmers use continuous integration and delivery (CI/CD) to automate software development. The CEO of NCSC ranked ransomware as the top cyber danger in October of last year, while also warning that supply chain concerns will persist for years.

The new guidance is assisted medium and bigger enterprises in "evaluating the cyber risks of collaborating with suppliers and gaining assurance that mitigations are in place," according to NCSC in an announcement.

According to the UK government's report on security breaches in 2022, more than half of companies, big and small, contract out their IT and cybersecurity needs to outside companies. However,  s evaluated the dangers posed by immediate suppliers. These respondents claimed that the importance of cybersecurity in procurement was low.

According to Ian McCormack, NCSC deputy director for government cyber resilience, supply chain attacks represents a significant cyber danger to organizations and incidents can have a significant, ongoing effect on companies and customers.

The advice is broken down into five stages that address why businesses should care about supply chain cybersecurity, how to identify and protect one's private data when developing an approach, how to apply the approach to new suppliers, how to apply it to contracts with current suppliers, and continuous improvement.

The US intelligence agency, NSA, released its software supply chain recommendations last month with a focus on developers. New standards for the purchase of software were also released in the same month by the US Office of Management and Budget.
Read more »
NCSC
AML Cyber Security Machine learning NCSC

UK Government Releases New Machine Learning Guidance


Machine Learning and NCSC

The UK's top cybersecurity agency has released new guidance designed to assist developers and others identify and patch vulnerabilities in Machine Learning (ML) systems. 

GCHQ's National Cyber Security Centre (NCSC) has laid out together its principles for the security of machine learning for any company that is looking to reduce potential adversarial machine learning (AML). 

What is Adversarial Machine Learning (AML)?

AML attacks compromise the unique features of ML or AI systems to attain different goals. AML has become a serious issue as technology has found its way into a rising critical range of systems, finance, national security, underpinning healthcare, and more. 

At its core, software security depends on understanding how a component or system works. This lets a system owner inspect and analyze vulnerabilities, these can be reduced or accepted later. 

Sadly, it's difficult to deal with this ML. ML is precisely used for enabling a system that has self-learning, to take out information from data, with negligible assistance from a human developer.

ML behaviour and difficulty to interpret 

Since a model's internal logic depends on data, its behaviour can be problematic to understand, and at times is next to impossible to fully comprehend why it is doing what it is doing. 

This explains why ML components haven't undergone the same level of inspection as regular systems, and why some vulnerabilities can't be identified. 

According to experts, the new ML principles will help any organization "involved in the development, deployment, or decommissioning of a system containing ML." 

The experts have pointed out some key limitations in ML systems, these include:

  • Dependence on data: modifying training data can cause unintended behaviour, and the threat actors can exploit this. 
  • Opaque model logic: developers sometimes can't understand or explain a model's logic, which can affect their ability to reduce risk.
  • Challenges verifying models: it is almost impossible to cross-check if a model will behave as expected under the whole range of inputs to which it might be a subject, and we should note that there can be billions of these. 
  • Reverse engineering models and training data can be rebuilt by threat actors to help them in launching attacks. 
  • Need for retraining: Many ML systems use "continuous learning" to improve performance over time, however, it means that security must be reassessed every time a new model version is released. It can be several times a day. 

In the NCSC, the team recognises the massive benefits that good data science and ML can bring to society, along with cybersecurity. The NCSC wants to make sure these benefits are recognised. 








Read more »
Subscribe to: Posts (Atom)