A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, September 2020.
COVID-19 wasn't the only virus seriously disrupting the start of the new UK academic year, with ransomware plaguing a number of University and Colleges in September. Newcastle University was reportedly hit by the 'DoppelPaymer' crime group, a group known for deploying malware to attack their victims, and behind leaking online documents from Elon Musk's SpaceX and Tesla companies. The northeast university reported a personal data breach to the UK Information Commissioner's Office after its stolen files were posted online, along with a Twitter threat to release further confidential student and staff data if a ransom payment was not paid. In a statement, the university said "it will take several weeks" to address the issues, and that many IT services will not be operating during this period", that statement is the hallmark of recovery from a mass ransomware infection.
|Doppelpaymer Ransom notice|
On the back of the Newcastle University cyberattack, the UK National Cyber Security Centre (NCSC) issued a warning to all British universities and colleges about a spike in ransomware attacks targeting the British educational sector. NCSC's director of operations Paul Chichester said the agency had seen an increase in the "utterly reprehensible" attacks over the past 18 months and was concerned they would disrupt young people's education. The NCSC's guidance for organisations on defending against ransomware attacks is available here.
A critical Microsoft Windows Server Domain Controller vulnerability (CVE-2020-1472) is now causing concern for IT staff, after the Microsoft, CISA, the UK NCSC, and other security bodies warned the vulnerability was being actively exploited in mid-September. Dubbed 'Zerologon', Microsoft issued a security fix for the bug, which scored a maximum criticality rate of 10.0, as part of their August 2020 'Patch Tuesday' release of monthly security updates. Since that public disclosure of the flaw, there have been multiple proofs-of-concept (PoC) exploits appearing on the internet, which threat actors are now adapting into their cyberattacks. There are no mitigation or workarounds for this vulnerability, so it is essential for the CVE-2020-1472 security update is installed on all Microsoft Windows Domain Controllers, and then ensure DC enforcement mode is enabled.
- The DRaaS Data Protection Dilemma
- Top Five Most Infamous DDoS Attacks
- Cyber Security Roundup for September 2020
- Alert issued to UK Universities and Colleges about Spike in Cyberattacks
- Newcastle University Students’ Data Held to Ransom by Cyber Criminals
- Nokia clinches 5G deal with BT to phase out Huawei's kit in BT’s EE Network
- British 'Dark Overlord’ Hacker Jailed for Five Years in the US
- Large US Hospital Chain Hobbled by Ryuk Ransomware
- Massive Magecart Attacks Steal personal Data from Magento 1 stores
- Flightradar24 Website Hit By Three Suspected DDoS Attacks In 48 Hours
- Police launch Homicide inquiry after German hospital hack
- Microsoft Windows Domain Controller Critical Vulnerability being actively Exploited, Apply Patch Now!
- Microsoft Patches 120 Vulnerabilities
- Palo Alto Fixes 9 Vulnerabilities in PAN-OS
- Adobe Releases Update to Patch Critical Flaw in Experience Manager, Framemaker, and InDesign
- Critical Flaw (CVE-2020-6287) gives Attackers Control of Vulnerable SAP Business Applications
- Microsoft Reprieves SHA-1 Deprecation in Edge 85 Security Baseline
- Russia, China and Iran hackers target Trump and Biden according to Microsoft
- CISA Alert: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
- NIST (SP 1800-11) Guide to Help Organisations Recover from Ransomware, other Data Integrity Attacks