Cyber_Bytes - Issue 37

Published on 16 December 2021

We hope you enjoy this latest edition of Cyber_Bytes, our bi-weekly roundup of key developments in cyber, tech and evolving risks.

The NCSC's 2021 Annual Review released

The National Cyber Security Centre (NCSC) has released the results of its annual review, highlighting the work it has undertaken to protect the UK over the past 12 months. Between August 2020 and September 2021, the NCSC handled a record 777 incidents. The NCSC reportedly received 5.9 million reports of malicious content from the public which led to 53,000 scams and 96,500 URLs being taken down.

The review also highlighted its successes in issuing guidance and threat assessments to over 80 companies and 14 universities and taking down 2.3 million cyber-enabled commodity campaigns which included 442 NHS-branded phishing campaigns.

The increase in NCSC's involvement in cyber incidents is partially linked to the ongoing work of its Threat Operations and Assessment teams, tasked to identify threats proactively. Services have included the Early Warning Service which alerts organisations to emerging threats through cyber security advice for those working in education.

The report also highlights the NCSC's success in its educational programs, introducing over 56,000 11-to-17-year-olds to technology and cyber security. This included more than 6,500 pupils from 600 schools who entered the NCSC’s pioneering CyberFirst Girls Competition this year, which aims to tackle gender diversity in the area.

Click here to read more.

The Supreme Court hands down its judgment in Lloyd v Google

The Supreme Court has overturned the Court of Appeal's decision in Lloyd v Google, restoring the order refusing the Claimant's application for permission to serve proceedings on Google.

The highly anticipated decision rejects the concept of "loss of control" damages and puts a requirement on individuals to prove they have suffered material damage or distress in order to recover compensation under section 13 of the Data Protection Act.

Represented by RPC, techUK, one of the interveners in the appeal, embraced the decision as a win for individuals to exercise their rights in relation to data breaches, while also continuing to support the innovative capacity and competitiveness of the UK tech sector.

As a result of the decision, data controllers will welcome a reduced exposure to liability arising from data claims.

Click here to read RPC's full note.

UK and US intelligence services reaffirm a joint commitment to disrupt and deter new and emerging cyber threats

GCHQ director, Jeremy Fleming, and UK Strategic Command agent, Paul Sanders met with their NSA and US Cyber Command counterpart, Paul Nkasone, in a session at the annual Cyber Management Review forum hosted at the NSA’s headquarters in Fort Meade, Maryland.

The event was an opportunity for the UK and US to share intelligence, develop ideas and improve overall defences to cyber attacks. It is hoped that continued co-operation will lead to greater defences and deterrents against malicious cyber activity.

Click here to read more from Computer Weekly.

US and UK agencies say Iran is behind ‘ongoing’ ransomware campaign

US, UK, and Australian cyber authorities have warned that Iranian state-sponsored APT groups are behind an ongoing ransomware campaign targeting critical infrastructure.

The groups targeted Microsoft Exchange flaws to carry out ransomware attacks, according to UK and US security agencies. In a joint statement, the agencies stated that the groups have been exploiting a weakness since October 2021. The groups gained access to critical infrastructure organisations, including those in the US transportation and healthcare sectors, in order to then exfiltrate or encrypt data for extortion. Specifically, Microsoft found hackers stealing credentials via "interview requests" targeting individuals through emails that contained tracking links to confirm whether the user had opened the file. If a victim responded, they then sent a link to a fake Google Meeting, which led to a credential harvesting page.

Authorities state that the groups are targeting flaws rather than specific sectors but urge organisations to patch and update their systems, implement two-factor authentication, use strong passwords and anti-virus software and remain alert to phishing threats.

Click here to read more information from IT Pro.

New ransomware actor uses password-protected archives to bypass encryption protection

Ransomware group, "Memento Team" is using a new tactic to hold victim's files hostage. Instead of encrypting files, they copy them into password-protected archives, using a version of WinRAR, encrypting the password and then deleting the original files. This tactic comes after setbacks in attempts to encrypt data were foiled by endpoint protection.

They appear to be replicating the wording of other well-known group REvil in their message to primary IT administrators, even including the tell-tale content within ransom notes.

Attacks like these further emphasise the need for applying security patches, even outside those that Microsoft currently offer.

Click here to read more from Sophos News.

Stay connected and subscribe to our latest insights and views 

Subscribe Here