Report Incident


Which aspect of cybercrime concerns you the most?

Phishing E-Mails
Cyber Stalking / Bullying
Data Theft
Online Fraud
Activity Snooping
Icon representing Cyber-attacks: would your business get caught out?

Cyber-attacks: would your business get caught out?


Executive summary of the attached report.

Cyber-attacks are in the UK are on the rise with no sign of let-up. CERT-UK sees repeating attacks and have created three attack scenarios to demonstrate some of the threats that exist, and steps to defend against them.
Intellectual property theft via a targeted phishing attack

 An attacker searches social media and public records to find information about senior executives in the firm
 A staff member is sent a message spoofing a senior executive’s email address with an attachment containing the malicious payload which causes a subsequent breach when opened
 The attacker’s first target does not have sufficient access so they escalate privileges in order to find and exfiltrate the desired information

Key points: limit information online that can be used by an attacker; be aware that human factors are often the weakest link and user education is critical; spear phishing is one of the most common forms of attack; and ensure that you carry out regular patching to fix vulnerabilities.

Watering-hole (drive-by) attack using an exploit kit
 The attacker finds a website likely to be visited by the intended target and places redirect code on it – this is the ‘watering hole’
 An employee visits the watering hole website and is redirected to one controlled by the attacker
 This website contains an exploit kit which identifies vulnerabilities in the visiting browser and breaches it in order to delivers malicious payload to the target’s network
 The attacker gives themselves administrative privileges then finds and exfiltrates the desired information regarding a business deal
 The attacker then decides to disrupt the deal by destroying large amounts of data

Key points: take steps to ensure that your web browsers cannot be automatically redirected; ensure that you have good backup as part of a disaster recovery plan; and ensure that you carry out regular patching to fix vulnerabilities.

Supply chain attack – using a trusted network connection with a supplier
 An IT company advertises the fact that it has won a contract with an engineering company that is the ultimate target
 The engineering company is well protected, so the attacker is better able to breach the IT company first and then take advantage of its integration with the engineering company in order to infiltrate that company’s network
 The attacker finds and exfiltrates data whilst also turning off security measures
Key points: ensure that your supplier has a security posture that matches your own; ensure that your infrastructure is appropriately segregated to limit how far suppliers can travel through your network; and ensure that you carry out regular patching to fix vulnerabilities.
Portable document format
Portable document format 721,98 KB
May 11th 2016 08:16