Cyber Defence Report - April 2020

Probably like most of you, I am currently trying to adapt to the new world of home working. I have never really been a fan of remote home working, I am sure it works for some people, but I like to be around people. I don’t really have the self-discipline to focus on tasks, so I end up working all hours to catch up.

It’s 10pm on a Thursday night and I am looking through our spam honeypot. Not surprisingly, 7 out of the first 10 emails are related to the current global pandemic. Events like this generate a large interest and people are looking for information to protect themselves and their family. This is the perfect environment for cyber criminals to launch phishing attacks. Cyber criminals are opportunistic and often look to exploit current events and public concerns.

Several cyber security researchers have uncovered a surge in the number of phishing emails using the coronavirus as a lure.

Cyber criminals have been exploiting the pandemic to steal money, as well as sensitive information, through phishing campaigns in several countries.

By creating fake websites and emails masquerading as legitimate, attackers have been able to infect victims with malware.

It’s not just with email where we are seeing an increase in attacks, but also WhatsApp and SMS messaging. 

OGL’s technical service desk has been inundated this week with customer support calls. They have predominantly focused on remote or home working, as companies get prepared to follow the Government’s advice and work from home where possible.

Cyber Management Alliance, alongside CyberGuard, have produced a checklist to help keep users secure while remote working. It can be downloaded here:
https://www.ogl.co.uk/ckfiles/CyberGuard_Remote_Working_Checklist.pdf

Away from the global pandemic, Tesco Clubcard and Boots Advantage cardholders have been warned of potential security risks. 

Earlier this week, Tesco confirmed that new club cards would be issued to 600,000 members, following unauthorised attempts to access customers’ accounts. It is understood criminals had used a database of stolen usernames and passwords, with some attempts reportedly proving successful. 

Elsewhere, Boots were forced to suspend payments by Advantage card loyalty points, after a similar incident, affecting its customer accounts.

The act of using a breached list of usernames and passwords to access accounts is called ‘password-stuffing’. It’s a form of attack which preys upon those that use similar email and password combinations, across several different online accounts.

Tesco says no financial data was accessed and they had taken steps quickly to address the issue. Boots also confirmed that no credit card information had been accessed, and they hoped regular service would resume shortly. 

I’m not going to mention 2FA, I promise  

Stay safe, stay in
Paul Colwell, Technical Director