Cyber Defence Report - May 2020

I’m adapting to working from home much better than I expected. The discipline that was so lacking in my twenties seems to be holding and other than getting distracted by my wife, 2 kids and 3 dogs, I seem to be getting more productive as the weeks go on.

Hopefully, there is some light at the end of the tunnel, and it has been great to see the response to essential workers and the NHS. 

Our Security Operations Team has been working with a couple of NHS Trusts to help them monitor their resources, allowing them to concentrate on more urgent jobs. 

Even in a time like this we are seeing cyber-attacks against the NHS and other businesses involved in the fight against the virus, The National Cyber Security Centre has also reported malicious cyber campaigns by rival Government states against universities, pharmaceutical companies and other healthcare organisations involved in the coronavirus response.

Laboratories doing research on COVID-19 vaccines are also among those being targeted.

The alert does not name countries behind the attacks, but they are understood to include China, Russia and Iran, as well as others.

There has been a lot of talk recently about the new contact tracing app and I have been keen to understand how the handling of user data will be secured. 

I think one of the positives is this app has been designed by the NHSX team ( and not been outsourced to Facebook, Google or Apple where the use of this data would have many more questions. The involvement from the National Cyber Security Centre is also a good thing and you can read more about the security of the app here:

Amongst the 113 security updates in the April release from Microsoft were patches for 3 zero-day vulnerabilities. This follows a similarly large release of 115 fixes in March.

Using the latest versions of software, applications and operating systems on your devices immediately improves your security. Users should check that their device is set to update automatically.

Included in this security update was a fix for a vulnerability in Microsoft Teams. If, like me, you have been using Teams to communicate with colleagues and customers it is important that you update the software as soon as possible. Security researchers at CyberArk published details on how Microsoft Teams loads images and how the authentication works to deliver this type of message. They found Gif files were being sent that directed users to a compromised domain that could grab the authentication token and take over the account. Microsoft has closed this vulnerability with the latest update.

On top of this attack we have seen a large increase in phishing accounts using Microsoft Teams or Zoom meeting requests as their subject heading. The phishing campaign is spoofing notifications from Microsoft’s Teams collaboration platform to harvest Office 365 credentials from employees working from home offices. Turning two-factor authentication on will help protect home users.

Cyber security company Sophos has reported that its XG Firewall product has been subject to an SQL injection attack. Hackers took advantage of this previously unknown vulnerability to insert malicious code into a back-end database to gain unauthorised access. 

Stay safe
Paul Colwell, Technical Director