In this week’s Threat Report:
1. HMRC phishing scams have grown 87% during COVID-19
2. Data of 700 million LinkedIn users reportedly advertised on dark web
3. Microsoft update on brute force and password spraying activity
4. Cisco ASA Software and FTD Software web services interface cross-site scripting vulnerabilities
HMRC phishing scams have grown 87% during COVID-19
A recent FOI request has revealed that HMRC phishing scams have grown 87% during the COVID-19 pandemic.
Reports of phishing scams impersonating the UK’s tax, payments and customs authority and the Driver and Vehicle Licensing Agency (DVLA) also surged during this period, which is likely a result of cyber criminals looking to exploit the COVID-19 pandemic.
A cyber criminal’s goal is to trick you in to giving them your sensitive information, which could include bank details, and it’s not always easy to spot the scam.
The NCSC has produced guidance on how to spot the most obvious signs of a scam, and what to do if you’ve already responded. We also recommend sending emails you’re unsure about to the suspicious email reporting service (SERS), report@phishing.gov.uk.
As of 31st May 2021, the number of reports the SERS has received stands at more than 6,100,000 with the removal of more than 45,000 scams and 90,000 URLs.
Data of 700 million LinkedIn users reportedly advertised on dark web
Data belonging to 700 million LinkedIn users has reportedly been advertised for sale on the dark web.
Based on a sample data set, security researchers found information relating to real accounts including users’ full names, email addresses, phone numbers and physical addresses.
LinkedIn has posted an update about the reports, stating that this is not a data breach and its initial investigations have found the information was scraped from the internet. It said no private Linkedin member data had been exposed.
Affected LinkedIn users should still be vigilant against suspicious messages and phone calls relating to their scraped data. Cyber criminals are opportunistic and may use the recent news to trick people into clicking on scam messages.
The NCSC has produced guidance to help individuals spot suspicious messages and deal with them effectively, and more relevant advice on actions to take can be found in our data breaches guidance.
The NCSC also has guidance on how to use social media safely.
Microsoft update on brute force and password spraying activity
The NCSC has issued advice to UK organisations following an update from Microsoft on malicious cyber campaigns.
On Friday 25th June Microsoft revealed that it had identified new activity from an Advanced Persistent Threat (APT), known as NOBELIUM, targeting organisations globally.
The Microsoft Threat Intelligence Center says that this activity was mostly unsuccessful.
The NCSC are supporting those affected and would urge all organisations to familiarise themselves with our guidance on mitigating phishing attacks, how to implement two-factor/multi-factor authentication and how to choose, configure and use devices securely.
Cisco ASA Software and FTD Software web services interface cross-site scripting vulnerabilities
The NCSC is aware of a number of vulnerabilities affecting Cisco Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTC) software.
In addition, there is active exploitation of CVE-2020-3580 (cross-site scripting vulnerability).
The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest update as soon as practicable.
NCSC © Crown Copyright 2021
