11 October 2019

IRM Weekly Cybersecurity Roundup: Cyber Essentials news and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

NCSC plans new approach to Cyber Essentials

Cyber Essentials Plus Logo

The National Cyber Security Centre (NCSC) is handing over the running of its Cyber Essentials scheme to one of the existing certification organisations, The IASME Consortium. This is after a tender process which has produced a five-year contract beginning in April 2020.

Cyber Essentials is the NCSC’s guidance and certification process aimed at helping public and private sector organisations guard against the most common cyber threats.

The NCSC has said that over time there has been a lack of consistency in the service and an unnecessarily complicated experience for organisations that use it. The appointment of IASME as a partner is aimed at simplifying the operation, providing a more streamlined path and ensuring that all the certification bodies are working to the same standard.

It will involve the introduction of a minimum criteria for certification and assessments, and an expiry date on certificates.

IRM along with the other accreditation bodies, which appoint the certifying bodies, will continue providing the service until their contracts expire. Read more here.

Ransomware victim fights back

Many people have been infected by ransomware and often they decide to pay the ransom. The victim despairs, but hopefully learns something from the experience.

Tobias Frömel, a German developer and web designer was no different after paying a Bitcoin ransom of 670 Euros after his QNAP NAS drive was hit by the Muhstik ransomware.

However, Frömel decided to hack the very people responsible for the attack.

After decrypting his own data, Frömel analysed the ransomware that had infected his NAS drive, determined how it worked, “hacked back” and stole the criminal’s “whole database with keys.”

In a posting on the Bleeping Computing forum, Frömel admitted what he had done and posted a link on a Pastebin page where he had published the stolen keys as well as the decryption software.

Whilst many have applauded this, Frömel himself acknowledged what he did was against the law.  Read more here.

NHS to get cyber intelligence and risk platform

NHS Digital is planning to develop a cyber-business intelligence and risk platform for the health service as it continues its plans improving data security over the next two years.

The organisation’s chief information security officer, DanHospital Cyber Security Risk Pearce, said it should help local and arm’s length bodies in the NHS to better understand and plan for cyber risks.

While providing no further details, he said it will accompany NHS Digital’s efforts to provide best practice standards, cyber security architectural patterns, and process and policy templates. It also plans to work on engraining cyber secure behaviours in the day-to-day work of the NHS.

“We cannot be complacent,” Pearce says in a blogpost. “The threat we face is growing and constantly changing, and it will require a continued and concerted effort across the health and care system to effectively combat it.” Read more here.

Data of 92 million Brazilians for sale on underground auction site

The personal information of 92 million Brazilian citizens has been discovered for sale to the highest bidder on an underground forum auction.

The data is reportedly available on multiple dark web marketplaces and is being sold as a 16GB database in SQL format. Details such as names, dates of birth, addresses and taxpayer IDs are available.

The origin of the database is unclear, however the inclusion of taxpayers unique IDs indicate that it could be a governmental database. Read more here.

NCSC sees surge in female applicants for courses

The number of females applying for cyber security courses has risen by nearly 50% in a year, according to new figures from the National Cyber Security Centre (NCSC).

Female applicants NCSC Cybersecurity

summer courses alongside figures which showed that overall applications for the course had also risen on last year. The number of female applicants was up 47%, and the overall number applying rose by 29%.

The centre, which is part of GCHQ, announced the increase in female participants for its CyberFirst

NCSC deputy director for growth Chris Ensor said: “It’s never been more important to increase and diversify the cyber security workforce and we’re committed to nurturing the next generation of skilled experts and addressing the gender imbalance”. Read more here.

Nation state hackers and cybercriminals are spoofing each other

Nation-state hackers and cybercriminals are increasingly impersonating each other to try and hide their tracks as part of advanced attack techniques, according to Optiv Security’s 2019 Cyber Threat Intelligence Estimate report.

Industries being targeted most are retail, healthcare, government and financial institutions.

With cryptojacking and ransomware are increasing in popularity, as well as the traditional list of computer threats from botnets, Denial-of-Service (DDoS), phishing, and malware.

Optiv says that cybercriminals and nation-state hackers are learning from each other and becoming more successful. They also try to spoof each other by adopting similar techniques to try and confuse investigators. Read more here.

Quick fire updates

Sharp increase targeting company email accounts – A new report by email and data security company Mimecast has revealed an increase in the number of Business Email Compromise (BEC) cyber-attacks of 269% in the Q3 compared to Q2 of 2019. Read more here.

Class-action lawsuit filed against CafePress following data breach – CafePress online gift shop was hit earlier this year when 23 million customer data records were stolen, and the shop is now facing  prospect of a proposed class-action against them. It’s alleged that CafePress failed to offer adequate protection to its customers by neglecting to update security software that was widely known to be flawed. Read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page.