NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries
The United Kingdom’s National Cyber Security Centre (NCSC) recently released their Incident trends report (October 2018 – April 2019) which highlights some of the trends seen across various UK government entities, organizations, and sectors.
The first thing the NCSC chose to highlight in their report was the observed attacks against Office 365, Microsoft’s cloud services suite. According to Microsoft, there are over 155 million Office 365 business users as of 2018, a massive attack surface for a single service. When you combine that with the fact that passwords get reused all the time—maybe even for Active Directory integration (O365 makes this easy for Windows users for obvious reasons)—it’s no wonder threat actors see it as an appealing target.
Ransomware isn’t going away. Seemingly every day, there’s a new report that a small municipality in the United States has been hit, with demands reaching the millions of dollars. The UK isn’t immune to this either. As the NCSC report points out, Ryuk, LockerGoga, and BitPaymer have all been fairly prevalent over the time period. Additionally, the Emotet, TrickBot, and Dridex botnets have all been seen being used as delivering ransomware once installed on the machines. If there was any doubt that botnets aren’t being used for MUCH more than denial of service attacks, rethink your assumptions.
Last, supply chains are being attacked by nation-state threat actors such as APT10, as well as cybercriminals looking to monetize their attacks, like the operators of GandCrab. It’s important that supply chain partners are evaluated and held to the same security standards as the companies themselves. That partner’s access may make them an attractive target.