NCSC Threat Report Poster

NCSC Threat Report – 11 Nov 2022

Dropbox blog: a phishing email that led to an attack

The file-hosting service Dropbox has written publicly about a successful phish against them, which allowed an attacker to access a Dropbox GitHub account and copy some of Dropbox’s code repositories. 

In the attack, legitimate-looking phishing emails sent to employees encouraged them to visit a fake login page, enter their credentials, and then use their hardware authentication key to pass a One Time Password (OTP) to the malicious site.

When Dropbox became aware of the attack, they quickly took comprehensive remedial action to deal with it.

This blog is a reminder of the need for organisations to stay vigilant against phishing attacks. It’s also a valuable lesson in how organisations can learn from the experience of other organisations to improve cyber security together, which UK organisations can do via the trust community in CISP

New scanning capability to identify UK vulnerabilities

The NCSC has launched a new internet scanning capability to identify common or potentially high-impact vulnerabilities on any internet-accessible system hosted in the UK.

This new service will help to:

• better understand the vulnerability and security of UK as a whole
• help system owners understand their security posture on a day-to-day basis
• respond to shocks (like a widely exploited zero-day vulnerability)

blog by the NCSC Technical Director also provides additional context and background to the service.

New expanded CISA guidance on MFA

The Cybersecurity and Infrastructure Agency (CISA) in the US has published additional guidance for organisations on multi-factor authentication (MFA) in the form of ‘factsheets’.

Acknowledging that MFA is still an essential security practice overall, the first factsheet Implementing phishing-resistant MFA lists the different MFA types from strongest to weakest. The second Implementing number-matching in MFA applications discusses the risk of ‘push fatigue’ when mobile-based push notification is used, and how enabling number-matching helps prevent it.

For more information about MFA and other forms of authentication, see NCSC guidance on choosing the right authentication method.

Findings from JISC survey about cyber security posture in UK colleges and universities

JISC, the organisation that supports the digital transformation of UK education and research, has published findings from its 2022 surveys about cyber security posture in the sector.

The surveys provide insights into how cyber security is applied in practice. For example, in universities (higher education), there has been a 20% increase in dedicated cyber security posts since the last survey in 2017, and ransomware is considered the top threat. In colleges (further education), there has been an increase in the use of MFA and an increase in the number of organisations certifying in Cyber Essentials.

The full report analysing the surveys for both further and higher education are on the JISC website.

The NCSC has previously issued alerts about the ransomware threat to the education sector, which includes mitigation advice to help prevent such attacks.

Recent posts