Cyber attacks continue to exploit people’s reactions to the Covid-19 pandemic
NCSC has reported that cyber criminals are taking advantage of the vaccine roll-out to scam the public, using email or SMS to lure targets to spoofed NHS pages requesting personal and financial details.
HMRC has also spotted a warning about text messages offering people a Government Covid support grant. Messages direct recipients to a spoofed .gov.uk web page which is used to harvest personal financial information.
Solar Winds and the importance of supply chain security assessments
Solar winds is a supplier of network and system management software and a serious breach was discovered in December 2020, involving malware being inserted into their Orion product, which the company says is used by 33,000 customers worldwide.
This was an advanced attack and experts say this has the hallmarks of a Russian state-sponsored attack on the US, but this is unconfirmed.
Many high profile organisations have been confirmed as breached, including US Government departments and major software suppliers. Microsoft has reported that the code enables the attacker to:
- Gain a foothold in the network and elevated credentials.
- Use elevated credentials to access an organisations SAML token-signing certificate.
- Forge SAML tokens to impersonate any existing users and accounts, including highly-privileged accounts.
Investigations on the full impact of the breach are continuing. NCSC has provided actionable guidance for anybody who may have been using the Orion product.
The Security GRC team have tools and services available to assess third-party security and although there are no guarantees, these are vital to check the security posture of third-party suppliers processing the University’s information. For more information contact grc@infosec.ox.ac.uk.
