Tag: National Cyber Security Centre

North Koreans are attacking software supply chains

Posted on November 28, 2023 by - News

According to the UK’s National Cyber Security Centre (NCSC), North Korea is using sophisticated techniques to target global organisations through software supply chain attacks.

In a joint advisory, the NCSC detailed the tactics DPRK state-linked cyber actors used, emphasising the growing threat and complexity of such attacks.

Supply chain attacks, a method where malicious actors compromise elements of the software distribution process, have become a favoured tool for DPRK cyber actors. These attacks, often involving zero-day vulnerabilities and exploits in third-party software, allow the actors to access specific targets or indiscriminate organisations through their supply chains.

The NCSC said these attacks are aligned with broader DPRK-state priorities, including revenue generation, espionage and the theft of advanced technologies.

The advisory comes on the heels of a new Strategic Cyber Partnership announced between the UK and the Republic of Korea, underscoring their commitment to collaboratively addressing common cyber threats.

Dodgy emails flood UK businesses

Posted on July 10, 2023 by - News

British businesses and citizens reported a staggering one suspicious emails and website every five seconds according to a report released by the National Cyber Security Centre (NCSC), an agency of the Government Communications Headquarters (GCHQ).

Between January and December 2022, the NCSC’s free Suspicious Email Reporting Service (SERS) received approximately 7.1 million reports of suspicious emails and URLs.

This equates to nearly 20,000 reports per day, with a significant contribution coming from UK businesses. The NCSC acted upon these reports, resulting in the direct removal of approximately 235,000 malicious URLs from the internet, an average of less than six hours from the time of reporting.

UK companies ignoring cyber-danger

Posted on April 26, 2018 by - News

wargames-hackerMore than 43 percent of UK businesses have been hit by cyberattack over the last year including two-thirds of large businesses, the government has said.

The National Cyber Security Centre report said a “huge proportion” of organisations are failing to address primary cybersecurity measures, including updating their software and anti-malware products.

Ciaran Martin, CEO of the government’s National Cyber Security Centre, said: “Cyber attacks can inflict serious commercial damage and reputational harm, but most campaigns are not highly sophisticated.”

Phishing has been the most common method of cyber attack over the last 12 months, the report claimed, followed by instances of hackers posing as a company’s employees. “Companies can significantly reduce their chances of falling victim by following simple cybersecurity steps to remove fundamental weaknesses.”

The average cost of a cyber attack for large businesses was £9,260, with some outbreaks costing “significantly more”.

The government called on organisations to take cybersecurity more seriously, particularly with the General Data Protection Regulation’s (GDPR) impending enforcement date.

Information commissioner Elizabeth Denham said: “Data protection and cybersecurity go hand in hand – privacy depends on security.

“With the new data protection law, GDPR, taking effect in just a few weeks, it’s more important than ever that organisations focus on cybersecurity.

“We understand that there will be attempts to breach systems; we fully accept that cyber attacks are a criminal act, but we also believe organisations need to take steps to protect themselves against the criminals.

“I would encourage organisations to use the new regulations as an opportunity to focus on data protection and data security.”

James Bond joins the security Q

Posted on July 17, 2017 by - News

james_bond_movie_poster_006GCHQ’s Cyber Accelerator programme is looking for UK-based cybersecurity start-ups who can be shaken but not stirred.

The programme will help start-ups develop security software into fully fledged commercial products and connect them with tech experts across GCHQ itself and the National Cyber Security Centre.

The spooks originally selected seven vendors for the first phase of the scheme in January, but has now extended the programme to nine months and is encouraging another wave of start-ups to apply.

The first seven vendors have raised more than £2.7 million in investment, the government said, and have won deals with tech giants including Cisco.

Matt Hancock, minister for digital, said: “We are working hard to make Britain the best place to start and grow a digital business, and the safest place to be online.

“The GCHQ Cyber Accelerator is a vital part of this work and has already helped some of the most innovative cyber security start-ups develop cutting edge new products and services. I’m pleased to announce the programme is being extended and encourage the nation’s talented entrepreneurs to apply.”

Security vendors have been using witchcraft on customers

Posted on February 6, 2017 by - News

Salem-Wallpapers-HDComputer security vendors have been “massively” exaggerating the abilities of malicious hackers according to the UK’s National Cyber Security Centre.

Dr Ian Levy, technical director of the UK’s National Cyber Security Centre claimed that vendors were playing up hackers’ abilities to help them sell security hardware and services.

Overplaying hackers’ skills let the firms claim only they could defeat attackers, a practice he likened to “witchcraft”.

Speaking at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.

“We are allowing massively incentivised companies to define the public perception of the problem,” he is reported as saying.

He slammed  vendor’s marketing materials for depicting hackers as hugely skilled masterminds and for the hyperbolic language they used to describe cyberthreats.

He said that playing up the threats allowed vendors to establish themselves as the only ones that could defeat hackers with hardware that he likened to a “magic amulet”.

“It’s medieval witchcraft – it’s genuinely medieval witchcraft,” said Dr Levy.

Most attacks aimed at firms were not very sophisticated and in one case an attack last year on a UK telecommunications firm that used a technique older than the teenager believed to be responsible.

Dr Levy urged other businesses to take a look at what the NCSC was doing and to read through its cyber security advice because the measures it recommended were “not completely crap”.