October 2018 to April 2019
The UK’s National Cyber Security Centre (NCSC) recently released its cyber incident trends report for the period between October 2018 and April 2019. The report covers five main cyber attack trends seen in the UK – (1) attacks on Office 365 deployments (and cloud services in general), (2) ransomware, (3) phishing, (4) vulnerability scanning, and (5) supply-chain attacks. “All the incident types noted have resulted in compromises within the UK, some significant in nature,” it says.
Office 365 and cloud services, in general, have been an easy and frequent target of cyber attacks over the past year, with threat actors using a variety of tools and scripts to crack users’ passwords. The two main kinds of attacks in the context of the cloud were password spraying and credential stuffing, their main goals being (I) data theft, (II) using one compromised account to target other accounts and (III) gaining network access.
Ransomware attacks have become frequent across industry, academia and government sectors. Ransomware is no longer used as a standalone tactic, with a number of attackers using network access to increase the attack’s impact. Cybercriminals often employ botnets like Emotet, Dridex and Trickbot to initiate access before using ransomware strains such as Ryuk, LockerGoga, Bitpaymer and Dharma.
Phishing continues to be a widely prevalent attack method. Some popular attack tactics over the past year have been: targeting Office 365 credentials, using legitimate but compromised accounts to send emails, and creating fake login pages, often using Microsoft cloud services (to lend them an air of authenticity).
Vulnerability scanning involves attackers looking for open network ports or internet-facing unpatched software to get an entry point into the targeted network. Once they get access to the network infrastructure, they can make their way into the network core to cause more serious damage. Vulnerability scanning was identified in the report as one of the top 5 attack methods employed by hackers.
Supply-chain attacks, too, continued to be a problem in the period under survey, with several episodes of “attackers exploiting the connections of service providers to gain access to enterprise networks”. A few examples are the APT10 campaign, the GandCrab ransomware, and the Wipro breach.
To read the complete report, go to https://www.ncsc.gov.uk/report/incident-trends-report