News

Feb 2024 – Brand Impersonation Phishing

Vade, an organisation providing threat detection and response, recently published its annual “Phishers’ Favorites” report for 2023. In its list of the top 20 most impersonated brands in phishing attacks, the Facebook brand came top, followed by Microsoft. Other brands well known to UK audiences, included Amazon, PayPal, Instagram, Google, WhatsApp and Netflix.

Phishing attacks using social media brands saw the largest increase rising by more than 113% year-on-year. Alongside the rise in phishing using social media brands, financial services was the most impersonated sector with a number of banks, credit card providers, and PayPal in the top 20 impersonated list.

The 2023 Data Breach Investigations Report by Verizon highlighted that human error remains the leading cause of data breaches with 74% of all breaches associated with such errors. Phishing awareness training must be at the front line of cyber defences.


If you would like to know more about Cyber awareness training, please get in touch.

Jan 2024 – Consistent Advice

America’s Cybersecurity and Infrastructure Security Agency (CISA) put out an advisory in December 2023 (see https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a) which detailed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) of the ALPHV Blackcat ransomware as a service (RaaS). Additionally, the advisory goes on to provide useful incident response guidance and potential mitigations.

What stands out, though, are the summary actions listed as:

  • Routinely take inventory of assets and data to identify authorized and unauthorized devices and software.
  • Prioritize remediation of known exploited vulnerabilities.
  • Enable and enforce multifactor authentication with strong passwords.
  • Close unused ports and remove applications not deemed necessary for day-to-day operations.

Whilst the National Cyber Security Centre (NCSC) Cyber Essentials scheme does not mandate an inventory, it does state that asset management should be considered as a core security function. In all other respects the CISA summary actions are explicitly addressed by Cyber Essentials requirements. It’s good to see this consistent approach between leading cyber security agencies.

If you’re looking for a trusted cyber security partner, are based in the UK and interested in the NCSC’s Cyber Essentials scheme, or are based overseas and interested in the IASME Cyber Baseline scheme, please contact us.

Dec 2023 – Don’t forget Christmas Patching!

A recent report by the cyber insurance company Covus reveals that threat actors are switching tactics to compromise their victims with ransomware, with more insurance claims arising from attackers exploiting vulnerabilities rather than using phishing emails.

The report says that vulnerability exploitation rose as an initial access method from <5% of ransomware claims in the second half of 2022 to about 30% in the first half of 2023.

Whilst threat actors have exploited zero-day vulnerabilities this year, especially in file transfer software (e.g. MOVEit), the key defence against vulnerability exploits is to stay up to date with your patching.

For very good reasons, patching is a key requirement of the Cyber Essentials scheme.

If you would like to know more about Cyber Essentials, please get in touch.

Nov 2023 IASME Cyber Baseline

Consult MB Ltd is pleased to announce that we have become licensed to assess the international IASME Cyber Baseline security standard.

IASME Cyber Baseline, available only for companies outside of the UK, covers fundamental but vital cyber security protection measures. The standard provides a means for international organisations to demonstrate that they take cyber security seriously and have implemented essential cyber hygiene measures.

IASME Cyber Baseline maps to international standards and best practice (e.g. Cobit, CIS v8) but, importantly, allows the organisation to be assessed as meeting the IASME Cyber Baseline Standard.

The scheme is an important first step for many organisations in proving that they are serious about cyber security. It is a pre-requisite to the next step of certifying to the comprehensive risk based and policy driven IASME Cyber Assurance Standard.

The cost for IASME Cyber Baseline Self Assessed (Level 1) is based upon the size of the business:

Micro organisations (0-9 employees)£300 +VAT
Small organisations (10-49 employees)£400 +VAT
Medium organisations (50-249 employees)£450 +VAT
Large organisations (250+ employees)   £500 +VAT

If you’re an international organisation (non-UK) and would like to know more about the IASME Cyber Baseline Standard, please get in touch.

Oct 2023 Backups (…and restores)

A few organisations I’ve worked with assume that because they use advanced cloud services for office automation that they don’t need to worry about how they backup and restore cloud resident data. Their assumption is that the cloud provider’s data resiliency features, checks and processes will always ensure a copy of the data is available come what may…even if the means to restore it isn’t a straightforward process. Microsoft, a major provider, state in their Shared Responsibility model (see https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility) that the customer always retains responsibility for information and data.

This week, the NCSC have issued some useful guidance around ransomware resistant cloud backups (https://www.ncsc.gov.uk/guidance/principles-for-ransomware-resistant-cloud-backups). Whilst they recommend considering ‘a breadth of technologies’ for backups, one of the key messages is to regularly test.

The IASME Cyber Assurance Standard states three copies of information should be kept (the day-to-day working original, an off-site main backup, a local backup for easy retrieval). Crucially, the Standard also requires that the backups be tested, at least monthly.

If you’re based in Somerset, Devon, Gloucestershire or the Bristol area and are interested in learning more about the IASME Cyber Assurance Standard, please get in touch.

Aug 2023 – Please Patch!

This year’s report on the top routinely exploited vulnerabilities was published on 3 August 2023 by the NCSC. Somewhat depressingly, it highlights how threat actors are still exploiting older software vulnerabilities in systems that remain unpatched e.g. a high severity vulnerability in older versions of Office first announced in 2017 (CVE-2017-0199) – really?!

You can find the report at https://www.ncsc.gov.uk/news/ncsc-allies-reveal-2022-common-exploited-vulnerabilities

If you’re based in Somerset, Devon, Gloucestershire or the Bristol area and need any cyber security support or advice, please get in touch.

Apr 2023 – Cyber Essentials Updates

The past few months have been incredibly busy and this news page has been somewhat neglected. To put that right, this is a quick post to confirm that the Cyber Essentials ‘Montpellier’ question set will replace ‘Evendine’ on 24th April 2023.

The NCSC’s updated requirements (version 3.1) will also come into force on 24th April 2023. You can have a look at the updated standards for CE and CE+ here:

https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-Infrastructure-v3-1-January-2023.pdf

https://www.ncsc.gov.uk/files/Cyber-Essentials-Plus-Illustrative-Technical-Specification-v3-1-January-2023.pdf

Nov 2022 – Fatigued?

There have been a number of articles recently that describe yet another hacking technique that relies on what is termed “MFA Fatigue”. This is where the hacker has the victim’s cloud service credentials and encounters the MFA challenge. Where ‘push’ notifications are configured the hacker will invoke multiple ‘push’ notifications in the hope that victim will eventually tire and just click ‘accept’ when the latest in a long series of notifications is presented.

The American CyberSecurity and Infrastructure Security Agency (CISA) have issued a couple of useful fact sheets aimed at defeating MFA fatigue.

https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf

https://www.cisa.gov/sites/default/files/publications/fact-sheet-implement-number-matching-in-mfa-applications-508c.pdf

Aug 2022 – NCSC Subscriptions

Just a quick plug for the NCSC Subscription Centre.

You can sign up for mail alerts on any/all of the following:

• Threat Reports and Advisories
• The Weekly Threat Report
• NCSC Digital Lofts (Online seminars on cyber security topics)
• NCSC Small Organisations Newsletter
• NCSC Cyber UK (annual cyber security event)
• NCSC Annual Review