Carr Management

NCSC – Weekly Threat Report 21st July 2017

21st July 2017 Uncategorised 0

Weekly threat report from The National Cyber Security Centre – Click Here for the original

This report is drawn from recent open source reporting.

New SMB protocol exploit effective against most windows operating systems 

An EternalSynergy based exploit has now been developed which can compromise newer (unpatched) versions of Windows. The original ETERNALSYNERGY exploit released by The Shadow Brokers in April exploited an SMB protocol vulnerability, CVE-2017-0143, to allow attackers to inject code onto Windows machines but only worked on versions up to Windows 8.

A security researcher has now modified and upgraded ETERNALSYNERGY to be able to compromise all supported but unpatched Windows operating systems except for Windows 10. This new exploit code is publicly available to download on GitHub and ExploitDB.

This case shows that exploits previously thought to only be effective against older or unsupported operating systems such as Windows XP can be modified to compromise newer and currently supported systems. This illustrates the importance of rigorous vulnerability management and patching, including patching newer operating systems.

For further advice on vulnerability management please see the associated NCSC guidance.

Rise in cyber crime as a service

A new credential-stealing malware, named Ovidiy Stealer, is being sold on cyber crime forums for as little as £6. The low price reflects its limited capabilities. It is non-persistent, so can be removed by simply rebooting an infected computer, but it is reportedly easy to use and capable of harvesting usernames and passwords for a number of common applications. Ovidiy Stealer has compromised targets around the world, including in the UK.

Similarly, a new Phishing-as-a-Service platform, ‘HackShit‘, has been marketing itself to would-be fraudsters. For a monthly subscription, users can generate plausible looking login pages which imitate popular social media and dating sites. The subscribers can also use the platform to trade compromised accounts for cryptocurrency, and to view tutorials on hacking and phishing.

The increasingly low barriers to entry for cyber crime are of concern because individuals with limited technical knowledge can now purchase basic cyber capabilities for a modest sum.

For further information on protecting yourself from these threats please see our malware protection and phishing guidance. You may also find this blog of interest when it comes to phishing.

Leave a Reply

Your email address will not be published. Required fields are marked *