Business Continuity & Cyber Security Incident Log w/e 21/07/2017

Business Continuity Incident

Cyber attack hits FEDEX financial results

FedEx has said its fiscal 2018 results would be hurt in part due to disruption of operations in its TNT Express unit following a cyber attack last month.

The Netherlands-based TNT Express is still experiencing widespread service delays following the attack, FedEx said in a regulatory filing on Monday.

FedEx said it was unable to estimate when services at the unit would be fully restored.

FedEx added that no data breach or data loss to third parties is known to have occurred as of July 17.

The company said it was evaluating the financial impact of the cyberattack, but it was likely to be “material.”

Shares of FedEx fell as much as 2.7 percent to $213.07 in early trading.

In June, a new cyber-virus spread from Ukraine to wreak havoc around the globe, crippling thousands of computers.

FedEx said it has experienced loss of revenue due to decreased volumes at TNT Express, incremental costs from contingency plans and remediation of affected systems.

  • The company said it did not have an insurance in place that covered the impact from the cyber attack.


UK Energy Sector may be targeted by Cyber Attacks

The UK Government Communications Headquarters (GCHQ), Britain’s intelligence agency, has warned that the country’s energy sector is being targeted by hackers. Some of these industrial control system organizations may have already been successfully compromised. The agency has made this claim following the discovery of “connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors.”

A copy of the document that comes from a National Cyber Security Centre (NCSC) memo was obtained by Motherboard and then confirmed by the BBC shows that the country’s cybersecurity agency has issued a warning claiming that “a number of Industrial Control System engineering and services organisations are likely to have been compromised.” NCSC is the cybersecurity division of the kingdom’s intelligence agency, the GCHQ.

The agency is not certain whether these compromises have been and might just be talking about the probability of success. If too many departments were attacked, some could have succeeded. The attacks – which appear to be phishing – have been targeting the energy sector, along with engineering, industrial control, and water sector companies since June 8.

New Phishing Attacks Disguised as Replies to Previously Asked Questions

Beware! A New Type of Phishing Email Disguises Itself as a Reply to Previously Asked Questions

Cyber criminals have come up with yet another way to get you to open an email. This month’s Comodo Threat Intelligence Lab report has identified a new type of phishing email. According to Comodo, the new scam involves emails disguised as a reply to a previously asked request for information. The emails also appear to come from a legitimate contact or familiar brand, the report says.

A New Type of Phishing Email

The particular phishing email campaign mentioned in the report occurred over a seven hour period on July 6, 2017. And while it lasted less than a day, it was able to target 50 enterprise customers with thousands of users.

The perpetrators of the attack used 585 different servers with IP addresses in North America, Europe, Australia and Turkey. Comodo says the speed and coordination to develop and deploy the attack shows a considerble level of sophistication and advance in phishing evolution.

The emails have been designed to look authentic. And if you are busy, a quick glance might lead you to believe it is a legitimate request. But once you click on the link, you will be directed to a different site, which will deliver its remotely deployed malware payload.

This screenshot shows an example of the phishing attack.

Beware! A New Type of Phishing Email Disguises Itself as a Reply to Previously Asked Questions

Fatih Orhan, head of the Comodo Threat Intelligence Lab and Comodo Threat Research Labs (CTRL), explains:

“Phishing emails come in numerous types and formats. Cyber criminals always find new methods to trick users and convince them to click a “bait” link. This latest method is also an example of how they can be creative to attack enterprise business users.”

Phishing Attack Targets Bank of America Customers

Cybercriminals are reportedly targeting customers of the Bank of America (BOA) with a phishing campaign, designed to steal personal and financial information.

The scam allegedly involves hackers sending out phishing emails to BOA customers that tricks them into clicking on malicious links.

The phishing email, which reportedly poses as an official email from the bank, informs users that their bank account has been imposed with new limits, which can only be gotten rid of by providing proof of the account’s ownership. In other words, the phishing email is cleverly designed to trick users into divulging their login credentials and personal information.

The phishing email has been designed to trick users into clicking on a malicious link that redirects victims of the scam to a fake BOA page, prompting them to type in their login credentials to “sign in.”

However, the scammers also look to harvest victims’ personal and financial information by asking them to complete a further form. Victims are prompted to provide sensitive data, including first and last name, address, city, zip code, mobile number, email address, credit card number, card expiry date and CVV number.

it is reported that cybercriminals are operating the scam via Russia-based hosting provider called “Beget.” The hosting provider has allegedly been informed about the phishing campaign, however, it is unclear if any action has been taken to shut down the scam.

It is also unclear how many victims have been targeted successfully by the scam

Students Targeted in Phishing Fraud

Prospective students of Newcastle University have been warned to be careful when seeking to apply and pay online for courses, after discovering the existence of a sophisticated phishing operation.

“We have been made aware of an unofficial website which is fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses,” the university announced on its Twitter account.

“The website ‘newcastle international university’ is in no way associated with the University and we are advising anyone who finds the website not to submit any personal details. All students should use our official website”

It is not known how many people have been tricked by the website, but the level of detail is impressive. The site is being used to harvest everything from credit card information to passport details and date of birth, which would be useful to the scammers if they decide to steal victims’ identities, as well as scamming them out of thousands of pounds in tuition fees.

Azeem Aleem, RSA Security’s director of Advanced Cyber Defence Practice for EMEA  said  “Newcastle University’s response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim. This is why the public need to have greater awareness of the issue of spoofing and take care to protect themselves online,”

[The scammers] have been careful about targeting, focusing on overseas students who may not have the local knowledge to spot the difference between this site and Newcastle University’s official site.”