Increased Cyber Threat Level

The National Cyber Security Centre (NCSC) have issued a warning for all UK organisations to bolster their Information Security systems and incident response plans due to ongoing tensions between Ukraine and Russia.

Similar tensions back in 2017 resulted in the release of a particularly dangerous type of Ransomware known as NotPetya. The NCSC have since linked the development of NotPetya to the Russian military, as a way to target government infrastructure in Ukraine. However, the malware was designed to spread as quickly as possible and as a result impacted thousands of organisations around the world.

We are taking this threat extremely seriously. Here are some tips on how you can help:

Phishing

Phishing is far from a new issue; however, it remains as by far the most common point of entry for major Cyber-attacks.

Tip: Look out for our External Email Warning banner. A common attack type is to impersonate the internal IT Service desk, or other staff/students within the institution. If you see this banner, the email did not originate from a University of Aberdeen account:

External email warning:

Read our full guidance on phishing

How Ransomware Works

The attacker will gain initial access to a network by using password attack techniques or, more commonly, by stealing network credentials via phishing emails.

Once a foothold has been established, the attacker can deploy malware onto the network which can gather information, and eventually escalate access to administrator levels. Once this is achieved, the Ransomware is deployed and will look to encrypt large volumes of data on the network. Once achieved, the attackers then contact the victim and demand a ransom payment for the decryption key to enable access to the data. Attackers also threaten to release sensitive information if the ransom is refused, meaning even if data can be restored from backup, it is not a fully robust defence.

These kinds of attacks can cause enormous financial and reputational damage to affected institutions in incident management and investigation, even without considering the ransom itself.

Password Attacks

Organised cyber criminals have also been reported to be using password spray attacks. This is like a brute force attack where an attacker will repeatedly attempt to log in to an account using common passwords.

The spray attack varies in that it will try to log in to many accounts sequentially using the same common password, and then circle back to the start and try the next password on all accounts.

You can read more on this on the NCSC website:

Further guidance and help

Find out more about Cyber Security on our Toolkit resource.

If you’re still unsure, or if you would like advice, contact the Service Desk – email servicedesk@abdn.ac.uk or visit myit.abdn.ac.uk.

Author: IT Security Team