In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Total Tests:
Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime


Your data will stay confidential Private and Confidential

Majority of UK councils hit by cyber attacks

Thursday, September 21, 2017 By Read Time: 2 min.

Legacy tech time bomb is beginning to tick louder for public bodies, as malware and ransomware strike


In a concerning turn of events for public bodies, new research shows that the clear majority - more than 75 per cent - of UK councils and public bodies have suffered cyber attacks in the last year.

The researchers also found that out of 38 local authorities surveyed, 72 per cent complained that legacy systems were having a significant impact, with respondents finding the integrations of new services and applications particularly difficult, which has in turn led them to be increasingly exposed to developing threats.

Majority of UK councils hit by cyber attacks

That threat is particularly real for public bodies, with 75.8 per cent of authorities having fallen victim to malware, viruses or Trojans over the past year, while 50 per cent said they have experienced a ransomware attack during the same period. Confidence in avoiding future attacks was correspondingly low, with a full third of senior officials stating that they had little confidence in existing systems to protect them and their staff.

While spend is often seen as an issue for public bodies, it shouldn’t be seen as a barrier to better security, pointed out Ilia Kolochenko, CEO High-Tech Bridge: “Companies often blindly increase their spending on cybersecurity, however, they end up spending on inappropriate or irrelevant solutions. A comprehensive and up to date inventory of all digital assets (i.e. software, hardware, users, data and licenses) is the essential first step to developing a cybersecurity strategy. Once done, a holistic risk assessment can help prioritise tasks and assure that money is only spent on products and solutions appropriate for your needs and priorities. Finally, continuous security monitoring is pivotal: even one unpatched vulnerability, or a forgotten machine, can lead to a data breach affecting the entire company.

Public bodies are in an increasingly vulnerable position, given their valuable public data assets, coupled with historically low IT investment and overall a perceived low level of digital savviness. Recent significant disruptions to the NHS due to ransomware, and highly publicised attacks on the UK Parliament infrastructure demonstrate that attackers are actively hunting UK public infrastructure.

The scale of the problem is only set to grow, as recent figures obtained from the Mayor of London's office and published by the GLA Conservatives indicate that the Metropolitan Police force alone still has 18,293 devices running the now unsupported XP operating system (OS), with just eight machines running the most recent Windows 10 OS. Windows XP users were particularly vulnerable to the WannaCry outbreak, as patches had not been issued as they were for newer systems.

Of course, it’s not just public bodies that are at risk - a second report indicated that 52 per cent of businesses worldwide are still running at least one machine on Windows XP. The research from market watcher Spiceworks found that XP is still installed on 14 per cent of business computers globally.

Meanwhile, the CCleaner supply chain compromise mentioned in brief by High-Tech Bridge previously has widened in scope, after a discovery by Cisco that the incident might have been even more targeted than initially assumed.

An unknown actor compromised the update platform for CCleaner, an anti-malware package, and inserted a backdoor, intending to compromise a number of CCleaner’s 2m plus userbase. However, Cisco has published a technical analysis of the malware and structure of the attack that includes an archive recovered from the command server. “What immediately stands out is a list of organizations, including Cisco, that were specifically targeted through delivery of a second-stage loader.

Based on a review of the C2 tracking database, which only covers four days in September, we can confirm that at least 20 victim machines were served specialized secondary payloads.” The domain target list includes tech companies including Samsung, Cisco, Dlink, Microsoft and Vmware. The full story is here, but the very short version is that if you’ve ever downloaded and run CCleaner, check your registry for the following values:
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo
The values in question are:
MUID, TCID and NID

If you find them, rollback to a pre-August 15 backup...


Mark Mayne has covered the security industry for more than 15 years, editing news for SC Magazine and editing SecurityVibes UK. Mark has a background in national news journalism and tech reporting, and has run b2b and b2c editorial sites.

User Comments
Add Comment

Ask a Question