Weekly Threat Report 18th November 2016

Created:  18 Nov 2016
Updated:  18 Nov 2016
This report is drawn from recent open source reporting.

Carbanak is Back

It is being reported that the hospitality sector is being targeted by the cyber-crime group Carbanak (also known as Anunak). The Carbanak gang were first identified by Kaspersky and are best known for a campaign in 2014 where they allegedly stole $1 billion from over 100 financial institutions worldwide. Security researchers at Trustwave have reported that Carbanak are now targeting the U.S. hospitality and restaurant industry’s point of sale systems.

The campaign involves elaborate social engineering whereby the attackers place calls to a customer support centre claiming they are unable to access the online reservation systems and request to send their details by email instead. The attacker then stays on the line until the email is opened and the malware delivered. The email contains a Word document which when opened delivers malware capable of stealing system information, taking desktop screen shots and downloading additional malware which allows the attackers to access the card holder data environment. 

Whilst Trustwave have only reported the attack affecting two U.S. based businesses, organisations should remain vigilant to social engineering techniques and be aware that cybercrime can include a human element, such as a phishing call.

Finnish DDoS attack shuts heating down

According to Finnish media, residents in two buildings in Lappeenranta, Finland, spent several days without heating as a result of a Distributed Denial of Service (DDoS) attack in late October and early November.  The attack, aimed at a service provider, indirectly affected the smart home management system which was connected to the internet and installed in the residential complex.

Building Automation Systems (BAS) are becoming more widely used, not just in residential properties but in facilities where maintaining precise temperatures is vital, for example hospitals, data centres and laboratories where a cyberattack could have a greater impact. In a recent Building Operating Management survey, 84% of respondents said they had BAS connected to the internet. 78% of facility managers also described themselves as having no, or limited cyber security awareness.

The cybersecurity of BAS relies on a comprehensive approach: designers, installers, software vendors, building owners and users should all understand the risk. The attack in Finland was short-lived but serves as a reminder of the vulnerability of internet-connected devices

Seasonal spike in DDoS could include IoT botnet attacks

There has been an annual spike in Distributed Denial of Service (DDoS) attacks in the run-up to and during the Christmas period in recent years, according to a recent quarterly report by content delivery company Akamai. The report, cited in Network World, predicts that the trend will not only continue this year but may involve more significant incidents due to the emergence of new tools such as Internet of Things (IoT) botnets.

The report notes that DDoS attacks in general have been on the rise, increasing by 71% compared with the previous year. While some types of DDoS (such as Network Time Protocol) have been declining, IoT botnets are a growing trend. One such example, the Mirai botnet, has recently been used to conduct some of the largest DDoS attacks ever, such as those against the Domain Name System provider, Dyn, and the blog of the security researcher Brian Krebs, as previously reported on the NCSC website. The fact that its source code was published online makes it easier for less technically capable actors to achieve such an attack.

The mitigation advice for DDoS attacks can be found on the guidance section of the NCSC website.


There were updates to two of the leading browsers this week, Google fixed a remote code exploit vulnerability in Chrome and Mozilla fixed 29 vulnerabilities in Firefox. VMware issued updates for Workstation and Fusion as well as vRealise Operations. F5 released updates to BIG-IP. OpenSSL released an update to address multiple bugs. There was also updates for Symantec Ghost, PHP, CA Service Desk Manager, Cisco IOS and an update to the Linux Kernel.

Was this report helpful?

We need your feedback to improve this content.

Yes No