Weekly Threat Report 1st September 2017

Created:  01 Sep 2017
Updated:  01 Sep 2017
NCSC building with logo
We would like your feedback on the Weekly Threat Report. Please send us your thoughts, suggestions and queries using our 'Contact Us' page
This report is drawn from recent open source reporting.

300% increase in attacks on Microsoft cloud services

Microsoft has revealed that the frequency of attacks against users of its cloud services, including Microsoft Azure and Office 365, has increased by 300% over the last year.

“A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services,” said Microsoft in its ‘Security and Intelligence’ report.

According to the post, over two-thirds of Azure attacks came from IP addresses in China and the US, with 32.5% from the US, and 35.1% from China. The remainder came from 116 countries and regions, with Korea the lowest at just 3.1% of attacks.


Airline boarding passes and baggage bar code stickers

Since at least 2011 security experts have warned that an airline boarding pass can provide would-be attackers access with a host of sensitive passenger information.

A recent Krebs on Security blog reports on a person posting a photo of their boarding pass on Facebook. Online software can be used to scan the bar code, even when redacted from the photo.  The passenger name and booking reference will generally provide enough information to gain access to the booking on most airline websites; with this access, a malicious actor could obtain additional data, including future travel plans, and alter or cancel upcoming flights.

The article reports that many people post pictures of their boarding pass on social networking sites often before and/or during their trip. A search on Instagram for ‘boarding pass’ returned 91,000 images.

Posting pictures of boarding passes, luggage revealing airline bar code stickers or even concert tickets will provide attackers with a host of personally identifiable information that could result in the user having no return flight, missing a concert or even full identity theft.


US-CERT warns of potential Hurricane Harvey phishing scams

The US Computer Emergency Readiness Team (US-CERT) has issued public warnings regarding potential Hurricane Harvey-related scams. Cyber criminals have been seen trying to deceive users through email phishing and fraudulent social media accounts that reference both the hurricane and associated charities and aid organisations. These methods have been used to ask users to send money or to redirect them to malicious websites that either download malware or steal personal data.

Cyber criminals have previously exploited natural disasters or global events such as Hurricane Sandy, the Ebola outbreak and the Syrian conflict to steal donations intended to help those affected. US-CERT is advising caution in handling emails with subject lines, attachments or hyperlinks related to Harvey, even if they appear to originate from a trusted source. Potential donors are further advised to check the credentials of charities and webpages that appear after such events before responding.


The Cyber Security Information Sharing Partnership (CiSP) is a great way of learning more about threat information as well as engaging with industry and government counterparts. Follow the link below for more information.

Join CiSP

Was this report helpful?

We need your feedback to improve this content.

Yes No