Weekly Threat Report 7th December 2018

Created:  07 Dec 2018
Updated:  07 Dec 2018
NCSC Threat Report
This report is drawn from recent open source reporting.

Rogue fitness apps help you to lose money not weight

Three malicious apps have recently been identified and removed from Apple’s app store.  
The apps had a health theme and purported to check heart rate, calorie count or BMI index. “Fitness Balance”, “Calories Tracker” and “Heart Rate Monitor” were discovered to be fraudulent and have been removed.  
When the apps asked for a fingerprint scan to access information of interest, the identification method was instead employed to authorise a payment of up to $120. If the user has a credit or debit card linked to an Apple account, the transaction was approved. The apps would then continue to prompt the user to use the finger scanner before continuing to use the app. The scale of losses is unknown. 

The existence of these apps in an eco-system generally considered as secure indicates that despite rigorous checks carried out by official app stores, some malicious apps do evade detection.  
The malicious apps were spotted and have now been removed. When downloading apps, consumers should check reviews and any available information about the app and its developer. You should also be alert to permissions that the app is requesting - these can be checked in the app settings. 
This scam affects iPhone 8 or earlier models. Newer models have a feature called “Double click to pay” which, when activated, requires users to double click the side button to verify a payment.  

Further advice can be found on the Cyber Aware and Get Safe Online websites. 

You can also find advice for app developers here on the NCSC website.

A week of data breaches…

A number of significant events surrounding breach activity has occurred over the course of the past week.  
In response to previous breach activity, Uber has been fined £400k by the Information Commissioners Office (ICO) for a breach reported back in 2016. In addition, German social media site Knuddels, was fined €20k by German regulators following a data breach. 
In one week, a number of new breaches have also been disclosed, such as the personal data of 500 million Marriott/Westin Hotels customers and the personal data of 100 million Quora users

The volume of data breaches in recent months has been significant so it remains important that individuals and businesses remain vigilant to the threat of breaches.  
The potential impact on individuals who have had their personal information stolen must not be underestimated. The threat of personal information theft is almost certain to remain and companies that store these details must ensure it is protected against any potential intrusion, for the benefit of their customers and their own reputation.  

Designers, developers and operators of online services can find guidance on how to make services harder to compromise here on the NCSC website. 

We would also recommend reading our guidance around the phishing threat following data breaches as well as how to protect bulk data.

YouTuber fan promotes subscription via printer hack

This week an anonymous individual hacked 50,000 printers, causing them to print out a message that urged people to subscribe to the PewDiePie YouTube channel. PewDiePie was battling with a rival for subscribers in order to retain its status as the most subscribed channel on YouTube. 

The printer hacker said they had identified 800,000 printers with open security settings and selected 50,000 to print out support for PewDiePie. The hacker reportedly used a tool called the Printer Exploitation Toolkit (or PRET) to send automated scripts to printers that had IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open over the Internet.  

The connections between your networks and the Internet and/or other partner networks, can expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, organisations can reduce the chances of these attacks succeeding.

The NCSC recommends that organisations do not expose printers on their networks without setting up authentications. More generally, the NCSC recommends that users secure devices by changing default passwords and regularly patching.

The ECSEPA Cyber Security Evidence Study

The Evaluating Cyber Security Evidence for Policy Advice (ECSEPA) project, funded by EPSRC and supported by the Sociotechnical Security Group at the NCSC, is aiming to learn more about how the UK government cyber security advisory and policy-making community evaluate evidence in their roles. We are inviting those interested in helping to take part in a cyber policy game that tests the participants’ responses to scenarios through a range of escalating crisis scenarios.

The overall objective of this research is to understand how such policy-making be better supported. The policy game will take place on 21st February 2019 in London and will require one full-day of commitment.

If you are interested or would like to learn more then email to register an expression of interest.

Was this report helpful?

We need your feedback to improve this content.

Yes No