The UK’s National Cyber Security Centre (NCSC) has said in its annual review (here) that Russia, China, Iran and North Korea “continue to pose strategic national security threats to the UK”.

In the foreword, NCSC CEO Ciaran Martin said: “A significant proportion of our work has continued to take the form of defending against hostile state actors… but we can’t often talk about the operational successes and the full range of the NCSC, GCHQ and wider state capabilities that are deployed against them.”

It follows revelations from NCSC and the US National Security Agency on Monday that Russian hacker group Turla masqueraded as Iranian cybercriminals to launch attacks on government systems in the Middle East.

NCSC, the public-facing limb of the Government Communications Headquarters (GCHQ), was set up in 2016 as part of a £1.9bn strategy to oversee cybersecurity in the UK and advise businesses.

The body’s annual report, which details its efforts to combat cyber incidents in the UK, said it has handled more 658 attacks on 900 organisations, including schools, airports and emergency services.

The report outlined some of the work to combat attacks, such as the Haulster programme, which automatically flagged fraudulent intentions against more than a million stolen credit cards, protecting hundreds of thousands of people from financial loss.

NCSC said it had also discovered that criminals were continuing to exploit open-source e-commerce shopping platform Magento, flinging malicious card-slurping JavaScript code that skims all data entered into a page during a transaction and silently sends the results to domains controlled by them, it said.

“The NCSC conducted a successful trial to identify and mitigate vulnerable Magento carts via takedown to protect the public,” said the report. “The work now continues. To date, the NCSC has taken down 1,102 attacks running skimming code (with 19 per cent taken down within 24 hours of discovery). Without the NCSC’s Active Cyber Defence intervention, it is likely these attacks would have continued indefinitely.”

Readers who use Magento can make sure their systems are patched here.

Abuse of public-sector email domains in the UK has been another area of focus. “One such incident occurred when criminals tried to send an excess of 200,000 emails purporting to be from a UK airport, using a non-existent gov.uk address in a bid to defraud people.

“However, the emails never reached the intended recipients’ inboxes because the Active Cyber Defence system automatically detected the suspicious domain name and the recipients’ mail providers never delivered the spoof messages. The email account used by the criminals to communicate with victims was also taken down.”

Source » theregister