CYBER INTELLIGENCE REPORT
Welcome to the 'almost Easter' edition of the Cyber Intelligence Report! Here we'll be taking a look at how Emotet and Trickbot malware were used to spread ransomware, details of an ongoing proactive operation involving South West organisations, and we're holding our first ever South West CiSP meet up. Finally, as always, we share some more general online resources from social media and highlights from the Cyber Information Sharing Partnership (CiSP).
We'd also be remiss not to mention that cyber attacks often occur over holiday periods to maximise the impact, so be extra careful and stay vigilant!
- Attention: We're currently working with businesses throughout the South West who may have suffered from a form of ransomware due to having vulnerabilities with their Remote Desktop Protocols (RDP).
- We are actively contacting businesses as part of this operation. If you do receive a call, you can verify our identity by then calling the non-emergency police number 101, and quoting a collar number which we will supply to you for them to put you through.
- The RDP Protocol is designed to provide remote access through port 3389. Please consider the below points in relation to RDP:
- Please ensure that you have strong usernames and passwords, and that your staff are aware of why this is important.
- Implementing Two-Factor Authentication (especially for Office365) is also strongly recommended.
- Be aware of who actually has access to RDP within your organisation, and always be suspicious of any spurious activity regarding RDP.
Remember, if you or your organisation have been a victim of this or any other type of cyber crime, report to Action Fraud, the UK's national cyber crime reporting centre at https://www.actionfraud.police.uk/or via phone on 0300 123 2040