Out-Law News | 06 Aug 2014 | 12:33 pm | 1 min. read
CERT-UK, which began operations on 31 March this year and helps operators of critical national infrastructure (CNI) handle cyber threats, said that most of the incidents (51%) reported to it between the beginning of April and end of June came from organisations that do not operate CNI. It said it "processes over 250,000 reports of ‘abuse’ every day".
Most of the incidents those organisations reported were 'attacker infrastructure' cases, where the organisations' own systems, such as a website or IP address, was used to host cyber attacks on others, it said. Weak passwords and unpatched software are security vulnerabilities being exploited by cyber attackers perpetuating these kinds of attacks (20-page / 1.26MB PDF), it said.
"Defending against either of these is simple and straightforward – use strong and unique passwords for administrator accounts and ensure that all software is kept patched and up-to-date, including any plugins that maybe used," CERT-UK said in its first quarterly report.
CERT-UK said that approximately half of the incidents reported to it by operators of CNI during the April-June period stemmed from the public sector (13% of the total) and financial services sector (11%). Organisations in the water, transport, energy and defence industries are among the other organisations said to be operating CNI.
Of all the incidents reported to it during the quarter, UK-CERT said that 27% concerned the use of malicious software (malware) by cyber attackers. It said malware "continues to be a serious threat to businesses" and is likely to continue to be the most common type of attack reported to it.
"Most businesses have anti-virus (AV) products deployed, but that alone will not completely protect businesses from adversaries," CERT-UK said. "We continue to see malware evolving in sophistication to include advanced functionality to evade detection by AV products – which the AV vendors will swiftly move to counter in this long game of cat and mouse. Securely configuring end-point devices, whether desktop, laptop, tablet or mobile can go a long way in preventing malware from compromising your network."
CERT-UK also said that the publicity surrounding the 'Heartbleed' IT security flaw accounted for a "spike" in the number of reports organisations flagged to it about vulnerabilities in their systems during April. Heartbleed "highlighted how important it is to have an accurate inventory of software installed on devices – and to keep abreast of vulnerabilities in that software", it said.