January 21 st 2016 Intelligence Briefing NOT PROTECTIVELY MARKED
Current Threats Investigation Update Based Viruses – Protect Yourself Incident Response Methodologies Action Fraud Reports from the South West Region PBX Dial Through Miscellaneous CiSP New non-protectively marked briefing NOT PROTECTIVELY MARKED
Investigation Updates: The South West Regional Cyber Crime Unit has recently completed an investigation into a series of extortion demands linked to the Ashley Madison website compromise. A number of victims from around the region came forward after receiving an extortion message demanding bitcoins/ Western Union payments. No payments were made and no information was released The SWRCCU has also seen a rise in reports of ‘sextortion’ offences where victims are persuaded to perform intimate acts over social media platforms like Skype and are then asked to make a payment to avoid the footage being distributed to family and friends. Should you be the victim of an extortion demand, you are advised not to pay – it is unlikely that any footage will be released and it is highly likely that your details will be shared with other criminals and you will be targeted with further demands. Report all incidents to NFIB and consider calling your local police force. NOT PROTECTIVELY MARKED
Investigation Updates continued.. Further steps you should follow to reduce the chances of becoming the next extortion victim online include: Choose a username that doesn’t let everyone know who you are. Don't include your surname or any other identifying information such as your place of work either in your profile or when you first make contact. Remember that overtly sexual, provocative or controversial usernames could attract the wrong kind of attention. Keep contact details private. Stay in control when it comes to how and when you share information. Don't include your contact information such as your address, home address, or phone number in your profile or initial communications. It is impossible to get back information once you have given it away. Stop communicating with anyone who attempts to pressure you into engaging in sexual activity online or pressure you into providing personal or financial information or who seems to be trying to trick you into providing it. Be wary of opening attachments from someone you have only just met. NOT PROTECTIVELY MARKED
Based Viruses – How to Protect Yourself: The main form of delivery for viruses and malware is via spam . Spam , also known as junk or Unsolicited Bulk (UBE), involves nearly identical messages being sent to numerous recipients. The s contain disguised links or attachments that, when clicked on, download malware. It is important to protect yourself and prevent any kind of infection. Malware aims to steal your login credentials, personal and financial details and take over your computer. It is not only your Windows PC that can be infected. Your smart phone, tablet computer, Apple Mac OSX, Linux and any other computer-based device is susceptible to infection. Be cautious of files attached to s. In particular: Word documents (.doc,.docx), Excel documents (.xls,.xlsx), Powerpoint documents (.ppt,.pptx), RTF documents (.rtf), PDF files (.pdf), Visual Basic files (.vbs,.vbe). NOT PROTECTIVELY MARKED
Based Viruses – How to Protect Yourself: Fake s can be very persuasive and even contain your real name. Some will offer money or other advantage. If it sounds too good to be true, question it. If you rarely use macros within Microsoft Word, Excel and PowerPoint, it may be worth disabling macros in the options. This would prevent malicious macros automatically executing in an Office document. Have anti-virus software installed and updated to the latest version. If you suspect a fake , try searching the subject line or some content from the body of the in Google. If it is a known phishing campaign then many forums and security websites will already have it listed. Delete the and attachment. If you suspect that you have been specifically targeted by malicious s then report it to Action Fraud. NOT PROTECTIVELY MARKED
Incident Response Methodologies: Many organisations will experience some form of cyber attack, whether it is an attempted phishing attack, denial-of-service (DDoS) attack or an infected network infrastructure. But what steps do you take after an attack? It is important to have Incident Response Methodologies (IRM) in place, particularly for some of the most common attacks, such as DDoS. By following a plan you can ensure that the attack is dealt with correctly, information is secured and the incident is reported to the right people. The Cyber Emergency Response Team (CERT) publish very detailed IRMs which are highly rated. If your organisation does not have any IRMs in place, it is worth considering these to inform your plans and response. All 15 are available to download securely from the following URL as PDF documents: NOT PROTECTIVELY MARKED
Hacking PBX/ Dial Through We have received reports of two PBX/Dial through attacks on businesses based in Bridgwater and Plymouth. The telephone systems were compromised and premium rate numbers called resulting in financial losses of £ and £1, respectively. In order to prevent yourselves becoming the next victim: Use strong pin/passwords for your voic system, ensuring they are changed regularly. If you still have your voic on a default pin/ password change it immediately. Disable access to your voice mail system from outside lines. If this is business critical, ensure the access is restricted to essential users and they regularly update their pin/ passwords. If you do not need to call international/ premium rate numbers, ask your network provider to place a restriction on your line. Consider asking your network provider to block outbound calls at certain times e.g. when your business is closed. Ensure you regularly review available call logging and call reporting options. Regularly monitor for increased or suspect call traffic. Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down! Speak to your maintenance provider to understand the threats and ask them to correct any identified security defects. NOT PROTECTIVELY MARKED
CiSP - Cyber Crime Threats Shared The Cyber Security Information Sharing Partnership (CiSP), which is run by Cert-UK, is an information sharing platform used to share and publish cyber crime threat information. The aim of the platform is to allow members to take remedial action and modify their organisations to prevent cyber attacks. If you would like to join the CiSP then please sign up at and contact us as we can sponsor you. A regional South West CiSP is in place and will formally launched in May 2016; more details will be shared in due course. NOT PROTECTIVELY MARKED
Additional Briefing Dissemination This document has been given the protective marking of NOT PROTECTIVELY MARKED and may be disseminated outside law enforcement with no restriction. If you know anyone else who would like to receive this, please send us their address and we will add them to the distribution list. Any comments or queries please South West Regional Cyber Crime Unit at: NOT PROTECTIVELY MARKED