New data obtained by RSM under a freedom of information request has revealed that financial services firms reported 819 cyber incidents to the Financial Conduct Authority (FCA) in 2018, a significant increase on the 69 incidents reported in 2017.

Retail banks accounted for almost 60% of the total number of reports, followed by wholesale financial markets (14%). The increase in reports may also be a sign of GDPR having a positive impact on organisations reporting incidents and not necessarily just an increase in the number of actual attacks.

Incidents were attributed mainly to third party failure (21%) with cyber attacks cited in only 11% of cases (93 instances).

Over half of these were phishing attacks, while 20% were ransomware attacks. Malicious code accounted for 17% of reported cyber attacks, and Distributed Denial of Service (DDOS) for just 11%.

The banking sector relies on digital technology to function. Good cyber security protects that ability to function and ensures organisations can exploit the opportunities that technology brings.

Boards must understand that cyber risk should be managed in the same way as any other business risk, such as physical security or financial risks.

The NCSC has published a Board Toolkit to encourage essential cyber security discussions between Boards and their technical experts.

Sodinokibi ransomware exploits Windows vulnerability

A ransomware strain named Sodinokibi (also Sodin or REvil) is exploiting a vulnerability patched by Windows last year.

Microsoft issued a patch for the vulnerability, a privilege escalation flaw known as CVE-2018-8453, back in October 2018.

Unusually, the former zero-day has been spotted alongside ransomware, rather than other forms of malware. Security researchers have suggested that Sodinokibi is being distributed via a ransomware-as-a-service (RaaS) scheme, rather than being directly distributed by its creator.

Applying security updates (patching) is one of the most important things you can do to improve security. Advice on how to protect your organisation from ransomware can be found on the NCSC website.

Following NCSC’s guidance on Mitigating Malware could also help prevent ransomware/malware infection. 

Cirque du Soleil app reported to be vulnerable

An application for the Cirque du Soleil show, Toruk – The First Flight, is reportedly vulnerable due to a lack of focus on security according to a blog post from researchers at ESET.

The show, which had its final night in London on June 30th, encouraged users to download the app so they could enhance their evening with content such as backstage videos and images.

The app also synchronised devices with the performance so users could experience audio-visual effects based on their seat location. 

However, the app reportedly suffers from a lack of authentication. Using the app would allow operators to issue a series of commands to devices via the open port 6161, but the lack of authentication could have also allowed others on the same public Wi-Fi network the same level of access. The ESET blog post reported that others could ‘scan the network for the IP addresses of devices with an open port 6161, and then send their own admin-style commands to those devices.’

Statistics pulled from Google Play showed that the app had been downloaded more than 100,000 times but it has now been removed from marketplaces.

Cirque du Soleil commented: “Cirque du Soleil has not yet received any notification from its users that they have been potentially affected by the vulnerability issues of the TORUK mobile application.”

Users that have the app still downloaded are still vulnerable so should uninstall it as soon as possible.

Ensuring your device’s security when downloading apps can be a bit of a juggling act for users. The Cirque du Soleil app was available from an official application store, but the NCSC would still encourage users to only download apps from these official stores because issues and vulnerabilities are more likely to be found and resolved. You should also be aware of what you’re allowing an app access to on your device (for example, your camera, contacts etc) and make a judgement call based on whether you are comfortable with that.