A joint international advisory has been published aimed at supporting organisations against malicious cyber activity.

‘Technical Approaches to Uncovering and Remediating Malicious Activity’ is a joint publication issued by the US’s Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre, the New Zealand National Cyber Security Centre and CERT NZ, and the Canadian Communications Security Establishment as well as the UK’s NCSC.

The main purpose of the advisory is to highlight technical approaches which can help uncover malicious activity and use best practice to create mitigation plans. The advisory is aimed at organisations including Critical National Infrastructure (CNI).

The full advisory can be found on the CISA website.


Business Email Scammers want more, more, more

The financial sums that cyber criminals are asking for following the use of business email compromise (BEC) scams has risen to an average of $80,000 per attack, according to a report published this week.

The report, published by the Anti-Phishing Working Group (APWG) in the US, highlights a rise from a previous average of $54,000 in the first quarter of 2020. The report is based on evidence from organisations from the cyber security industry, government and law enforcement.

BEC scams usually begin with a phishing attempt in which a scam email is sent to a company’s employee. The idea is to trick them into paying a fake invoice or paying money into the attacker’s account.

These kinds of attacks are pretty common and it’s important that organisations put cyber security at the top of their priority list. Putting defences in place to ensure employees are supported in the event of a phishing attack should be high on any agenda.

The NCSC has published guidance for organisations looking to protect themselves from phishing attacks. There’s also specific guidance for more targeted attacks against senior executives which is often called ‘whaling’.