Norsk Hydro, one of the largest global aluminium manufacturers, has suffered a significant ransomware attack.

The attack affected operations in several of the company’s business areas, including their production, operations, and communications functions.

Following detection of the problem, Hydro isolated all plants and operations and switched to manual operations and procedures. The company also ordered employees to refrain from logging into computers.

The company has said it has data backups ready to help restore systems once the virus had been dealt with.

The attack took down the company’s website, however they were able to use Facebook posts to continue to communicate with their customers, the general public and the media.

They have reportedly detected the root cause of the problem and are working to restart IT systems. However, a statement notes that “Hydro still does not have the full overview of the timeline towards normal operations, and it is still [too]early to estimate the exact operational and financial impact”.

The Norwegian National Security Authority (NSM) has said that the attack used a virus known as LockerGoga, a relatively new strain of ransomware.

The NCSC has published guidance on how to protect organisations from ransomware. There are also steps that organisations can take to reduce the likelihood of malware infection.

If you become infected with ransomware, the National Crime Agency encourages industry and the public not to pay the ransom.  

Netflix and AMEX customers actively targeted by phishing campaigns

The Office 365 Threat Research team have discovered two active phishing campaigns targeting Netflix and AMEX customers.  

The phishing campaign targeting Netflix customers uses a “Your account is on hold” subject line in the email, creating a sense of urgency which is likely to catch victims off-guard.  

The link redirects to a realistic looking downloadable form designed to collect and exfiltrate credit card information and billing information 

The AMEX campaign tells customers that their online access has been blocked and they need to verify their identity. Customers are then redirected to a page requesting personal and credit card information, including their mother’s maiden name and card PIN number 

Any organisation dealing with personal and financial information is at a higher risk of being targeted. The NCSC has published 15 good practice measures for the protection of bulk personal data.   

In order to mitigate the risk of phishing attacks, people should be vigilant around any message that purports to be from an organisation they deal with – whether banks or businesses. This is particularly important when emails ask for unexpected personal or banking details or contains mistakes, attachments or links. The NCSC has advice on how to spot a suspicious email. 

The NCSC strongly encourages anyone who believes they have been a victim of this or other similar activity to report it to Action Fraud.  

Members of the public may also find the NCSC’s top tips for staying secure online useful. 

Microsoft products most consistently targeted in 2018

A report has found that Microsoft products were the most targeted during 2018. Eight out of the top ten vulnerabilities last year affected their products  

Phishing, remote access trojans (RAT) and exploit kits were amongst the methods affecting them.  

The report, published by Recorded Futureobserved that the use of exploit kits has dropped due to the use of more targeted attacks and a shift towards to more secure browsers and specific victim targeting. 

In 2017, Microsoft products were affected by seven of ten vulnerabilities. Adobe Flash Player was also heavily targeted in 2015 and 2016.