NCSC Threat Report – 30 September 2022

Launch of DCMS 2023 cyber security survey of UK organisations

The Department for Culture Media and Sport (DCMS) has now started the research for its latest survey of UK businesses, academia and charities to understand the cyber security issues they face.

Organisations are selected randomly and the survey is a chance to contribute to research and work that will inform UK government cyber security policy and how the government works with organisations to keep UK businesses safe online. Participation is voluntary and conducted over phone interviews by Ipsos on behalf of DCMS.

Threat activity attributed to Iranian IRGC in joint international advisory

US advisory on cyber threats to ICS and OT systems

The US agencies CISA and NSA have published an advisory relating to the threats against Industrial Control Systems and operational technology (OT), called ‘Control System Defense: Know the Opponent’.

It recognises the specific threats and challenges these systems face and includes mitigations for organisations to protect networks.

The NCSC also has cyber security guidance on operational technologies. 

Attackers’ use of domain shadowing technique

A report by Palo Alto (Unit 42) researchers indicates that the technique of domain shadowing, a form of DNS hijacking, may be more widespread than previously thought.

Here an attacker compromises the DNS of a legitimate domain – without modifying the DNS entry – to host their own subdomain, and create malicious pages on the attacker’s own server.

These malicious pages are valuable to an attacker, who can use them to make phishing sites, command and control (C2) servers look more legitimate to evade detection and presenting a real threat

The research shows 12,000 cases in web scanning between April-June 2022, with VirusTotal marking only 200 as malicious.

The NCSC has guidance for organisations on actions to help defend against phishing attacks, as well as other protective measures, through 10 Steps to Cyber Security.