This month is Cyber Awareness Month so there is no better time for local government in the South East to review their cyber risk amid a greater number of attacks on organisations. 

,According to Cisco the most common cyber attacks are:

Malware: a term used to describe malicious software, including spyware, ransomware and viruses. Malware is usually triggered by a user clicking a suspicious link or an email attachment that installs software. Once on your system malware can; block access, install harmful software, covertly gather and transmit information or disrupt components and renders the system inoperable.

Phishing: is when fraudulent communications are sent that appear to come from a safe source, usually this is via email. Phishing is is often used to steal sensitive data like credit card information or to install malware on the victims machine.

Man-in-the-middle attack: MiTM attacks are also know as eavesdropping attacks. The attacker aims to insert themselves into a two-party transaction, after which they can filter and steal data.

Two common entry points for MiTM attacks are:

1. Via an unsecured public Wi-Fi – attackers can insert themselves between the visitors device and the network, without knowing, the victim then passes all information through the attacker.

2. Once malware has breached the device, the attacker can install software to process the victims information.

lDenial-of-service attack: This type of attack floods systems, servers, or networks with traffic to exhaust the resources and available bandwidth. As a result the system is then unable to fulfill legitimate requests. Attackers often use multiple compromised devices in this attack, in this case it is know as a distributed-denial-of-service (DDoS) attack.

SQL injection: this occurs when an attack inserts malicious code into a server which uses SQL (Structured Query Language) and forces the server to reveal information it ordinarily would not.

Zero-day exploit: this attack hits after a network vulnerability is announced but before a patch or solution can be implemented. The attacker will target the vulnerability during this window of time, which means zero-day vulnerability threat detection requires constant awareness.

DNS Tunnelling: this utilises the DNS protocol to communicate non-DNS traffic over port 53. It sends HTTP and other protocol traffic over DNS. There legitimate reasons to useDNS tunnelling, however, there are also malicious reasons. They can be used to disguise outbound traffic as DNS, concealing data that is typically shared through an internet connection. For malicious use, DNS requests are manipulated to exfiltrate data from a compromised system to the attacker’s infrastructure. It can also be used for command and control callbacks from the attacker’s infrastructure to a compromised system. (from cisco.com)

Protecting your organisation

The National Cyber Security Centre (NCSC) provides a wealth of advice and guidance on reducing cyber risk for organisations in the UK, and is also provides incident response to minimise harm to the UK.

For effective support with cyber resilience join the South East Warning, Advice and Reporting Point group – SEGWARP.

SEGWARP is one of a number of groups around the country designed to bring together information security officers from local government. The aim is to provide a one-stop shop for early warning, information sharing and best-practice advice around the latest cyber-security threats.

We run SEGWARP in conjunction with a specialist WARP manager. We also have the co-operation of the LGA, other WARPs around the country, local resilience forums and specialist organisations such as the local Regional Organised Crime Unit (ROCU). Membership is open to all public sector organisations in our region.

Keeping on top of the huge volume of system vulnerability information is very time-consuming. SEGWARP offers members the opportunity to receive early-warning notifications. And, as importantly, the chance to come together to discuss challenges and share best practice in a confidential and trusted environment every two months.

In summary, a WARP provides:

• Safe space to talk and share with peers: support, advice
• Access to information & knowledge: expert speakers from government and industry
• Intelligence sharing: timely alerts on threats, incidents
• Collaboration: projects and policy development
• Representation – the collective voice

We have 40 member authorities, why not join them by contacting us now.