Heightened cyber risks and vigilance due to escalating Ukraine situation

We are sure you are all aware of the invasion of the Ukraine by Russian troops this week. The impact is clear from the TV, Papers and internet information feeds and our thoughts go out to all impacted from the conflict. Please be mindful there is a less publicised impact to not just those in the Ukraine, but globally.  The Ukraine was hit by a plethora of Russian based cyber-attacks to support the progression of the physical conflict this week, namely “ESET” dubbed the nasty Win32/KillDisk.NCV. It’s understood the code not only wipes files from drives, it also destroys the Master Boot Record, making booting and recovery difficult or impossible thereafter.

It is easy to imagine the disruption this causes a government entity and currently it’s reported that the Ukraine Ministry of Foreign Affairs internet presence has been taken offline, this also has an impact to the population who may have relied on their internet devices to keep up to date with the conflict and risks in the region.

Although the exact delivery mechanism for the Malware has not been reported, it will without doubt most likely be in one of the many usual, or a multi-pronged “several at once”, mechanisms that are most commonly deployed.

  • Phishing Emails
  • Malicious web links
  • Deployed scripts and executables by leveraging vulnerabilities in devices

This means now more than ever we need to be extremely vigilant in managing our cyber devices and presence.  Remember your devices are most likely “always” connected to a network and this is a gateway malicious actors are trying to exploit constantly, currently there is an increased malicious cyber activity in Europe and America as a direct result of this conflict.

You can assist by:

  1. Being extra vigilant when opening emails
  2. Being extra vigilant when browsing the web and only visit known or trusted websites
  3. Do not click weblinks unless you are 100% sure they are safe or trusted
  4. Do not download any attachments, files, or software unless you are 100% it is safe or trusted
  5. As soon as your PC asks for a reboot after patching vulnerabilities – Reboot ASAP!

 

Below are some useful tips and what to watch out for to avoid being the victim of a Phishing attack.

What is email spoofing / phishing?

Spoofing and phishing emails are both types of malicious emails with the intention of causing harm.  However, they are not the same – and it is useful to know the difference.

“Spoofed” emails will appear to be from a trustworthy source – perhaps a service provider, or senior colleague.  They will often include official-looking signatures, and a message suggesting that an attachment or link needs urgent attention, overdue bills, or urgent forms.  In most cases, this attachment or link, once downloaded, will execute a malicious file designed to damage your computer or applications, whilst propagating through the network.

“Phishing” emails on the other hand will usually provide a link to a bogus website designed to look official, where the end-user is required to enter sensitive account information, such as bank details or credentials for email accounts.

 

How can you spot malicious emails?

These emails can vary in sophistication – some are obvious, and easy to spot, whereas others may be more difficult.  As a rule, if you receive a suspicious email, you will be able to ascertain whether it is genuine by following these steps:

  • Hover over the sender’s name and take careful note of the email address. Check that the domain name is correct, and there aren’t any misspellings
  • Be wary of attached files. If the message has a “.exe”, “.scr”, “.zip”, “.reg” or “.bat” file attached, consider this a red flag
  • If you receive an email from an organisation requesting urgent payment of an invoice, consider first whether this is something you expect
  • If in doubt, contact the sender by phone or email (ensuring the email you’re replying to is correct) to confirm whether the email is genuine

 

What action is required when you receive malicious emails?

If you believe you have received a malicious email, please follow the guidance below to assist NHS Mail in improving it’s filtering processes:

Using the NHSmail Portal (Outlook Web App):

Step 1 – Forward the email to spamreports@nhs.net as an attachment for virus analysis and central trend monitoring:

  1. Click on the Spam Email in the reading pane to select it
  2. Click on the New mail icon in the top left of the screen
  3. Drag and drop the spam email from the email list into the body of the new blank email
  4. Type spamreports@nhs.net in the To: field
  5. Enter the appropriate subject text
  6. Note: It is recommended that you use spam, phishing or malicious depending on the type of email you are reporting
  7. Click send

Step 2 – Permanently delete the suspicious email (bypassing the deleted items folder)

  1. Select the suspect email from your email list.
  2. Hold down the ‘Shift’ key and press the ‘Delete’ key.
  3. Click ‘Yes’ to confirm if a warning dialogue appears.

Using Microsoft Outlook:

Step 1 – Forward the email to spamreports@nhs.net as an attachment for virus analysis and central trend monitoring:

  1. Select the suspect email from your email list.
  2. In the Outlook ribbon in the respond area, select ‘More’ and then select ‘Forward as Attachment’.
  3. In the email window that opens add spamreports@nhs.net as the recipient in the ‘To field’.
  4. Click the ‘Send’ button.

Step 2 – Permanently delete the suspicious email (bypassing the deleted items folder)

  1. Select the suspect email from your email list.
  2. Hold down the ‘Shift’ key and press the ‘Delete’ key.
  3. Click ‘Yes’ to confirm if a warning dialogue appears.

If you suspect your PC or laptop has become infected, please turn off your device, remove the power and network cable and then report it to the CRC (service desk).