|
|
|
Threat Assessment and Cyber News November 2023 |
|
Look out for stuff!! That’s often the summary of what we tell you in these newsletters.
And most of you are quite cautious, but this month we’re going to broaden your horizons on what to look out for. Let’s move the conversation beyond emails, and look at some recent trends.
We’ll start with LinkedIn.
It’s easy to search for people according to where they work and what they do, and get into their networks. This presents a quick and easy way to appear legitimate. Thereafter, Linkedin posts can send you directly to a website address, and the platform can also be used to send attachments. We’ve been reading of people being sent client proposal documents (particularly in the marketing sector) or job applications as below, which when downloaded actually lead you to malicious software. One of the things that this software can do is to enable your LinkedIn account to be fully taken over… and of course, once your account has been compromised, it’s a great launchpad for sending out malicious material to all of your network too.
|
|
|
We suggest that you consider double-checking via other routes when you’ve been sent attachments on social media. Be careful about who you connect with. Also, look out for unexpected filetypes – it’s unlikely for example that a single document will actually arrive as a ‘.zip’ file.
There are some good examples of sample scam communications from researchers at ESET and Cluster 25 researchers at https://blog.cluster25.duskrise.com/2023/10/25/the-duck-is-hiring and https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-aerospace-firm-with-new-lightlesscan-malware/ - or search with a few key terms if you prefer to find the articles direct.
For similar reasons, you need to be aware of messages on other platforms: our next example relates to Facebook (Meta). Again it’s marketing companies who are the targets, and in this case study criminals have not only hacked their account, they’re also then used it to pay for a lot of nefarious adverts to hook other people into downloading malware. There are some good ways to protect yourself, outlined in the article: multi-factor authentication, being very vigilant about the type of files you click on, and (as best practice) considering the use of a password manager.
https://www.gdatasoftware.com/blog/2023/10/37814-meta-hijacked-malicious-ads
Lastly, we’re going to mention the instant messager channel ‘Slack’. You can call yourself what you want on this platform. Researchers from Push Security have developed some great examples where they’ve called themselves Jeff Bezos, or Mark Zuckerberg… which sounds a bit far fetched, but now replace it with a senior role from your own organisation or network. You can also connect with someone and subsequently change identity, so that the message arrives looking more trustworthy. There’s some really interesting examples that Push have put together, but the summary would be: be very careful, beware of links, and look out for unexpected tags of any kind after a user’s avatar. If you’re in security, we recommend this article for a review – would you have covered the necessary bases? https://pushsecurity.com/blog/slack-phishing-for-initial-access/
Updates
Now to something else: updates. Hopefully, you understand that they’re important, and you’ve set everything to automatically update. Ask us if not, and you’re unsure. But WordPress websites, which a lot of businesses use, can be quite vulnerable, because they tend to use separate modules for bits of functionality, and these aren’t always promptly updated. Which means they can be more easily compromised. Researchers at Guardio have tracked the following screen being added to innocent websites… and the link takes your visitors off to download damaging software. Two things here: firstly, make sure your website is regularly updated. If you don’t know how that happens, ask your web designer, or you can ask us to check – we can get our Cyber PATH team to review basic website security for a fixed £150. Secondly, look out for messages like the below, and instead, make sure that you update your browser automatically, so that it’s always on the latest version. The article from Guardio is quite technical but can be found at https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16 |
|
|
|
Repelling Attacks
And lastly: a note of reassurance. Last year, Microsoft were saying that basic security measures would repel 98% of attacks. In this year’s Digital Defence Report, they’ve raised the figure to 99%. So doing simple things really can help you.
They also state that 70% of human-operated ransomware (where your computer is locked until you pay a ransom) happens to organisations of under 500 people. And most of it originates on unmanaged devices. So if you’re a smaller business, knowing what the threat looks like, and avoiding it, is an essential part of your security.
You’re welcome.
https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
|
|
|
Special Offer for Members
SWCRC are members of a number of business organisations. The Federation of Small Businesses (FSB) is one of them: a national, not for profit membership organisation – and they’re working with us to make their offer available to our community.
There’s a discount, and potentially a free security check in it for you.
FSB’s services are aimed at smaller business owners who often don’t have a big back office infrastructure to help them to operate effectively. With benefits from free 24 hour advice and free business banking, to compensation for jury service and help with debt collection, there is something to make life easier for busy business owners.
They provide a wide range of free networking events and webinars, a Knowledge Hub with hundreds of jargon-free articles, guides, training opportunities and more. They have local teams throughout the region, and regularly post about new grants and support schemes.
SWCRC is pleased to be able to offer a 5% discount to join FSB through our bespoke discount code SWCR5, with normal joining costs starting at £195 for small businesses. Plus, we’re offering a free web assessment to the first 20 new members who join using the code.
If you’d like to find out more about FSB membership please contact Rajan.Naran@fsb.org.uk to set up a chat… and if you do join them, let us know and we’ll talk to you about getting a free first step web assessment sorted for you. It normally costs £150, and will give you a quick and easy report on how secure your website is.
|
|
QR Code Quishing Attacks
Phishing is one of the most prolific cyber attacks that takes place every day. Often when you receive a phishing email it contains a malicious attachment or a link to a dangerous website which wants to steal your username and password. As companies and people are becoming more cyber aware, cyber criminals are changing tactics.
A recent rise in the use of QR codes rather than links or attachments has been seen in phishing attacks – sometimes referred to as ‘quishing’ attacks. One of the biggest dangers of this new tactic used in phishing attacks is that a potential victim does not know what website a QR code will take them to until they scan it. Another issue is that QR codes are harder to detect than links by email monitoring programmes that attempt to filter out potentially dangerous messages before they ever reach your inbox.
Security software such as Microsoft Defender can check and block dangerous links in phishing messages so that you don’t get tricked into clicking them. However, it can’t (yet) check the validity of QR codes. Because of the rarity of the use of QR codes in legitimate emails, you should be suspicious of any message you receive that contains one. Phishing messages you identify should be reported immediately to help protect yourself and others from further attacks – use the ‘report phishing’ button in Outlook.
For more information about ‘quishing’ and how to protect you business, read the full blog post from Cool Waters Cyber’s Cyber Coach team:
https://www.cybercoa.ch/blog/qr-codes-now-used-in-phishing-attacksnbsp
|
|
Charity Cyber Essentials Awareness Fortnight
Do you work for a charity or volunteer as a Trustee? We need to let as many charities as possible know about this support in place to help charities protect themselves from cyber crime.
Charities are a treasure trove of data - and often lack the resources to defend themselves. By achieving Cyber Essentials, charities will strengthenm their processes and systems, as well as being able to show their commitment to cyber security.
Please share this link with any charities you are involved with. Thank you.
https://iasme.co.uk/cyber-essentials/cyber-essentials-for-charities |
|
|
Join us on Nov 9th: Cereal & Cyber Security
30 minutes of informed cyber discussion to kickstart your day! Ross Brown talks to Mark Faithfull, cyber security consultant at Cool Waters Cyber, one of our Cyber Essentials Partners, about his road to cyber certification and how that can help SMEs with their cyber security.
Book here. |
|
|
Share the ♥ with your connections
We are working hard to build cyber resilience in the South West - that's every charity, business or education provider. We need your help to do that!
Could you recruit one more organisation to join our community?
Forward this email to a few people, with a note to recommend us. (link to do this is at the top of the email) ,send the link to our membership page to your connections, put a post on LinkedIn or send it out in your own newsletter. Whatever you do, please do it before your busy life takes over again.
Thank you, we appreciate your help. |
|
Latest update from RCCU
South West Police Regional Cyber Crime Unit newsletter covering Cisco IOS XE devices, protective DNS for schools and events in the region. Click the image to see the October newsletter.
|
|
|
Could you take part in a survey to help a PhD Cyber Security Consultant?
“Investigating the Perceptions of Top Management in UK Small and Medium-sized Enterprises (SMEs) Regarding Cyber Resilience Development Through a Hybrid Strategy Involving Internal Measures and Outsourcing to Managed Service Providers (MSPs).”
Your contributions are invited for this survey being collated by Aneesha Doal, who is actively seeking the participation of small business owners for primary data collection.
In her efforts to gather valuable data and make her research as comprehensive as possible, she needs to connect with small business owners willing to share their experiences and insights on Cyber Resilience. Have your say and share your thoughts, whatever your level of experience.
Please contact Aneesha by email at doala2@uni.coventry.ac.uk or by phone at 07530719087
|
|
|
|
This email was sent by South West Cyber Resilience Centre. © 2023 South West Cyber Resilience Centre. Joint Emergency Services Building, Wimborne Road, Poole, Dorset, BH15 2BP
Contact us: enquiries@swcrc.co.uk
If you want to stop receiving these monthly threat assessments, please update your preferences.
If you no longer wish to be a member of SWCRC you can unsubscribe |
|
|
|
