|
|
|
Threat Assessment and Cyber News October 2023 |
|
We’re starting this month’s update with an example of how malicious software gets onto your machine, as highlighted by cyber company Proofpoint. It starts with something called ‘typosquatting’, where a very similar web address to the real one is used.
This
month we became aware of a website for the legitimate password manager Bitwarden,
hosted instead at a Bitwariden address (spot the difference?). As a user, you might arrive there because of an inadvertent typing mistake in your search bar, or more probably because an advert, link or email has sent you there direct. Just as you might use advertising or SEO techniques to climb search rankings, criminal groups do too. You download a software package from their site, and it’ll come with additional functionality.
This time, it’s the collection of detail about your operating system and settings, which is passed back to a cybercriminal, with the potential to send more intrusive software once a foothold is established. It’s always worth double checking where you’re downloading software from, and heading direct to the site that you’re after. More detail at https://www.proofpoint.com/uk/blog/threat-insight/zenrat-malware-brings-more-chaos-calm. |
|
|
SWBC Cyber Resilience Conference
Last month, we ran a regional cyber conference, and were lucky enough to hear from Microsoft’s Director of Security Teams, Paul D’Cruz. We’ve recorded Paul and our other speakers, and you can find them online via CrowdComms if you’re interested.
If cyber leaves you a bit bemused, Paul made a really interesting point. Microsoft assess that five simple fixes can cut out 98% of cyber breaches. Get two factor authentication in place, update your systems, and do some basic cyber hygiene. More detail of their ‘bell curve’ findings here. https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report-2022
Building Cyber Security
Talking of simple things – ever heard of password spraying? It’s where criminal targets as many accounts as they can in an organisation, sending in a commonly-used password for each. It only needs one person to be using “Password” or the company name for your organisation to be compromised. In this case, they’re highlighting that the attack is becoming more prevalent, and particularly that it’s being used by sophisticated nation state attackers.
But the route in is, as so often, unsophisticated. https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/
Some apps for you to delete. Youtube, for starters. . Don’t panic, this is an unofficial YouTube app
that you may have downloaded from unofficial sources and
which allows others to take control of your cameras, take screenshots of what
you’re doing, modify your files and override your system settings. Most of us
have YouTube preinstalled nowadays, but if you just downloaded it, please check
you did so from an official app store, which runs checks.
That said, you’ll
also want to delete the Signal Plus Messenger and FlyGram apps, both of which
contain malicious code and were found in official app stores by researchers
from cyber company ESET. Google Play removed them promptly, although the
Samsung Galaxy store didn’t do so.
Further detail on both stories at
https://www.bleepingcomputer.com/news/security/apt36-state-hackers-infect-android-devices-using-youtube-app-clones/ .
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
You’re alert for scam emails – phishing – right? We like to show you a couple of the latest techniques, to keep you up to speed. The first is a word document which arrives via email, but appears blurred. You’re asked to interact with it – on this occasion, by clicking on a ‘captcha’ box. This then initiates the download of unwanted software which steals credentials. We’ve seen these blurred images in more than one attack lately, so brief your teams to be on the lookout.
The second phishing exercise is actually done through Microsoft Teams which again is a new route to consider. It comes from an outsider to the organisation, but in this case is suggesting that employee leave has been cancelled – just the kind of thing that might cause them to click on a document to find out more. It’s important to note that emails aren’t the only route in to your systems – be wary of unexpected attachments from unsolicited sources. |
|
|
|
|
|
|
Cyber Fraud
This month we spotted an insurance cyber update from Coalition. Whilst it contains a fair chunk of marketing material, it usefully highlights that fraudulent transfer of funds is still your most likely way of losing money digitally. Often, this can take place via compromise of an account. That being the case, think carefully about who is able to make or change payments for your organisation, what security there is on their systems, and what policies and checks they are required to conduct beforehand.
https://info.coalitioninc.com/rs/566-KWJ-784/images/Coalition_2023-Claims-Mid-Year-Update.pdf
Microsoft Policies
And finally, to end as we began – some simple things to up your cyber security. We’ve come across a really useful list of Microsoft policies which your organisation can activate to help prevent attacks. You just need to switch them on: and whilst this might be a bit beyond you if you’re a sole trader with very little idea about IT, it’s worth asking whoever provides your software licences if they can help. And if you’re a managed service provider and haven’t come across this list yet, you should take a look: and (we suggest) get onto it for your clients.
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation |
|
Share the ♥ with your connections
We are working hard to build cyber resilience in the South West - that's every charity, business or education provider. We need your help to do that!
Could you recruit one more organisation to join our community?
Forward this email to a few people, with a note to recommend us. (link to do this is at the top of the email) ,send the link to our membership page to your connections, put a post on LinkedIn or send it out in your own newsletter. Whatever you do, please do it before your busy life takes over again.
Thank you, we appreciate your help. |
|
South West Blockchain Community
One of our collaborators, Cryptegridy, are taking a leading role in convening the South West Block Chain community, and if you’re interested in finding out more about this subject, spaces are free (but limited). Details are below, and there are some very professional speakers. Worth considering, particularly if you’re involved in the cyber community.
More details Email: admin@cbsecurity.solutions |
|
|
Latest SWCRC Webinar - Cyber Incident Reports
When we ran our
recent survey, several people said they wouldn’t really be sure what to do in
the event of a cyber attack. So we’ve just run a webinar to walk you through
the process. If you were unable to join us, you can find a recording at/ keep
on eye on our YouTube channel at, where we’ll be uploading it shortly. And if
there are ever aspects of cyber that you’re unsure about, please drop us a
line, and we’ll do what we can to develop some helpful content |
|
|
|
This email was sent by South West Cyber Resilience Centre. © 2023 South West Cyber Resilience Centre. Joint Emergency Services Building, Wimborne Road, Poole, Dorset, BH15 2BP
Contact us: enquiries@swcrc.co.uk
If you want to stop receiving these monthly threat assessments, please update your preferences.
If you no longer wish to be a member of SWCRC you can unsubscribe |
|
|
|