News from SWCRC

|  Send to a Friend  |  Add to Safe Sender 

email header

Threat Assessment and Cyber News

September 2023

We’re delighted to send you our latest threat and news update, all of which aims to keep you safer. It’s a quiet one. We’re not sure if that’s because the cybercriminals have been sunning themselves (unlikely..?), or simply that those who monitor them are taking a breather. As ever, we’ve included what we feel are the relevant headers from the last month. We try hard to indicate the bits that are relevant to small and sole traders, but also that might help some of our larger and more technically-aware community members. Enjoy. 

What's Happening?

A number of ‘trend’ reports have come out over the last month, helping you understand what to look out for. The headlines:

A number of ‘trend’ reports have come out over the last month, helping you understand what to look out for. The headlines:

  • If you’re wary of attachments (well done!) it’s HTML and compressed (.zip) files that are most frequently being used to circulate viruses right now. Office documents, less so. Javascript, PDF and .txt files are also worth extra vigilance, according to analysis by VirusTotal. If you get something unsolicited, it’s always worth checking with the sender by phone first. Today, we were sent someone’s CV, unsolicited, by a recruitment agency we’d not had previous contact with. Curiosity didn’t get the better of us. Would the same be true of you and all your team?
  • Phishing emails (with attachments/ links), and simple scams, are probably the things to be most on your guard for at the moment, judging by a report from cyber company Avast. By ‘scam’ we mean simply telling fibs – perhaps sending you a personal email to say that we’ve compromised your organisation’s data. Or that we’ve used your camera to film you doing compromising things. Pay us some money, please, ideally without checking?  
  • The world of cybercrime is getting busier.  One response company (Rapid7) noted a 69% increase in business in the first half of this year. They assess that lots of the breaches are down to simple things. Like not having multi-factor authentication in place. Or having easily-guessed passwords. Which is why we always say: no matter how complicated this stuff sounds, you can do little things that will make a huge difference.

If you want to find out more, you can access the reports either via the hyperlinks below, or by putting a few of the relevant words directly into your search engine. 

RAPID7 Mid Year Threat Report 2023

Avast Q2/2023 Threat Report - Avast Threat Labs


virus total

Image from the VirusTotal analysis

Showing you not just which attachments are being misused most frequently, but also how that’s changed over time. 


Pop Up Windows

Are you a bit wary of pop up windows in your browser? Hope so. You might not know, but it’s possible to configure the content of these entirely… so that, for example, a fake web address is shown at the top. So I could take you to – for example – a very legitimate looking login page for your accounts. These ‘browser in browser’ attacks can lure you into clicking somewhere that downloads something, or just giving up your credentials. This month we spotted details of an attack using TripAdvisor popups. It demanded a ransom to let you back into your systems, but when analysed, there was no way for the criminals to see which victims had made a payment. Which makes it unlikely that they’d ever actually take the effort to restore your data. 

More detail and some screenshots here.

NCSC Early Warning Service

Are you registered for the National Cyber Security Centre’s early warning service? Worth looking at – they’ll let you know if their investigators find something being widely exploited which they can see your systems would be vulnerable to. Details here. . We mention this because this month they also co-authored a report into the most commonly-exploited vulnerabilities of 2022. Found via the link below, although it’s a primarily technical read and aimed at those who manage security. What’s striking is that some of the entries are unchanged since the previous year – in other words,  people haven’t applied updates, and are therefore still being attacked.

Shadow IT

We wanted to signpost some new National Cyber Security Centre guidance on ‘shadow IT’, which you can find via your search engine or at Shadow IT is, broadly speaking, unmanaged devices or services – things you might not know are using your network. It could be the internet-linked devices that a staff member or building manager has brought in, it could be unmanaged services like unapproved messaging services with no monitoring in place, or external cloud storage services to share files with third parties. Many of us find workarounds when IT doesn’t work for us, and that presents a risk. It’s worth reading the guidance, and looking at what ‘shadow IT’ you might have in place in your business or charity. As the article makes clear, you’ll only reduce this risk if you engage fully with your users, understanding and responding to what they need, and not blaming them. 


Are you still careful when a file asks you to enable macros? Good. It’s happening less now, because Microsoft have taken some preventive measures, but this used to be a great way for criminals to bring malicious software onto your network. If you’re a bit more technical, you’ll be interested in this report which sets out how PDF documents are now being generated to look like word documents, and bypassed anti-macro protections. If you’re not , that’s fine - just keep on being circumspect! 

Recent Breaches

Breaches this month - little of concern to report, but we did want to mention the breach of electrical commission registers, affecting as it does every citizen registered to vote in the area. There is a limited amount of data which has been compromised – primarily names and addresses which may already be in the public domain – and the Information Commissioner’s Office has assessed that the breach does not present a high risk.

 If you want more detail, you can find it at or via search.

Last Chance!

Thanks to all who recently completed our survey. 

We’re really grateful. 

We’re going to be arranging some webinar content about how to respond to a cyber attack, because that was a consistent ‘ask’ from you. We’ve also sent individual information to a bunch of people who said that they didn’t know enough about Cyber Essentials, or the Police Cyber Alarm scheme, and we’re shortly reshaping our website so that you can find our previous content (webinars/ blogs/ guidance) more easily. If there’s more you need, you can always drop us a line, but we’d love it if you were able to take five minutes to complete our short survey here. It really does help. Also, we feel quite reassured that we’re on the right track, because 70% of you say that we’re an excellent source of information, and 90% of you say you’re likely or very likely to recommend us. Thank you so much.    

One For The Experts

Lastly, one for the experts. CVE-2023-3519 is a code injection vulnerability affecting Citrix NetScaler servers, and resulting in unauthenticated remote code execution. It is now being reported that a threat actor has compromised around 2,000 servers. The vulnerability was a so-called ‘zero day’, and in the period before patches were applied, it appears that webshells have been deployed and systems remain vulnerable. If you are running one of these servers, it is certainly worth checking your own situation: a scanner for indicators of compromise has been developed by Mandiant and citrix, and is available here 

New Collaboratiuon with Ratcliffes Insurance Brokers

SWCRC is delighted to announce a collaboration with Ratcliffes Insurance Brokers, of Cheltenham, who are supporting us in our efforts to look after cyber resilience across the region. They have a vested interest in regional Cyber security having headed up their local Chamber of Commerce for 30 years, with a growing number of technology companies from the Cheltenham region coming to their door.

We know that insurance can be an important part of your business protection, and we are always keen to forge links with local companies who can provide services which complement our own offer, and we think that there is a synergy with our work and that of cyber insurers like Ratcliffes.

Ratcliffes are a Cheltenham-based company, set up in 1976 and with a proud history of personal service for their clients. They have a range of cyber insurance products available, and can help and support you through the application process, ensuring that you have the right cover in an area which can be daunting, and complicated. They are more than happy to speak to and answer questions on cyber matters with no obligations at all, as well as for other insurance services, and you can contact them on .  

Whilst SWCRC doesn’t recommend individual suppliers directly, we think that it’s very much worth you considering whether you have the right levels of protection in place. Ratcliffes are happy to offer a free consultation to any SWCRC members and you can find out more about the company and their offer at .


Newsletter from South West Police RCCU

Click the logo to download the latest newsletter from the RCCU.


Contact Us

This email was sent by South West Cyber Resilience Centre. 

© 2023 South West Cyber Resilience Centre. 

Joint Emergency Services Building, Wimborne Road, Poole, Dorset, BH15 2BP 

Contact us:

If you want to stop receiving these monthly threat assessments, please update your preferences.

If you no longer wish to be a member of SWCRC you can unsubscribe