Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

Microsoft users are being targeted by cyber criminals, as part of an ongoing attack to steal their Microsoft 365 credentials. Businesses have received thousands of emails over the past few months as part of a phishing campaign which leverages a fake Google reCAPTCHA system and landing pages that include the victim’s company logos.

Over 2,500 emails have been unsuccessfully sent to senior employees in the banking and IT sector’s among other industries. The communications initially take recipients to a fake Google reCAPTCHA system page – the service helps keep websites safe from spam and abuse by using a test to tell humans and bots apart. Once victims “pass” the reCAPTCHA test, they are then redirected to a phishing landing page, which asks for their Microsoft 365 credentials.

It is thought that the criminals are targeting those in senior roles, with titles such as Vice President and Managing Director, as they are likely to have a higher degree of access to sensitive company data. These would then fall into the hands of these cyber criminals, allowing them to cause disruption to businesses.

The phishing emails purport to be automated emails from victims’ communications tools, which tell them they have a voicemail attachment. For instance, one email tells users that they must, “REVIEW SECURE DOCUMENT”. When the victim clicks on the attachment, they encounter the fake Google reCAPTCHA screen, which contains a typical test, a checkbox the user must click that says, “I’m not a robot”. The landing page then has a Microsoft login screen with different logos from the companies which victims work at, showing that the cyber criminals have done their homework and created customised landing pages to dupe their victims into making a mistake. Victims are asked to input their credentials into the system, before receiving a message telling them that the validation was “successful” and they are finally redirected.

We would advise to check the web address of any landing page you are sent a link or redirected to. The phishing pages associated with this campaign were hosted using generic domains such as .xyz, .club and .online, which are typically used by cyber criminals in spam and phishing attacks.

Over the past 12 months incidents of mobile adware nearly tripled as businesses had to implement emergency working from home measures. It found that while mobile threats have dipped slightly over the past year, criminals have focused on the quality of mobile attacks versus mass infections.

2020’s leading mobile threat type was adware, accounting for 57% of attacks. Fortunately, for users, adware is more of a nuisance to the user experience by placing adverts across the user’s screen, as opposed to ransomware, which is able to steal credentials and company data. Risk tools came second, with 21% of attacks, while trojan droppers and mobile trojans each represented 4.5% of attacks and SMS-based trojans saw the least amount of usage, bringing in 4% of actual mobile criminal activity. Risk tools are potentially dangerous or unwanted programmes that are not inherently malicious, but are used to hide files or terminate applications and could be used with malicious intent. Interestingly, though, adware was the only attack that saw a rise in the amount of usage in 2020.

Businesses should not take mobile cyber attacks lightly. Some employees use mobile devices to carry out work duties, and so have access to business hard drives, cloud operations and information that would be of interest to cyber criminals. The Ewind adware is thought to have been the originator of nearly 2 million Ewind.kp Android installer packages issued within legitimate applications, such as icons and resource files. These seemingly safe downloads are readily available at trustworthy third-party Android application sites. This isn’t the case for Apple users, as the platform’s closed hardware and software ecosystem poses unique challenges for criminals.

Even though they weren’t the top attack of choice for cyber criminals, there were over 150,000 installation packages found for mobile banking trojans in 2020. This suggests criminals were placing a larger emphasis on targeting user’s banking information, as more had to switch to online/mobile banking, due to the COVID-19 pandemic restricting in-person banking options. Researchers are concerned at whether there is a link between the large rise in adware and malware. Adware helps in obstructing the removal of malware from a mobile device, as well as allowing access privileges on a device, placing adware in the system area and make the user unable to remove them without outside help.

For mobile device users, they are encouraged to check their devices for any errant applications or programmes. If they are experiencing adware, then it might be an appropriate time to restore their device. This could help aid them in removing the adware, which may have been delivered in the downloading of an application.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.