Neu Cyber Threats – 19th November 2020
Analysis from Q3 2020 has shown that the usage of Emotet is on the rise, as it is being used with new methods and features that have impacted businesses. The banking trojan, first seen in 2019, is now using QakBot malware as its final payload, while its operators are using new Word document templates to confuse recipients. Password protected archives containing malicious macros are also being used to help bypass spam filters, all of which has led to a 1000% increase in Emotet downloads. The tactics have helped Emotet successfully evade anti-virus software detection, leading to its continued usage by cyber criminals.
The malware often breaches a company through email phishing campaigns, with a user urged to open a malicious link or email attachment through forceful messaging. In doing so, this gives hackers a route into your business’ systems and allows them to swipe critical company data. It’s important that your staff have received Phishing Awareness Training to make them aware of such phishing campaigns and stop their employers from being successfully breached.
Internet of Things (IoT) devices are being targeted by cyber criminals with botnets to launch dangerous distributed denial-of-service (DDoS) attacks. It is thought that connected devices are being exploited due to how tough it is to track down compromised devices behind a botnet. Spam can also be sent via compromised connected devices, increasing their value to hackers.
DDoS attacks can be devastating to a business. The aim is to overwhelm a website with more traffic than a server or network can accommodate, rendering it unusable, before hitting the victim with a ransom to retrieve control. This downtime can cripple a business, it is critical to keep it as reduced as possible to avoid a larger loss of earnings.
A Business Continuity and Disaster Recovery plan can help businesses recover from any kind of downtime suffered. By implementing a plan before the disruption occurs, it can be actioned instantly if a cyber attack, or even natural disaster like a fire or flood, impacts your business. To help create your own BCDR plan for your business, contact Neuways at 01283 753333.
Remote administration tools (RATs) are being distributed via legitimate security software and stolen digital certificates. The attack is limited in scope but can cause disruption to supply chains.
The threat urges users to install additional ‘security software’, through an exploited programme called WIZVERA VeraPort, which is used to integrate and manage internet banking-related installation programmes.
A RAT is then downloaded which instructs malware to perform operations on the victim’s filesystem, before the attackers execute auxiliary tools from their arsenal.
A new tool allows cyber criminals to plant malicious emails into inboxes. The Email Appender tool works to secretly access accounts and exploits a special Internet Message Access Protocol (IMAP) feature to amend a message. As the hacker doesn’t actually send an email over the internet, most email security spam filters would miss the malicious messages, as normally filters would only capture them while the messages were en route to the recipient.
The email security solution Neuways provides through our partner, Mimecast, means that this type of attack would be scuppered, as any emails received are checked not just once, but twice. Before landing in your inbox, each message will have passed through a strict spam filter, and again, if you decide to open and click a link, the email will be checked for its legitimacy, ensuring your systems remain safe and sound.
Phishing email campaigns continue to be on the rise, with Google Drive the latest platform to be exploited by cyber criminals. Users have reported receiving automated emails directly from Google that urge them to open malicious links placed by hackers.
By mentioning a Google user in a Drive document, scammers cause Google to generate a notification that goes directly to the user’s inbox. This trick bypasses spams filters and lands in a user’s inbox ready to find a way into business’ systems. On mobile, a push notification is generated, asking the recipient to collaborate on a document, which contains a malicious link.
To avoid falling victim to phishing email scams, you must remember to check any suspicious communications for any poorly written text or unknown senders, and report any directly to your IT helpdesk.