Welcome to the third week of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

The Ryuk ransomware strain has plagued businesses since 2018, and recently it has been revealed that it can take down a system in just 29 HOURS. This is from the initial phishing email to complete system takedown.  

Upon opening the first email, malicious software is installed that covertly carries out reconnaissance, with data being exfiltrated to remote servers. Attackers then start making lateral movements, fully taking over, before handing their victims a ransom demand to retrieve control of their systems. 

This is a dangerous phishing attack with a potentially lethal ransomware in it. To avoid falling victim to it, makes sure all of your staff are aware of the dangers to look out for when using email communications. You can direct them to our free Phishing Awareness page to help them spot a phishing email or we can arrange some bespokein-depth phishing awareness training. Call us on 01283 753333 to arrange.

Distributed denial-of-service (DDoS) attacks send a wave of sustained internet traffic to a system, sometimes as high as 200Gbps. This renders the system unusable, creating periods of downtime which can cost a business hundreds of thousands of pounds in lost revenue. Hackers then issue victims with a ransom, to compound the issue.

Ransom demands, combined with DDoS attacks, have seen a huge rise, tripling in the last quarter of 2020.

Phishing email scamPhishing email threats have continued to bombard businesses. The most common being those containing Microsoft branding which instantly lull the recipient into a false sense of security. With many companies utilising Microsoft’s 365 suite and apps such as Teams to facilitate remote working, these are a huge opportunity for the cyber criminals.

Poorly rendered company logos and bad grammar are often giveaways that it is a fake phishing email. The email addresses impersonating the company are also a strong indicator that there is something amiss with these communications 

If you receive an email with any of the above, do not open itIf you do, you may be giving the keys to your business’ systems over to cyber criminals. 

If you’ve ever signed into a website using your Facebook or LinkedIn account, you’ll be aware of having to authorise access before successfully signing in.  

The latest attempt to trick users into giving away their account login details is through consent-app attacks. Victims are asked to authorise access via a legitimate looking Microsoft 365 app requestwhich upon doing so allows hackers to open their emails 

Microsoft 365 users should remember to only grant access to valid app publishers, such as Outlook for mobile devices. 

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.