Neu Cyber Threats – 26th November 2020
A report from our Business Continuity and Disaster Recovery (BCDR) partner, Datto, saw 70% of Managed Service Providers (MSPs) rate ransomware as the biggest cyber threat to businesses. Over 1,000 MSPs from around the world gave their thoughts for Datto’s Annual Global State of the Channel Ransomware Report.
Datto also found that the average cost of downtime for businesses has risen sharply by 94% year-on-year – from £105,867 in 2019 to £205,878 in 2020. Business downtime often occurs due to ransomware attacks, initiated through phishing emails successfully breaching businesses, forcing them to shut and lose out on valuable trading time.
Phishing emails topped the list for the most successful attack vector, with a lack of cyber security education, weak passwords and poor user practices also a threat to businesses. 62% of MSPs said their clients’ productivity was impacted due to attacks, while 39% said their customers suffered business-threatening levels of downtime due to cyber attacks this year.
A popular messaging application has had a major security fault exposed. Users of Go SMS Pro have seen sensitive information such as their personal phone number, home address and bank details leaked. The problem seems to stem from Go SMS Pro uploading every media file you send to the internet, and making those files available with an unauthenticated URL.
When sending a photo or information to another user of the app, the content shows directly in the message – but still has a publicly accessible link on the internet.
Worse still, the links generated by Go SMS Pro have a sequential and predictable address, making it easy for anyone to look at content you’ve sent, just by changing parts of the URL. If you’re using the app, we would advise you to stop immediately, as the developers have not given a clear response as to whether this flaw will ever be fixed, which could potentially leave your sensitive data open to the eyes of the world.
Users of the recent Mac OS software release, Big Sur, could have been exposed to cyber criminals due to apps which bypass content filters. The 50 Apple applications are exempt from firewalls, which has led to some security researchers labelling them as, ‘liabilities’. The problem is that threat actors could take advantage of the application privileges, and bypass firewalls, giving them direct access to people’s systems and their sensitive data.
For now, if you are a Big Sur user, it would be best to use as few of the apps as you can, to avoid your data being compromised by cyber criminals. A fix from Apple may be issued in the near future to solve the problem.
COVID-19-related attacks and an increased use of ransomware have been predicted to continue into 2021. It is thought that ransomware will evolve and adapt to defence tactics, as cyber criminals look to disrupt businesses at a strategic level. Remote working due to the COVID-19 pandemic sparked a huge rise in ransomware attacks this year, with hackers finding new ways to breach systems and steal company data.
“Double extortion” also looks more of a threat to businesses. When businesses lose data to hackers, they can often be the subject of ransoms of thousands of pounds in order to retrieve their data or access to their system. If they then fail to pay, their data could be sold via the Dark Web to more cyber criminals – leading to further headaches.
It’s still believed that fake password reset lures will be the more common way of trying to trick users through email phishing campaigns. While COVID-19 themed scams have been observed, it is thought the pandemic will be utilised more through social engineering, with emotive messaging used to try and persuade people in to giving information away.
Whatever comes next in 2021, it’s important your business has a plan to protect itself. If you want to explore ways to protect your company from cyber harm, contact us at Neuways, by calling 01283 753333 or emailing firstname.lastname@example.org.
Social engineering tactics are continuing to cause businesses havoc, as cyber criminals utilise them in their latest campaigns. A trend seen often this year, socially engineered hacks see a more patient approach taken by attackers.
Hackers learn of employee tendencies during long periods of covert spying, sometimes up to a year in length. During this time, malware is planted and data is exfiltrated to remote servers, allowing the criminals to compile lots of company data.
This can lead to critical downtime, especially in manufacturing businesses. If a business cannot successfully operate its systems for any space of time, then they simply may not be able to operate. One way to reduce downtime as much as possible is by having a Business Continuity and Disaster Recovery plan in place.
With a BCDR plan ready, businesses are ensuring that extensive back-ups can be implemented if a disaster occurred, be it natural – like a flood or fire – or a carefully orchestrated cyber attack. By reducing any downtime and getting systems up-and-running as soon as possible, businesses with a BCDR plan give themselves the best chance of surviving a cyber attack.
Credential-stuffing approaches continue to take advantage of users who reuse the same passwords across multiple accounts. By not having strong password security, users are opening themselves up to their accounts being exploited. Attackers will often use email addresses and passwords stolen from another company data breach, to try their luck and see if they can access accounts.
This could lead to fraudulent usage of consumer accounts, but also spell trouble for businesses. If an employee uses the same password for every account they hold, then it could leave companies battling to protect their systems from unwanted visitors.
Companies must ensure an effective password policy is in use within the workplace and encourage the use of a Password Generator tool. Users have a complex password generated for them, effectively rendering credential-stuffing attacks as ineffective, by ensuring more safe and secure passwords are in use.
Well researched spear-phishing campaigns are targeting businesses around the world. The PlugX malware loader has been updated to carry out remote data theft or take control of affected systems without authorisation. The malware can copy, move, rename, execute and delete files, as well as logging keystrokes and more.
Spear-phishing is a form of social engineering, and attempts to dupe businesses. The aim is to come across as a trusted sender, while infecting targeted devices with malware or exploiting users for information or money.
We would advise you to report any suspicious emails to your IT helpdesk upon delivery in your inbox. Never open an email you’re unsure of, and share knowledge of any phishing emails you’ve received with colleagues, to alert them of any ongoing or common threats.
For more on Phishing Awareness, visit our dedicated section here: https://www.neuways.com/phishing-awareness-training/.