Neu Cyber Threats – 29th April 2021
The National Cyber Security Centre (NCSC) have published an advisory stating a malicious piece of spyware – known as FluBot – is affecting Android phones and devices across the UK.
This attack works by installing a dangerous piece of spyware onto a victim’s device, when they open a text message and install a tracking app. The message plays on the high number of parcels being delivered as a result of lengthy lockdowns and shop closures. The call to action in the text message states that the tracking app must be downloaded due to a ‘missed package delivery’.
The tracking app is in fact spyware that steals passwords and other sensitive data from the users device. It will access contact details and send out additional text messages, further spreading the spyware to known contacts of the user – all without their knowledge.
The text message requests that victims click a link which sends them to a scam website where users will be encouraged to download an app.
Users of Apple devices are not currently at risk, as this scam only targets Android users, although the scam text messages may still redirect them to a scam website which may try to steal personal information from the Apple device.
If you receive a text message that looks suspicious or that you aren’t expecting:
- Do not click the link in the message, and do not install any apps if prompted.
- Forward the message to 7726, a free spam-reporting service provided by phone operators.
- Delete the message.
If you are expecting a DHL delivery, you should visit the official DHL website (track.dhlparcel.co.uk) to track your delivery – and the same applies to any delivery you are expecting – visit the official couriers website for delivery updates. Do not use the link in the scam text message.
To avoid text message scams, do not click any links that look suspicious. Use a different, independent device to verify the sender and if you are uncertain, do not open or click and delete immediately.
If you have any questions about how to further protect mobile devices as part of your business’ cyber security policy and strategy, contact Neuways Cyber Experts today on 01283 753 333 or via email at firstname.lastname@example.org
Cyber-attack hackers threaten to share US police informant data
A Russian hacker group have carried out a successful Ransomware attack on a US State Police Department and UK companies can expect to see similar attacks very soon.
US media report that Washington DC’s Metropolitan Police Department has said its computer network has been breached in a targeted cyber-attack – which now successful, is likely to be witnessed across the global in coming days and weeks.
A ransomware group called Babuk is reportedly threatening to release sensitive data on police informants if it is not contacted within three days.
This ransomware will scramble computer networks and steal information as Washington DC’s Metropolitan PD has reported unauthorised access on their server.
It is not clear if the attackers managed to lock police out of their systems during the breach.
Babuk is a Russian-speaking ransomware group that emerged earlier this year. They have claimed responsibility for the Washington PD attack with proof coming in the form of screenshots posted on the dark web and shared on social media.
Babuk claim to have a sufficient amount of information from the police department’s internal networks.
The head of UK-based cyber-security consultancy Bridewell Consulting, James Smith, said a risk remained for companies and organisations even if a ransom was paid.
With ransomware attacks, the data has probably been stolen already, before it was encrypted, and the likelihood is that the data will be sold on the Dark Web or stored by the hacker to reuse to cause even greater disruption.
Earlier this month, Babuk reportedly targeted the Houston Rockets basketball team with ransomware and claimed to have accessed documents including player contracts and financial data.
A spokeswoman for the Houston Rockets, Tracey Hughes, said that while the group had accessed some information, it failed to install its ransomware because of a security system in place.
Last week, a Russian man in the US pleaded guilty to plotting to extort money from the electric car company Tesla. He planned to use ransomware to steal company secrets for extortion, prosecutors said.
Be AWARE! Babuk will start to target UK businesses and organisations very shortly, if they aren’t doing so already and they mean business! If they are able to gain access to your systems and plant Ransomware on it, they WILL steal, encrypt and trade your sensitive data and files. They mean business and keeping them at bay is essential to avoiding disastrous downtime in your business.
If your business is hit with a ransomware attack you will need 2 things – Experts on speed dial to help you minimise the impact of the attack AND a Business Continuity and Disaster Recovery system that can roll back access to before the attack so you can continue to work with minimal downtime whilst the problems are resolved. For both of these things in one monthly fee, contact Neuways today to discuss their Disaster Recovery as a Service (DRaaS).
COVID-Related Phishing Attacks Return to Mid-Pandemic Heights
Throughout the pandemic, the cyber criminals have consistently kept pace with societies mood, fears and vulnerabilities. They have been looking for the best aspects of the COVID situation to get the attention of individuals and businesses alike.
Scammers know exactly how to press the buttons of their potential victims at just the right time. For example, the current concern is around vaccines and according to some experts:
- Vaccine-related phishing attacks rose by 530% from December 2020 to February 2021
- Phishing attacks targeting pharmacies and hospitals rose by 189% during that same timeframe
Throughout the pandemic, phishing attacks have adapted and changed to exploit the state of the potential victim’s concerns, fears, needs and hopes.
The number of new phishing URLs in February 2021 reached a similar level to that of August 2020 – the height of some of the largest COVID cases seen.
More attacks but how are they being executed?
Microsoft 365 accounts remain the number one target for phishing attacks, with 23% of COVID phishing URLs impersonating logon pages to steal credentials
The bad guys know their audience well and they can adapt and change their tactics as needed so that you’ll fall for their scam.
Neuways recommend businesses arm ALL current Microsoft 365 users with information on the latest scams, themes, and social engineering methods through continual Phishing Awareness Training. Ongoing training and awareness raising will ensure your users, data and systems are not vulnerable to the criminals messaging.
Criminals are exploiting new technology to launch updated versions of old attacks – new targets for old, successful phishing scams. We are urging everyone to be particularly aware of threat actors (criminals) who are sending spear phishing emails to staff that impersonate real employees within an organisation.
Cyber experts at Neuways know this is one of the hardest forms of phishing attack to protect against. When there are a plethora of targeted emails coming in that look like they are from your trusted colleagues and partners, diligent staff want to act on them promptly and efficiently – but they are in fact bad actors posing as employees you may know within your network.”
As the pandemic continues to put people ill-at-ease with uncertainty, the attackers are putting more effort into making their social engineering techniques extremely convincing.
Neuways is witnessing sophisticated attempts by the hackers and criminals to build trust or relationships with our customers employees. The cyber criminals have even posed as suppliers and have created scenarios to engage with experts within companies.
The biggest threat during the pandemic to businesses comes from criminals exploiting the situation by sending malicious versions of remote work and collaboration tools – particularly Microsoft 365 emails with links to documents or to login screens that look entirely plausible, especially if they appear to be from a colleague you are working closely with.
We have also found that text message scams are also growing more widespread.
As we become a society that prefers to communicate via text messages (in any form; SMS, WhatsApp, Facebook Messenger etc.) people are becoming extremely used to communicating very confidential information via text. This then becomes another vulnerability for the criminals to exploit.
Neuways recommends ALL staff receive ongoing phishing awareness training to ensure the threat is kept front of mind as any business’s cyber security protection measures are only as strong as the weakest link and if an ill-informed member of staff unwittingly clicks a link, the criminals are in and the damage is done. Don’t become a victim of phishing attacks, start phishing awareness training with Neuways today.