Neu Cyber Threats – 29th October 2020
The notorious ransomware strain, Ryuk remains one of the largest threats to businesses. The latest attack saw a cybersecurity business hit. This proves that a business within any industry or size could be targeted by cyber criminals.
Ryuk has been used frequently recently, with attacks taking only 29 HOURS to infiltrate a business through phishing emails and cause a complete system lockdown. It has been known to encrypt PCs, storage and data centres, before sending the data back to a remote access point and wiping itself from a system, removing any trace of it ever having been present.
Ryuk is just one of many threats that businesses have to be aware of at the moment, but it is one of the most lethal. Making sure your staff can spot damaging email communications is incredibly important, with so many working from home and away from the social office.
Our Phishing Awareness page can help give your business advice on what to look out for in phishing email scams, or if your business requires further in-depth phishing awareness training, you can call us on 01283 753333.
Thousands of Microsoft Teams users are being targeted by a new phishing campaign. An automated message that claims to be from Teams, instead steals the recipient’s Office 365 login details upon opening it.
Users receive a ‘missed chat’ notification, which urges them to click through to a link, opening up their system to cyber criminals. This is a particularly large problem at the moment, as the number of monthly Teams users has more than doubled between 2019 and 2020, from 32 million to 75 million.
Teams has been a critical tool for businesses who have more staff remote working than ever before. The communication methods it offers have been important in linking colleagues together through video and audio calls, as well as its text messaging.
To avoid any issues within your business, we would recommend notifying your colleagues of this scam as soon as possible.
A fake Google Update is deceiving users into downloading ransomware to their systems, as the latest campaign used by an active hacking group. The notorious Seedworm collective masks a downloader, called PowGoop, under the premise of the Google Update. What the user doesn’t realise, is that they’ve really downloaded a piece of malware to their system.
The destructive Thanos malware infiltrates the system through the update, before causing havoc. The malware has been noted for being capable of evading IT security systems, monitoring for attached storage devices and the ability to overwrite the master boot record (MBR). The downloader appears to have been used to attack businesses across industries such as technology and telecoms, among others.
It’s important to double-check the validity of any updates you are requested to make, whatever the source. Look out for poorly formatted messages and blurry company logos as indicators and check with your IT support desk, to avoid any unnecessary risks.
Six new malware variants are causing Mac users trouble. Apple’s authorisation process was introduced in macOS 10.15 (Catalina), and blocks malicious code before it does any harm. The latest threat, related to the OSX.Shlayer malware family, was hidden through JPEG image files. This appears to have tricked the authorisation operation, while cracked software has been used to distribute it.
Cyber criminals have ensured that users won’t be alerted to the malicious code within their system, as the software including the malware has been modified to remove restrictions such as registration requirements. This means there’s a significantly higher chance victims will install Trojan horse malware which has sneaked through Apple’s authorisation process undetected.
Spam emails containing the Emotet malware are now attempting to trick Microsoft Office users with a false Word update. Earlier in the year, the cybercriminals behind Emotet created false invoices and COVID-19 notices, to catch users out. A sense of urgency is often used in the wording of communications, as it is designed to push users into clicking a link and installing the malware.
The current campaign sends mass emails out, with malicious Word documents attached or a link inside the email. Users are then prompted to ‘enable content’, which executes the malicious macros, downloading and installing Emotet in a user’s Local App Data folder.
Emotet is dangerous because it is enables cybercriminals to install other types of malware including Trickbot and QBot onto a victim’s computer. These types of malware both attempt to steal passwords, banking details and other information stored on a user’s computer.
To avoid becoming victims, users should carefully check their emails and not open messages and especially attachments from unknown senders.