Neu Cyber Threats – 3rd December 2020
Reports of online shopping fraud have surged by 30% over the pandemic as many of us continue to shop online in light of current COVID-19 restrictions. Figures* show that criminals conned a whopping 17,407 shoppers out of £13.5 million over the 2019 festive period, an increase of over 20%, compared to the same period in 2018.
If you’re purchasing items from an online shop you haven’t used before, do some research first. Ask a friend or family member if they’ve used the website or visit online forums for user experiences before completing the purchase.
Only set up an account if absolutely necessary or if you’re going to use the site in the future. Be wary if you’re asked by the site for details that are not needed for your purchase, such as your mother’s maiden name or the name of your first pet.
If you continue with your purchase, ensure that the webpage where you enter your payment details is secure. This is indicated by the website address starting with “https”. Using a credit card to pay online also means that should the worst happen and your payment details are compromised, your main bank account won’t be directly affected.
*Figures from Action Fraud.
A ransomware named DopplePaymer is being utilised by cyber criminals to cause havoc. In use since June 2019, the malware isn’t going away, although more is being learnt about it.
Initially, it was thought to spread through internal networks via Microsoft Teams. However, it is actually shared by remote human operators, using existing Domain Admin credentials, to infect an entire enterprise network. By sending emails, designed to trick the recipient into visiting a malicious website or open a document, malware is then dropped on their computers.
This then opens up the business’ network to cyber criminals, allowing them to swipe company data, which can cause damaging downtime for businesses. Hackers will then issue their victims with a ransom, usually costing thousands of pounds, for control of their system to be returned to them. If they refuse or do not pay then any compromised data could be leaked online.
To avoid ransomware like DopplePaymer inflicting damage on your business, we would advise ensuring your staff are trained and have strong levels of Phishing Awareness. This will enable them to correctly identify suspicious emails, disposing of them rather than opening them up and exposing the business to cyber criminals.
Social engineering continues to be a threat to businesses. The tactic influences the way hackers try and gain access to your business data, often masquerading their identity to compromise accounts.
On this occasion, domain hosting provider, GoDaddy employees were targeted by cyber criminals and tricked into incorrectly transferring access to several customer websites. This gave criminals the ability to change DNS records, allowing them to take control of internal email accounts. Businesses had their infrastructures compromised, as well as criminals stealing internal documents.
Hackers used complicated voice phishing scams to confuse employees into diverting access from business accounts to them. The scams typically consist of a series of phone calls to employees working remotely at a targeted company. Scammers often explain they’re calling from the IT department to help resolve issues with the company’s email service or virtual private networking (VPN) technology. The goal is to convince the target to divulge their credentials, or to have them manually enter them into a website designed by hackers to mimic the company’s real website – giving the cyber criminals entry into a system in the process.
Neuways recommends regular communication between employees and departments that are working remotely at the moment, to ensure that any of these techniques aren’t replicated within your own business. Never give up your account details, and ensure you verify the identity of the caller or sender in the first instance.
TrickBot malware has been improved to make it more resilient. It follows Microsoft managing to disable existing TrickBot infrastructure back in October, which prevented operators from registering additional command and control (C&C) domains.
However, this didn’t halt the malware for long, as operations continued. The notorious Ryuk ransomware that relies upon TrickBot’s botnet, was unaffected as it continued to disrupt business operations. Multiple updates have increased the trojan’s resilience and improved its reconnaissance capabilities.
The new version of the malware has already been initiated globally, with its reconnaissance tools used to scout future targets for criminals to attack with Ryuk ransomware. Researchers have stated it’ll be difficult for cyber security companies to battle this latest version of TrickBot.
Users are encouraged to be careful while using their computer. By treating websites and communications received with suspicion, it could be the difference between your business being the next target of cyber criminals or not.
Further 2021 cyber-security predictions have hinted at ransomware gangs exploiting zero-day vulnerabilities and extortion practices becoming more widespread in their use.
Advanced exploits will lead to new ransomware variants being developed and used to attack businesses. With the working changes brought into many businesses out of necessity due to COVID-19, cyber criminals have changed the way they operate. Hastily implemented remote work solutions have made some companies less secure. This may prompt more cyber criminals to issue large ransoms to businesses, should they disrupt their systems through a successful DDoS or ransomware attack.
By increasing their revenue, ransomware groups will look to carry out further zero-day exploits, that take advantage of vulnerabilities that even developers are unaware of. This gives them a head-start effectively, with software companies playing catch-up to quickly patch and update the exploits as soon as possible.
With that being said, it remains imperative for businesses to protect themselves over the next twelve months. To ensure your business has adequate cyber-security in light of any changes to your systems, Neuways have our very own Cyber Security Rating report. By securely inputting your company information, a bespoke solution is provided to you FREE of charge. It gives you an indication of what your business is doing right, and where improvements can be made, to help you stay safe and secure, in 2021 and beyond.