Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

It’s been discovered that owners of Gmail accounts are being targeted by a customised, malicious Mozilla Firefox browser extension called FriarFox.

The threat campaign was observed in early 2021. The attackers aims to gather information on victims by snooping on their Firefox browser data and Gmail messages, and have the ability to search, read, label, delete, forward and archive emails, receive Gmail notifications and send mail from the compromised account. With their Firefox browser access, they could access user data for all websites, display notifications, read and modify privacy settings, and access browser tabs.

It’s thought that the attack originated in phishing emails first detected in January, with religious organisations being impersonated in an attempt to gain credentials from targets. The emails contained a malicious URL, which featured a false YouTube page (hxxps://you-tube[.]tv/). Rather than the video platform, however, the link sent recipients to a fake Adobe Flash Player update-themed landing page, whereby the downloading of the malicious browser extension began.

The malicious ‘update’ executes several JavaScript files, which profile the user’s system and determine whether or not to deliver the malicious FriarFox extension, which appears to consider the users it targets. Users specifically targeted are those using Firefox and Gmail. The user must access the URL within Firefox to receive the browser extension. If the user is actively logged in to a Gmail account with that browser, then the malicious FriarFox file is successfully installed.

After the download initiated by the fake website, users are prompted to add the browser extension through approval of the extension’s permissions – which claims to be, ‘Flash update components’. Non-Firefox and Gmail users can still be affected though. In one instance, a user who did not have an active Gmail session and wasn’t using Firefox was redirected to the legitimate YouTube login page, after visiting the fake Adobe Flash Player landing page. It was determined that attackers were attempting to access an active domain cookie in use on the site.

Businesses should ensure their employees are regularly engaging with Phishing Awareness Training to ensure they are not falling prone to any phishing emails the business receives. With many companies receiving a variety of different phishing emails on a daily basis, it’s important they are disposed of correctly to ensure the business’ confidential data is kept secure.

Cyber criminals are taking advantage of more businesses migrating their systems to Microsoft 365, by using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials. Almost half of all phishing attacks in 2020 attempted to swipe credentials using Microsoft-related lures – from the Office 365’s enterprise service lineup to its Teams collaboration platform.

Of those phishing emails, 45 percent were Microsoft-themed. Cyber criminals appear to be relying on Microsoft-themed lures for their emails, as well as sending victims links to phishing landing pages that either spoof or leverage legitimate Microsoft domains or services. The remainder of all malicious emails were focused around business email compromise (BEC) attacks or for malware delivery.

The malicious emails have varied in content, from, “Mike wants to share a document with you”, as SharePoint notifies users, or an attached file that gives a website link asking users to login with their Microsoft account credentials. An attack in December used embedded URLs that redirected to fake, never-seen-before Microsoft Office 365 phishing pages. Emails impersonating businesses like eFax, which is an internet fax service that allows users to receive faxes via email or online, were also commonplace.

Other cloud providers, such as Google (such as Google Forms), Adobe and file-sharing services, are the next popular brands cyber criminals are masquerading as to dupe recipients.

To avoid many of these Microsoft-themed lures, Neuways advises that businesses ensure all of their staff are using multi-factor authentication (MFA) to boost their cyber security defences. Rather than requiring one email and password combination, MFA issues a user trying to access their account with a code sent via a secure phone number. This helps to keep cyber criminals from hacking in and exploiting business systems even if they successfully manage to phish an employee for their account credentials.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.