Neu Cyber Threats – 5th November 2020
Businesses are being urged to update their systems with a patch from Microsoft. Issued in August, the patch targeted the Zerologon vulnerability, which allowed hackers to compromise Active Directory domain controllers and gain domain administration privileges.
However, many businesses have not yet applied the patch, leading Microsoft to publish instructions on how to solve the problem. Once the update has been carried out, users should identify any devices that may still be vulnerable, address them and enable enforcement mode to ensure their systems are clear.
Ryuk ransomware has been named responsible for a third of all global cyber-attacks.
Cyber-attacks have been on the rise throughout 2020, with COVID-19 causing many to work from home. Cyber criminals have bombarded businesses with phishing scams that convince them into clicking links or opening malicious email attachments containing ransomware.
It is particularly dangerous, as it usually targeted, manual and preceded by Emotet and TrickBot malware. This means it may not be the only malevolent malware lurking on your business’ systems.
A huge 97% of Microsoft 365 users do not have multi-factor authentication (MFA) security measures enabled on their systems. MFA can help ensure a cyber criminal doesn’t break into your system, by providing an extra layer of security for a user.
Upon logging into a system, a user will enter their username and password, but will also have to verify it is them attempting to login. This could be by using fingerprint scanning technology, or often through a code sent to your email or phone number. Even 78% of Microsoft 365 administrators are not using MFA at present.
With many companies seeing an increase in working from home, MFA must be implemented to protect businesses from disaster striking.
For advice on setting up MFA for you business, email us: firstname.lastname@example.org or call us on 01283 753333.
Cyber criminals have been exploiting Microsoft’s Azure App Services. The exploit has allowed them to bypass multi-factor authentication (MFA) and land in a user’s 365 mailbox without the required authentication.
The campaign tricks the user into granting access to a seemingly legitimate looking application, while in reality, they are giving up their account to the hacker. This authentication given, allows the criminal to enter your inbox with the usual MFA.
To counter-act this, Neuways are changing the way in which Azure Apps request permission from customers. We’re forcing the “Admin Consent” required for every App that requests permissions to filter through to us, which will make it a lot harder for a user to be tricked into giving up their account details.
The Wroba mobile banking trojan is targeting victims via text message. The SMS notifies of a ‘package delivery’, luring the recipient into clicking a link. On Android, users are taken to a malicious site which urges them to download a false browser update.
By clicking OK, the user begins downloading a trojan browser package, which causes the malware to install. The iOS version attempts to mimic the Apple ID login page, to steal a user’s login credentials instead, with no malware installed. Wroba is dangerous as it can send SMS’, harvest financial transaction files and display fake phishing pages to steal credentials, among other things.
Many cyber criminals are using social engineering to lure victims into giving them access to their system. Phishing attacks that target specific staff, based on the knowledge of their job roles they hold are on the rise. Social engineering attacks focus on taking advantage of victim’s natural tendencies and emotional reactions to swipe their credentials.
Businesses must try and protect their employees, by informing them of the latest cyber threats and risks associated with their positions. Encouraging staff to report any potentially dangerous emails is critical as it will increase the business’ knowledge of the methods cyber criminals are using to target users.