Neu Cyber Threats – 7th January 2021
2021 is under way and further predictions have been made about the dangers of ransomware. A number of different areas have been highlighted for businesses to be aware of to ensure they remain cyber-safe this year and beyond. In 2020, the number of ransomware attacks jumped by 350% when compared to 2018, with downtime and the size of ransom payments also increasing by 200% and 100% respectively, over the same period.
Cybercrime groups are using pressure tactics to trick their victims into giving away their critical company data. This involves the use of urgent, emotive messaging to convince victims to act quickly. Social engineering is regularly used too, which sees cyber criminals manipulate their way into a business’ systems through claiming false credentials. While IT departments can lead efforts to prevent such attacks, through an increase in employee-awareness training and consistent back-ups, ransomware attacks have remained frequent as they carry a strong success rate. They vary from the likes of Ryuk, Egregor and Ragnar Locker, with each malware constantly evolving to keep companies on their toes.
Paying a ransom isn’t necessarily the end of the matter either. While criminals will often request thousands from victims in order for them to retrieve access to their systems, they may still retain confidential company data and sell it on the Dark Web to fellow criminals. At Neuways, we suggest ensuring your employees are involved in regular Phishing Awareness Training. This will help them to think safely when dealing with potentially corrupt communications, and help protect your business, as they will often be the first line of defence. Call Neuways on 01283 753333 or email us at firstname.lastname@example.org, to discuss further ways in which we can help meet your business’ cyber-security needs.
A Windows tool is being taken advantage of to encrypt data against a user’s will. BitLocker is a legitimate tool that has been compromised and used by hackers to encrypt core servers at companies across a range of industries. The attacks are financially-motivated and aim to leave victims with no choice but to pay a hefty ransom fee to retrieve their data.
The attack itself is odd as BitLocker is usually used as part of data protection guidelines by a user to secure their own data. It addresses the threats of data theft and exposure from lost, stolen or decommissioned computers. Microsoft has yet to address this unforeseen use of the tool with an update. It seems as though cyber criminals found their ways into a system, usually through email phishing campaigns, before using BitLocker to effectively steal and prevent a user from accessing their own company data.
We would advise ensuring your systems are regularly updated and set-up to receive automatic updates. This means that when a Microsoft update is issued, your business’ systems will be secure and less vulnerable to any future compromises.
Cyber criminals have kicked-off 2021 by carrying out socially engineered mobile phishing attacks. Attackers masqueraded as employees of T-Mobile and contacted customers, prompting them to share their login credentials. This was carried out via text or phone calls, making it a dangerous dual threat of a mobile phishing campaign.
It provides a stark reminder that if you are approached by someone claiming to be a supplier or customer, you must go out of your way to verify the identity of the person. If not, your business could fall victim to a similar scam to this one.
Mobile phishing represents one of the biggest security blind spots for individuals and enterprise security teams alike. Many are aware of email phishing scams and the dangers they pose, but mobile phishing is just as dangerous. Remember to never open a suspicious looking communication, look out for poor grammar and report anything strange to your MSP.
A phishing campaign is targeting financial service customers, with emails threatening a suspension of services unless a hefty ‘fine’ is paid. Emails have been received that ask potential victims to either confirm their banking credentials or pay a €455 fine in order to regain access to their ‘frozen’ bank accounts. The communication contains a button that will take the user to a convincing, but fake login page designed to steal their bank account credentials.
This specific campaign relies on users entering their credentials manually, but it is among many phishing attacks circulating at the moment to try and trick users into installing banking malware. This occurs by duping the user into opening an attached Microsoft Office document. This document, when opened, asks the user to “enable content”, which causes a macro to install malware on the user’s computer.
You’re advised to keep software up-to-date, especially if you are a user of older versions of Microsoft Office – as these run macros automatically rather than requiring user confirmation as above. It’s also worth being being careful about the source of your downloads when installing new programmes and updates to your system. Remember to only use official sources and web pages, via direct links. Third party downloaders and peer-to-peer networks should be avoided as their legitimacy cannot be confirmed.
A severe Windows zero-day bug has led to complete desktop takeovers, amid a failed fix from Microsoft, leaving systems open and vulnerable.
The bug could allow a cyber criminal to install programs, view, amend or remove data, or create accounts with full administrative rights. The local privilege-escalation bug in Windows 8.1 and Windows 10 (CVE-2020-0986) exists in the Print Spooler API.
The attacker would first have to gain access to the system, but could then initiate an application to take over the affected system. The issue was spotted at the start of 2020 and despite an update issued in June, systems remain vulnerable to the bug.
Microsoft said of the problem: “The issue arises because the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code.” It’s expected a new patch will be distributed in January 2021 to end the issue once and for all.