2)  Man-in-the-middle attacks

Also on the subject of fake emails and clicking in the wrong place: this article may be of interest to the more expert in our cyber community. For the rest of us, it shows how a scammer can bypass even two factor authentication, prompting you to enter your own password to log into a system whose details – including the one-time passcode – are then stored on the scammer’s own computer. It’s called a man-in-the-middle attack. The limiting factor with this method is that it has to be highly targeted. I’d need to create a bespoke link for every individual that I want to compromise. But that might well be worth doing if I were trying to compromise a company owner, finance director or the like. The takeaway message is that whilst 2fa has always been and remains one of the most important things you can do to bolster your security, cybercriminals will always be working to find a way around. So stay vigilant about unexpected requests to log on to any system, particularly when they arise as a result of a link.

3)  Typosquatting

We’re hearing increasing reports about so-called typosquatting attacks, where a spurious website is created and manipulated towards the top of the search rankings. These websites are often used to offer free software which is actually malicious. This might be for things like a free video player, antivirus software, or printing tools. There’s a whole industry around this: you can actually create your own malware, and then get it onto a site like this on a ‘pay per click’ basis, if you don’t have the SEO skills to get to the google front page by yourself!  Our advice is to go via recognised app stores wherever you can, and if you have the ability, to restrict what users can download to company computers.   Last month, the HP threat team The HP Threat Team identified a campaign in which a false Windows 11 installer has been seen to distribute malware called RedLine Stealer, via a site that looked like a windows upgrade downloader. An image appears below (don’t visit it!). This malware can collect information from some  web browsers, including logins, passwords, autofill data, cookies, and personal submitted information including credit card numbers.

 

 4)    Threat actors

Also of interest this month was a report from BT intelligence services that there is a rise in the number of threat actors seeking collaborators on the inside of companies. Some are willing to pay more than £10,000 for access to sensitive networks. Others are taking advantage of vulnerable employees, preying on them via dating platforms before coercing them. As cyber security gets better, insiders are a good way to bypass your protective measures. So our advice is to always ensure that your people can access only the information that they need, and make sure they know that they have ways to report concerns to you safely. 
 
 
5)    VirusTotal and log4j updates

Lastly, before we come to this month’s breaches of interest, a couple of items of interest for our more expert members. VirusTotal is essentially a community-based tool that lets experts exchange thoughts on the safety of files, and some work by the team behind@malwrhunterteam recently has called its methods into question. Essentially, they were able to mark malware as safe by providing a string of positive reviews, and there is minimal checking on the veracity of users who may give themselves reputable-sounding titles. Worth being aware of, and exercising caution. And in the world of log4j, security company Morphisec, have identified threat actors using a customised public exploit for the Log4j vulnerability to take over Ubiquiti network appliances running on the UniFi software. Although a patch was released quickly, the assessment is that a number of Ubiquiti customers have yet to apply it. If this is you, or someone that you know, get updating. 

6) Breaches

In this month’s breaches, there are several that might affect you. Your basic minimum response if not aware already is to change your password on that site and any others that use it; to implement two factor-authentication where the facility exists, and to be aware that future contacts from the company ought to be thoroughly checked out, rather than taken at face value. Worth following these reports up directly with the company, if you’re involved and they’ve not already contacted you.

*  Parasol, a company that provides PAYE payroll services for around 28000 contractors via its parent company Optionis, has suffered a breach whose extent is not yet entirely clear. More detail here if you’re worried and think that you might be affected, but it looks likely that there could be a host of information from personal details and bank details through to more comprehensive company accounting details. 

*  A company called Onfido which provides the facility for others to receive secure information has been subject to an insecurity. Onfido say that this is about the improper deployment of their tool, but as a result, Europcar, Chip (a UK saving app) and FxPro Direct have had user data leaked. It is thought to include passport details, driving licences and ID cards. 

*  Element Vape – a vaping site, surprisingly -  has found an active credit card skimmer on their site. If you’re a customer, stay alert for suspicious transactions, and if in doubt, contact your bank. 

*  The British Council have suffered a breach which includes personal data for almost 150,000 students. Detail includes names, usernames, email addresses, and study notes. 

*  And lastly, the Internet Society (ISOC) has identified a breach of membership details affecting thousands of people. Data exposed includes full names, addresses, gender, login details and password hashes. 

   

 
Supply chain: Is your security entirely in your hands?

You can never be 100% certain that your suppliers have a strong security posture—more often than not, you can only take them at their word. But there are ways to minimise the risk.

What does a supply chain threat look like?

Let’s look at NotPetya. The origin of the biggest global cyberattack to date, was the widely-used Ukrainian accounting software, M.E.Doc. The developers of that software had poor cyber security measures in place, which enabled Russian-State actors to infect their servers—once a user updated their software, they were also infected. This attack resulted in the loss of millions for businesses globally, including the world’s largest shipping company, Maersk—the seemingly simple installation of M.E.Doc software on one computer at Maersk’s office in Odessa, caused a company-wide outage.

The key point here is that M.E.Doc was a trusted supplier for most businesses in the Ukraine because the software was used to interact with Ukrainian tax systems. When we trust a supplier, we often don’t question what security measures they have in place, sometimes to our own detriment. 

Addressing supply chain security

Regardless of whether IT or procurement (or some other department) is responsible for supply chain security, it’s the consistent approach that’s vital. So, how do you consistently assess the level of risk each supplier brings? Much will depend upon criticality. If your payment portal is hacked, that’s a major operational disruption that could cause loss of income and reputation damage. But if your external recruitment company is hit and you need to engage a new recruitment firm, it’s an inconvenience but won’t cripple your business.

At a basic level, the process of assessing the level of risk should include considering:

• The criticality of the supplier (i.e., Do your core operations depend upon this supplier?)
• Their access (e.g., Are you sharing data with the supplier? Do they have access to your systems? 

Once you have established the supplier risk levels, you will need to:

• Define your own security requirements (i.e., What assurance do you want from high, medium and low risk suppliers?)
• Determine how the supplier can best demonstrate compliance with your requirements (e.g., onsite security audits, completion of a security questionnaire, proof of Cyber Essentials certification)

What happens if something goes wrong?

You’ve put in place your own controls, and criteria for your suppliers, but what happens if something goes wrong and your supplier is breached, resulting in your organisation being compromised? You’ll need a comprehensive incident response plan—that will give you the framework to minimise damage and get the business operating again—and to ensure that your cyber insurance policy covers damage caused by supplier compromise.

How PGI can help secure your supply chain

PGI offers a range of services to help you gain a deeper understanding and more control over your supply chain management, including creating and implementing risk assessment processes, creating supplier assurance policies and procedures (such as security-related contract clauses, and due diligence questionnaires), and carrying out onsite supply chain audits.

 
If you’re ready to take more control of your supply chain, talk to us: Call on +44 (0) 845 600 4403 or email via sales@pgitl.com

 

Dates for your diary

March 23rd - Secure South West

Keynote Speaker Erika Lewis, DCMS Director of Cyber Security and Digital Identity 


March 31st 0815 - 0845   Cereal and Cyber

Our first webinar for SWCRC members (and guests) focusing on ethical hacking.