August 2022

Welcome to this month’s threat assessment. In line with your feedback, we’re attempting to keep it short and pithy – but there’s a lot to tell you. Good job you’re on our mailing list.

If your business associates aren’t, please do consider inviting them to join SWCRC too, and access the wide variety of other support we can provide.

Mark Moore.

Top hints for the month

1) Now that Microsoft are beginning to block so called ‘macros’, email attachments are becoming less likely to be the thing that contains malware. (But stay on guard!!). We expect to see malicious website links being more widely used instead. So be aware of links, not just files. And it’s particularly the case that these can be circulated by text message, not just email… which leads us neatly to point two.  
2) Mobile devices continue to be reported as a popular Achilles’ heel. Malware has recently been found said to be in at least eight Android applications, although Apple devices are also being exploited. They are 'Funny Camera', which has over 500,000 installations, 'Razer Keyboard & Theme', Vlog Star Video Editor, Creative 3D Launcher, Wow Beauty Camera, Gif Emoji Keyboard, Freeglow Camera 1.0.0, Coco Camera v1.1. they have now have been removed from the Play Store, but if they’re on your device, remove them and perform a device clean-up. Ask us how if you need.

3) Although we talk about “phishing” (scam emails!) lots, updates are also important. Research from Palo Alto analysing 600 attacks showed that software vulnerabilities are almost as important. Criminals were scanning for the presence of new vulnerabilities within 15 minutes of them becoming public.  Details here and an interesting graphic below. What does this mean for you?

You need to apply updates promptly to stay safe.

4)  If you think you’d spot a scam, try this one. Criminals are exploiting weak websites to upload malware which is then deployed on visiting customers, relating in the latest case to PayPal.  See below for a screenshot. Users are not only asked to input full personal information, but they’re then asked to undertake a ‘captcha’ check. Then they’re redirected to a further page requesting many more personal details such as bank card numbers, CVV, PIN details and confirmation of security questions including mother’s maiden name. Next, the user is asked to provide their email and password to “link their PayPal account” which would allow a threat actor to gain full access to the victims’ email address and bypass multi-factor authentication, including on other accounts. Lastly, the user is prompted to supply identity documents with a realistic page containing full instructions on how to photograph identification documents and upload them. We hope you’d be too wise to be taken in.
 

5)  And lastly: because you’re a security-minded lot, we thought you’d like this one. Cyber security company Crowdstrike reported the below scam in early July. When you think about it, it’s not dissimilar to the one that most of us are aware of, where someone from “Microsoft” phones up and tells you they need to fix issues with your computer if you just give them access. Except in this case, they get you to pay the phone bill instead. 

This month’s breaches

Why do we tell you about these? Because if your account has possibly been compromised, you should be doing three things.

One - change your password, and implement multi-factor authentication if the site permits.

Two - change your password on any other sites where you used the same one (and give yourself a talking to).

And three – beware future comms from the organisations concerned. They may not be genuine… we advise double checking through the main website or ‘contact us’ routes.  

Cleartrip 

Popular travel booking website Cleartrip has confirmed a major data breach on 18th July after threat actors claimed to have posted the stolen data on a dark web forum.

Cleartrip acknowledged the unauthorised access to internal systems and stated that a few customer profile details had been compromised. Despite this, further details of compromised customer data are still unavailable.
 
Gloucestershire County Council 

Gloucestershire County Council were hit by a cyber-attack in December 2021 that is still being “actively investigated”. The council are yet to release any further details, other than stating that the ICO have been informed.
This week, reports have suggested that the personal identifying information of local people have been leaked, such as signatures, addresses, NI numbers, bank account and driving licence details.
 
Marriott 

On the 5th July, Marriott International confirmed that threat actors accessed its computer networks and attempted to extort the company.

Around 20 gigabytes of data was breached, which included credit card information and confidential information

Uber 

Uber were discovered to have covered up a data breach in 2016 and forced to pay a large settlement fee to the department of justice.

Over 57 million customers and/or drivers had their details exfiltrated before being sold online, likely soon after the attack took place.