This month’s threat assessment can best be summed up as ‘be wary. Of everything.’ It’s a good cyber security maxim but of course a bit of guidance does help you and your teams know where to be particularly suspicious. So if you’re only ever cautious of links on emails, you really need to read on. Eight key pointers.
1) If you use the popular
Telegram or Discord applications, you’ll be interested in a
report this month by Intel471 which sets out how both platforms are now being used to host malicious software (malware). Such software can be used to pilfer autofill data like your credit cards or your passwords. So look out for unsolicited links on these chat apps too, and consider carefully what you’re accepting and sharing.
2) In a similar vein, Palo Alto Networks recently shared
information regarding the use of
Google Drive and Dropbox to host malicious content. Because both sites are – of course – trusted by most networks and users, content placed here has more chance of success. In recent months we’ve also mentioned Canva and even Microsoft Teams, so there’s a definite theme emerging here.
3)
What about USB’s? You know that they contain files and software, but you might not expect it to be malicious. Particularly if the USB arrives by post in a shiny corporate Microsoft box. There have been a number of reports over the last month of such material being sent within the UK; it purports to be a free upgrade, but when you plug the stick into your machine, you get a message saying that you need to contact tech support. At which point, of course, you are put through to the scammers who will help you pay a ransom to (maybe) recover your data. More detail, including pictures of the very convincing packaging,
here.
4) We’ve spoken a lot about ransomware in the past, where your device is locked by a criminal demanding money. Interesting to see a (quite technical)
report this month about the emergence of
ransomware on mobile devices, as well as the traditional desktop route. Unless you’ve just joined the SW cyber resilience centre, you’ll have seen us talking about more and more threat to mobile devices. So be careful about what you load onto them and keep them updated. If you’ve a five year old device which is no longer getting updates, it does present a risk; ideally, you should be thinking about how you manage mobile devices as part of your overall security package. Contact us if you want help.
5) Do you use
browser extensions? They add functionality to your browser and can be very convenient. Again, just be aware of what you actually need, and do what you can to make sure any extension is reputable and mainstream. A recent
report from Kaspersky suggested that a number of them were doing things you might prefer they didn’t. On closer examination, much of the story is about unwanted adverts onto your machine, but it’s also true that some of the extensions are far nastier.
6)
Apple user? Two things for you this month. You need to ensure your devices have recently updated if you’re running an iPhone 6s or later; a Mac running macOS Moneterey, an iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Because there was a pretty serious software flaw identified; more detail
here. And you also need to update your zoom package, if you’re using it, to version 5.11.6 or later. Another flaw was identified and the first fix, in mid Aug, wasn’t adequate. Please, just check, and ask if you don’t know how.
7) You know when you have to go through security to access a website? One of those Captcha checks or similar. Again, be careful.
Reports this month of some Wordpress websites being hacked so that visitors download malware… the unwanted modifications force them to undergo some “checks” and install a small piece of software in order to get to the webpage.
8) And lastly: just one breach that we wanted to bring to your attention this month.
Plex, the streaming service, has instructed all users to reset passwords after at least 15 million users had their usernames, email addresses and scrambled passwords compromised. Without getting too technical, the risk is that these passwords get unscrambled: and as ever, if you’re using the same password on other sites too, you need to give yourself a good talking to, and then change those as well.
