The latest news from SWCRC
Free Cyber Consultation

Well you really don't normally get something for nothing do you? Well on this occasion The Cyber Resilience Centre for the South West has teamed up with BIT Group (Previously BluescreenIT)  to coincide with October being Cyber Security Awareness Month for 1-31 Oct to give you the option as a new or current SWCRC member a free half hour free cyber consultation with BITGroup. BiT Group are one of our Trusted Partners and Specialists in IT & Cyber Security Training and Apprenticeships Physical and Cyber Security and Advanced Cyber Research.

October 2022

This month being cybersecurity month, we wanted to flag up the resources being put out by Crossword Cybersecurity, who are one of our collaborator members. They’re running a four-week programme of remote and in-person events, which includes a week focused particularly on SME’s; and some of their content relating to hybrid working will probably be quite relevant to many of you. You can follow this link or search ‘crossword cyber security month’ to see details of the full programme and registration. 

Tell your neighbours...

You need to be aware of a phishing scam doing the rounds at the moment. Emails are circulating with links to follow to register for Heating Rebate. It is important that these are deleted and reported to Action Fraud. There is no action required by individuals in receiving the rebate as it will be paid automatically.

Threat Assessment

Welcome to this month’s threat assessment. It’s cybersecurity month in October, so this feels like a busy edition. It’s worth reading if you use Chrome or Edge browsers, have recently installed an app, or frankly aren’t running your business/ charity from an abacus. Please do use this information to stay safer, and if you find it useful, recommend us to a friend. Also, in support of cybersecurity month, we want to highlight the opportunity of a free expert consultation, offered by our partners at Bit Group. Details at the end.

1. Internet of Things: those many devices linked to the internet which may provide a backdoor to your network, because - right now – security with many of them is weak. We recommend that you change default passwords, and check how to update them; the National Cyber Security Centre has more detailed guidance Cameras can be a particular problem for business, and our warning this month is prompted by a recent suggestion that 80,000 insecure Hikvision cameras are currently being extensively exploited. Criminals can take over the camera and see everything that happens at your business premises. More details here if you’re interested.

2. If it’s in the news, it’ll probably be scammed. Whether covid jabs, heating rebates or anything else, criminals often follow the headlines with tailored emails designed to sound current and convincing. This month, sadly, we saw them taking advantage of the Queen’s passing to elicit Office 365 passwords. See below. As experts, we know that you’ll spot a few of the giveaways – the sender, ”Microsof”, the mismatched email details which bear no relation to Microsoft, and the clumsy phraseology and typing. But you’ll also, we hope, know that you shouldn’t be logging into your accounts from an unsolicited email. If in doubt, always log in direct through the company web pages.

Breaches this month

3. Two of note. Standard SWCRC advice: if you might be affected, change your account passwords, implement two factor authentication if the company offers, and beware of communications purporting to be from them in the future. And if you’re using the same password on other sites, have a word with yourself, and change them too. Uber was extensively breached and there are no clear details about what user data has been accessed, but it seems probable that account details will have been compromised. Interestingly, the route in seems to have been via a tactic we recently warned against: MFA spamming, where the user of a compromised account was sent so many notifications that someone was trying to access his account, that he eventually gave up and accepted. And the North Face clothing company also had around 200,000 customer records breached, including name, gender, purchase history, billing/ shipping address, and telephone number. This was apparently a result of a so-called ‘credential stuffing attack’ where passwords known through previous breaches, were tried on the North Face site. That’s why you don’t use the same password multiple times.

4. Apps to delete - Mister Phone Cleaner and Kylhavy Mobile Security. Both have been on the Google Play store and have been downloaded around 60,000 times. They’ve bypassed security in that they don’t contain malware, but they do rapidly ask the user to update the apps in order to maintain protection. And that’s when the malware is installed. Consider a (reputable) virus check on your phone or a factory reset if you’ve installed either app.

5. Website vulnerability – affecting Wordpress sites. These sites tend to run lots of different components (or plug-ins), and WPGateway is one of them. It’s designed to update other plugins and themes, but an as-yet-unfixed vulnerability has been identified which allows unauthorised users to create an admin account and take over your whole site. If this is all a bit meaningless to you, we advise contacting whoever sets up your site and asking them to either remove or disable the plugin for now. The vulnerability has a unique reference which they’ll understand - CVE-2022-3180 – and you can see more detail here.

6. Breaking news: Google might have access to all of your passwords. Security firm Otto found that if you’re using Edge or Chrome, your passwords are sent in plain text to Google servers, if you have spellcheck set up in your browser, or if you click the “show your password” icon. There’s no confirmation of what happens after that – do they store them anywhere? – and you might of course feel that Google are a reasonable risk… but it does seem safest to keep your passwords so that only you can see them. To turn off the spell check feature, we suggest googling ‘turn off spell check in [browsername]” and you’ll find instructions. More detail here.

7. And lastly, one for the cyber security experts. We’re hearing that there’s an increasing shift away from Cobalt Strike and towards other frameworks, such as Sliver, Brute Ratel or others. Not because they’re better, but because they are less known, there are fewer indicators of compromise, and those engaged in network defence may be less familiar with them. In particular, Sliver is an open source framework available on GitHub and there is an expectation that use of it will grow. More information on the Microsoft blog here.

We know many of our members are seriously considering Cyber Essentials, especially as it is increasingly needed for tenders. Join us for a free webinar to get all the information you need on whether this is the route for you.