Welcome to the latest monthly update of 2022, and the last one before Christmas. We hope it’s a peaceful one for you and your family, and a profitable one for your business or charity. And since this time of year sees a huge spike in online activity, we also very much hope that we can help you with your cyber safety.
So we’ll start with an obvious one. You’ve missed a parcel, and there’s a small charge outstanding before we can re-deliver. Click here to input your credit card details please, and we’ll get the courier back round? We reckon you’ve heard this one before. Courier scams,
most often via SMS messages, are rife at this time of year. DHL have been near the top of the list through much of the year, for having their name taken in vain by cybercriminals, and of course with the postal strikes, even more companies are using delivery companies. When you’re busy, and are expecting lots of deliveries, you’re more vulnerable. So remember to go in to any company site through their websites, and not from dubious hyperlinks.
Also on the ‘obvious’ front – because it’s often about obvious stuff – make sure that when you update software,
you do it through official sites only? Of course, if you can, stop your users from downloading software altogether, and manage it centrally. More of us now rely on web-based software, and we do much more through our browsers. This is why we’ve recently been advising you to beware of browser extensions, and we’re hearing of criminals now getting into devices through fake adobe flash updates and the like. This month we saw a worrying update from Zimperium regarding a piece of malicious software dubbed “Cloud9”, which is now available cheaply or even for free on many hacker forums, and which has become far slicker during gradual development. For those of you interested in more of the technical detail, you can find it here.
Are you still twittering? The platform has seen a lot of unrest in recent weeks, and the uncertainty is being used to get people’s account details. Criminals are sending messages stating that if you want to retain or achieve that covetable blue tick, your account needs attention: so please login, and maybe provide some payment details too. These email scams often send you to a page which looks like the Twitter
help centre, and Google have taken down a number of sites as a result. Our advice, as ever, is to go directly onto the Twitter site and check/ change your account setting from there. Don’t do it through links, or you may find that someone else has got your social account passwords. (Although, of course, you have turned on two factor-authentication, so you’re a bit safer, right? If not, do it now, and ask us if you don’t know how).
Indeed, one of the most popular ways to break your cyber defences right now is just to get you to give away your own credentials. A report
this month from identity-management company Okta suggested that over 80% of attacks this year which resulted in data breach, made use of weak or stolen passwords.
(Search “Okta whitepaper 5 identity attacks”, if you prefer not to click on links). This month, we came across an interesting answer where customer support chat was being used as a way to get users to divulge their personal information, including 2fa codes. Criminals are extremely convincing and it’s only after the event that people realise they’re being scammed. If you want a great example of the convincing customer support process that robs you of all your bitcoin, you’ll find it at https://pixmsecurity.com/blog/phish/cybercrime-group-expands-cryptocurrency-phishing-operation/. USB equipment
presents a regular risk: it’s a great way of loading almost anything onto your machine. We recommend that you consider how much you need this access, and restrict what users can do accordingly (you can find helpful advice from the National Cyber Security Centre here
, or by searching for NCSC USB guidance). This month we’ve seen a couple of USB-related stories which make this warning relevant. Microsoft have been warning about the widespread emergence of ‘raspberry robin’ as one of the main distributions now available for malware. Spread by USB initially, raspberry robin (sounds festive, no?) provides a simple backdoor to systems. You can find more of the technical detail here
or by searching ‘Microsoft blog raspberry robin’. Similarly, cyber company Mandiant have been warning
about malicious activity relating to USB devices, possibly associated with the Chinese state, and targeted on businesses throughout Southeast Asia and Europe.BREACHES
And lastly: news of breaches that weren’t you, but were a business you may know. There’s not much you can do about either of them, but we think you should be aware that someone contacting you with the breached information might not be legitimate.Royal Mail
had an issue with their ‘click and drop’ service which meant that customers could view orders from lots of other customers too. It was trending on Twitter in early November and users could reportedly see the details of other customers and this business they had ordered from.Twitter
itself had suffered an earlier breach, and information including user phone numbers and email addresses was compromised. This month, that information became widely available, with 5.4 million records being shared on an underground forum.