Threat Assessment

Welcome to the latest monthly update of 2022, and the last one before Christmas. We hope it’s a peaceful one for you and your family, and a profitable one for your business or charity. And since this time of year sees a huge spike in online activity, we also very much hope that we can help you with your cyber safety.

So we’ll start with an obvious one. You’ve missed a parcel, and there’s a small charge outstanding before we can re-deliver. Click here to input your credit card details please, and we’ll get the courier back round?  We reckon you’ve heard this one before. Courier scams, most often via SMS messages, are rife at this time of year. DHL have been near the top of the list  through much of the year, for having their name taken in vain by cybercriminals, and of course with the postal strikes, even more companies are using delivery companies. When you’re busy, and are expecting lots of deliveries, you’re more vulnerable. So remember to go in to any company site through their websites, and not from dubious hyperlinks.

Also on the ‘obvious’ front – because it’s often about obvious stuff – make sure that when you update software, you do it through official sites only? Of course, if you can, stop your users from downloading software altogether, and manage it centrally. More of us now rely on web-based software, and we do much more through our browsers. This is why we’ve recently been advising you to beware of browser extensions, and we’re hearing of criminals now getting into devices through fake adobe flash updates and the like. This month we saw a worrying update from Zimperium regarding a piece of malicious software dubbed “Cloud9”, which is now available cheaply or even for free on many hacker forums, and which has become far slicker during gradual development. For those of you interested in more of the technical detail, you can find it here.

Are you still twittering? The platform has seen a lot of unrest in recent weeks, and the uncertainty is being used to get people’s account details. Criminals are sending messages stating that if you want to retain or achieve that covetable blue tick, your account needs attention: so please login, and maybe provide some payment details too. These email scams often send you to a page which looks like the Twitter help centre, and Google have taken down a number of sites as a result. Our advice, as ever, is to go directly onto the Twitter site and check/ change your account setting from there. Don’t do it through links, or you may find that someone else has got your social account passwords. (Although, of course, you have turned on two factor-authentication, so you’re a bit safer, right? If not, do it now, and ask us if you don’t know how).

Indeed, one of the most popular ways to break your  cyber defences right now is just to get you to give away your own credentials. A report this month from identity-management company Okta suggested that over 80% of attacks this year which resulted in data breach, made use of weak or stolen passwords. (Search “Okta whitepaper 5 identity attacks”, if you prefer not to click on links). This month, we came across an interesting answer where customer support chat was being used as a way to get users to divulge their personal information, including 2fa codes. Criminals are extremely convincing and it’s only after the event that people realise they’re being scammed. If you want a great example of the convincing customer support process that robs you of all your bitcoin, you’ll find it at https://pixmsecurity.com/blog/phish/cybercrime-group-expands-cryptocurrency-phishing-operation/.

 USB equipment presents a regular risk: it’s a great way of loading almost anything onto your machine. We recommend that you consider how much you need this access, and restrict what users can do accordingly (you can find helpful advice from the National Cyber Security Centre here, or by searching for NCSC USB guidance). This month we’ve seen a couple of USB-related stories which make this warning relevant. Microsoft have been warning about the widespread emergence of ‘raspberry robin’ as one of the main distributions now available for malware. Spread by USB initially, raspberry robin (sounds festive, no?) provides a simple backdoor to systems. You can find more of the technical detail here or by searching ‘Microsoft blog raspberry robin’. Similarly, cyber company Mandiant have been warning about malicious activity relating to USB devices, possibly associated with the Chinese state, and targeted on businesses throughout Southeast Asia and Europe.

BREACHES

And lastly: news of breaches that weren’t you, but were a business you may know. There’s not much you can do about either of them, but we think you should be aware that someone contacting you with the breached information might not be legitimate.

Royal Mail had an issue with their ‘click and drop’ service which meant that customers could view orders from lots of other customers too. It was trending on Twitter in early November and users could reportedly see the details of other customers and this business they had ordered from.

Twitter itself had suffered an earlier breach, and information including user phone numbers and email addresses was compromised. This month, that information became widely available, with 5.4 million records being shared on an underground forum.

First step web assessment
 
Do you depend on your website? If so, we’re launching a service to help you check its security.
 
With our First Step Web Assessment, we’ll get our team to give your site the once-over and give you an informed view on whether you need to tighten things up. As you know, we partner with regional universities to provide these services at uniquely affordable rates, and we’re offering this one at a fixed price of £150. We look at the structure of your site and its components, checking it for a number of known vulnerabilities and for any parts that are out of date. We verify that any user data entered on your site is being properly protected.  And we then produce a short and comprehensible written report, followed by a feedback meeting where you can clarify anything that you don’t understand.
 
Ideally, this service will give you a warm glow of self-righteousness, and at a very inexpensive rate too. But if we find that your site is looking a bit shaky, you can either get your website provider to tighten up the to-do list, or you can talk to us, and we’ll put you on to one of our local cyber companies to provide necessary support. If you’re interested, drop us a line at enquiries@swcrc.co.uk , and we’ll get right back in touch.  

 
Free consultancy

 You’ve read this far; that’s a good thing! We hope that it made sense. Did it?

 If you can’t find how to protect your accounts with 2fa, if you’re still bemused by password managers, or if you don’t know how to change passwords on your connected devices, then we’d like to offer you a bit of support. We’re funding time for our Cyber Path team to give you some free consultancy.

Just message us at enquiries@swcrc.co.uk, and we’ll be in touch to schedule a half hour, one-to-one virtual meeting with you.

Our team are selected graduates and undergraduates from handpicked regional universities, and they’re briefed to help you in terms that you can understand. Let us know if you think this would be helpful, and we’ll fit you in as soon as we can. Slots are limited, because our funding is limited! – so get in quickly.

Impersonal attack warning
 
Following notification from one our members that they were the potential victim of an impersonation attack we wanted to draw your attention to this type of scam. An impersonation attack is a form of fraud in which attackers pose as a known or trusted person to dupe an employee into transferring money to a fraudulent account, sharing sensitive information (such as intellectual property, financial data or payroll information), or revealing login credentials that attackers can used to hack into a company’s computer network. CEO fraud, business email compromise and whaling are specific forms of impersonation attacks where malicious individuals pose as high-level executives within a company.

Don’t forget all phishing emails should be sent to the National Cyber Security Centre (NCSC) which is a UK government organisation that has the power to investigate and take down scam email addresses and websites.

Reporting a scam is free and only takes a minute using this address report@phishing.gov.uk 

By reporting phishing attempts, you can:

• reduce the amount of scam communications you receive
• make yourself a harder target for scammers
• protect others from cyber crime online

Thanks for being a member and PLEASE encourage others to join!

Merry Christmas.