Threat Assessment

Welcome all to our first update of the New Year – things you and your team ought to be aware of if you want to stay safer. If you’re like us, you’re probably already drowning in emails, so we’ll try to keep it short but comprehensive! Note of caution though: there are some big breaches this month, so worth reading to the end.

1. Watch out for Google ads. You’d think you can trust them, and when you hover over them they’ll even show you the site name to which you’ll be directed. But no. This month, a new strain of ransomware called Royal breached more people than any other, and one of its tactics for spreading is via google ads. You click on those search results to download a helpful-looking software update, and you’re actually redirected somewhere other than the genuine site. Google ads generally send you somewhere else before you hit a legitimate final site, normally to monitor campaign results. But it’s this intermediate stage which criminals are using to divert you elsewhere. There’s a good description of how the new scam works from Teiss here (or search ‘Teiss fake google ads’ if you prefer to avoid links).
   
   
2. If you’re downloading apps for Android, try to stick to the google play store. This provides additional – although not total – protection, at a time when we’re increasingly talking about the cyber risk of phone apps. You still need to perform some other checks – how long has the app been listed, who is the publisher, and are there only a handful of downloads? – if you want to be as safe as possible. But this month we’ve become aware of a so-called ‘banking trojan’ called ‘Godfather’ which can steal your banking login details. One of the notable things about this package is that it imitates Google protect functions, asking you for various permissions and looking extremely legitimate. More detail here if you want it; but our summary is, be as wary of phone apps as you would of computer software.
   
   
3. According to a recent report from specialist insurer Corvus, fraudulent fund transfers are now becoming the most frequent category of claim – more numerous than ransomware. So be on guard for the threat of requests to pay into a new account, and seek verbal confirmation. You can find the report here, or by searching ‘corvus cyber risk insight’. Another interesting finding was that almost half of ransomware claims involved so-called ‘double extortion’ where criminals don’t just lock your data, they threaten to publicly release it. This means that backup alone is often not enough. This month, the CEO of Zurich also suggested that cyber attacks were on the point of becoming an uninsurable risk, and we’re certainly aware of rising premiums. Our continuing recommendation is that you consider the government’s cyber essentials scheme, which provides free insurance for small businesses, and massively reduces your risk. We can help you through the application process: do get in touch.
   
   
4. The old refrain of ‘keep stuff updated’ is relevant this month in terms of endpoint detection and response software, some of which may be built into your machines. This month, a researcher at SafeBreach found a vulnerability that could permit criminals to erase data using Microsoft Windows Defender, Windows Defender for Endpoint, TrendMicro Apex One, Avast Antivirus, AVG Antivirus, and SentinelOne. Basic permissions were sufficient to exploit something that could potentially affect a large number of computers. Several (although not all) of the product owners have already issued updates. More detail can be found on the safebreach site, on their blog dated 7 December, or by clicking here.
   
   
5. And also in terms of updates: this month, Microsoft will stop supporting windows 8.1. If you’re running a small business, you’re probably (?) far more up to date, but larger companies may have legacy kit knocking around. Time to check. Once support ceases, there are no more fixes for security faults. So make sure your IT (and in more general terms this can include mobile devices as well as computers) is still within support.

Breaches
 
If you’re affected, beware of contact purporting to be from these companies in the future, particularly if it asks you to provide log in details. Instead, always access your account through the main site.

Deezer, a music service with over 15m UK users, has just confirmed a data breach – although, sadly, it’s yet to contact them directly. Data leaked includes first and last names, dates of birth, email address, IP address, gender, location, join date and user ID. At this stage it’s not thought that passwords have been compromised, but we always recommend a reset if in doubt.

Twitter has allegedly suffered an -as yet unconfirmed – breach affecting 400m user accounts. The data is said to include emails and phone numbers, and a sample has been made public. Elon Musk, pretty communicative on other fronts, has not commented as yet, but there’s a good story on the BBC site which suggests that there’s cause for concern.  https://www.bbc.co.uk/news/technology-64109777

Lastpass, a password management solution, suffered a data breach in August. There’s no suggestion that passwords contained within the vault have been in any way compromised, and UK advice is that in an imperfect world, these solutions remain the best way to protect login credentials. But it’s just come to light that the breached information also includes company and end user names, email addresses, telephone numbers, and encrypted password information which should be safe. If you want to find out more, a quick search for ‘lastpass data breach’ will bring plenty of recent results. 

SWCRC launches fixed price website review
 
If you’re dependent on your website, but have no idea how secure it is, we’ve a new offer just for you. For a fixed price of £150, our student team will give your site the once-over, produce a short and comprehensible report, and join you on a call to discuss their findings.

You’ll then know whether you’re in the clear, or need to have a bit of work done. We check whether you’re using outdated components, whether user data is being properly protected, and whether you’re open to a number of known vulnerabilities. As ever, this is intended as a very inexpensive product, allowing you to access services that might otherwise be out of reach. Hope it’s useful, and if you’re interested, contact us at enquiries@swcrc.co.uk.
 

SWCRC Webinar
 
Back for 2023, Mark will be talking to some of our cyber experts about how hackers can attack your website. Practical and informative, you really do want to watch this. 

SME Workshops 
 
Free breakfast events supported by NCSC from the University of the West of England in January and February for SMEs interested in cyber security and data governance.

Funded Cyber Essentials 
 
NCSC is helping organisations in sectors most at risk to implement baseline security controls and prevent the most common types of cyber attacks using the Funded Cyber Essentials Programme.