The latest news from SWCRC
Threat Assessment

Welcome to this month’s threat assessment. It’s shorter than usual – good news, less to worry about! - but do read on, because we’ve also got some interesting offers for SWCRC members.

Clicking on attachments – again. You may recall that Microsoft have made it more difficult to use the traditional Excel files etc for spreading malicious software. But look out for OneNote! It contains a vulnerability which is now being increasingly exploited, because it can readily bypass scam email protections – and OneNote is included for everyone who has MS Office. In essence, nothing happens when you open the attachment, but embedded within it will be a further attachment or script which, when clicked on, does Bad Things.

Staying updated – always important, but this month we want to raise three specific risks. Firstly, Microsoft Exchange Server 2013, which will be out of support from 11th April 2023 – no more technical support, and no more security updates. Secondly, Windows 7 Professional and Enterprise editions, which are out of support as of this month. If you’re running this, you can either upgrade to Windows 10 (because your kit is probably too old to support the more recent version) or you can move on to newer hardware. And lastly, Cisco routers which have often been deployed by small businesses using VPN; model numbers RV016, RV042, RV042G, and RV082. They were out of support around two years ago which means no more fixes, but a critical vulnerability has now been identified, which means both a high risk that it’ll be exploited, and that when it is, it’ll have a big impact on your systems or networks. For techies who want to know more, CVE-2023-20025 refers.

Third party software – over the past year, we’ve seen a number of so-called ‘supply chain risks’, where lots of businesses are compromised via common IT. If you’re a developer, you need to be aware, but you also need to be alert if you’re getting others to develop software for you. Increasingly, the widely-shared repositories that include chunks of open source code, are being used to host malicious scripts. So if someone’s writing coding for you, do some due diligence and get them to confirm that they’re screening anything they download from elsewhere. And if you’re a developer, be aware that NPM and PyPi content does need to be checked.  

We’re not sure that this month’s PayPal breach qualifies, but we’re going to mention it anyway. Around 35,000 users are being contacted because their accounts were compromised. But there was no hacking. Criminals simply found 35000 people whose credentials had been breached elsewhere, and checked to see if they were using the same password for making payments. They were. And they hadn’t turned on two factor authentication. This is why we keep talking about strong, unique passwords and 2fa wherever possible. Have you activated it on your PayPal account?  

T-Mobile have disclosed a data breach affecting approximately 37 million accounts. The data stolen includes names, addresses, emails, phone numbers, dates of birth and further information relating to the customer account. If you’re contacted by someone purporting to be T-mobile in the near future, just check via their normal customer communications channel that the contact is genuine.

We also noted this month that Meta (Facebook) has filed a legal complaint against a company called  Voyager Labs, who are accused of creating fake accounts which they used to harvest customer data relating to other users. Meta claim that the software has been used to collect information relating to over 600,000 users, including posts, friend lists, photos, and comments. It’s worth being aware that what you post on social media can find itself sorted, sifted and sold on in a way that can be used for marketing – and other less pleasant purposes.    

SWCRC Webinar
On March 2nd, Ross will be talking to expert Andrew Baldrian about routers and how you can make them more secure against cyber attack.

Our webinar last week about hackers and website security was extremely useful and you'll find the recording on our YouTube channel. Worth a view!

Motor Dealers are targeted
The recent targeting of Arnold Clark by cyber criminjals is a reminder to all in the trade to secure their systems. Advice from BIT Group Security on what to look out for and how to protect yourselves.

Mr Beast Scam
If you're a fan of Mr Beast, you may be interested in this scam sweeping the internet.

Offers for Members

GDPR Support
Does protecting personal data and GDPR feel like another place where your business might be a bit vulnerable? SWCRC is now collaborating with the certified personal data specialists - CSRB Limited - to offer a small business-friendly option which aims to help in a manageable way, for the cost of less than a cup of coffee per day.

Staged over twelve months, the programme of support costs £95+ VAT monthly, and requires an average of 30 minutes of your time. It includes an introductory GDPR workshop, a 1-2-1 session with a certified data protection practitioner, staged delivery of the necessary policies and procedure throughout the year, and a further 3 hours of bespoke support as required. Whilst SWCRC doesn’t directly recommend individual products, we do understand the value of protecting personal data properly and the risks associated with this, thus we are happy to signpost this offer to you for consideration. To find out more, email with the subject heading ‘UK GDPR Package – SWCRC’ or call 0117 325 0830.

Password security with Crossword Cybersecurity
Here at SWCRC, we’re often talking about the importance of strong passwords. We hope that you’ve got strong and unique ones in place, and that the rest of your team does too.. but how would you know? It’s no good your staff having one great password that they use across all of their accounts – if it’s breached elsewhere, then it’ll also open the door to all of your digital assets.

So we’re pleased to announce a forthcoming collaboration with Crossword Cybersecurity, who are offering SWCRC members FREE use of a tool designed to let you know whether your people’s accounts have been compromised elsewhere. Keep an eye on our news section for more detail shortly.