It’s been a good month in the cyber world, as far as we can tell, and this is a shorter update than usual. That said, we’re still picking up increased noise about two things that we’ve previously warned you about – beware of onenote attachments
, and also of google adverts
that link you to software downloads. Both of these are being used to spread malicious software.
are on the rise. Telephone oriented attack delivery is another complicated acronym to reflect that increasingly, emails and other communications are inviting you to speak to a ‘customer service’ representative, who talks you into compromising your security. Proofpoint have this month released their annual ‘state of the phish’ report looking at trends, and have seen a definite increase in this type of attack. It might be that a fake invoice includes a number to call in the event of query, for example. We’ve found a great case study at https://www.coinbase.com/blog/social-engineering-a-coinbase-case-study
which is worth a read… an employee was convinced by an email to input their login details, but because the company had implemented two factor authentication (2FA), scammers still couldn’t break through security. So they called them employee instead, and managed to get more of the information they needed. Would your team be on their guard against these telephone-based attacks?
We’ve also seen an interesting report from Abnormal Security showing that the number of reported Business Email Compromise (BEC) attacks
has risen by more than 81% in the last twelve months and by 175% in the previous two years. This is where criminals use email to persuade someone in your organisation that they’re a genuine individual, and convinces them to take action that facilitates a compromise. Worryingly, the report found that BEC attacks are beginning to focus on smaller businesses, with a 145% surge in malicious emails aimed at small and medium enterprises. Our advice – think about training and awareness for your teams, and contact us if you’re interested in securing free support from your local police force’s team or our student cadre. https://abnormalsecurity.com/resources/h1-2023-report-employee-open-rates
Next, a quick reminder to be on the lookout for topical scams.
The tragedy in Turkey and Syria meant that lots of people wanted to contribute to help earthquake victims. Predictably, social media streams saw large numbers of posts inviting us to transfer money. And it’s relatively simple to move up the search rankings with a scam site, if you want to create one to harvest donations. Our advice as always is to contribute via known sources, using their main websites.
Last month, we mentioned the compromise of 35000 PayPal accounts
by criminals who simply threw known emails and passwords at the platform, before finding that lots of them actually worked. What would have prevented this was two factor authentication, which means that a password and username alone wouldn’t be enough to gain access. We’re sure you’ve now gone into your own PayPal settings and rectified this (?) but you may also have spotted that Twitter
are changing their 2FA settings, and discontinuing the option of text-based authentication. As part of their communications, they’ve disclosed that just 2.6% of users have adopted 2fa
on the platform. If your business or charity is using Twitter, you need to ensure that you’re one of them, and if you’re one of those losing the SMS based facility, switch to a different one. It’ll take you seconds, and if you’re not sure how: ask us.
We keep on saying ‘keep things updated’.
But we recognise that it’s not so easy if you’re a larger business with a complex network. This month saw an interesting report from Cyber Security Works, Cyware, and Ivanti, which identified that 76% of the vulnerabilities used during ransomware attacks were discovered before 2020. What this means is that you need to ensure you’re not just chasing the new, headline vulnerabilities. The top five vendors associated with compromises were Microsoft (first by a margin, with exchange server vulnerabilities being particularly blameworthy), then SonicWall, VMWare, Red Hat and QNAP. See here for further detail. https://cybersecurityworks.com/ransomware/
Lastly – and on a slightly technical front – we also spotted evidence that one in nine retailers are inadvertently exposing private backups to public view via their web platforms. Often, these backups
can contain passwords and sensitive information. Briefly, ad hoc backups can often be made during platform changes, but poor archiving means that they aren’t properly removed and end up somewhere with public access. With this sample suggesting that 12% of retailers are at risk (and presumably, a similar percentage in other sectors) we think it might be worth checking with your website owner that unnecessary backups are deleted, and that you’ve a clean bill of health. You can find more information about the research, and some suggested technical good practice, at https://sansec.io/research/sansec-analysis-12-of-online-stores-leak-private-backups