Threat Assessment

It’s been a good month in the cyber world, as far as we can tell, and this is a shorter update than usual. That said, we’re still picking up increased noise about two things that we’ve previously warned you about – beware of onenote attachments, and also of google adverts that link you to software downloads. Both of these are being used to spread malicious software.

Firstly, TOADs are on the rise. Telephone oriented attack delivery is another complicated acronym to reflect that increasingly, emails and other communications are inviting you to speak to a ‘customer service’ representative, who talks you into compromising your security. Proofpoint have this month released their annual ‘state of the phish’ report looking at trends, and have seen a definite increase in this type of attack. It might be that a fake invoice includes a number to call in the event of query, for example. We’ve found a great case study at https://www.coinbase.com/blog/social-engineering-a-coinbase-case-study which is worth a read… an employee was convinced by an email to input their login details, but because the company had implemented two factor authentication (2FA), scammers still couldn’t break through security. So they called them employee instead, and managed to get more of the information they needed. Would your team be on their guard against these telephone-based attacks?

We’ve also seen an interesting report from Abnormal Security showing that the number of reported Business Email Compromise (BEC) attacks has risen by more than 81% in the last twelve months and by 175% in the previous two years. This is where criminals use email to persuade someone in your organisation that they’re a genuine individual, and convinces them to take action that facilitates a compromise. Worryingly, the report found that BEC attacks are beginning to focus on smaller businesses, with a 145% surge in malicious emails aimed at small and medium enterprises. Our advice – think about training and awareness for your teams, and contact us if you’re interested in securing free support from your local police force’s team or our student cadre. https://abnormalsecurity.com/resources/h1-2023-report-employee-open-rates

Next, a quick reminder to be on the lookout for topical scams. The tragedy in Turkey and Syria meant that lots of people wanted to contribute to help earthquake victims. Predictably, social media streams saw large numbers of posts inviting us to transfer money. And it’s relatively simple to move up the search rankings with a scam site, if you want to create one to harvest donations. Our advice as always is to contribute via known sources, using their main websites.

Last month, we mentioned the compromise of 35000 PayPal accounts by criminals who simply threw known emails and passwords at the platform, before finding that lots of them actually worked. What would have prevented this was two factor authentication, which means that a password and username alone wouldn’t be enough to gain access. We’re sure you’ve now gone into your own PayPal settings and rectified this (?) but you may also have spotted that Twitter are changing their 2FA settings, and discontinuing the option of text-based authentication. As part of their communications, they’ve disclosed that just 2.6% of users have adopted 2fa on the platform. If your business or charity is using Twitter, you need to ensure that you’re one of them, and if you’re one of those losing the SMS based facility, switch to a different one. It’ll take you seconds, and if you’re not sure how: ask us.

We keep on saying ‘keep things updated’. But we recognise that it’s not so easy if you’re a larger business with a complex network. This month saw an interesting report from Cyber Security Works, Cyware, and Ivanti, which identified that 76% of the vulnerabilities used during ransomware attacks were discovered before 2020. What this means is that you need to ensure you’re not just chasing the new, headline vulnerabilities. The top five vendors associated with compromises were Microsoft (first by a margin, with exchange server vulnerabilities being particularly blameworthy), then SonicWall, VMWare, Red Hat and QNAP. See here for further detail. https://cybersecurityworks.com/ransomware/

Lastly – and on a slightly technical front – we also spotted evidence that one in nine retailers are inadvertently exposing private backups to public view via their web platforms. Often, these backups can contain passwords and sensitive information. Briefly, ad hoc backups can often be made during platform changes, but poor archiving means that they aren’t properly removed and end up somewhere with public access. With this sample suggesting that 12% of retailers are at risk (and presumably, a similar percentage in other sectors) we think it might be worth checking with your website owner that unnecessary backups are deleted, and that you’ve a clean bill of health. You can find more information about the research, and some suggested technical good practice, at https://sansec.io/research/sansec-analysis-12-of-online-stores-leak-private-backups

Free wine! 
 
One of our Board members has kindly offered the gift of lifetime membership of the Wine Society, which includes free next day delivery and £20 of free wine. We’d like to add a further £50 to that pot - £70 of free wine!

And we’ll be giving it to whoever can get us the most members before the end of March 2023.

Rules are simple: tell a friend who’s got a SW-based business or charity, and ask them to insert the name of your own business in the ‘where did you hear about us’ field when they sign up.  Whoever’s mentioned most often, gets the prize. You have to be over 18, and be happy for us to pass your details on so that we can arrange the registration. And we’ll close this in a month.
 
So if you appreciate the service that you get from SWCRC, please spread the word. We don't mind how you do this- email the link to your business connections, post it on LinkedIn or simply tell everyone you meet!

When did you last change your router password?
 
Our webinar this week on router security generated a lot of questions and comments from our audience and was thought provoking to say the least.

If you didn't know you should change your password, maybe watch the webinar. It's only 30 minutes long and packed with useful information in a practical format.

Feel free to share the link with any of your friends and family, it applies to thousands of us!

Meet Cool Waters
 
We’ve a new collaborator to announce this month. Our collaborators are kind enough to help fund the free work that we do – but we’re picky, and generally select companies whom we think have something that might benefit you. Whilst we don’t directly recommend individual services and products, we do think that this offer could form part of your cyber resilience approach, and is worth you taking a look at.  

Cool Waters collaboration

Cool Waters Cyber provide cyber security certification services for small-medium sized enterprises.  Amongst other things, they lead and manage certifications for the payment card industry data security standards, more commonly known as PCI-DSS.

They have a broad approach, encompassing training, policy frameworks and auditing, and they can advise on your current compliance or how to achieve it for the first time. They are offering SWCRC members a free 45 minute session with one of their senior Cyber Security consultants to give you help and advice on PCI-DSS compliance particularly, but have also been kind enough to offer discussing any aspect of your wider cyber security certification too.  

Follow this link to book the meeting: https://coolwaterscyber.as.me/swcrc

The Third Sector has a problem
 
That problem is cyber security.

Industry estimates suggest that the charity sector as a whole, loses millions every year and the real concern is that this figure is growing weekly, if not daily.  

Our Trusted Partner BIT Security has written an article explaining how small and large charities are vulnerable to attack - and making an offer to help them.

Password security with Crossword Cybersecurity
 
Here at SWCRC, we’re often talking about the importance of strong passwords. We hope that you’ve got strong and unique ones in place, and that the rest of your team does too.. but how would you know? It’s no good your staff having one great password that they use across all of their accounts – if it’s breached elsewhere, then it’ll also open the door to all of your digital assets.

So we’re pleased to announce a forthcoming collaboration with Crossword Cybersecurity, who are offering SWCRC members FREE use of a tool designed to let you know whether your people’s accounts have been compromised elsewhere. Keep an eye on our news section for more detail shortly. 

BIT Security
 
Based in the South-West, BIT Security is a national company offering a fully out-sourced service, supporting small existing cyber security and IT teams or working with those organisations that currently have nothing in place at all.

BIT Security offers cost-effective monthly subscription packages starting at just £10 a month, which offer support to charities that want to meet their data security targets. They integrate and protect data, continuously train staff to spot phishing emails, audit current security provisions and support businesses on their journey to better cyber security.