Search
Close this search box.

Be Cybersafe – 18th January

Table of Contents

Welcome to the latest edition of the Cybersafe Cyber Threats Update, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

Cyber attacks: Spear-phishing campaigns targeting businesses and their employees

In an ongoing cyber threat, the Russian FSB cyber actor Star Blizzard, formerly known as SEABORGIUM, continues to conduct worldwide spear-phishing campaigns, focusing on organisations and individuals in the UK and other strategically significant regions.

The UK National Cyber Security Centre (NCSC) and various international agencies, including the US FBI and NSA, assess that Star Blizzard is likely linked to the Russian Federal Security Service (FSB) Centre 18.

Since 2019, Star Blizzard has targeted diverse sectors, including academia, defence, governmental organisations, NGOs, think tanks, and politicians. While the UK and US have been primary targets, activity has also been observed against entities in other NATO countries and Russia’s neighbouring nations. In 2022, the group expanded its targets to include defence-industrial sectors and US Department of Energy facilities.

The group’s spear-phishing campaigns involve meticulous research and preparation. Star Blizzard utilises open-source resources, including social media, to gather information about targets and create convincing lures. They impersonate known contacts using fake email accounts, social media profiles, and malicious domains resembling legitimate organisations. The actors prefer targeting personal email addresses to evade corporate network security controls.

Building trust is a crucial part of their approach, with Star Blizzard engaging in benign communication on topics of interest to the target. Once trust is established, they deliver a malicious link, often using phishing tradecraft, leading to an actor-controlled server. The group employs the EvilGinx framework to harvest credentials, bypassing two-factor authentication.

Star Blizzard accesses the target’s email account upon compromising credentials and stealing emails and attachments from the inbox. They also set up mail-forwarding rules for ongoing visibility of victim correspondence. The stolen data is then used for follow-on targeting, including further phishing activities.

The advisory emphasises the persistence and evolution of Star Blizzard’s spear-phishing techniques, urging individuals and organisations from previously targeted sectors to remain vigilant and invest in cyber security. The report provides information on effective defence strategies against spear-phishing, and in the UK suspicious activity can be reported to the NCSC..

London Internet Exchange threatened by cyber attack

The hacktivist group known as Anonymous Sudan, allegedly associated with Russia and recognised for its diverse membership, has declared responsibility for a cyber attack on the London Internet Exchange (LINX), one of the world’s most prominent exchange points.

The group, which claims the attack is a response to Britain’s support for Israel and its air strikes on Yemen, has further indicated a looming significant cyber attack on the UK.

LINX, a mutually governed Internet exchange point in London, is crucial in facilitating peering services and representing public policies for network operators in the UK and beyond. The cyber attack was announced on the group’s Telegram channel on January 12, 2024. However, the authenticity of this claim still needs to be verified, as LINX’s website reportedly remained operational, raising doubts about the accuracy of the group’s statements.

This reported cyberattack coincides with air strikes conducted by the UK and the USA against Houthi military targets in Yemen. In response to Houthi attacks on international maritime vessels in the Red Sea, the UK targeted 30 Houthi military sites, gaining approval for military action from UK Prime Minister Rishi Sunak. Simultaneously, US officials launched over 80 Tomahawk cruise missiles and deployed 22 jets from the USS Eisenhower aircraft carrier.

Anonymous Sudan, recognised for its large-scale Distributed Denial of Service (DDoS) attacks, frequently targets both anti-Russian and anti-Muslim entities. Recent attacks have occurred nearly every week, impacting various sectors such as airlines, governments, banks, large enterprises, airports, and telecommunication companies. In November 2023, the group claimed responsibility for DDoS attacks on ChatGPT, causing service disruptions. Their involvement in cyber attacks on Microsoft’s flagship office suite and Azure cloud computing platform in June 2023 was also acknowledged.

Employees need to be more vigilant when using design software


Security researchers have alerted to a surge in phishing emails featuring Adobe InDesign links as attackers focus on specific organisations and users. Since October, there has been a nearly 30-fold increase in malicious emails containing Adobe InDesign prompts.
Many of the phishing links identified have the top-level domain “.ru” and are hosted behind a content delivery network (CDN), acting as a proxy for the source site. This approach obscures the content source, making it challenging for security technologies to detect and block the attacks.

The study’s researchers noted that these phishing emails often carry legitimate brand logos, likely obtained from other content or scraped from websites by the attackers. The logos are chosen for their familiarity and trustworthiness to the targets, indicating that attackers invest time and resources in crafting convincing messages. The attacks utilising Adobe InDesign employ various tactics to avoid detection and deceive targets. These tactics include leveraging a known and trusted domain that is not commonly blacklisted, using a publishing program for convincing social engineering attacks, and redirecting recipients to another web page after clicking the link to eliminate known malicious URLs in the message body.

Phishing attacks remain a prevalent cyber threat, with the State of Phishing Report 2023 reporting a 1265 percent increase in malicious phishing emails since Q4 2022. According to the report, the rise is partly attributed to the growth of generative AI, such as ChatGPT, which allows cyber criminals to create sophisticated ‘business email compromise attacks’ and therefore, improves malware. The study also found an average of 31,000 daily phishing attacks, with 68 percent identified as text-based BEC and a significant 967 percent increase in credential phishing driven by ransomware groups seeking access to companies for financial gain.

Your employees, especially if they are using this type of software, need to be extra vigilant. Designers need to be aware of the pitfalls of using software and clicking on links from supposed companies. Always get them to double check their emails and lean on their or phishing awareness training they could be letting cyber criminals gain access to your confidential data that is part of the business network.

—————————————————————————————————————————–

Contact Neuways for Network Security For Businesses

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today.

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Phishing Awareness Training
How To React To The Rise In Quality of Phishing Attacks
Be Cybersafe, stay informed, stay vigilant, and let Neuways help you build a strong and secure defence...
Read More
IT Support issues can be resolved by working with companies like Neuways
IT Support issue caused Cornwall Hospital Disruption - Not Cyber Attack
IT Support issues - It's all about backup protocols. These Issues caused disruption in Cornwall. but...
Read More
Neuways explain how to help move IT offices seamlessly.
How to seamlessly move offices without your IT being affected
Moving offices as a business does not have to be complicated. Make life easier for your team by enlisting...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Become Cybersafe: Listen to our Cybersafe Digest Podcast
As leaders of businesses and companies, the weight of safeguarding your company’s assets, reputation,...
Read More
Use a password manager tool like the ones recommended from Neuways
Best thing about using a Password Manager tool
When using a password manager tool, you can store all your login details in one accessible place. It's...
Read More
Cyber Security Representation
The Critical Need for Businesses to Strengthen Cyber Security in the Age of AI
Businesses must take note of the dangers of AI and Cyber Security. In our latest blog we explain the...
Read More
IT Support in Derby from Neuways
What Questions should you be asking your IT Support Provider?
Choosing the right managed IT service provider (MSP) is crucial for your business’s success, and...
Read More
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name