Welcome to the latest edition of the Cybersafe Cyber Threats Update, on the 14th March. This is a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online. Being aware of these cyber threats helps UK companies to gain cyber essentials certifications and keeps employees on alert for potential danger.

Here are the most prominent cyber threats to businesses which you should be aware of:

Microsoft says Russian hackers accessed source code in cyber attack

Microsoft has reported a security breach by Russian hacking group Midnight Blizzard, also known as NOBELIUM. The breach involved unauthorised access to internal systems and source code repositories using stolen authentication secrets.

This incident follows a previous breach in January, where the group accessed corporate email servers through a password spray attack. The compromised test account lacked multi-factor authentication, allowing access to Microsoft’s systems.

In a stark warning to business owners, Midnight Blizzard exploited this access to steal data from corporate mailboxes, including those of Microsoft’s leadership, cybersecurity, and legal departments.

Microsoft suspects the hackers breached email accounts to gather information about their activities. Recently, the group utilised stolen data to access additional systems and source code repositories. Microsoft is reaching out to affected customers whose secrets were exposed and has heightened security measures to defend against further attacks. All business owners are encouraged to emphasise the importance of constant password changes to employees and to be extra vigilant with cyber security frameworks. Neuways have excelled at helping CEO’s and CFO’s to make their business become Cybersafe by helping them to implement these processes.

Midnight Blizzard has increased password spray attacks, underscoring the value of multi-factor authentication. The group’s actions highlight the ongoing threat posed by state-sponsored hackers like Midnight Blizzard, previously implicated in the SolarWinds supply chain attack. For more information on ensuring your business is Cybersafe, you can read our latest article.

Three-quarters of Cyber Incident victims are small businesses

A recent Sophos report revealed that small businesses bore the brunt of cyber incidents in 2023 making up over three-quarters of those affected. Ransomware, particularly from the LockBit group, dominated these attacks. LockBit accounted for 27.59% of minor business ransomware incidents handled by Sophos, surpassing other groups such as Akira and BlackCat.

The report highlights evolving ransomware tactics, including remote encryption and targeting macOS and Linux systems. Additionally, over 90% of cyber attacks reported involved data or credential theft. Nearly half of malware targeting small and medium businesses focused on data theft, with password stealers like RedLine and Raccoon Stealer being prevalent.

Stolen credentials hold significant value for cybercriminals, enabling various malicious activities such as social engineering attacks and accessing third-party services. Malware-as-a-service (MaaS) operators increasingly use SEO poisoning and web advertising to infect victims. At the same time, BEC attacks have become more sophisticated, involving conversations before sending malicious links or attachments.

The report underscores the need for heightened cybersecurity measures among small businesses as cyber threats evolve and diversify, posing significant risks to their operations and data security.

USB’s now proving to be popular method of cyber attack by nation-state threat actors

Nation-state cyber threat groups are once again turning to USBs to compromise highly guarded government organisations and critical infrastructure facilities.

These attacks exploit vulnerabilities in organisational security, often relying on unsuspecting employees. For instance, a power company employee unwittingly introduced malware into the corporate network by plugging in a seemingly harmless USB received in an Amazon package. USBs serve as a bridge between segregated networks, allowing malware to bypass traditional security measures.

USB-based attacks extend beyond individual organisations, as demonstrated by incidents where malware transmitted via USBs spread across multiple countries. Infections like Camaro Dragon and Raspberry Robin have facilitated ransomware attacks globally, underscoring the widespread impact of USB vulnerabilities.

Organisations can mitigate USB-related threats by implementing cyber security measures such as separating personal and work devices, enforcing strict removable device policies, and conducting regular security scans.

Additionally, critical infrastructure industries may need to implement more stringent measures like sanitation stations and physical barriers to prevent unauthorised USB usage.

Despite the challenges posed by USB-based attacks, organisations can enhance their security posture by adopting layered defence strategies and remaining vigilant against emerging cyber threats in the evolving cybersecurity landscape.


Contact Neuways for Cyber Security For Businesses

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today. We’re based in Derby but we work with clients all over the UK and can travel for your needs.