Welcome to the latest edition of the Cybersafe Cyber Threats Update, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online. Being aware of these cyber threats helps UK companies to gain cyber essentials certifications and keeps employees on alert for potential danger.

Here are the most prominent threats which you should be aware of:

NCSC Sounds Alarm Over Private Branch Exchange Attacks

The UK’s National Cyber Security Centre (NCSC) recently sounded the alarm for smaller organisations, cautioning them about potential vulnerabilities lurking within their private branch exchange (PBX) phone systems. PBX systems serve as internet-connected private telephone networks, facilitating the management and routing of incoming and outgoing calls. While these systems often boast features tailored for business operations, such as call forwarding, voicemail, and conference calling, the NCSC’s latest advisory underscores the risks associated with improperly configured setups.

In a recent blog post, the NCSC highlighted the possibility of remote attackers exploiting the internet connection of inadequately secured PBX systems. Such exploitation could manifest in various forms of cyber crime, including dial-through fraud and the utilisation of compromised PBX systems in denial-of-service (DoS) attacks against other entities. To counteract these cyber threats, the NCSC has rolled out fresh guidance to assist organisations in mitigating PBX-related risks, regardless of whether they opt for managed cloud-based solutions or maintain on-premises systems. If you need help to strengthen your cyber security defences then you can take a look at Neuways’ Managed Cyber Security Service and get in touch with our dedicated cyber security team.

The NCSC’s Economy and Society Team emphasised the importance of implementing robust security measures, such as enforcing strong passwords and safeguarding administrator accounts through multi-factor authentication (MFA). Additionally, organisations are advised to scrutinise PBX contracts carefully, ensuring clarity regarding security responsibilities to prevent inadvertent financial repercussions. Business owners have been urged to consider limitations on call types or the restriction of call forwarding to off-premises numbers as potential safeguards.

Overall, the NCSC’s guidance serves as a timely reminder for SMEs and SMBs to safeguard their PBX systems against emerging cyber threats, thereby strengthening their overall cyber security posture. To do this, simply get in touch with our team today.

Reputable organisations targeted in Cyber attacks

It has been highlighted that the recent disruption faced by several prominent UK universities, notably the University of Cambridge and the University of Manchester, was due to a Distributed Denial of Service (DDoS) attack attributed to a hacktivist group. These attacks, which targeted the Janet Network utilised by researchers, were accompanied by a claim from the cyber attackers citing grievances against the UK government’s support for certain military actions abroad.

The University of Cambridge’s Clinical School Computing Service reported the impact of the attack, including intermittent internet access and disruptions to student IT services like CamSIS and Moodle. While the cyber attack primarily affected connectivity, with subsequent stabilisation efforts reported by affected institutions, the incident underscores the susceptibility of esteemed educational institutions to cyber threats. Organisations of all sizes need to be aware of these cyber threats as it helps to protect businesses. Having the right cyber security frameworks and awarenesses in place helps businesses to gain cyber essentials certifications in the UK, which provide credibility

Furthermore, the targeting of UK universities reflects a broader trend of escalating cyber attacks against renowned institutions in the country. The British Library, for instance, is still in the recovery phase following a ransomware attack in September 2023. Experts have noted the ongoing restoration efforts at the University of Cambridge’s Library, emphasising the critical need for heightened cyber security vigilance in businesses in the face of evolving cyber threats.

Experts emphasise the attractiveness of universities as soft targets for threat actors, particularly amidst the expanded threat landscape resulting from remote learning and increased connectivity. So if your business provides remote learning, then you need to take note of these cyber threats. Limited IT support (usually resolved by Managed IT Support), tight budgets, and the prevalence of standardised software in the education sector further exacerbate vulnerabilities, making universities susceptible to exploitation by cyber criminals.

As highlighted by research indicating a surge in cyber attacks against UK higher education institutions, including a concerning lack of cyber security strategies in many cases, the imperative for smaller businesses and those in the education sector to bolster their cyber security defences becomes increasingly evident. If you’re not sure whether your business could withstand a cyber attack, it is worth consulting with our cyber security team. Not only can we assess the existing infrastructure but Neuways are also able to help your business gain cyber essentials certifications in the UK.

Critical infrastructure software maker confirms ransomware attack

A recent cyber attack reported by BleepingComputer highlights the significant impact of cyber threats on critical infrastructure software makers. PSI Software SE, a German company specialising in solutions for energy suppliers all over the globe, including the UK. The confirmed ransomware attack on German-based PSI Software SE emphasises the disruptive potential of such incidents, leading to the shutdown of internal IT systems, including email services, to mitigate data loss risks.

Why this attack highlights the importance of Cyber Essentials Certifications

For businesses operating in critical infrastructure sectors like energy supply, the repercussions of cyber incidents extend beyond operational disruptions to potentially compromising sensitive data and posing systemic risks. The incident underscores the importance of robust cyber security measures to safeguard against evolving threats targeting vital infrastructure.

One proactive step businesses, particularly in the UK, can take to bolster their cyber security posture is obtaining Cyber Essentials Certification. This Certification, backed by the UK government, is a practical framework for implementing basic cyber security controls, helping organisations mitigate common cyber risks and enhance their resilience against cyber threats.

By adhering to the Cyber Essentials framework, businesses can implement essential security measures to protect against prevalent cyber threats, including ransomware attacks like the one experienced by PSI Software SE.

Cyber Essentials Certification demonstrates a commitment to cyber security best practices, fostering trust and confidence among customers, partners, and stakeholders. Achieving Cyber Essentials Certification can assist businesses in meeting regulatory requirements related to data protection and cybersecurity, ensuring compliance with industry standards and regulations.

The Certification can serve as a differentiator in competitive markets, signalling to clients and prospects that the organisation prioritises cyber security and takes proactive steps to safeguard sensitive information. Cyber Essentials Certification enables businesses to identify and address vulnerabilities in their IT systems and networks, reducing the likelihood of cyber incidents and mitigating associated risks.

Ultimately, the ransomware attack on PSI Software SE underscores the critical importance of cyber security for businesses operating in essential infrastructure sectors. Obtaining Cyber Essentials Certification offers tangible benefits by providing a structured approach to strengthening cyber security defences, enhancing resilience, and safeguarding against cyber threats.

As a business owner who wants to know more about cyber security, or invest in future-proofing your business, you can get in touch with Neuways today by following the details on our contact form.


Contact Neuways for Cyber Security For Businesses

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today. We’re based in Derby but we work with clients all over the UK and can travel for your needs.