Search
Close this search box.

Become Cybersafe – 4th April

Table of Contents

Welcome to the latest edition of the Cybersafe Cyber Threats Update, from the 4th April 2024. This is a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online. Being aware of these cyber threats helps UK companies to gain cyber essentials certifications and keeps employees on alert for potential danger. If you need help with Cyber Security, contact Neuways to become Cybersafe.

Here are the most prominent cyber threats to businesses which you should be aware of:

WatchGuard highlights huge increase in malware attacks

In the fourth quarter of 2023, WatchGuard reported a significant increase in malware tactics, highlighting the ongoing global cyber crime pandemic. Malware detections surged by 80%, with diverse tactics observed primarily in the Americas and Asia-Pacific regions. Threat actors utilised encrypted connections for approximately 55% of malware instances, while zero-day malware detections rose to 60%.

Among the top malware detections were variants redirecting users to malicious links and loading DarkGate malware. Exchange server attacks accounted for four of the top five network attacks, emphasising the need to reduce reliance on local email servers. If you think your business needs help with this, contact our Cyber Security team today,

Additionally, cyber attack commoditisation continues with offerings like Glupteba and GuLoader, offering sophisticated capabilities such as cryptocurrency mining. Despite a 20% decrease in ransomware detections, ongoing law enforcement efforts are attributed to this decline.

Cyber criminals’ escalating tactics highlight the critical importance of robust cyber security measures for organisations worldwide. Business leaders and employees need to stay aware of the new tactics that are being employed by cyber criminals so that the risks and dangers to businesses are minimised.

Cyber threats are important to be aware of, so subscribe to our newsletter to stay aware. Be aware. Be Cybersafe.

Another Global organisation suffers reputational damage – a warning to business owners

The OWASP Foundation, a leading software security nonprofit, alerted its members to a potential data breach affecting individuals affiliated with the organisation from 2006 to 2014. The breach involved the exposure of approximately 1,000 decade-old resumes stored on an old Wiki server. OWASP, with over 250 chapters worldwide and tens of thousands of members, discovered the breach in late February.

Although it needs to be clarified if the resumes had duplicates, the foundation’s Executive Director believes external access to the server was limited. The exposed directory was unindexed and separate from the organisation’s Wiki installation, making locating it challenging. OWASP advised former members who submitted resumes during the specified period to assume their information was compromised.

The organisation has taken steps to mitigate the breach, including disabling directory browsing, removing the resumes from the site, and requesting removal from web archives. OWASP emphasised that affected individuals need not take action as they’ve removed the information but cautioned against potential scam attempts using the exposed data.

Acknowledging the breach’s significance, OWASP pledged to review its data retention policies and implement additional cyber security measures to prevent future incidents. Cyber attacks and hacks can cause damage to a company’s reputation, as customers begin to lose faith and trust. Whilst many organisations are able to recover, it does take a long time and it is so important that business leaders invest in cyber security, meaning they are able to get ahead of the cyber attacks and be proactive, rather than reactive.

Poor Cyber Security resulted in critical data breach

A report revealed critical security failures at Microsoft, leading to a major breach in summer 2023 by China-linked threat actor Storm-0558. The breach compromised Microsoft Exchange Online mailboxes of 22 organisations and over 500 individuals, including government officials. CSRB Chair Robert Silvers condemned the breach as preventable, citing a cascade of cyber security failures at Microsoft.

The report highlighted Microsoft’s inadequate cyber security culture and controls, noting the company’s failure to detect the breach and slow response after discovery. Microsoft’s delay in updating its systems and inaccurate public statements further exacerbated the situation, leaving customers unable to assess their risk accurately.

Storm-0558 exploited authentication tokens signed by a stolen key, providing remote access to multiple systems. Despite the key’s expiration in 2021, Microsoft failed to invalidate it until 2023, after the breach. CSRB criticised Microsoft’s corporate culture, urging a top-down review and fundamental security reforms. Business leaders need to take note of how important cyber security is for all organisations of all sizes.

Recommendations include deprioritising feature development until security improvements are made, enhancing security logging and forensics, and improving transparency about data breaches. Microsoft acknowledged the challenges and pledged to mitigate legacy infrastructure, improve processes, and prioritise security. The incident underscores the escalating cyber threats, emphasising the need for proactive cyber security measures and continuous vigilance in the face of evolving risks.

Contact Neuways to become Cybersafe

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today. We’re based in Derby but we work with clients all over the UK and can travel for your needs.

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Work Password Example - why you need a password manager
The most hacked passwords in 2024 and how to protect yourself
These are the most hacked passwords in 2024, learn today how you can protect your business and foster...
Read More
Early patching in Cyber Security
The Importance of Early Patching
Combat against cyber threats with early patching in cyber security.
Read More
Zero Patch updates - Cyber security vulnerability spotted - Neuways urge businesses to act.
Biggest Microsoft Patch Tuesday in years fixes four zero-days, five critical bugs
Discover how the latest Microsoft Patch Tuesday update addresses 142 vulnerabilities, including four...
Read More
Cyber security offered by Neuways in Derby
Businesses pressing ahead with AI regardless of Concerns
Businesses are ignoring concerns re: AI for data tracking. Neuways advise on how to foster a cyber security...
Read More
Cybersafe
What is Credential Stuffing and how can it affect your business?
Defend your business against credential stuffing attacks thanks to Managed Cyber Security services from...
Read More
Cyber secure culture within the business
6 ways to foster a Cyber Secure culture within your company
95% of cyber security issues traced to human error. Here is how to foster a cyber secure culture within...
Read More
Apple devices holding company data could be a security flaw in your business. Photo by Aurich Lawson.
Why it's important to control what apps go into devices that hold company data
If you supply employees with work devices holding company data, managers need to be able to control what...
Read More
Beware of Fake Free WiFi netowrks.
Beware of Fake Free WiFi Networks
Fake free WiFi networks allow cyber criminals to gain access and steal personal data. Use a secure WiFi...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

We can help you conduct Cyber Audits to assess whether your business would gain Cyber Essentials and Cyber Essentials Plus Certification. Our dedicated departments work with your team to assess how much work is required before you gain Cyber Essentials Plus certification. We will then provide advice and consultation on what aspects you need to change within your business before providing a quote on how we can assist your company become Cybersafe.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. Our experienced business consultants have worked all over the world for organisations operating on a global scale. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name