Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Neu Cyber Threats

Wormable, Zero-Click Vulnerability in Microsoft Teams

Malicious hacking attacks could be covertly carried out on Microsoft Teams via a remote code execution flaw in the desktop app. A novel cross-site scripting (XSS) vulnerability at the ‘teams.microsoft.com’ domain could be triggering the issue. If this is abused it could allow hackers to breach a system.

Teams has been a massive plus for businesses this year, as many have moved to remote working. Microsoft’s collaborative tool has upwards of 115 million daily active users and is proficient at bringing employees together, through instant chat, file storage and sharing and videoconferencing capabilities. This issue can be launched as simply as an attacker sending a specially written message to any Teams user or channel, to launch a successful exploit that runs in the background, without the user noticing anything.

But, not only does the exploit give attackers full access to victim’s devices, but their company’s internal networks, too. This could lead to confidential conversations and files being seen. Microsoft have issued an update that has removed the vulnerability as a threat, so ensure your business has updated its Teams app, to avoid any breaches by cyber criminals.

Zoom Impersonation Attacks Aim to Steal Credentials

Neu Cyber Threats

Phishing attacks have been circulating as cyber criminals attempt to steal Zoom credentials from recipients. Circulating through email, text and social media messages, Zoom’s logo is used alongside a link to clickthrough and enter account details.

The message tells recipients that they have missed a meeting or that they need to re-activate their suspended accounts, and to sort the problem, they need to ‘login’ to an official-looking website. When a user clicks and enters their email and password, they have, in fact, given away their critical account information to cyber criminals. This could give criminals access to sensitive files, intellectual property data and financial information shared via the service – as well as the potential for social engineering attacks using the victim’s contacts.

There have been over 2,000 false Zoom domains registered this year, as the collaborative platform has seen a massive rise in its overall usage due to the COVID-19 pandemic. Potential victims can protect themselves from these scams, by checking the sender’s information. Zoom.com and Zoom.us are the only official domains used by Zoom, so emails from any others are false. Additionally, you should never open links from unsolicited emails.

Visit Neuways’ Phishing Awareness section for further tips to keep your business safe from phishing campaigns.

Neu Cyber Threats

Cybercriminals Already Targeting, Selling Leaked GO SMS Pro Data

Cyber criminals are selling stolen data mined from popular messaging application, Go SMS Pro. We previously covered the story that users of Go SMS Pro found media they sent to a desired user had been stored on a publicly accessible URL.

Worse still, the URL could be easily guessed as it does not require authentication to be shared. Minor scripting can be used to target these essentially public files and exfiltrate them. Threat actors are publicly sharing tools and scripts that exploit the bug – leaving a user’s privately shared data available for all to see. While the developers of the app have since attempted to patch the application, the problem still remains. Initially, the option to share media was disabled, but upon it being re-enabled, the media did not deliver to the recipient.

We would again recommend using an alternative messaging application, to avoid cyber criminals harvesting and selling any media shared via Go SMS Pro – with data like driver’s licenses and legal documents among user media being sold.

TrickBot malware continues to be updated and cause trouble

Neu Cyber Threats

The notorious malware has a new functionality that has been discovered, which allows it to re-write firmware vulnerabilities. Attackers can also read, or erase an infected device’s firmware.

The new functionality is called TrickBoot – and the ability for attackers to affect firmware in such a way is startling. Firmware level threats carry unique strategic value for attackers. By affecting and implanting code in firmware, attackers can ensure their code is the first to run on a system, rather than the intended code. Bootkits can follow, and control how the operating system is booted, or even be directly modified to gain complete control over a system, subverting higher-level security controls.

If any malware is detected on your system, it is recommended to wipe the machine and restore your systems from a backup. This makes having a fixed Business Continuity and Disaster Recovery plan key for businesses. By having one in place, you are not planning to fail, but to recover from any kind of setback. This not only applies to cyber attacks, but physical disasters like a flood or fire. Limiting your downtime or any kind of disruption is imperative for businesses to continue to thrive and not suffer any financial setbacks.

Neu Cyber Threats

Cybersecurity Threat: Egregor Ransomware

Clop ransomware is continuing to bombard businesses with cyber attacks. The ransomware, discovered in 2019, was recently found lingering in a South Korean retail giant’s systems, but has been affecting many business’ operations around the world over the past 12 months. To remain hidden, Clop’s main goal is to encrypt all files within an enterprise and request a payment to decrypt them.

This tactic is called “double extortion”, which sees stolen data, if the victim refuses to pay the ransom demanded of them, made publicly available on underground criminal forums. The ransomware is one of many used by cyber criminals to take advantage of an increase in remote working.

Clop finds its way into business’ systems through email phishing attacks. Neuways’ advice is to remain cautious of any communications you receive. Spam emails are usually poorly written, have slightly-off branding and use emotive messaging encouraging urgent action. If cyber criminals can appeal to your human nature and before you know it they could have access to your systems.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.