Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


Cyber Attack on NHS forces Emergency use of Pen & Paper

The NHS suffered a large-scale cyber attack which caused a major disruption within the NHS 111 services. The attack that happened last week, which was detected within a small number of servers by their IT provider Advanced, decided to isolate the entire health and care environment.

This decision was taken to prevent the spread of cyber attack. Still, it caused a significant disruption within the environment, resulting in using pen and paper to document phone calls within the organisation.

The services have since been able to get up and work but are currently running with contingencies. The source of the attack has not yet been confirmed. It is believed it was a result of a software issue. It is vital that all installed software is verified and sources from valid repositories. It is also essential to ensure that regular patching is completed within all software used within an organisation.

Neu Cyber Threats

These are the most impersonated software!

VirusTotal is a website used to collate and analyse known and unknown viruses and malware. It has revealed the most commonly impersonated applications that obfuscate malicious code within the impersonated file. Attackers use the reputation and appearance of known applications, increasing the chances of users installing their malicious software.

Impersonating another piece of software to make the user think they are installing legitimate software is nothing new and has been around for a long time. However, this method is still widely successful for attackers and provides easy access to systems and data.

According to VirusTotal, some of the most popular applications attackers choose to impersonate are 7-zip, Teamviewer, CCleaner, Microsoft Edge, Stream, Zoom and WhatsApp. To prevent the installation of malicious software, it’s vital to validate where the install files have come from and only use the vendor’s website. When searching on popular search engines like Google, ensure you access websites without the Ad as these could be impersonations of attackers’ sites.

If you are unsure where the file has been sourced, it is better to delete it and re-download it from a known source.

IoT Botnet Targets Linux Servers via SSH Brute-Force

A new IoT Botnet branded RapperBot has been discovered within the wild since mid-June.

“This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai,” a report from FortiGuard states.

The name has been provided due to an embedded URL within the code to a YouTube rap music video within earlier versions. Once the Botnet is created, it begins targeting Linux-based servers with a suspected 3,500 unique IP addresses, which are brute force attempted.

To reduce the impact of brute force attacks, there are several simple steps that can be taken. The use of MFA will create that extra layer of security which, even if the password is successfully attained, the MFA will prevent further access. Implementing a lock-out stage upon a defined number of unsuccessful attempts will reduce the number of attempts an attacker can make within short time frames. This can also be linked to alerts on identifying these unsuccessful attempts.

To make it harder to brute force a password, it is essential to ensure the use of complex passwords and keep them unique to every account. The use of password managers can help with this as they can generate unique and complicated passwords and store them securely, so you do not have to remember every single password.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.