Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Neu Cyber Threats

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Hundreds of millions of Dell devices, including desktops, laptops, notebooks and tablets, are potentially affected by security flaws in Dell’s firmware update driver. The bugs have gone unnoticed for 12 years, and could allow cyber criminals the ability to bypass security products, execute code and laterally move to other parts of a business network.

The multiple local privilege-escalation (LPE) bugs exist in the firmware update driver version 2.3 (dbutil_2_3.sys) module, which has been in use since 2009. The driver component handles Dell firmware updates via the Dell BIOS Utility, and it comes pre-installed on most Dell machines running Windows.

Hundreds of millions of Dell devices have updates pushed on a regular basis, for both consumer and enterprise systems. Researchers reported that the flaws allow adversaries to escalate their status from non-administrator user to having kernel-mode privileges.

Dell has issued patches, available in Dell Security Advisory DSA-2021-088. However, SentinelLabs noted a potential issue.

“Note that the certificate was not yet revoked (at the time of writing),” researchers said. “This is not considered best practice since the vulnerable driver can still be used in a BYOVD attack as mentioned earlier.”

Neuways recommend contacting your Managed Service Provider to discuss whether or not your business Dell devices are at risk.

Bait Boost: Phishers Delivering Increasingly Convincing Lures

Neu Cyber Threats

Researchers are predicting that cyber criminals will introduce innovative twists on existing spear-phishing tactics. For instance, mobile banking scams aren’t anything new, however, attackers have developed a couple of new approaches.

In one example from Q1 2020, clients of several banks received a fraud email which prompted them to scan a QR code to “unlock” mobile banking. However, instead of being directed to mobile banking, they were taken to a web page loaded with malware.

It is just one example of a recent wave of QR codes which are becoming increasingly used for threat actors, especially since the pandemic. They have been used to access menus, check in for vaccines and get public information. Another banking scam delivered a fake newsletter posing as legitimate correspondence from a bank with COVID-19 updates, but instead delivered a scam Outlook sign-in page – whic attempted to harvest the user’s credentials.

This in addition to other types of phishing lures, including offers of government payouts, intended to steal credit-card information and personal data, as well as a focus on COVID-19 vaccinations, targeting people all around the world. Business’ employees, as well as the general public, are getting better at spotting scams, which is leading cyber criminals to pivot and alter the way they attack victims. This is especially important to gather the information cyber criminals desire the most – corporate usernames and passwords.

To get these login details, attackers try to give their emails a respectable look, disguising them as messages from business tools and services. By trying to blend in and pretending to be Microsoft, for example, scammers calculate that the user will be persuaded to follow the link and enter data on a fake page.

Researchers have observed a malicious link being delivered through Microsoft Planner, and in Russia, they discovered an email posing as a message from an analytics portal support team. Both asked for corporate-account credentials.

Additionally, scams that see cyber criminals asking for a tiny amount of money, as opposed to a larger amount too. In one example the team gives, the criminals only asked for 1.99 Rubles (less than a penny). The idea being that users would be less averse to paying a small amount than a larger one, which means more potential victims willing to enter card details on the false site.

Neuways advises everyone to be wary of any unexpected emails they receive. If you encounter any of the new twists on phishing campaigns, then try and remember to not just click a potential URL you are sent. Send any malicious-looking email to your Managed Service Provider and they will be able to confirm if cyber criminals have sent you the communication or not.

Ryuk Ransomware Attack Sprung by Frugal Student

Ryuk is back again. Cyber criminals are inserting the ransomware into downloads of unlicensed software. This is in addition to compromising companies’ VPNs and collaboration software, as they try and take advantage of business’ whose employees are remote working.

Cracking software has led to the evolution of threats such as remote-access trojans (RATs) and cryptocurrency stealers as cyber criminals work to make their tools slip through defences more easily. Cracked apps in and of themselves can also be blank spaces to fill with malware – that the unsuspecting user could end up transferring to their business network.

A recent example of a student downloading free software saw a business brought to a halt for a week. Once installed, the cracked copy of the software installed an info-stealer that went to work logging keystrokes; stealing browser, cookie and clipboard data; and more. The keylogger also stumbled across the student’s access credentials for the business’ network. 15 days later, and a remote desktop protocol (RDP) connection was registered on the business’ network using those stolen credentials.

One of the features of RDP, is that a connection also triggers the automatic installation of a printer driver, enabling users to print documents remotely. In this instance, the RDP connection used a Russian-language printer driver that was likely to be a rogue connection. Ten days after the RDP connection was made, Ryuk was triggered.

Neuways advises businesses to ensure security measures are in place to avoid any unlicensed software interrupting their networks. Some of the crucial security policies that should be put in place include:

  1. Enabling multifactor authentication (MFA), where possible, for anyone required to access internal networks, including external collaborators and partners
  2. Have a strong, password policy in place for everyone required to access internal networks
  3. Review and install security software on all computers
  4. Limit the use of admin accounts by different users as this encourages credential-sharing that can introduce many other security vulnerabilities

Major U.S. Pipeline Crippled in Ransomware Attack

And finally, a ransomware attack has devastated pipeline activities for the Colonial Pipeline Co., which supplies the East Coast of the United States of America, with roughly 45 percent of its liquid fuels. This huge attack shows the devastating effects ransomware can cause on a large scale.

On 7th May 2021, the company discovered it had been hit by a ransomware attack and as a precaution took key systems offline to avoid further infection. While this contained the threat, it halted all operations, including that of its IT systems, affecting SEVENTEEN of the country’s states in the process.

This latest ransomware attack comes amid a real surge in attacks on businesses, of all shapes and sizes, across a wealth of industries. In 2020 alone, the number of ransomware attacks grew by more than 150 percent, according to a Group-IB report. The scourge has also prompted coordinated global efforts to combat ransomware.

Last month, a coalition of 60 global entities, proposed a sweeping plan and a ransomware task force to hunt down and disrupt ransomware gangs by going after their financial operations. The UK is one of a number of nations that have increased their cyber security defence budget, to combat cyber threats that are bombarding the world at the moment.

As always, the advice from Neuways to businesses who are worried about ransomware attacks, is to plan and prepare for the worst. By implementing a Business Continuity & Disaster Recovery plan, companies can protect themselves in the event of the worst case scenario. Detailed backups will allow businesses to get back to work with as little downtime being incurred as possible – saving them time, money and, in some cases, their livelihood.

Call the business technology experts at Neuways on 01283 753333 or email hello@neuways.com to discuss your business’ options, today.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.