Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

It’s patch Tuesday!

Microsoft has released its latest batch of security updates for windows machines; this patch addresses 84 new security flaws spanning a multitude of products.

Of the 84, 4 are rated as critical, and 80 are rated important in their severity level. This patch also resolves two bugs within the Chromium-based Edge browser, one of which rectifies a zero-day vulnerability that was being exploited in the wild.

Security patches are important to apply as they rectify many known vulnerabilities and offer better levels of security; this can be done manually or by allowing the tool to automatically update.

Some other vendors that have released patches include:

  • Adobe
  • AMD
  • Android
  • Apache Projects
  • Cisco
  • Citrix
  • Dell
  • Fortinet
  • GitLab
  • Google Chrome
  • HP
  • Intel
  • Lenovo
  • Linux distributions;
  • Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
  • MediaTek
  • Qualcomm
  • SAP
  • Schneider Electric
  • Siemens, and
  • VMware
Neu Cyber Threats

Wiper attacks on the rise!

What exactly is a wiper attack? Unlike ransomware, where it encrypts your data so it cannot be read, wiper just removes it, making it inaccessible. There are two types of wiper attack approaches. The first is where they will exfiltrate the data, which will then be held for ransom or sold on. The second is where the intentions are to just cause damage to the infrastructure. So unlike ransomware, the victim has no ability to try and decrypt or seek assistance to get files decrypted.

So why the rise? There has been a vast amount of wiper attacks within the conflict between Russia and Ukraine; some successful and others not; these attempts have shown how impactful wiper attacks are in causing destruction and panic.

To best protect your organisation, it is essential to educate your staff on how to spot phishing attempts and ensure you use a reputable ant-virus. It is also vital to ensure you have a secure backup in place should you fall victim; it is ideal to follow the 3-2-1 of backups. There should be three copies of data on two different media sources, with one copy being off-site.

British Army Hacked!

The British Army saw their social media accounts become compromised towards the start of the month; whilst it is not clear how the hackers managed to gain access to the Twitter and YouTube accounts, it is clear that it had been done. The account was seen posting and retweeting links about NFT (non-fungible token), a form of electronic artwork used for investments.

The accounts were quickly recovered and back in the hands of the Army. A spokesperson said, “Whilst we have now resolved the issue, an investigation is ongoing, and it would be inappropriate to comment further.” The Army has also stated that it takes cyber security very seriously.

It is important to ensure all areas of your organisation’s cyber environment are as secure as possible; this includes social media accounts. Have a list of all users that have access to this content so that if they leave, they can be removed. Enabling MFA for all users that access the account. Make sure you use a strong, complex and unique password for the accounts.

Social media accounts can be easy targets for attackers, so make sure yours is not.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.