Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Hackers exploit Zero-Day vulnerability in WordPress plugin

WordPress security company, Wordfence, has disclosed that a zero-day vulnerability in the premium plugin WPGateway. This vulnerability is being exploited to add malicious administrators to sites running the plugin. Tracked as CVE-2022-3180, with a CVVSS score of 9.8, this flaw has been reported on more than 280,000 sites with over 4.6 million attacks being blocked by WordPress.

This is not the only recent vulnerability in discovered in a WordPress plugin; the Backup Buddy plugin is also being actively exploited. This particular vulnerability may allow unauthorised users to download files that may contain sensitive or confidential information. The flaw, tracked as CVE-2022-31474, impacts versions 8.5.8.0 to 8.7.4.1. Version 8.7.5 was released on September 2nd 2022 which addresses this issue, but users must complete their updates to remain secure.

Wordfence has also disclosed some of the top attacking IP Addresses:

  • 195.178.120.89 with 1,960,065 attacks blocked
  • 51.142.90.255 with 482,604 attacks blocked
  • 51.142.185.212 with 366, 770 attacks blocked

Around 200k North Face customers have lost data in a recent breach

A credential stuffing attack has impacted North Face’s company data relating to 194,905 customers. Affected users should have been notified by the outdoor apparel company after unusual activity prompted an investigation into the company’s website.

Cyber criminals often exploit credentials from leaked databases in such attacks. Attackers reportedly had login and password information which means the criminals could access personal information such as addresses and contact details. This is a stark reminder of the importance not reusing credentials. Different login details for each of your accounts is crucial to maintain your personal security.

Data breaches are often sold to the highest bidder on the dark web which may further put your information at risk. Consequently, leaked usernames and passwords are exploited by threat actors who will often attempt to use these logins on different platforms. This is a further reminder of the importance of maintaining strong, unique passwords!

Neu Cyber Threats

The amount of hands-on cyber attacks has increased by 50% across the last year

Cyber security company CrowdStrike monitored 77,000 hands-on attack attempts between July 1st 2021 and June 30th 2022, which represents a 50% increase. The time for a cyber criminal to move between hosts within a victim’s environment also fell by 14 minutes to one hour and 24 minutes.

The increase in hands-on keyboard techniques for intrusive activity reflects the lucrative nature of the cyber crime industry. Furthermore, attackers are constantly refining and evolving their tools, methods and techniques for attack. This brings home the need to ensure your cyber security is sufficient and up to date.

Adopting a strong cyber security posture and having a cyber security framework in place is therefore becoming essential. Basic frameworks, such as Cyber Essentials can still help to protect your organisation from 80% of cyber attacks.

There has been a recent increase in the use of the devious malware, Gootloader

This malware was first identified in 2021 by security firm Sophos and exploits niche Google searches to infect a user’s computer. The malware distributes malicious code, such as ransomware, to encrypt files and only release them upon the payment of a ransom.

Legitimate businesses have their websites hacked and unwitting users are directed to these infected websites following an adversaries exploitation of Search Engine Optimisation (SEO) that answers a very specific question.

Often, the niche question being answered is irrelevant to the actual website it is found on, and users are then directed to a download link. This link will send a user a .zip file that appears genuine and thus tricks a user into opening it and infecting their device with a malicious JavaScript file. To mitigate this, users should be aware of .zip files containing JavaScript that purports to be a report or other document and block indicators of compromise in their firewall.

You should also set you anti-virus to block the below SHA256 hashes. This is the hashed version of the malicious file; blocking this will not immediately quarantine this file.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.