Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Dropbox

7 ways cyber criminals steal your passwords

Cyber criminals are forever trying to steal people’s passwords, and unfortunately, there are multiple methods by which they can do so. Here are 7 ways hackers could get hold of your password.

  1. Credential Stuffing – This is a method used to test lists or databases of stolen credentials to see if there’s a match. On estimate, tens of thousands of accounts are tested daily. The best way to prevent falling victim to this is to use a different password for all your accounts. However, this won’t protect your data from being stolen from a site with poor security.
  2. Phishing – Phishing is a social engineering method that tricks users into handing over their credentials to what they think is an authentic source. Around 70% of hackers use Phishing as there way first attempt at hacking. The details collected are sold on the dark web or kept for personal use.
  3. Password Spraying – This method uses a list of commonly used passwords against user accounts, this amounts to 16% of password attacks.
  4. Keylogging – Keyloggers record the strokes you type on your keyboard as a way of getting their hands on your credentials, this method is often used in targeted attacks. This attack, therefore, is unaffected by how strong your password is.
  5. Brute Force – Hackers run an algorithm against encrypted passwords, which cracks the password and reveals it to the attacker. The best way to avoid this is by using passwords of a sufficient length, such as 16 characters or over.
  6. Local Discovery – This is where you physically write down your password somewhere it can be seen or found. Hackers can then use this to access your credentials without you knowing.
  7. Extortion – This is perhaps the most frightening as this involves hackers demanding you give up your credentials; otherwise, they will do something you do not like, such as means to harm or embarrass you.

Hackers exploiting ChatGPT to steal data using malicious codes

AI-driven ChatGPT, used to give answers to humans, is now being exploited by cyber criminals to develop malicious tools that can steal victims’ sensitive data. The first siting of this was discovered by Check Point Researchers who warned users of the fast-growing popularity of ChatGPT with cyber criminals, these hackers are scaling and teaching criminal activity through the platform.

It’s thought the popularity comes as the platform acts as a good starting point for writing malicious code, speeding up the process. Unfortunately, although developed to help developers write code, it’s now been used for criminal activity.

In December 2022, a thread named “ChatGPT” appeared on an underground forum detailing how the publisher was experimenting with ChatGPT to recreate malware strains and techniques, showing how the platform can be exploited.

Royal Mail urges customers to avoid sending post overseas following a cyber incident

The postal service is temporarily unable to send mail overseas due to a cyber incident they have not yet confirmed as a cyber attack due to the cause being unknown at this point in time. The incident has also affected post coming into the UK from overseas; however, domestic post is unaffected.

The incident has been reported to the UK’s cyber intelligence agency and police. Customers are currently awaiting updates on the issue with Royal Mail said to be “working around the clock” to resolve the disruption.

The computerised systems used for sending letters overseas has been severely disrupted, leading to a backlog of post unable to be processed. This system is used in six sites, one being the enormous distribution centre in Heathrow, Slough.

Royal Mail has been cautious about giving away too much information regarding the issue and immediately called in the National Cyber Security Centre and the Information Commissioner’s Office, which are whom you’d normally contact in the event of cyber attack.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.