Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Neu Cyber Threats

UK SMEs lack capacity to fend off cyber attacks

New research has highlighted the sheer lack of capacity among UK SMEs to protect themselves from the barrage of cyber attacks they are being hit by at present. The statistics gathered from the SME owners surveyed portrays a business landscape with not enough cyber security knowhow to ensure that businesses are adequately covered and protected from cyber criminals who have stepped up their efforts to attack businesses over the last 18 months.

Researchers polled over 500 small and medium-sized enterprise (SME) owners and leaders across the country last month. They found that just under three-quarters – 73% – of respondents thought their workforces could not fend off a cyber attack if they were faced with one. While, just over one-third – 39% – felt overwhelmed by the number of alerts received from their existing security solutions. 55% said they regularly de-prioritised cyber security issues in favour of continuing core business activity – while failing to acknowledge that by not making cyber security more of a priority they are putting their business at a huge risk of suffering downtime.

With cyber attacks, such as ransomware, growing more advanced by the day, organisations that fall victim to cyber attacks are experiencing short-term financial and operational impacts, as well as reputational damage from their customers and partners. Being able to identify and mitigate cyber security risks has become an essential function for all organisations, but finding the talent, tuning the tools and developing the internal process is a significant challenge for even the largest well-resourced organisations.

One of the ways SMEs can get help is through working with a dedicated MSP, such as Neuways. The knowledgeable experts at Neuways will be on-hand to deliver IT solutions that suit your individual business, as well the opportunity to be serviced in the event of any cyber attacks or IT inconveniences. Neuways, in particular, can help with larger-scale projects, such as ERP business systems, that enable a business to achieve growth and take them to the next level.

Dell security bugs could affect millions of devices around the world

Neu Cyber Threats

Four separate Dell security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism. The fault can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on some 30 million Dell devices around the world.

The bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers. The bugs allow privileged network adversaries to circumvent Secure Boot protections, control the device’s boot process, and subvert the operating system and higher-layer security controls.

Specifically, the issues affect the BIOSConnect feature, which is used to perform remote OS recoveries or update firmware on the device, within Dell SupportAssist. Technology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures. This is primarily a great user feature, but any vulnerabilities in these processes, such as those seen here in Dell’s BIOSConnect, can have serious consequences.

The report noted that the specific vulnerabilities allow an attacker to remotely exploit the firmware of a host and gain control over the most privileged code on the device. This combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future.

Dell has now pushed out patches for BIOS on all of the affected systems, Neuways would advise all Dell users to ensure they have correctly installed these patches. Failure to do so could result in cyber criminals taking advantage and hacking the devices. This is generally a great rule of thumb for businesses who are wondering what they could be doing to avoid cyber attacks: update your software and hardware to ensure cyber criminals don’t attack certain vulnerabilities.

Cyber criminals using COVID-19 to target businesses

Cyber criminals are utilising the Agent Tesla remote access trojan (RAT) pushing it out via a phishing campaign that uses a COVID-19 vaccination schedules as a lure. This is not the first time, nor will it be the last time that the pandemic will be used by nefarious criminals to try and catch out businesses and companies for monetary gain.

Researchers identified the RAT as targeting Windows machines through emails with malicious attachments. The body of the emails take a business approach and ask recipients to review an “issue” with their vaccination. By asking the victim to engage with the phishing email by clicking on the link supplied, they are exposed to Agent Tesla. This particular RAT has been known for at least seven years, beginning its run mostly as a password-stealer. However, new variants have recently emerged with modified modules that give the RAT stronger detection-evading abilities and better data theft. It’s now used frequently in phishing campaigns seeking to steal not just user credentials but also other sensitive information.

The updated password-stealing capabilities and security-dodging techniques paired with the malware distribution-as-a-service business model have proven highly profitable for the cyber criminals operating it. In the current spate of attacks, the malicious attachment is a document which exploits the known Microsoft Office vulnerability which tracks as CVE-2017-11882, a remote code-execution (RCE) bug stemming from improper memory handling. Once opened, the document downloads and executes Agent Tesla malware.

CVE-2017-11882 was among the most exploited software vulnerabilities between 2016 and 2019 – as they hunt for outdated and unpatched software that could be easily compromised. Once executed, Agent Tesla sets about gathering information from the victim’s system, and hoovering up credentials and other sensitive data. It sends the stolen information back to the attackers via the SMTP protocol, back to an email account registered in advance by the attackers.

The messaging is to take advantage of trends in many countries, as more and more of the wider population are vaccinated. Communications that businesses are having with their employees are being spoofed by the cyber criminals, as they look to exploit the remote working policies and procedures that most organisations still have in place.

The good news is, this type of campaign is easy to avoid, and can be easily prevented with good cyber-hygiene. By never clicking open links or attachments in unsolicited emails and running macros automatically in Microsoft Office documents, users are going a long way to securing their networks. Companies still need to consider giving their employees comprehensive Phishing Awareness Training that will help them cope with the increasing onslaught of malicious emails landing in employees’ inboxes. This is primarily down to the fact that while an organisation’s anti-virus program might catch the malicious attachment, the reality is that it might well fall to employees themselves to thwart this kind of attack.

Microsoft corporate networks targeted to gain access to organisations

The cyber crime group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to specific organisations. Microsoft officially announced the attacks after an was obtained which was sent to customers explaining that the threat group Nobelium stole customer service agent credentials to gain access and launch attacks against Microsoft customers.

Microsoft said: “The Microsoft Threat Intelligence Center is tracking new activity from the Nobelium threat actor. Our investigation into the methods and tactics being used continues, but we have seen password-spray and brute-force attacks. All customers that were compromised or targeted are being contacted through our nation-state notification process.”

Nobelium is the internal Microsoft name for the group believed to be behind the SolarWinds attacks, which also goes by APT29, Cozy Bear and The Dukes. No matter the moniker, the group has been designated by the U.S. government as working with the Russian government. The Microsoft Threat Intelligence Team found the customers are split throughout the world.

As well as password spraying and brute-force attacks, info-stealer malware was also identified as being aimed at specific customers. This has primarily been used to try and steal account information for users. The highly-targeted attacks show that the cyber criminals involved at Nobelium have done their homework and it is an informed attack. As Microsoft continues to track down this latest breach, companies need to look beyond basic password protections.

Selecting passwords that are both strong and unique to each site or application can be daunting but there are password managers, such as Keeper, that can ease the burden. However, the biggest security improvements businesses can make come from implementing multi-factor authentication (MFA) for all of its accounts. Following these levels of defences by limiting access to only those who need access and continuous monitoring is critical. By looking out for things like credential stuffing attacks against them, businesses are keeping their networks as secure as possible.

This level of attack shows that cyber criminals are targeting businesses and organisations of all shapes and sizes, as well as SMEs, they are going for large-scale multi-nationals too. Put simply, no one is safe from cyber criminals, everyone must be aware and ensure that they are following the best policies and procedures to stay safe and avoid a damaging attack from criminals.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.