Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


Neu Cyber Threats

Ransomware’s New Swindle: Triple Extortion

We all know that ransomware attacks are growing at apace – and so are the ransoms being demanded by cyber criminals. However, experts are now warning against a new threat — triple extortion. This sees attackers expanding out to demand payments from customers, partners and other third-parties related to the initial breach, to secure more cash.

A recent ransomware report found that over the past year, ransomware payments have spiked by 171%, averaging £220,000 — and that globally, the number of attacks have grown by 102%. The first case of triple extortion they observed in the wild was in October 2020, when a health clinic was breached. Even after the clinic paid the ransom, the attackers threatened patients of the clinic with releasing their therapy session notes unless they paid a set ransom, too.

This was followed up in February 2021, when the REvil ransomware gang started distributed-denial-of-service (DDoS) attacks and threatening phone calls aimed at their victims’ business associates — with calls to journalists to ratchet up the pressure to pay. These third-party victims are heavily influenced and damaged by data breaches caused by these ransomware attacks, even if their network resources are not targeted directly. Such victims are a natural target for extortion and might be on the ransomware groups’ radar from now on.

These recent incidents highlight the need for businesses to be vigilant against cyber attacks – not only to protect their own business interests, but that of their customers and suppliers. As well as causing them potential harm, or monetary loss, there is the reputational loss and damage that can break business relationships that have often been held for years.

To fend off the next ransomware gang attack, Neuways advises businesses not to drop their cybersecurity guard during out-of-hours. Researchers estimate that most ransomware attacks over the past year took place over weekends and holidays when people are less likely to be watching. Our other recommendations to ward off ransomware include regular patching of your computer equipment, user training to help spot spear-phishing emails, text messages and voicemails, as well as constant monitoring for infections related to malware such as Trickbot, Emotet, Dridex and CobaltSrike.

Apple’s ‘Find My’ Network Exploited via Bluetooth

Neu Cyber Threats

Apple’s “Find My Device” function for helping people track their iOS and macOS devices can be exploited to transfer data to and from random passing devices without using the internet, researchers have found. The issue is something that users of Apple phones for business purposes should be wary of.

A microcontroller and custom MacOS app can be used to broadcast data from one device to another via Bluetooth Low Energy (BLE). Once connected to the internet, the receiving device can forward the data on the device to an attacker-controlled Apple iCloud server.

Several used cases for the method — including the building of a network for internet-of-things (IoT) sensors, or as a way to deplete people’s mobile-data plans over time. The misuse of Find My Device in this way seems nearly impossible for Apple to prevent given that the capability is inherent to the privacy and security-focused design of the app’s offline finding system.

When used over Bluetooth, Apple’s Find My Device feature gives the user the ability to find their device or item over BLE — devices communicate among themselves using location beacons. The owner of the device receives location reports about their devices enrolled in Apple’s iCloud-based Find My iPhone or iOS/MacOS Find My app.

For people with sinister intent, the method could be used to exfiltrate data from business networks. It is also likely that cyber criminals might use Find My Device to deplete nearby iPhone user’s mobile data plans — although, the data capacity of broadcast messages sent on the system is not very large (in the kilobytes range), so this depletion would take a while.

Either way Apple users should be aware of this critical flaw in the app, and perhaps, should reconsider the viability of using it – given what could go wrong if cyber criminals with the right tools are nearby.

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack

A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people over the last few weeks. The fake app is being used as part of a sophisticated phishing campaign that also uses mobile phishing to steal user credentials.

The attack begins with a basic text scam, targets receive an SMS text asking them to pay “custom fees” to release a package delivery. If they fall for it and click, a message comes up asking them to update the Chrome app. By accepting that request the user is then taken to a malicious website hosting the illegitimate app, which, in reality, is the malware which is downloaded to their mobile devices.

After the supposed “update,” victims are taken to a phishing page that closes with some social engineering. The victim is asked to pay a small amount of money (usually £1 or £2) in a less-is-more approach – which is purely to harvest their credit-card details. Attackers know that we’re accustomed to receive all types of alerts on our smartphones and tablets. They take advantage of that familiarity to get mobile users to download malicious apps that are masked as legitimate ones.

The campaign combines an efficient phishing technique with malware and security-solution bypasses to make it a dangerous phishing campaign. All of the techniques used are not advanced, but combined they create a campaign that is hard to detect, that spreads fast and tricks many users. The fake Chrome app is used as a propagation method – once installed, it sends out more than 2,000 SMS messages per week from infected devices. The messages are sent out daily without the victim realising – although the recipient phone numbers are simply random, not from the victims’ phone books.

Meanwhile, the malware hides on mobile devices by using the official Chrome app’s icon and name, but its package, signature and version have nothing in common with the official app – although affected users will end up with two Chrome apps, with one of them being the fake one. Researchers believe victims could suffer from banking fraud, massive phone bills and credential theft as a result of the malware.

Neuways advises to always be aware of suspicious-looking text messages, as they are more than likely not from the purported sender. Do not click on random links you are sent, and always employ good password hygiene with your accounts.

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices

Security researchers specialising in WiFi bugs have unearthed a clutch of new ones, called FragAttacks, that affect the WiFi standard itself. Incredibly some of the bugs date back to 1997, meaning that computers, smartphones or other devices up to 24 years old may be vulnerable to attackers within WiFi range. If attackers are near enough, they could intercept the owner’s information, trigger malicious code, and take over the device.

Three of the vulnerabilities are design flaws in the WiFi standard itself and therefore affect most devices. Several other vulnerabilities are caused by widespread programming mistakes, with experiments indicating that every WiFi product is affected by at least one vulnerability.

Attackers can exploit the latest vulnerabilities in three different ways. By intercepting victims’ authentication credentials, abusing insecure internet-of-things (IoT) devices by remotely flipping a smart power socket on and off and by serving as a foothold to launch advanced attacks, particularly by hijacking an outdated Windows 7 machine inside a local network.

The researchers said that the design flaws aren’t being exploited now, nor have they been in the past. It took so long to discover some of the flaws, their thinking is that they haven’t yet been discovered. It is thought that it would take a “perfect storm” for attackers to take advantage of FragAttacks, as they need to be in radio range, an exploit requires misconfigured network settings, and adversaries need direct interaction with a user.

It’s critical that device owners implement proven WiFi security best practices to ensure that the vulnerabilities are not exploited in the future. End users and administrators alike need to be co-ordinated in their efforts to regularly patch connected devices, which include routers, IoT devices and smartphones. Routers can be set up to encrypt data, as well as employing good password hygiene and multi-factor authentication practices, too. Information such as your network ID shouldn’t be broadcast and it is worth double checking configurations are secure.

Call the business technology experts at Neuways on 01283 753333 or email hello@neuways.com to discuss your business’ WiFi options, today.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.