Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Large Scale AiTM Phishing attack on over 10,000 organisations.

Last week, Microsoft disclosed many phishing attacks on organisations since September 2021 through hijacked Office 365 accounts that are even protected by MFA (Multifactor Authentication).

An AitM (Adversary-in-the-middle) phishing site is set up, and the attacker will then deploy a proxy server making the intended target connect to a lookalike page designed to harvest the login credentials and MFA token.

Although AitM attacks look to circumvent MFA, it is vital not to underestimate the importance of MFA as it prevents several other attacks and is simple but effective for security. Educating your staff on how to spot phishing emails and what signs to look for is essential. Use tools like KnowBe4 training that provides Managed Security Awareness Training and sends simulated phishing emails.

Neu Cyber Threats

Nation State Hackers target small and medium Businesses

North Korea emerges as a threat cluster to target Small to Medium organisations with a strand of ransomware called H0lyGh0st. This strand has seen a large increase in infection since September 2021.

The group uses known vulnerabilities within organisations to execute remote code and allow lateral movement and the ability to pull down payloads to run the ransomware. Once the ransomware is running, the files and folders become encrypted and unusable. A ransom is then requested, which can vary around 1.2 and 5 BTC.

The group will also exfiltrate data which will be dols on the dark web if the victim does not pay the ransom. This group has become more apparent since the rise of ransomware attacks and groups even after the COTI halted operations after their large leak.

Some of the current large-scale ransomware groups consist of LockBit, Hive, Lilith, RedAlert and 0mega.

UK’s Largest Social Landlord hit by Cyber Attack

The Company Clarion Housing, based in Plymouth, suffered a large-scale cyber attack. The organisation responsible for thousands of households within the UK found themselves unable to receive phone calls, emails and more.

Due to this issue, tenants could not report faults, pay rent or even transfer details for house sales. This resulted in significant disruption for both the organisation and the tenants, which the organisation has not yet fully recovered from.

This is why it is crucial to ensure your cyber security policies and incident response plans are implemented and practised.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.