Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber-attacks, scams, frauds, and malware including Ransomware and DDoS, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

The UK’s National Cyber Security Centre (NCSC) has disclosed details of a major cyber attack on Zellis, a payroll services provider. The attack was facilitated by exploiting a vulnerability in Progress Software’s MOVEit file transfer application, which is widely used by organisations globally. As a result, customer data, including that of prominent companies such as the BBC, Boots, and British Airways, was compromised.

If you are a customer or a business that has an account with one of these companies, then please do ensure you have the necessary cybersecurity in place to deal with any potential breaches. The companies should contact your organisation if there are any issues that you need to be aware of.

What is happening with the cyber breach?

The NCSC is collaborating with Zellis to investigate and respond to the incident. Individuals affected by the breach are advised to follow the NCSC’s guidance on protecting personal information, while organisations are directed to Progress Software’s best practice advice to address the vulnerability.

An increase in supply chain cyber attacks

The NCSC emphasises the growing prevalence of supply chain cyber attacks and offers resources on supply chain mapping, assessing cybersecurity, and managing risk. The NCSC, in alignment with law enforcement, discourages the payment of ransoms. UK organisations affected by the vulnerability are encouraged to report the incident through the government’s signposting service.

Source: https://www.ncsc.gov.uk/information/moveit-vulnerability

Father’s Day scam – Watch out for similar scams

Scammers were seen to be taking advantage of Father’s Day by impersonating Guinness and promoting a fake giveaway on WhatsApp. The scam involved sending messages advertising the chance to win one of 750 Guinness mini-fridges.

Clicking on the link takes users to a fraudulent website with fake Guinness branding, where they are prompted to take a quiz. After completing the quiz, victims are asked for payment details to cover the delivery of the mini fridge, which are then given to the scammers. The website also urges users to share the competition with their contacts, allowing the scam to spread rapidly.

This is not the first scam of this kind and nor it will be the last, as scammers try to take advantage of multiple ‘advertisement holidays and celebrations’ such as Mother’s Day, Father’s Day & Valentine’s Day.

WhatsApp scams are becoming increasingly prevalent and are a new cyber threat that employees need to be increasingly vigilant with. If you get a WhatsApp from your manager or CEO, always ring them on the number you have saved or the office number to confirm that it was them.

Combatting Whatsapp Cyber Threats

To combat WhatsApp scams, users should exercise caution with unexpected messages and report suspicious activity to the relevant authorities. There is a report and block button on any message which you may suspect is fraudulent or a scam. Please always err on the side of caution when receiving potential WhatsApp messages which you do not recognise.

Source: https://www.which.co.uk/news/article/beware-of-this-guinness-fathers-day-giveaway-scam-a7TTJ8h1aGGT

User Data stolen from Reddit – Does your business have account?

Hackers known as the BlackCat ransomware gang, or ALPHV, have threatened to release confidential data stolen from Reddit unless the company pays a ransom demand and reverses its controversial API price hikes. The hackers claim to have stolen 80 gigabytes of compressed data from Reddit during a breach in February.

Reddit confirmed the cyber incident at the time but stated that there was no evidence of stolen personal user data. The hackers, however, have now taken responsibility for the breach and are threatening to leak the stolen data. The BlackCat group has previously targeted companies like Western Digital and Ring. They demand a ransom of $4.5 million from Reddit and want the company to withdraw its API pricing changes.

Reddit’s recent API pricing plans have faced significant criticism, leading to the closure of the popular third-party app Apollo and the protest of numerous subreddits. Reddit has yet to indicate whether it intends to respond to the hackers’ demands. In 2018, Reddit experienced a significant data breach that exposed user information dating back to 2007.

Source: https://our.today/hackers-threaten-to-release-stolen-reddit-data/

Microsoft confirms that the June service outage was a cyber attack

Microsoft has confirmed that the service outages experienced in early June resulted from cyber attacks. The company stated that it observed a surge in traffic against certain services, which led to temporary availability issues. However, Microsoft has not found evidence of customer data being accessed or compromised during the attacks.

Upon detecting the threat, Microsoft initiated an investigation and started monitoring the distributed denial-of-service (DDoS) activity carried out by a threat actor called Storm-1359. The company has not disclosed any information about the identity of the responsible party.

What is a DDOS attack and will your business have been affected?

DDoS attacks involve overwhelming targeted servers with large internet traffic to disrupt their operations. Microsoft’s 365 software suite, which includes popular services like Teams and Outlook, experienced downtime for over two hours on June 5, affecting thousands of users. A brief recurrence of the outage occurred the following morning. This incident marks the fourth such outage for Microsoft in the past year.

As stated, there was no evidence of any customer data being stolen. Should your business have been affected by the outage, your business will be contacted and let you know if there are any steps you have to make. In the meantime, stay vigilant, update and regularly update your passwords.

Source: https://www.reuters.com/technology/microsoft-says-early-june-service-outages-were-cyberattacks-2023-06-18/

A rise in Crypto Currency Phishing scams

There has been a fresh warning for cryptocurrency users who have been alerted to the rise in phishing attacks within the cryptocurrency industry. Many experts in the field have provided warnings to crypto users, urging them to stay vigilant when there are multiple cyber threats.

Amongst many threats, it has been noted that scammers often impersonate exchanges or wallet providers and send bogus payment requests, asking recipients to provide login credentials and sensitive information.

The CEO of Giddy, a cryptocurrency firm, advises users to be suspicious of unsolicited messages and to exercise caution when faced with offers of free money or messages that create a sense of urgency or fear. Another expert recommends verifying the sender’s identity, checking email legitimacy, and avoiding direct link clicking. This should be the thought process for any unsolicited email with a link in it, but it is more notable with crypto.

It has been suggested that crypto scams remain popular, with complacency and the younger generation’s internet usage habits contributing to their vulnerability to phishing attacks.

It must be emphasised that all organisations, regardless of size or sector, are vulnerable to phishing attacks, and it’s crucial to understand the risks and take preventive measures.

Source: https://www.itgovernance.co.uk/blog/catches-of-the-month-phishing-scams-for-june-2023