Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:



Lapsus$ gang was behind Uber breach and Rockstar Games footage leak

Last week Uber fell victim to a breach of its network in which they gained access via compromised contractor’s credentials, which are believed to have been bought on the dark web, result of the employee’s personal device being infected with malware. The hacker then used these details to attempt to log in to the employee’s Uber account, which was protected by Two-Factor Authentication sending a request to the employee. However, after multiple attempts, the victim approved the request therefore, allowing the attacker access.

Uber claims the attacker appears to have been unable to access the database containing customer data. The hacker also has not seemed to have made changes to the company’s codebase, although they could have downloaded information for an internal system used by the finance team at Uber to process invoices.

The compromise which has informally been linked to the hacker group Lapsus$, who also had been linked to the compromise of games developers Rockstar Games last weekend, the group exfiltrated and leaked early development footage of the highly anticipated Grand Theft Auto VI.

As well as footage of the new GTA VI the hacker also exposed source code that appears to be from GTA V. Although the attacker was able to download confidential data from the Rockstar Games database, the company have ensured that there would be no disruption to their live gaming services, nor has it left any long-term effects to any future projects.

Unsuccessful hackers result in deleting Hotel Chain data for fun

Two hackers from Vietnam delete copious amounts of corporate data from the Hotel Chain Holiday Inns database for “fun”. When asked by the BBC, the couple explained how they were unsuccessful in their original cyber-attack plan, which was intended to be a ransomware attack, due to the work of the company’s IT team, who were isolating servers before the hackers had a chance to deploy them.

The hackers claimed to have taken some corporate data; however, no customer data was stolen. The attack began with a phishing email sent to an employee enticing them to open a malicious attachment granting them access to the companies’ systems. The couple said they have turned to cybercrime for money due to Vietnam’s poor economy.

With cybercrime on the rise, protecting your business is more important than ever. Managed Security and Phishing Awareness Training can help prevent attackers from getting into your systems by sending your employees simulated phishing emails and offer training on how to spot phishing attempts.

Microsoft Teams fall victim to GIFShell Attack

It has been discovered that there is a new method for attackers to run arbitrary code utilising GIFShell Attacks within Microsoft Teams. Threat actors have exploited legitimate features within teams to inject code to be ran. This cyber-attack method requires a device or user that has been compromised. Using several Microsoft Teams features, bad actors can spread malware and infiltrate data without being detected with the use of GIFs; Code can be integrated into these GIF’s and when received they are stored within the Teams Log. As Teams runs as a background process the GIF does not even need to be opened. Microsoft’s servers will connect back to the attacker’s server URL (Uniform Resource Locator) to retrieve the GIF, which is named using the base64 encoded output of the executed command. The GIFShell server running on the attacker’s server will receive this request and automatically decode the data allowing the attackers to see the output of the command run on the victim’s device.

Despite the threat, Microsoft have responded by saying the threat does not meet the bar for an urgent security fix, as the technique relies on using legitimate features from the Teams platform. Any action taken against it will be in the future and is not in upcoming plans.

You can protect yourself and your organisation by disabling external access in your user settings, therefore, blocking people in your organisation from communicating (calling, chatting, and setting up meetings) with users outside of your company, as well as blocking your team from communicating with users who an organisation does not manage.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.