Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


Neu Cyber Threats

Mysterious bug is deleting Microsoft Teams, SharePoint files

Microsoft SharePoint and Teams users have experienced some missing files following a recent Azure Active Directory outage. The incident left many users unable to use a number of Microsoft services, such as Microsoft 365, Exchange Online, Outlook.com and SharePoint on 15th March 2021.

Since then, hundreds of files have been found deleted from SharePoint in business’ Recycle Bins, all mysteriously having been deleted at once. The SharePoint folder structures appear to be intact, but do not have any of the expected files. In one instance, the deletion was assigned to an employee at a business, who claimed she had no idea of the files being deleted – and the person supposedly deleted hundreds of files in different folders all at once.

It has left businesses without their files and information for some time, as manual restores are having to be carried out rather than the file syncs that would normally restore deleted information. The related Teams issues are not allowing users to correctly view their files as they should be able to do – instead telling users they do not have access to do so.

It currently is not clear what the issues with the Microsoft apps are, but users are advised to review their security procedures. Multi-factor authentication (MFA) adds an extra layer of security to business’ cyber security policies, allowing the user access to information only after they have proven the validity of their login attempt.

For more information, read Neuways’ latest blog post, here.

Office 365 Phishing Attack Targets Financial Execs

Neu Cyber Threats

A new phishing scam is on the rise, with high-level executives the target. Cyber criminals are trying to harvest their Microsoft 365 credentials, before using them to launch business email compromise (BEC) attacks. The attacks, which started last December, work around email security and Microsoft 365 defences in place – making them even more potent.

It seems the financial departments of companies are being targeted by cyber criminals masquerading as the executives, whose information they have stolen. This means that the attackers could potentially gain access to sensitive data of third parties through invoices and billing. Forged invoices from legitimate email addresses can be sent to suppliers, which result in payments being issued to attacker-owned accounts.

In one version of the campaign, targets receive a fake Office 365 security update, sent from domains with Microsoft-themed names to make them seem even more legitimate. Scammers also properly configured SPF records to evade any authentication protections.

This dangerous campaign is illustrated by a further version of the attack. This version involves taking over other accounts to send the phishing messages, with email addresses of known senders spoofed to evade detection. The goal of the phishing email is to dupe victims into clicking on the, ‘Apply Update’, button, disguised as a security update, which takes them to a spoofed Microsoft 365 login page.

After a target submits their password, the threat actors have full control of their email and any other Microsoft systems where the same password was used, researchers warned.

Neuways advise businesses to be wary of any legitimate-looking Microsoft emails. Any communications received that require the input of account credentials, such as passwords, should be treated with suspicion. Report any suspicious emails to your IT support desk, who will be able to confirm the legitimacy of the emails. By double checking, you could be saving your business from a devastating data breach.

Neu Cyber Threats

CopperStealer Malware Targets Facebook and Instagram Business Accounts

CopperStealer, a previously undocumented password and cookie stealer, has been compromising accounts of the likes of Facebook, Apple, Amazon and Google for the past couple of years have been using them for cyber criminal activity.

Accounts of advertisers and users of the four web giants have been compromised since July 2019. The malware acts similarly to the previously discovered, China-backed malware family SilentFade.

CopperStealer has an actively developed password and cookie stealer with a downloader function, which is capable of delivering additional malware after performing the initial theft. It’s not only similar to SilentFade, but other malware such as StressPaint, FacebookRobot and Scranos. It is thought that cyber criminals use accounts to run deceptive ads on some of the social media websites. These point those who see the adverts towards phishing pages.

Additional versions of CopperStealer seem to focus on other major service providers, including Apple, Amazon, Bing, Google, PayPal, Tumblr and Twitter.

CopperStealer has been offered on legitimate websites offering ways to evade licensing restrictions of legitimate software such as Microsoft 365. However, instead of providing users with the software free of charge they were instead downloading malicious executables capable of installing and downloading additional payloads. Researchers worked with some of the websites being taken advantage of by CopperStealer to intercept and gain a better understanding of the malware. As a result, the ability of cyber criminals to collect victim data has been restricted, while it has been discovered that CopperStealer is not very sophisticated and has basic capabilities.

It also appears that CopperStealer is targeting users around the world, and has no regard for what industry they are working in. Neuways advise employees to be careful when engaging with potential phishing emails. If your business has social media channels, it is worth using a Password Manager to help secure the account credentials for these pages. If CopperStealer were to gain access to your company’s Facebook page and start running spam adverts, your business will experience damage to its reputation from followers, which could include both customers and suppliers.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.