Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Dropbox

Last year one in four SMEs was hit by ransomware

26% of all British SMEs have been targeted by ransomware within the last year, with a further 47% of them paying the ransom to regain access to their files or system. When surveyed, businesses said cyber attacks were one of the biggest threats, and 68% said they have been more concerned about these attacks since the Ukraine invasion.

Of those businesses that fell victim to ransomware attacks this year, 41% reported they lost data, and 34% lost access to devices. Cyber attacks constantly pose an ever-changing threat to businesses across all sectors. Researchers found that cyber warfare involved in the Russian invasion of Ukraine has sparked anxiety among SMEs, leading to half of the SMEs investing in cyber security insurance.

48% of the 1000 businesses surveyed ranked cyber security as one of the biggest threats they face, with financial risks driven by increased operating costs at 66%. This shows just how big the concern for cyber security has become. It even outranks physical security at 35%.

This research has shown the risk of ransomware attacks on small businesses that need to be better equipped to deal with or detect attacks the way larger businesses can.

Attackers are using sponsored links to distribute malicious OBS Studio

Cyber criminals are using open Broadcaster Software (OBS) Studio through paid sponsored links by cyber criminals in attempts to compromise devices. What we know is that the initial stage of the installation will use cURL to obtain country, IP, and city details from IPiNfo.io as three separate communications.

Once this has been captured, the information is sent to a Telegram chat using a hard-coded API account. From there, it will systematically use the registry keys to disable core functionality, such as Windows Defender, and uninstall Malware Bytes. To ensure persistence, it will create a scheduled task: schtasks.exe /create /xml “C:Users [username]AppDataRoamingobs-studiobin64bitar.xml

It is advised only to access websites directly, not through ads and affiliate links and download software from legitimate websites. Be cautious if paid software is offered for free or at a highly discounted price.

Blackpoint SOC is actively monitoring this threat for indicators of compromises linked to this vulnerability.

Mailchimp hit by cyber attack again

Customer data has been exposed as Mailchimp is hit by yet another cyber attack this month. The security team detected an intruder on January 11th, gaining access to an internal tool by Mailchimp Customer Support and administration accounts, although it seems unknown how long the intruder was in the systems.

The attacker targeted Mailchimps employees and contractors with social engineering, using manipulation methods by phone, email, or text to gather private information such as passwords. Using those compromised employee passwords, the hacker gained access to data on 133 Mailchimp accounts.

One of the accounts targeted belongs to e-commerce giant WooCommerce, who were notified by Mailchimp a day later that the names, store web addresses, and email addresses of its customers may have been exposed in the breach. Although it has been said no customer passwords or other sensitive data was taken.

In August 2022, Mailchimp was the victim of a social engineering attack which compromised the credentials of its customer support staff, enabling the intruder to access internal tools. Data on some 214 Mailchimp accounts were compromised, mainly on cryptocurrency and finance-related accounts. DigitalOcean confirmed their accounts were compromised and criticised Mailchimp’s handling of the incident.

We don’t know yet who was responsible for Cyber Security at Mailchimp after the departure of its Chief Information Security Officer, Siobhan Smyth, after the August breach.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.