Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


Attackers can access your Dahua IP cameras

Dahua is a provider of IP camera systems that recently discovered a security vulnerability. This vulnerability, also being tracked as CVE-2022-30563 (CVSS score: 7.4), allows attackers complete control of the IP cameras and system, possibly accessing a previous unencrypted ONVF interaction.

This issue has been patched within the latest update, which was released on 28th June 2022 but affects only;

  • Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620
  • Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614
  • Dahua IPC-HX2XXX: Versions prior to v2.820.0000000.48.R.220614

ONVIF governs the development and use of an open standard for how IP-based physical security products such as video surveillance cameras and access control systems can communicate with one another in a vendor-agnostic manner.

It is crucial to ensure all area of your digital economy is counted for and updated regularly. It is easy to forget about what assets you have; therefore, ensuring you have an up-to-date asset list is essential.

Neu Cyber Threats

Windows Defender is used to deploy Ransomware!

The Ransomware group known as LockBit have since started using a new method of ransomware and uses new techniques to spread the encryption. LockBit3.0 is the latest version; this particular strain of ransomware has started using native tools within windows. Using native tools such as command line and PowerShell is nothing new but LockBit 3.0 can utilise Windows Defender Command Line to decrypt and load cobalt strike payloads.

According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. Ransomware will always be a threat to businesses, and as new methods appear, it is essential to adapt your security approach to ensure you are best protected.

Ensuring that MFA is enabled on all accounts will reduce the chance of attackers accessing accounts drastically, as well as training your staff on how to spot phishing attempts will reduce the attack change significantly too

Raspberry Robin USB worm linked to Russian EVIL Corp Hackers

Microsoft released on 29th June 2022 that it had potentially connected the Raspberry Robin USB worm with the infamous Russian hacker group Evil Corp.

Raspberry Robin, or QNAP Worm, is a well-known infection that spreads through a system from infected USB devices. It uses a .LNK file to target other devices.

This was first spotted by Red Canary back in September of 2021. Whilst there is limited information on real-world examples of the attack, there have been links with the deployment of LockBit and various ransomware deployments.

One thing to consider when you’re training staff about detecting phishing emails is the importance of verifying USB devices. It is also crucial to consider the use case of reputable anti-virus software.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.