Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Phishing scams ‘fundraising’ for Ukraine

Action Fraud has revealed that it has reported 196 reports of scam emails stating they were raising money for victims of the conflict in Ukraine.

Fraudsters have used various methods to trick victims into parting with their money, including selling t-shirts and soliciting cryptocurrency donations.

To detect such scams, Action Fraud recommends checking a charity’s name and registration number at www.gov.uk/checkcharity to confirm its legitimacy and typing the address of the charity website rather than clicking on a link when donating online.

Both the NCSC and Action Fraud encourage forwarding suspicious emails to report@phishing.gov.uk.

Follow these guides on what to look out for to spot scams, how to report phishing attempts, and what to do if you have responded to a fraud.

Cyber Crime Alert: Fake Web Browser Notifications

Phishing scams had cost victims around £3.1 billion in 2020. This amount is set to rise – phishing scams increased by 65% in 2019.

A newer method of phishing scams is beginning to utilise a common feature integrated into web browsers. The scam attempts to persuade users to click on a link to install malware or give out sensitive data through fake login screens.

The Notification feature is present in the most common web browsers, including Chrome, Microsoft Edge and Firefox. The ‘notification’ feature will pop up – these are more effective than phishing emails or social media messages.

Malicious sites cause these notifications, which many users can access without realising. To prevent yourself, use recognised antivirus software and train your staff accordingly to avoid malicious software.

The LAPSUS$ hacking group and its threats

The LAPSUS$ hacking group has been one of the most prolific threats to cyber security in 2022, with many high-profile businesses admitting to breaches caused by this new threat.

Companies such as NVIDIA, Microsoft and Okta are among the most notable targets of LAPSUS$. They have been relatively anonymous up until late March when they become more public in their approach.

LAPSUS$ is unique because it does not use a ransomware model to exploit its victims, instead of deploying other tactics such as financially motivated campaigns. While they have stated they will be taking a hiatus for the foreseeable future, cyber criminals may evolve to use techniques like these against your business.

To protect yourself against attacks like these, be aware of social engineering tactics used by hackers, use complex and varied passwords to beat password stealers, and train staff to avoid issues.

NCSC calls on organisations to bolster cyber defences

Following the invasion of Ukraine’s territorial integrity by Russia, the National Cyber Security Centre has called on organisations around the country to up their security level.

While the NCSC has stated they are not currently aware of any threats, the possibility remains, and they encourage improving the levels of cyber resilience.

Cyber attacks previously committed against Ukraine have had a broader impact and have affected other countries across Europe. The NCSC has laid out guidance to help you reduce the risk of falling victim to them.

These include applying MFA, making sure your Antivirus is active, and making sure you have your company data backed up.

Read through our available resources.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.