Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Dropbox

A hacker steals data from a virtually whole population of Austria

A Dutch hacker that has been reportedly stealing data that belongs to over 9 million Austrian citizens has been finally arrested. The cyber attack was discovered back in May 2020. At that time, it revealed that data collected from Austrian citizens were mainly from a data breach affecting the Fees Info Service (GIS). This organisation is responsible for collecting all TV and Radio licence fees in Austria.

Personal data, including names, dates of birth and addresses, were found on sale on the dark web.

Although the attack happened over two years ago, the 25-year-old hacker was arrested back in November 2022. Police also seized a German server that was used for storing and downloading exfiltrated data which also included sensitive information of individuals (even patient data) from the Netherlands, China, Colombia, Thailand and even the UK.

Personal data, no matter how insignificant they are, can be misused by cyber criminals to harm you or your business. It is crucial to use Multi-Factor Authentication for all your accounts as well as software such as a Password Manager Tool to help you generate and store all your login details in a secure folder.

UK Customers affected by abused ‘verified publisher’ tag by hackers

Microsoft notified their customers that it had been impacted by a campaign involving abuse of the company’s ‘verified publisher’ status, which allowed access to the victim’s cloud environment. The hackers gained access to users’ emails, calendars and meetings before they stole their data. They managed to do that by using fake Microsoft Partner Network (MPN) accounts which were used for creating malicious OAuth apps as part of a phishing campaign that was targeted to breach the companies ‘cloud environments and steal their emails.

“The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting permissions to the fraudulent apps,” the Microsoft spokesperson said. “This phishing campaign targeted a subset of customers primarily based in the UK and Ireland.” Microsoft has notified the affected customers and implemented additional security measures.

The attacks were first spotted at the beginning of December 2022, and it looked like legitimate apps, for example, Zoom, that was trying to access permissions from targeted personas, mainly from financial and marketing sectors and positions such as managers and senior executives.

The campaign is said to have come to a close on December 27, 2022, a week after Proofpoint informed Microsoft of the attack on December 20, and the apps were disabled. We strongly advise you to refrain from clicking on any attachments, links, files and apps that you’re not expecting to receive. If unsure, pass the details to your Managed IT Team to stay fully protected.

Broadband scams are on the rise due to rising prices of broadband deals

Last year before April, scam calls regarding fake broadbands were the most common type of unwanted calls to be reported by the ICO (Information Commissioner’s Office). Due to recent inflation, it’s expected that scammers will try their luck again in the same way this year. You must know how to recognise these fake calls. Most fake calls will try to explain that your broadband has been hacked, your IP address has been compromised, or more people are using your broadband. Scammers will urge you to act now, they will be demanding, and if they ask for any payment information, your banking information, PIN code, Paypal or money transfer – hang up!

How to avoid falling for this type of scam?
  • Broadband providers typically only call if they follow up on a phone call you made earlier regarding issues with your router, for example.
  • Don’t sign up online for deals that sound too good to be true, where you have to put all your contact information, including your address and phone number.
  • Most of the latest mobile devices automatically recognise ‘Scam Calls’ and warn you, but you can also install an app that recognises these fraudulent phone numbers. Again, always download apps only from trusted providers.
  • If you are not sure, just hang up the call and don’t provide any personal information.
If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.