Have you ever received an email or text message requesting you to click on a link? They can come from an unknown number or an email address designed to look authoritative but are often not as they seem. If you have been on the receiving end of one of these messages, you will likely be the victim of a phishing attack.
Regardless of your status as a company owner or an employee, you will likely be the victim of an attempted phishing attack. If you work for clients or your email is in the public domain, a hacker will probably try to infiltrate your device via phishing. A large business would tend to be the most rewarding for a cyber criminal, but they'll take what they can get. So below, we will explain how you can help yourself and your employees to best resist and identify a phishing attack.
The South Staffordshire PLC, which owns South Staffs' Water supplies, confirmed that they had indeed suffered a cyber attack on August 15th. This attack disrupted the internal network. A spokesperson for the South Staffordshire PLC said, "As you'd expect, our number one priority is to continue to maintain safe public water supplies. This incident has not affected our ability to supply safe water, and we can confirm we are still supplying safe water to all of our Cambridge Water and South Staffs Water customers." The perpetrator has claimed to have large amounts of data of South Staffordshire PLC that has been threatened to be released if the ransom is not paid. They have also claimed they had access to a SCADA System that controls industrial processes at the treatment plants and other facilities. The Ransom group also claimed, "It would be easy to change chemical composition for their water, but it is important to note we are not interested in causing harm to people." Although it is not clear how the group gained access to the network, a report was released with thousands of exposed Virtual Network Computing instances managed by a Global Critical Infrastructure. This included organisations within the water treatment organisation. It is vital to ensure all aspects of your organisation are protected and up to date. Network segmentation can also create barriers to specific areas of your network, further protecting your network from lateral movement and the spread of ransomware.
A new piece of malware dubbed the “Swiss Army Knife” due to its modular architecture and capabilities has been recently discovered within the wild. The malware is used to target Linux machines and employs a previously undetected threat called Lightning Framework. The core module for this framework acts on two tasks, maintaining persistency and establishing a connection to the command-and-control (C2) server, allowing for the ability to fetch commands. This gives the attacker access to run remote code and traverse the network. It is the fifth malware strain discovered for Linux machines within three months. The other 4 are BDFDoor, Symbiote, Syslogk and OrBit. To stay protected against this malware, ensure security measures are in place. Deploying network monitoring and using reputable anti-virus systems all assist with defending against attacks like this.
A new piece of malware dubbed the “Swiss Army Knife” due to its modular architecture and capabilities has been recently discovered within the wild. The malware is used to target Linux machines and employs a previously undetected threat called Lightning Framework. The core module for this framework acts on two tasks, maintaining persistency and establishing a connection to the command-and-control (C2) server, allowing for the ability to fetch commands. This gives the attacker access to run remote code and traverse the network. It is the fifth malware strain discovered for Linux machines within three months. The other 4 are BDFDoor, Symbiote, Syslogk and OrBit. To stay protected against this malware, ensure security measures are in place. Deploying network monitoring and using reputable anti-virus systems all assist with defending against attacks like this.
A new piece of malware dubbed the “Swiss Army Knife” due to its modular architecture and capabilities has been recently discovered within the wild. The malware is used to target Linux machines and employs a previously undetected threat called Lightning Framework. The core module for this framework acts on two tasks, maintaining persistency and establishing a connection to the command-and-control (C2) server, allowing for the ability to fetch commands. This gives the attacker access to run remote code and traverse the network. It is the fifth malware strain discovered for Linux machines within three months. The other 4 are BDFDoor, Symbiote, Syslogk and OrBit. To stay protected against this malware, ensure security measures are in place. Deploying network monitoring and using reputable anti-virus systems all assist with defending against attacks like this.
Last week, Microsoft disclosed many phishing attacks on organisations since September 2021 through hijacked Office 365 accounts that are even protected by MFA (Multifactor Authentication). An AitM (Adversary-in-the-middle) phishing site is set up, and the attacker will then deploy a proxy server making the intended target connect to a lookalike page designed to harvest the login credentials and MFA token. Although AitM attacks look to circumvent MFA, it is vital not to underestimate the importance of MFA as it prevents several other attacks and is simple but effective for security. Educating your staff on how to spot phishing emails and what signs to look for is essential. Use tools like KnowBe4 training that provides staff awareness training and sends simulated phishing emails.
Microsoft has released its latest batch of security updates for windows machines; this patch addresses 84 new security flaws spanning a multitude of products. Of the 84, 4 are rated as critical, and 80 are rated important in their severity level. This patch also resolves two bugs within the Chromium-based Edge browser, one of which rectifies a zero-day vulnerability that was being exploited in the wild. Security patches are important to apply as they rectify many known vulnerabilities and offer better levels of security; this can be done manually or by allowing the tool to automatically update.
Wiltshire Farm Foods is the UK's largest provider of ready-meals, and there are speculations that a ransomware attack hit them, which caused significant disruption to Meals on Wheels. Ransomware attacks are always devastating and can greatly damage a company in terms of reputation and finances. This attack has created issues within supply lines that have had drastic consequences for Meals on Wheels, leaving the elderly potentially without food. It is important to ensure your supply chain has robust security enforcement. You can perform checks by asking to see your supply chain's incident response plan and what precautions they take regarding cyber security. But what about protecting yourselves? Start training your staff to identify phishing attempts, employ a reputable ant-virus/malware, and adopt reasonable backup solutions and incident response.
A recent vulnerability has been discovered for Microsoft SharePoint. CVE-2022-30157 was published on 15/06/2022 with a CVSS 3.1 score of 8.8, meaning it is a high rating in criticality. The vulnerability allows for the remote running of arbitrary code on affected Microsoft SharePoint Servers. The vulnerability exists in the processing of charts. They are tampering with the client-side data, which can trigger a serialisation of untrusted data. An attacker can leverage this to execute code. If you are using Microsoft SharePoint, it is highly recommended that you ensure all current patches are installed. For further information about CVE-2022-30157, click here.
