A recent item on BBC Radio 4’s You and Yours highlighted QR code scams. It reported that criminals use QR codes online and offline to lead victims to a malicious URL. We covered QR code scams in a blog post in October, and we’ve noticed a pattern of Intersys highlighting cyber crime trends before they hit the mainstream media.
This might sound like a bit of a pat on our own backs, but there is a point – regularly reading our newsletters and blog posts will give you an advanced heads-up on threats. This could see you rebuff attacks before others in your sector even know about them – and save you many headaches and heartaches.
Here’s this month’s cyber crime news, advice and tips.
‘To Captcha thief’: why you must shut down this new phishing technique
Captcha codes have long been used to differentiate human users from bots to filter out spam. But now those random traffic light squares and blurry alphabet jumbles are being used by hackers to hide phishing sites.
Here’s how it works.
Businesses typically use email filters and URL scanning engines to block suspicious attachments or websites.
However, these filters can’t solve Captcha puzzles, so they can never know what lurks beyond the Captcha.
Ultimately, they fail to block a website or attachment that could be dangerous. In a worse case scenario, the user goes ahead and solves the Captcha puzzle, lands on a phishing scam (a cloned site asking for user details, or similar), and it’s another win for the criminals.
Top tip: We recommend you enable a rule that will mark external senders in your exchange server and educate all staff to be wary of clicking on external emails and links.
Hackers hit British Library with ransomware
Ransomware gang Rhysida has taken responsibility for a cyber attack on The British Library. The hacking campaign resulted in staff HR files being leaked online.
Rhysida has allegedly threatened to sell the stolen data in an auction if the ransom is not paid. The UK’s national library is still reeling from the attack that shut down its digital operations (including its website and other services) across several locations. Patrons were also unable to access Wi-Fi inside the library building at its Euston Road headquarters.
Over 11 million people use the British Library every year, so the impact will be significant.
The National Cyber Security Centre and the Metropolitan Police are working with cyber security experts to investigate the incident.
Chat GPT coding tool is powerful, but unsafe
Chat GPT’s latest Code Interpreter plugin has caused much excitement in the developer community. Not only can its powerful functionality write, run and help improve code, but it can also run statistical analysis and complex data interpretations for non-technical users.
However, security researchers have unearthed a flaw in the plugin that makes it vulnerable to ‘prompt injection attacks’ (prompts that try to get a large language model or chatbot to perform malicious actions) from external sources. The result can lead to theft of sensitive data.
The vulnerability appears not just in the sandboxing environment where code is tested, but also in spreadsheets that users might upload for data analysis.
Security experts are concerned that this vulnerability, which allows threat actors to add prompts from external URLs, video and PDFs into Chat GPT, has remained unaddressed for some time.
Hackers target recruiters with social engineering scam
Job seekers and recruiters are at risk of being targeted in a new social engineering scam. Microsoft has issued a warning about a group of threat actors called Sapphire Sleet that finds its victims on business networking platforms such as LinkedIn and then uses fake job skills assessment websites as a hook to bait their targets.
Once the victim starts a communication, Sapphire Sleet moves further communications to other platforms on malicious domains. Recruiters are enticed to register for an account and once they do this, the hacking begins.
And the most vulnerable domain is…
.US domains are one of the most frequently used in phishing attacks. American security researchers have found that in the past year .US registered domains have been used extensively for fraud and malware distribution.
Until earlier this year, the vast majority of new malicious domain registrations were made using .info domains. But more recently, more than half of malicious domain registrations have used the .US domain. Dozens of new malicious .US domains are registered every day.
Top tip: Be suspicious of any external emails from either a .info or .US domain.
Criminals love your brochure extensions – and here’s why
Browser extensions can be useful. They check your spelling. Secure your passwords. Translate from one language to another.
But did you know they can also take liberties with your confidential data, which can then be exploited by criminals?
The embarrassing truth here is many people freely give away this access to confidential data – and made their organisations vulnerable – when they agree to browser extensions’ terms and conditions.
We strongly recommend that you read our browser security blog post on this subject, so you can make an educated call on whether giving up your security for a handy hack is really worth it after all.
And you thought those supermarket Christmas adverts were bad…
Even software geeks can fall prey to scams. A recent malvertising (malicious advertising) campaign targeted system admins by luring them with an innocuous-looking Google ad for a Windows software product.
Once the ad was clicked, victims were redirected to a fake Windows news website that bore an uncanny resemblance to the original — WindowsReport.com.
System admins and tech people are regular visitors to WindowsReport.com for the latest computer reviews, news and tech tips. They also use it to download software products (not the safest practice). Unsurprisingly, the decoy site contained a malicious code installer.
Top tip: When downloading software products, always go to the official product web page rather than a third-party site. Software downloads have become a popular target for hackers in the last year and criminals are constantly evolving their attack strategies to find a way in.