Stay one step ahead of cyber criminals with our regular news and tips
Before this issue’s cyber security updates, some Intersys news…
We are delighted to announce that we have teamed up with the Eastern Cyber Resilience Centre (ECRC), a police-led organisation promoting cyber resilience among SMEs.
Intersys is now an ECRC Cyber Essentials Partner and it recommends our services delivering Cyber Essentials and Cyber Essentials Plus accreditation.
While this is a good news story for us, it’s also a strong trust signal to organisations that choose Intersys – we’re working with respected bodies in the cyber security community.
On with the updates…
Is a ‘hacktivist coming for you?
The swathe of recent protests in the UK appear, at least, to be behind us.
But what of the aftermath?
Organisations such as our new partner ECRC have warned of the threat of ‘hacktivism’ following disturbances on our streets.
Hacktivists are hackers who disrupt an organisation’s IT systems either for ideological reasons or sometimes just to incite further unrest.
Conflicts in the Middle East and the Ukraine war have seen them target organisations they believe are on the wrong side of history.
The ECRC suggests the same could happen in the wake of the recent protests. This trend is corroborated by data analytics company Global Data Plc, which rates hacktivism as ‘high moving forward’ (growing) in 2024.
Common attacks include distributed denial of service (DDoS), in which a network is flooded with bogus traffic causing it to go offline.
If you or your partners’ work crosses over with politically sensitive subjects or territories – be vigilant.
The rise and rise of ransomware
Ransomware attacks have increased globally by around 50% year on year, according to Palo Alto’s threat intelligence function Unit 42. It has tracked 1,762 new ransomware victims appearing on the leak sites of 53 ransomware groups.
Ransomware is a malicious software that blocks access to a computer system until money is paid to reinstate access.
Three things to note for Intersys clients.
Firstly, the UK was the third most impacted nation after the USA and Canada.
Secondly, manufacturing, healthcare and construction were the industries most impacted.
Finally, while 53 ransomware groups featured, just six were responsible for more than 50% of attacks – Lockbit, Play, 8Base, Akira, BlackBasta and Medusa.
If your cyber security team has the capacity to build a threat profile for these groups, do so. We certainly will be for our clients.
.env file attack launched on 230m targets
The Hacker News has reported that a large, cloud-based extortion campaign has compromised a number of organisations.
Criminals achieved widespread infiltration by exploiting publicly accessible environment variable files (.env), which feature credentials connected to cloud and social media applications.
The attackers used these credentials to breach cloud accounts, exfiltrate data and demand ransoms. Missteps by affected organisations included: exposing environment variables, using long-lived credentials, and absence of least privilege architecture.
The attack exploited infected organisations’ Amazon Web Services (AWS) environments, launching and scanning over 230m unique targets for sensitive data.
It’s worth noting that this attack did not come about as a result of security vulnerabilities or misconfigured cloud applications, but the accidental exposure of .env files on unsecured web applications.
The takeaway? You must secure env. files, and adopt least privilege architecture to reduce the risk of breaches.
Artful hackers use Google Drawings to lure phishing victims
An active phishing campaign is using Google Drawings and shortened links generated by WhatsApp to avoid detection and dupe users into visiting fake websites.
Here’s how it works. First, a phishing email directs a victim to a graphic hosted in Google Drawings that looks like an Amazon account verification link. (Using the Google tool helps criminals evade detection and makes it possible to include links in the graphics.)
Users who click on the link end up on a fake Amazon login page, which features a URL crafted using WhatsApp URL shorteners to deceive URL security scanners.
The fake page does the usual – harvests credentials and credit card details etc. Bear in mind that these ‘ Living off the Land’ (LOTL) attacks – using trusted tools and functions to evade detection – are becoming increasingly popular.
Be vigilant. Be sceptical.
The old-school vulnerability that keeps on giving… to criminals
Oligo Security has reported that 0.0.0.0 Day, which affects all major web browsers, is still being used by criminals to infiltrate organisations’ systems – 18 years after it was first detected.
Using the vulnerability, owners of malicious websites can slip past browser security and into an organisation’s local network.
The root of the problem is inconsistent implementation of security measures across different browsers, and a lack of standardisation in the browser industry.
In this attack, criminals exploit the IP address 0.0.0.0, which is sometimes used as a placeholder or default address, to access local services, including operating systems and even internal networks.