Stay one step ahead of cyber criminals with our regular news and tips
‘Can I really trust that link/deal/file that has just landed in my inbox?’
It’s the one question that we should always ask ourselves no matter how busy a workday we may be having. As hackers continue to find newer attack strategies, it’s good old-fashioned scepticism that can help keep us safe.
Trust was a theme that came up again earlier this month when we opened our brand new office in Leadenhall Market in the City of London. Our long-term relationships with clients in the highly regulated BFSI (banking, finance services and insurance) industries is down largely to the incredible trust they place in the quality of our services.
We hope these news stories will highlight the importance of not trusting too easily.
Black Friday is becoming an ‘irresistible offer’ to internet scammers
It’s the time of year when inboxes and social media feeds are bombarded with Black Friday deals. Many organisations see the American-inspired retail bonanza as a time to stock up on office and tech supplies at knockdown prices.
And cyber criminals are finding Black Friday an irresistible offer too.
The UK’s cyber and law enforcement agencies have warned Black Friday shoppers about the growing threat of online scams.
According to the National Cyber Security Centre (NCSC) and Action Fraud, Brits lost over £11.5 million to online criminals between November 2023 and January 2024, with an average loss of £695 per victim. This marks an increase from the previous year’s £10.6 million.
High-end tech products, clothing and cars are just some of the products featured in the scams.
The NCSC has launched a national campaign urging people to activate two-step verification (2SV) on their online accounts to enhance security. The National Fraud Intelligence Bureau (NFIB) reported that 43% of scams mentioned social media platforms, and 18.9% involved online marketplaces.
Criminals often use tactics like limited-time offers to create false urgency.
Shoppers are advised to protect their online accounts by using two-step verification, researching sellers, avoiding clicking suspicious links, and breaking contact if something feels off.
Bad guys are making a date with Microsoft Bookings
This month, we’re red-flagging a serious vulnerability in the default configuration of Microsoft Bookings; the popular scheduling tool that organisations use to book appointments with their customers.
The flaw potentially allows attackers to create unauthorised Entra accounts and obtain fraudulent certificates. This vulnerability, originally identified by security researchers at Cyberis, stems from the “Shared Bookings” pages feature, which is enabled by default for users with the appropriate Microsoft 365 license.
The flaw can be exploited by attackers who have compromised a Microsoft 365 user account. By creating a Shared Bookings page, they can mimic legitimate users, bypass impersonation filters, reset passwords for external services, and establish hidden mailboxes that don’t consume Microsoft 365 licenses.
Our Head of Security Jake Ives recommends the following steps to mitigate these risks:
- Audit existing Shared Bookings pages using Exchange Online PowerShell.
- Disable the ability for end users to create Shared Bookings pages unless absolutely necessary.
- Monitor Entra accounts for unusual creation activity.
- Regularly review and revoke unnecessary mailbox permissions.
- Ensure high-risk email addresses are secured by adding them to an admin mailbox as an alias.
- Disable or remove licenses from accounts belonging to former employees.
If your organisation has Microsoft Bookings as part of its Microsoft 365 license, you should implement these recommendations asap to protect against potential exploits.
‘Where’s our prisoner?’ Cyber attack disables prison van device tracking
British prison vans were left without tracking devices and panic alarms after a cyber attack on a subcontractor.
Serco, the UK outsourcing behemoth that holds contracts for prisoner escort and custody services for the Ministry of Justice, had its tracking software disabled when a third-party vendor, Microlise, suffered a hack.
Microlise provides tracking software for Serco employees and prisoners that enables constant monitoring of their locations. It’s a key security protection for prison staff.
The Financial Times reported that Serco staff didn’t know that vans without security were still being used to transport prisoners for three days after the attack, despite software issues.
Serco has acknowledged the cyber incident and said mitigation plans were in place and that their prisoner escorting services were not interrupted.
The same hack also affected services at DHL.
Why opening ZIP files could leave your business flying low
Hackers are setting their sights on the humble ZIP file as a way of sneaking into systems and spreading malware.
A critical security flaw has been identified in the way ZIP files are handled, allowing cyber criminals to bypass traditional cyber security defences and deliver malware undetected.
The technique, known as ZIP file concatenation, involves adding malicious code to seemingly harmless ZIP files. This method exploits the tendency of many antivirus programs to scan only the initial content of ZIP files, overlooking any additional data.
To protect against this threat, we recommend implementing advanced, multi-layered security approaches. Users should be vigilant when opening ZIP files, even from trusted sources, and regularly update their antivirus software to detect the latest threats.
It’s also crucial for organisations to educate employees about the risks of opening suspicious files and to use advanced detection tools that can identify embedded malicious content.