Stay one step ahead of cyber criminals with our regular news and tips.
Is Microsoft 365 Copilot potentially one of the most exciting tools to emerge in recent
years?
Yes.
Can you just plug it in and let it rip?
Thatโs a negative. At least, if you value your data and security.
This new AI helper can dig deep into your files, folders and communications to create
incredibly tailored content and analysis.
However, a potential issue lies in the user permissions you assign to your people. If you
havenโt got your house in order here โ and we mean in immaculate order โ employees
could obtain highly confidential information as a result of Copilot output.
Weโve written about the need to properly configure user access and permissions on this
Get Ready for Copilot services page. Even if you donโt want to use our service, itโs worth a
read to give you a heads-up on whatโs required.
On with this monthโs big security stories.
Fraud-as-a-Service provider โ BUSTED
Weโre acutely aware that we publish many worrying cyber security stories. Hereโs a much
more positive one, which we hope will be a sign of things to come.
Police seized LabHostโs โFraud as a Serviceโ platform during April. One of a growing
number of industrial-scale frauds, LabHostโs product was used by 2000 cyber criminals
who were each paying over ยฃ200 per month, which they used to compromise as many as
one million individuals and businesses.
LabHost generated around ยฃ1 million for the use of tools such as โLabRatโ, a real-time
adversary-in-the-middle proxy. (Find out more about this type of cyber crime here.)
However, LabHostโs earnings are dwarfed by the larger sums generated by the frauds its
users committed.
The Met worked with the NCA (National Crime Agency), City of London Police, UK
Regional Organised Crime Units, Europol and other international police forces to help shut
down the operation.
Says Intersys MD Matthew Geyman, โThis is a notable success in the battle against these
insidious, disruptive and costly crimes. Organisations must look to cyber security
specialists and engage a dedicated security operations centre to ensure their protection.โ
Worldwide malware crisis โ AVERTED
Hot on the heels of this LabHost bust we have another cyber crime story with a happy
ending.
Tech website Ars Technica reported that malicious updates to a ubiquitous Linux tool got
very close to going mainstream and infecting machines worldwide.
The event has become known as โxz backdoorโ because it concerned malicious code
inserted into xz Utils, an open-source data compression tool available on most installations of Linux and other Unix-like operating systems.
This was a fiendishly protracted and complicated malware event and the orchestrator(s)
had most likely been working on it for years.
The malware was very close to merging with Linux distributors Debian and Red Hat, which
would have seen it infect systems at scale.
If the criminal(s) had pulled it off, the backdoor code could have been used to install
malware or steal encryption keys.
Users should tip their hats to Microsoft developer Andres Freund, whose eagle eye
spotted the malicious code.
The USAโs Cybersecurity and Infrastructure Security Agency (CISA) recommends users
downgrade XZ Utils to an uncompromised version, such as 5.4.6.
UK trade unions hit by cyber attacks
In the past month, two trade unions in the UK have experienced cyber attacks, with
hackers aiming to obtain valuable information about their employees and the tens of
thousands of members.
The Communications Workers Union (CWU), one of the largest in the UK, is currently
restoring its IT systems after being severely affected by a cyber attack.
According to the CWU, some member data was stored in the systems that were targeted,
although it is not yet known whether personal data was compromised in the attack.
The identity of the hackers remains unknown. Aslef, the trade union for train drivers with
21,000 members, says it has also been targeted by a cyber attack that disrupted the
unionโs website.
Adversary in the middle attacks โ coming to a Gmail account near you
It seems only a few months ago (because it was) that adversary-in-the-middle (AitM)
attacks were the new cyber-criminal on the block.
Now theyโre getting their second mention in this newsletter as a new phishing-as-a-service product called Typhoon 2FA blows up a cyber security storm.
Recap: phishing as a service (PhaaS) is an off-the-shelf service criminals can use to
capture usersโ details. Adversary-in-the-middle (AitM) attacks are a type of phishing that
uses fake-but-plausible websites to capture log-in details in particular โ including those
once-considered-rock-solid 2FA and MFA codes.
It appears that Typhoon specialises in breaching Gmail and Microsoft 365 accounts. Be
wary of any website login screen that doesnโt look 100% legitimate.
You can find out more about adversary-in-the-middle attacks and phishing as a service in this Intersys blog post.
Other vulnerabilities
Moon malware hits outdated Asus routers