Stay one step ahead of cyber criminals with our regular news and tips.
Is Microsoft 365 Copilot potentially one of the most exciting tools to emerge in recent
years?
Yes.
Can you just plug it in and let it rip?
That’s a negative. At least, if you value your data and security.
This new AI helper can dig deep into your files, folders and communications to create
incredibly tailored content and analysis.
However, a potential issue lies in the user permissions you assign to your people. If you
haven’t got your house in order here – and we mean in immaculate order – employees
could obtain highly confidential information as a result of Copilot output.
We’ve written about the need to properly configure user access and permissions on this
Get Ready for Copilot services page. Even if you don’t want to use our service, it’s worth a
read to give you a heads-up on what’s required.
On with this month’s big security stories.
Fraud-as-a-Service provider – BUSTED
We’re acutely aware that we publish many worrying cyber security stories. Here’s a much
more positive one, which we hope will be a sign of things to come.
Police seized LabHost’s ‘Fraud as a Service’ platform during April. One of a growing
number of industrial-scale frauds, LabHost’s product was used by 2000 cyber criminals
who were each paying over £200 per month, which they used to compromise as many as
one million individuals and businesses.
LabHost generated around £1 million for the use of tools such as ‘LabRat’, a real-time
adversary-in-the-middle proxy. (Find out more about this type of cyber crime here.)
However, LabHost’s earnings are dwarfed by the larger sums generated by the frauds its
users committed.
The Met worked with the NCA (National Crime Agency), City of London Police, UK
Regional Organised Crime Units, Europol and other international police forces to help shut
down the operation.
Says Intersys MD Matthew Geyman, ‘This is a notable success in the battle against these
insidious, disruptive and costly crimes. Organisations must look to cyber security
specialists and engage a dedicated security operations centre to ensure their protection.’
Worldwide malware crisis – AVERTED
Hot on the heels of this LabHost bust we have another cyber crime story with a happy
ending.
Tech website Ars Technica reported that malicious updates to a ubiquitous Linux tool got
very close to going mainstream and infecting machines worldwide.
The event has become known as ‘xz backdoor’ because it concerned malicious code
inserted into xz Utils, an open-source data compression tool available on most installations of Linux and other Unix-like operating systems.
This was a fiendishly protracted and complicated malware event and the orchestrator(s)
had most likely been working on it for years.
The malware was very close to merging with Linux distributors Debian and Red Hat, which
would have seen it infect systems at scale.
If the criminal(s) had pulled it off, the backdoor code could have been used to install
malware or steal encryption keys.
Users should tip their hats to Microsoft developer Andres Freund, whose eagle eye
spotted the malicious code.
The USA’s Cybersecurity and Infrastructure Security Agency (CISA) recommends users
downgrade XZ Utils to an uncompromised version, such as 5.4.6.
UK trade unions hit by cyber attacks
In the past month, two trade unions in the UK have experienced cyber attacks, with
hackers aiming to obtain valuable information about their employees and the tens of
thousands of members.
The Communications Workers Union (CWU), one of the largest in the UK, is currently
restoring its IT systems after being severely affected by a cyber attack.
According to the CWU, some member data was stored in the systems that were targeted,
although it is not yet known whether personal data was compromised in the attack.
The identity of the hackers remains unknown. Aslef, the trade union for train drivers with
21,000 members, says it has also been targeted by a cyber attack that disrupted the
union’s website.
Adversary in the middle attacks – coming to a Gmail account near you
It seems only a few months ago (because it was) that adversary-in-the-middle (AitM)
attacks were the new cyber-criminal on the block.
Now they’re getting their second mention in this newsletter as a new phishing-as-a-service product called Typhoon 2FA blows up a cyber security storm.
Recap: phishing as a service (PhaaS) is an off-the-shelf service criminals can use to
capture users’ details. Adversary-in-the-middle (AitM) attacks are a type of phishing that
uses fake-but-plausible websites to capture log-in details in particular – including those
once-considered-rock-solid 2FA and MFA codes.
It appears that Typhoon specialises in breaching Gmail and Microsoft 365 accounts. Be
wary of any website login screen that doesn’t look 100% legitimate.
You can find out more about adversary-in-the-middle attacks and phishing as a service in this Intersys blog post.
Other vulnerabilities
Moon malware hits outdated Asus routers