And we have even more cyber attacks happening ! Are cyber criminals getting smarter or are companies not taking steps to become cyber resilient?
Here are just some of the latest events:
Be wary of countries that can extradite you…
… if you’re a hacker.
In a joint operation with US enforcement agencies Spanish police arrested a top hacker n Barcelona this week. Pyotr Levashov (also known online as Severa) is accused of running the Kelihos botnet which for several years has commanded tens of thousands of Windows computers to deliver malware campaigns to people’s inboxes; delivered phishing emails; engaged in pump-and-dump stock scams to name but a few of his exploits. Levashov has long been on the radar of US cybercrime investigators. He was charged in 2009 with operating the “Storm” botnet – the precursor to Kelihos. His wife alleges that he was involved in the Trump presidential campaign. Watch this space – this could be a hot one. Read more.
Zero Day but no zero effects
Malicious hackers are exploiting a security vulnerability in Microsoft Office products to carry out attacks designed to infect targeted computers with malware. As yet no patch is available. This vulnerability is thought to be present in all versions of Microsoft Office, including Office 2016 running on Windows 10. “Infected samples seen to date have been contained within Word files (more specifically, as McAfee explains, in .RTF files with a .doc extension. The malicious code comes in the form of a boobytrapped OL2link object embedded within the file. When a victim opens the poisoned Word document, a decoy file is displayed while the malware silently installs malicious code downloaded from the web in the background.” (Graham Cluley) It seems that if you use Protected View to open Office documents, you should be able to read the files without risk of activating the malicious code. Read more on Hot For Security blog.
Wonga data breach
Short term loan firm, Womga, was in trouble this week. Some 245,000 current and formewr customers in the UK (and about 25,000 in Poland) may have experienced illegal and unauthorised access to their personal data. As Wonga said: “We are urgently working to establish further details and contacting those who we know have been impacted. The information may have included one or more of the following: name, e-mail address, home address, phone number, the last four digits of your card number (but not the whole number) and/or your bank account number and sort code. We do not believe your Wonga account password was compromised and believe your account should be secure, however if you are concerned you should change your account password. We also recommend that you look out for any unusual activity across any bank accounts and online portals.”
So watch out if you suddenly get phone calls about this – the call could come from a cyber criminal exploiting this situation and not from Wonga.
Beware Malicious Torrent files
Out there now is a malicious torrent file that conducts distributed WordPress password attacks. Read more here.
Phishing is most common type of attack
Research from Beaming that was published recently revealed that 2.9 million British companies were hit by cyber crime in 2016, at a total cost of £29.1 billion. Phishing was the most common type of attack, affecting 1,299,178 businesses at a total cost of £5,923,634,311.
Evolving Cuber Threats
The NCSC and the NCA have published a joint threat report providing in-depth analysis of evolving cyber threats. Download your copy here:
How can YOUR firm become less vulnerable to attacks?
These are some of the thngs you need ot be doing:
- Conduct a Full security audit
- Have Cyber Essentials or Cyber Essentials Plus
- Develop a cyber security strategy
- Have cyber security policies
- Develop and deliver a staff awareness programme
All of these are considerable work and require a high level of knowledge and expertise, Most firms do one of two things – either they don’t bother or they outsource to an external firm.
Alchemy Systems can help you with any or all of them and more besides.
Alchemy Systems have 20 years of IT systems experience and are a Microsoft Partner. Alchemy Systems Designs, Supplies, Installs, Supports and Protects clients’ IT systems. Tel. 0330-043-080198 Email. [email protected]