Cybersafe | Cyber Threats | 4th April – Technologist

Welcome to the latest edition of the Cybersafe Cyber Threats Update, from the 4th April 2024. This is a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online. Being aware of these cyber threats helps UK companies to gain cyber essentials certifications and keeps employees on alert for potential danger. If you need help with Cyber Security, contact Neuways to become Cybersafe.

Here are the most prominent cyber threats to businesses which you should be aware of:

WatchGuard highlights huge increase in malware attacks

In the fourth quarter of 2023, WatchGuard reported a significant increase in malware tactics, highlighting the ongoing global cybercrime epidemic. Malware detections surged by 80%, with diverse tactics observed primarily in the Americas and Asia-Pacific regions. Threat actors utilised encrypted connections for approximately 55% of malware instances, while zero-day malware detections rose to 60%.

Among the top malware detections were variants redirecting users to malicious links and loading DarkGate malware. Exchange server attacks accounted for four of the top five network attacks, emphasising the need to reduce reliance on on-premises email servers. If you think your business needs help with this, contact our Cyber Security team today,

Additionally, cyber attack commoditisation continues with offerings like Glupteba and GuLoader, offering sophisticated capabilities such as cryptocurrency mining. Despite a 20% decrease in ransomware detections, ongoing law enforcement efforts are attributed to this decline.

Cyber criminals’ escalating tactics highlight the critical importance of robust cyber security measures for organisations worldwide. Business leaders and employees need to stay aware of the new tactics that are being employed by cyber criminals so that the risks and dangers to businesses are minimalised.

Cyber threats are important to be aware of – so subscribe to our newsletter so you can stay aware. Be aware. Be Cybersafe.

Another Global organisation suffers reputational damage – a warning to business owners

The OWASP Foundation, a leading software security nonprofit, alerted its members to a potential data breach affecting individuals affiliated with the organisation from 2006 to 2014. The breach involved the exposure of approximately 1,000 decade-old resumes stored on an old Wiki server. OWASP, with over 250 chapters worldwide and tens of thousands of members, discovered the breach in late February.

Although it needs to be clarified if the resumes had duplicates, the foundation’s Executive Director believes external access to the server was limited. The exposed directory was unindexed and separate from the organisation’s Wiki installation, making locating it challenging. OWASP advised former members who submitted resumes during the specified period to assume their information was compromised.

The organisation has taken steps to mitigate the breach, including disabling directory browsing, removing the resumes from the site, and requesting removal from web archives. OWASP emphasised that affected individuals need not take action as they’ve removed the information but cautioned against potential scam attempts using the exposed data.

Acknowledging the breach’s significance, OWASP pledged to review its data retention policies and implement additional cyber security measures to prevent future incidents. Cyber attacks and hacks can cause damage to a company’s reputation, as customer begin to lose faith and trust. Whilst many organisations are able to recover, it does take a long time and it is so important that business leaders invest in cyber security, meaning they are able to get ahead of the cyber attacks and be proactive, rather than reactive.

Poor Cyber Security resulted in critical data breach

A report revealed critical security failures at Microsoft, leading to a major breach in summer 2023 by China-linked threat actor Storm-0558. The breach compromised Microsoft Exchange Online mailboxes of 22 organisations and over 500 individuals, including government officials. CSRB Chair Robert Silvers condemned the breach as preventable, citing a cascade of cyber security failures at Microsoft.

The report highlighted Microsoft’s inadequate cyber security culture and controls, noting the company’s failure to detect the breach and slow response after discovery. Microsoft’s delay in updating its systems and inaccurate public statements further exacerbated the situation, leaving customers unable to assess their risk accurately.

Storm-0558 exploited authentication tokens signed by a stolen key, providing remote access to multiple systems. Despite the key’s expiration in 2021, Microsoft failed to invalidate it until 2023, after the breach. CSRB criticised Microsoft’s corporate culture, urging a top-down review and fundamental security reforms. Business leaders need to take note of how important cyber security is for all organisations of all sizes.

Recommendations include deprioritising feature development until security improvements are made, enhancing security logging and forensics, and improving transparency about data breaches. Microsoft acknowledged the challenges and pledged to mitigate legacy infrastructure, improve processes, and prioritise security. The incident underscores the escalating cyber threats, emphasising the need for proactive cyber security measures and continuous vigilance in the face of evolving risks.

Contact Neuways to become Cybersafe

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today. We’re based in Derby but we work with clients all over the UK and can travel for your needs.