October 2023 Newsletter

Posted By: Mark Wednesday 15th November 2023 Tags: , , , , , , , , , , , , , , ,

This month: 2FA scams up as scammers phishing for credentials; top ten security misconfigurations highlighted, a record month for ransomware, the rise of malicious generative AI, meet the new AI office assistant from Microsoft, and, the Google Pixel’s AI image editing features raise concerns.

Newsletter image: Two-Factor Authentication (2FA) Scams Warning

Two-Factor Authentication (2FA) Scams Warning

Our tech team are reporting an uptick in the amount of 2FA scam-related phishing emails. Scammers are attempting to get clients to pass on the security code for accounts and applications that are protected with extra levels of authentication above that of the simple username and password.

Two Factor Authentication and Multi-Factor Authentication (2FA and MFA) are a couple of common, relatively reliable, security measures for protecting online account access. It’s an extra barrier in case cyber criminals harvest easy-to-crack or reused passwords.

Cyber criminals want you to give away the one-time passcode that’s generated as the 2FA/MFA part of signing in to an account. This usually comes via email, text message, or, preferably, an authenticator app. The most common method is the OTP sent through SMS/text message, and that is the target of 2FA scams, in phishing campaigns through social engineering tactics.

How 2FA scams work

Hackers attempting 2FA scams are impersonating IT support teams, or staff from the account/application being targeted, in the hope of getting users to disclose the OTP. They’re looking for access to Microsoft accounts, emails, websites, social media and other applications, especially banking and financial. They’ll already have obtained the username and password through various means and need that OTP for the final part of the takeover attempt. This might be a phone call following up a triggering of a login attempt that needs the OTP, or it can be an email link taking the victim to a scam website form for it to be input.

Once a hacker has access to your accounts they can lock you out and use it for whatever they want.

Never share your OTP

It should go without saying, but, never share OTP details with anyone else. Your IT support team, or any software, hardware partners, will never ask for that information. It’s also recommended to use an Authenticator app that utilises rolling time-sensitive passcodes, rather than SMS, as they change more quickly (usually every 30 seconds), and are less likely to be intercepted in the electronic transit of the code. SMS methods can be extremely vulnerable to SIM swap or spoofing tactics.

Report Any 2FA Scams To Your IT Support Team

If you receive a suspicious email, text, or sign in request, report it to your IT support team. An OTP authorisation request for a login attempt not made by you is a sign your account password could be compromised.

If you’re a business in the North East of England, get in touch for a chat about your cyber security practices. We provide effective IT support for many SMEs from our Teesside offices.

Newsletter Image: NSA/CISA Top 10 Security Misconfigurations

NSA/CISA Top 10 Security Misconfigurations

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a cyber security advisory detailing the top ten most common cybersecurity misconfigurations. The advisory details the tactics, techniques, and procedures (TTPs) used by cyber criminals to exploit these misconfigurations. It shows how these cyber threats gain access to systems, move around, and target sensitive information.

Leaving default credentials in software, systems, and applications tops the list of their ten cybersecurity misconfigurations. These common misconfigurations depict systemic vulnerabilities within the networks of numerous organisations, including many of the largest companies. The aim is to highlight main areas of concern and encourage software manufacturers to adopt secure-by-design and secure-by-default principles throughout the development cycle. This approach aims to mitigate the threat of compromise through these avenues.

Top Ten Security Misconfigurations

  1. Default configurations of software and applications
  2. Improper separation of user/administrator privilege
  3. Insufficient internal network monitoring
  4. Lack of network segmentation
  5. Poor patch management
  6. Bypass of system access controls
  7. Weak or misconfigured multifactor authentication (MFA) methods
  8. Insufficient access control lists (ACLs) on network shares and services
  9. Poor credential hygiene
  10. Unrestricted code execution

Leaving default credentials in software, systems, and applications tops the list of their ten cybersecurity misconfigurations. These common misconfigurations depict systemic vulnerabilities within the networks of numerous organisations, including many of the largest companies. The aim is to highlight main areas of concern and encourage software manufacturers to adopt secure-by-design and secure-by-default principles throughout the development cycle. This approach aims to mitigate the threat of compromise through these avenues.

Amongst the many recommendations within the advisory, manufacturers are urged to stop using default passwords, while multifactor authentication (MFA) should be a default standard rather than an option.

Are you a company in the North East of England who is concerned about the state of your IT systems? Get in Touch today and we can arrange a security audit for any business and provide high quality IT support from our Teesside base.

Newsletter Image: September Is Record Month For Ransomware Attacks

September Is Record Month For Ransomware Attacks

Bleeping Computer reports on an NCC Group report detailing a sharp rise in ransomware attacks last month. After a relatively quiet August, September saw a 153% rise in year-on-year attacks, accounting for 514 victims around the World.

New Ransomware Gangs Make Waves

The most active cyber-crime enterprises included a number of new ransomware gangs, such as LostTrust and RansomedVC. Smaller known groups, such as Cactus and Trigona, saw growth, while some usual suspects, like Lockbit and BlackCat, also featured. Clop were absent but it is believed something new may be on the horizon from the notorious group.

North America saw the most attacks, with 258 (up 3%), Europe followed with 155 attacks (up 2%), and Asia was third with 47 attacks (up 8%).

Healthcare continues to be a heavily attacked growth sector, although industrial targets top the list, followed by ‘cyclical services’ (retail, hotels, etc) and tech-related businesses.

The report said:

“After the drop in ransomware attacks in August, the surge in attacks during September was somewhat anticipated for this time of year. However, what stands out is the volume of these attacks and the emergence of new threat actors who have been major drivers of this activity.

“NCC Group predicts that it is highly probable that this pattern will continue and repeat itself in another year’s time, as we have yet to observe evidence to the contrary.”

There have been more than 3000 ransomware attacks recorded this year, with a prediction of topping 4000 by year-end.

Ransomware attacks can happen to anyone. Make sure your cyber security services and IT support are up to the task by getting in touch today.

Newsletter Image: The Rise Of Malicious Generative AI

The Rise Of Malicious Generative AI

This year has seen the emergence of AI chatbots, such as OpenAI’s ChatGPT, from many businesses and services. These generative artificial intelligence Large language model (LLM) systems were opened up for public use, and integrated into many common applications, and have quickly become part of the mainstream. There is much debate about their potential to affect the future of society, but cyber security researchers are already observing a growth in malicious generative AI resources for hackers to exploit.

These AI systems are marketed as toolkits that quickly generate means of cyber-attack. From grandiose claims of offering undetectable malware, determining weak targets and writing hard to detect fake content for more complex phishing campaigns and social engineering attacks.

Malicious Generative AI tools are a cyber-attacker’s starter kit. Trained on vast datasets of human-generated content that integrates already existing attack tools, hacking guides, lists of all known vulnerabilities and zero-day exploits that are ripe for mining.

Uses For Malicious Generative AI Tools

  1. Enhanced Phishing Campaigns: Quickly automated personalised content in phishing emails. Much improved grammar and structure, generated in multiple languages
  2. Accelerated Open Source Intelligence (OSINT) Gathering: Automated research into potential victims – gathering personal information, corporate data, user preferences, etc.
  3. Automated Malware Generation: Malicious code generated quickly without the need for technical expertise.

Malicious Generative AI Tools

Current malicious AI tools to be aware of include:

WormGPT: is noted as being behind many current Business Email Compromise (BEC) attacks.

FraudGPT: Malware code and fraud content creator toolkit via subscription service.

DarkBard: Similar to FraudGPT but based upon Google’s Bard AI.

WolfGPT: Claims sophisticated malware creation and advanced phishing tools.

The threat from these malicious AI tools is still, currently, relatively small. Researchers are finding them unreliable and needing a lot of technical input to work more as claimed. However, the point of these AI systems is their learning capability and growth potential. They’ll become cheaper to obtain, quicker to use and require far less technical ability to hone.

Invest in robust cyber security and be aware of this emerging threat. AI-based real-time threat detection, keep everything patched and up to date, use multi-factor authentication (MFA), have a reliable and tested incident response plan, and, get staff trained and aware of what to look out for.

If you’re a business in the North East Of England, get in touch about our cyber security services and get set up with reliable IT support.

Newsletter Image: Microsoft AI Assistant Can Go To Meetings For You

Microsoft AI Assistant Can Go To Meetings For You

A new addition to Microsoft365 will be available as part of its office apps suite from November 1st. Microsoft365 Copilot is a ChatGPT-style AI assistant that can summarise lengthy emails and write draft responses; create Word documents, Excel Spreadsheets and develop PowerPoint presentations; and, it will even attend a Teams meeting on your behalf, producing a summary of discussed topics, log the attendees, and flag anything you need to do.

Copilot initially rolled out to a select few users for testing purposes, but now becomes a fully-integrated option for enterprise users.

According to a BBC reporter reviewing it in action:

“My first impression of Copilot is that it will be a useful tool, but also a formidably competitive colleague for those who do office work – especially within companies looking to make savings.

“I watched it confidently summarise in a few seconds, a long chain of emails regarding a fictional product launch […] It then suggested a brief response […] generated a warm reply […] although none of us had actually read any of it.”

Is this a modern super-powered Clippy returning as your personal assistant?

Newsletter image: Google Pixel's Face Altering Tool Blurs Reality

Google Pixel’s Face Altering Tool Blurs Reality

The latest iteration of Google’s smartphone, the Pixel 8, sees AI added to their image manipulation tools. The Magic Editor and Best Take software aims to make photo editing simpler, by using generative AI alongside AI processing techniques that can change backgrounds, remove, move or resize items, even change facial expressions. Work that would usually require professional image editors and a whole bunch of hours, are suddenly available to everybody at the push of a button.

The software is, like many AI tools, in the early, experimental stages. But, the technology will be refined, with further releases improved to the point where edits will be almost impossible to differentiate from an original photo.

Concern Over AI Use

The power of these image editing tools further adds to the ethical debate over the use of AI and its future implications. Concerns will be raised over the credibility of images. Who knows what you will be able to trust with your own eyes?

A Google spokesperson, Friida Turku, said:

“Photos that have been edited with Magic Editor will include metadata, which is embedded in the image file and will indicate that an image has been edited using AI”.

On whether there’s a company line drawn as to how far AI should go. Another Google spokesperson, Isaac Reynolds, said:

“As you get deeper into building features, you start to realise that a line is sort of an oversimplification of what ends up being a very tricky feature-by-feature decision”.

The AI features of Google’s smartphones are the central focus of their advertising campaigns, and will be available on the Pixel 8 and Pixel 8 Pro.