01225 776555

Category : Cyber security

17Nov 2022
Fake Windows update scams targeting companiesFake Windows update scams targeting companies
By In Blog, Cyber security, Operating systems, Uncategorised

Fake Windows update scams targeting companies

We have seen a number of Windows update scams over the years, but according to McAfee, they are on the rise. The latest attack type is smarter and more effective than ever.

If you manage Windows machines, this is definitely something to watch out for!

A report published by McAfee throws new light on an old problem. A new type of scam targeted Windows users.

The problem is called Magniber and its ransomware disguised as a legitimate Windows update.

Magniber ransomware

The Magniber ransomware has been very cleverly designed. It hides its true purpose until the very last minute and only reveals itself once all your files are locked down and it makes its demands.

The good news is that it hasn’t integrated into Window’s built-in update mechanism and still depends on user action.

The bad news is that every aspect of the Magniber ransomware has been designed to quietly infiltrate user devices until it’s too late.

Machines are compromised when a user visits an infected website.

These websites include fake Windows 10 update links. Once the link is clicked, the malware will download a JavaScript file to the device and open in memory.

As not all antivirus or malware scanners monitor memory, it can be missed until it’s too late.

Once active, the malware encrypts all files on accessible drives and sets itself up as an administrator.

Once its work is complete, it will open a ransom window and demand payment in return for restoring access.

If you refuse to pay, data is deleted for good. If you do pay, presumably your files are restored.

As the malware sets itself up as an administrator, there’s nothing stopping a hacker gaining access to the device directly to plant more malware or copy data.

That’s much more involved than running the ransomware but there have been instances where hackers piggybacked malware to see what they can find.

Mitigating against Magniber ransomware

As we mentioned, the main weakness of Magniber ransomware is that it requires users to visit an infected website and click a download link.

This is where IT policies, staff training and awareness and internet security controls come in.

Teaching staff to not visit such websites and to never click links can be very effective.

As can showing staff how Windows update really works or that IT will take care of system updates so staff don’t have to.

This is your first line of defence.

A network security solution that can detect websites with infected links can also be useful.

This is your second line of defence.

Using a security solution that can scan device memory for malware is also valuable.

This is your third line of defence.

While prevention is always better than cure, its situations like this where backups prove their worth.

Backups are your final line of defence.

The power of backups against ransomware

Most ransomware will encrypt files and promise to unlock them in return for a crypto fee.

What we don’t know is the proportion of ransomware that actually unlocks those files once paid.

If we were betting people, we would bet on that being a relatively low number. Which means it’s likely to be futile to pay the hacker what they are asking for.

If you applied the rules of rational economics, the vast majority of ransomware payments would result in data being unlocked.

After all, if word got around that data was lost even after paying up, that revenue stream would soon dry up.

But, neither economics, nor malware is rational, so all bets are off.

This makes the case for regular backups.

Regular backups means if you don’t pay the ransom, you can wipe the infected system and rebuild it from backup.

At the most, you lose a few hours or a day of productivity.

As most backup solutions cost less than the average ransom and can cover any number of devices, it’s money well spent.

Staff education and training is a great preventative measure but nothing beats a strong secondary defence in IT policies and security solutions.

If you need help with any of that, Cloud Heroes are here to help.

Read More
1Nov 2022
How cloud services balance productivity and securityHow cloud services balance productivity and security
By In Blog, Cloud, Cyber security

How cloud services balance productivity and security

The modern business environment is one of competing priorities. The business needs to make information accessible to help productivity. IT teams and security admins need to lock down information to prevent it being lost or hacked.

Both are viable priorities.

Information is essential for a business to run. We have to share information to be able to function and that will typically involve sharing, making copies and sending outside the business to clients.

Security still needs to be maintained though as information is currency. In the right hands, it’s your currency that helps build relationships and gets business done. In the wrong hands, it can be held against you, shared without your permission or given to competitors.

How do you manage the two?

The cloud can help.

Cloud services and productivity

Not that long ago, information was locked down. Businesses were divided into silos and information and responsibility was kept within those silos.

It wasn’t a particularly efficient way to work, which is why it failed.

We are now working in a more open environment but there’s still a battle between keeping information accessible so it can help productivity and locking it down to keep it safe.

Overzealous managers or security admins can often get in the way of productivity and collaboration.

We have all seen it and we have all rolled our eyes at it when trying to share information with others.

We can avoid all that by switching to the cloud.

Let’s look at a real life example.

If your business is anything like ours, you would identify a piece of data, a file, a document or information relevant to the task at hand.

You will make a copy of that information and share it via email, Slack or company channels.

There will now be several copies of that information that need to be secured and controlled.

Once you share copies of data, you lose control over it. That’s not a great way to manage data security. While you may trust everyone in the distribution list, accidents happen. We all know they do.

Auditing is impossible and it’s difficult to notify all interested parties when an update has been made to any of that information.

It gets business done, but not in a particularly efficient way.

Now let’s look at a cloud example.

This is how we and thousands of other firms now work and we encourage you to work this way too.

You identify a piece of data, a file, a document or information relevant to the task at hand.

Rather than make a copy and share it, you share access to the actual piece of data within the cloud.

You add the relevant people to the access list for the document, provide read-only, edit or administrative permissions as required and share the link to that document.

Only the people with that link or with permission can access it, so your security admin is happy.

Relevant parties have access to the information and can act upon it, which makes managers happy.

Every change to that data is tracked, with a full audit trail for every change by every user, which makes your data controller very happy.

The core copy of the information can be secured and updated as required and everyone can see the changes.

Access can be changed or revoked at any time to help maintain data security.

All without having to make multiple copies of information, lose control of that information or risk colleagues or clients working on outdated documents or obsolete data.

That’s just one example of one particular instance that happens millions of times around the world.

There are likely many other ways controlling access to data can benefit your business without impacting productivity, but you get the idea.

Balancing productivity and security with the cloud

Switching to cloud services like Office 365 means you regain control of your data, increase security, maintain access and can effectively audit any changes.

All without impacting productivity and actually improving the way you work by making data available anywhere at any time. But only for authorised users.

It’s no wonder more businesses than ever before are switching to the cloud!

Not only is it cheaper and easier to manage, it helps you maintain full control over business intelligence while providing access to those who legitimately need it.

When data is currency, control is everything!

Read More
19Oct 2022
CH blog - Cost of living scamsCost of living scams on the increase and set to get worse
By In Blog, Cyber security

Cost of living scams on the increase and set to get worse

Reports are coming thick and fast reporting a drastic increase in scams targeting the general public using cost of living, energy and discounts.

High Street banks and Citizens Advice are calling for people to be aware of a range of scams.

Scams include phishing emails supposedly from energy companies or Ofgem, WhatsApp messages from relatives who need help paying for a new phone, emails from the Department of Work and Pensions telling you to apply for cost of living payments and others.

As always when things get tough, scammers seek to benefit from it.

You don’t need us to tell you how tough these times are, but we are going to highlight some particular scams and what to do about them.

Energy companies or Ofgem

Given the energy situation right now, there’s an obvious nervousness about what the future holds. This gives scammers an edge as messages around energy costs are emotional and sidestep the rational side of our brain.

One scam doing the rounds is purportedly from Ofgem, the energy regulator.

It asks you to apply for a pair of energy rebates of around £700. The email looks convincing but some have said it is dated 2020.

Ofgem isn’t sending emails like this. They regulate the energy companies, they don’t get involved in the rebate scheme.

WhatsApp messages to help family members

Another scam doing the rounds right now is a WhatsApp scam. You’ll receive a message from an unrecognised number purporting to be from a family member.

The message says they lost their phone or were mugged and need you to send them some money to buy a new phone. They are borrowing a phone right now, hence the unknown number.

This is another very convincing scam that uses emotion to try to sidestep the logical side of the brain. It is apparently proving very successful.

Top tips to avoid the worst cost of living scams

If you or your staff are receiving messages or emails that aren’t being filtered by your systems, train everyone to spot them.

Here are some things to look out for:

Spelling and grammar – Some scam messages look really good, while others have obvious errors. Look for things that just don’t ‘feel’ right like informal greetings, wrong names, wrong dates or poor layout.

Unknown numbers or email addresses – We receive hundreds of emails a day at work and at home, but we’ll recognise the vast majority of them. Ignore any messages that request information that your team doesn’t recognise. You can always follow up directly with the supposed sender via other channels to verify.

Attachments – Businesses send attachments all the time, but we recognise them or the sender. If a message gets through your filters with an attachment, train staff to never open it if they are unsure of the sender or the contents.

Offers that are simply too good – If an offer sounds too good to be true, it probably is. Use the same principles you would in business, at work or at home to decide whether an offer sounds legitimate or not.

Most of all, remind staff that most organisations won’t email directly from unknown email addresses or call them from unknown numbers.

If in doubt, delete the message and follow up with the organisation directly through another channel.

If it’s important, the organisation will get in touch another way.

For energy scams, most discounts are being applied automatically, so there’s no need to give bank details or personal details to any organisation, whoever they are.

If your email filters aren’t capturing email scams or filtering out junk, perhaps it’s time to look at an alternative solution. Contact one of our team to see how hosted email can help!

Read More
6Jun 2022
Zero-day ‘Follina’ bug targets installed versions of Microsoft OfficeZero-day ‘Follina’ bug targets installed versions of Microsoft Office
By In Blog, Cyber security

Zero-day ‘Follina’ bug targets installed versions of Microsoft Office

A zero-day bug called ‘Follina’ is actively exploiting installed versions of Microsoft Office.

The vulnerability has been spotted in the wild being used by Chinese hackers to target the Tibetan community. This flaw is about much more than just politics though.

It affects Office 2013 and 2016, installed versions only.

As far as we can tell, Office 365 is not impacted.

Read More
20May 2022
5 actions small businesses need to take to protect their customers from cyber threats5 actions small businesses need to take to protect their customers from cyber threats
By In Blog, Business Continuity, Cyber security

5 actions small businesses need to take to protect their customers from cyber threats

With everyone spending more time and money on the internet, protecting yourself and your customers is essential.

Unfortunately, most small business owners are too busy coping with day to day tasks to spend time learning about cyber security or how threat vectors work.

But there are things every small business can do.

We’ll outline 5 things every small business can do to protect themselves and their customers.

Read More
  • 1
  • 2