Dear ,

Cyber Security Newsletter May 2024

We are aware the newsletter below is quite lengthy and contains a lot of information to take in. However, we feel it is important for our customers to understand some of the risks and mitigation options. We encourage you to read the newsletter and ask us questions if you have any.

This month we would like to address several Cyber Security items which could potentially have a great impact on your business. Additional to the information below we will also implement a couple of changes to most customer’s O365 tenant to mitigate some ongoing risks. These changes will have minimal or no impact to your day-to-day operations.

Cyber Security is a responsibility of everyone who uses IT equipment including computers, phones, or networking equipment.

In the current environment Hackers and Scammers (we will call them bad actors) are treating their objectives as a profession. They are highly skilled and quite often well organised individuals and even organisations who will spend a considerable amount of effort and time to try to steal from organisations and individuals.

This is a recent case study:
“Recently we had an end-user receiving an email from a known contact who asked him to open an encrypted document. As the known contact was a finance company, the request did not seem strange or out of the ordinary. However, the email from the finance company was compromised and the email received by the end-user was actually coming from a bad actor.

Opening the encrypted email required the end-user to login to his Microsoft Office 365 account. The link used to reach the encrypted document was fake and pointed to a fake website impersonating Microsoft.

When the end-user logged in to his account, he, unwittingly, provided the bad actor full access to his own emails. As the end-user assumed he was logging in to a genuine Microsoft account he accepted the Multi Factor Authentication (MFA) challenge. This allowed the bad actor to become a ‘man in the middle’ between him and his customers. The bad actor proceeded with altering an invoice for a new vehicle with changed bank details which was promptly paid by the customer.”

 

One of the most common threats we currently see is the attempt to intercept and change invoices so the recipient of the invoice will pay to a different bank account, one which is controlled by the bad actors.

There are multiple ways this can occur.

The recipient’s mailbox can be compromised and an email with an attached invoice can be downloaded, changed and re-uploaded so the recipient will have no indication anything untoward has happened and would possibly pay the invoice to the fake bank details inserted by the bad actors.

Another option is that the sender’s mailbox could be compromised, and the bad actors could insert themselves into an existing email correspondence. This will install trust into the recipient and any information given by the bad actor has a high probability of being treated as real.

The difficult message IT companies have to relay to their customers is that no amount of technical measures can stop all instances of potential compromises of emails or data.

The most common threat is deception of end-users by making them believe they are speaking to a known contact or organisation while they are dealing with a bad actor.

Just a couple of examples of these are:

  1. Receiving an email from a known contact, however the sender domain name is not quite right.
  2. Receiving a call from Microsoft that there is an issue with their mail. Microsoft will not make cold calls like that.
  3. Receiving a call from ABit (“IT Support”) that something needs to be done on someone’s computer without us having an open ticket for this issue.
  4. Receiving an MFA pop-up or SMS on your phone without you trying to do something yourself which should trigger such.
  5. Receiving an email with a link which points to a site which looks real but is essentially a fake site. This could for instance be outIook.com which is not the same as outlook.com and could easily trigger the end user to use their credentials and provide an MFA acknowledgment which is just allowing the bad actors to take full control of their emails. To make matters worse, this could be done some much hidden that the end user does not even realise this has happened.

As these bad actors are highly skilled in pretending to be someone or something they are not, it can be very difficult to distinguish between a real of a fake communication. This kind of hacking is known as ‘Social Engineering’.

Regardless of what technical measures we’ve put in place to make your environment safer, if bad actors succeed in persuading an end user to, even unknowingly, handing over the keys to the kingdom, then the amount of damage they can do is considerable.

There is a mixture of measurements we recommend to mitigate these issues, but none of them will give you a guaranteed outcome.

  1. Cyber security starts with proper education of all end-users in an organisation.
    • We offer some training options and are constantly looking at new options. Please talk to us to see what would be appropriate for your business.
  1. Making sure MFA is enabled on ALL email accounts in your organisation.
    • We have been sending reminders for accounts without MFA but recent changes in Microsoft have prevented us from sending these for the last couple of months. We will resume this service in the next month or so.
  1. Have your Office365 tenant backed-up.
    • Our O365 Backup and Archiving service is not only important for disaster recovery purposes, but it is also vital if you need to proof what emails and attachments you have sent and received before any human could interact with them.
  1. Set a password policy which requires to use long passwords.
    • Longer, less complex passwords are deemed to be a safer option than shorter but complex password. We recommend a minimum of 16 so people can use a sentence instead of a single word.
  1. Remind staff to not re-use passwords in general.
    • Reusing password is unsafe as if one site gets compromised the same credentials can be used to login to other sites. We recommend businesses to have an internal policy forbidding to use the passwords staff use for work purposes to be used anywhere else. If staff need to remember too many passwords, then using a password vault (Bitwarden or LastPass are two large ones) is the best option to keep passwords safe.
  1. We can block ‘Geo Locking’ logins from outside Australia to your Office 365 tenant.
    • However, this might cause issues when staff are travelling and still want or need access to their emails. This system is also relatively easy to circumvent, especially for professional Bad Actors and it is not fail-proof as the match between an IP-address and location is not an exact science. This option will most probably require additional Microsoft licences.
  1. Implementing a 0-trust model for any software on your computers.
    • We have started to roll-out ThreatLocker to some customers. This product stops the execution of all software except what is allowed. This is in addition to Sophos Endpoint Protection. Where Sophos checks if software potentially poses a threat and stops it if it detects certain behaviours, ThreatLocker blocks ALL software unless a human has decided that it’s safe. This is a high-impact protection but it’s one of the main items identified in the Essential 8.
  1. Limit which Internet Browsers people can use.
    • Only allowing one or two browsers (We recommend Edge and/or Chrome) and creating settings people can’t change can help keeping your company safe. We also recommend the use of Ad-blockers as fake ads are known to lead to fake websites trying to steal credentials.
  1. Change the way your business communicates its bank details to customers.
    • We recommend only communicating bank details in person on paper and have a large banner on all invoices that bank details should be checked by calling your business via the phone number listed on your website.
  1. Talk to your insurance company.
    • Many insurance companies now have stricter requirements around Cyber Security. We recommend you engage with your insurer about the best practices in dealing with some of the items listed above.

The cyber security landscape is constantly evolving, and the length of this newsletter does not allow us to talk about all options or threats. We have tried to identify and address some more common risks and protection options. That does not mean that other options should not be considered or are less important.

We are always happy to book a time to have a more personalised chat with you about measures available to your business. Please book a meeting with Iwan and/or Tony if you would like to discuss Cyber Security in more detail or if you have any further questions.

Just for reference, this link is to an article by Microsoft explaining how Social Engineering can work:

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware | Microsoft Security Blog

Some other interesting links:

https://www.knowbe4.com/what-is-social-engineering

https://ia.acs.org.au/article/2023/car-buying-couple-loses--139k-to-invoice-scam.htm

Nine ways MFA can be breached (and why passwords still matter) - Specops Software

Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (bleepingcomputer.com)

Highlighting Oscar (Again):

!! Oscar is now the ABit Systems Support Manager !!

Oscar started with ABit in January 2023. After arriving in Australia from Colombia to learn English he met Tony and Leah by chance on a Transperth service. He told Tony and Leah that, in Colombia, he worked in technology, and they asked him to send in his resume. He writes “a vacancy opened quickly and after a couple of interviews I started in what I call a miracle from God. ABit gave me the opportunity to work while learning English which was a miracle for me.”

On a personal level Oscar writes: “My favourite topic is definitely technology, especially cybersecurity, I am also very interested in music, 2 years ago I started learning to play acoustic guitar and I practice at least 2 times a week. I also like to read, especially Stephen King's books. Likewise, I attend church every day to be in communion with God.
What I like most about ABit is that they make me feel like family, the work environment is excellent, and I feel that in this company I have learned a lot in terms of technical skills, which has allowed me to grow both personally and professionally. I will never stop being grateful for the opportunity they gave me.”

Oscar always has a smile on his face!

 

After Hours support

Currently ABit has the following hours of operation:

*After Hours support attracts the After Hours Hourly rate and is out of scope of any MSP contract.

We are interested in feedback on our opening hours, please send any suggestions to our General Manager.

Address: Unit 19, 28 Belmont Avenue, Rivervale WA 6103

Phone: 08 9352 2999

Email: support@abitsystems.com.au

Don't want to receive these e-mails? Unsubscribe

View online

Powered by listmonk