Be Cybersafe with Cybersafe.co.uk - Get a managed cyber security service
Contact Us

Cybersafe Threats – 2nd May

Cybersafe Threats Update May 2024

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks threatening the private and sensitive data of businesses all over the UK. As technology evolves, so do cyber criminals and their methods of attack. If your company does not have the right cyber security processes in place, it runs a serious risk of cyber attackers infiltrating its network and data. The results could devastate your business if your data falls into the wrong hands. Whether it be paying a ransom which could cost you a fortune, losing all your data and not being able to recover it, a fine due to GDPR breaches, or reputational damage, all of these effects could have a severe impact on how (and if) your business will be able to move forwards. 

2nd May 2024 – Below, we update business leaders on what you and your employees need to look out for when assessing cyber threats to their data.

Here are the most prominent cyber threats to businesses which you should be aware of:

A concerning rise in Ransomware Payments

Amidst the concerning rise in ransomware payments, there are notable insights for businesses to consider, emphasising the importance of cyber security measures. According to Sophos’ recent report, the average ransom payment has soared by 500% in the past year, reaching £1,598,900.00 million ($2million) per payment. While this may seem alarming, there are positive aspects to highlight.

Despite the increase in ransom demands, the rate of organisations falling victim to ransomware has decreased slightly from the previous year. This indicates that businesses are becoming more adept at defending against such attacks. Additionally, the report reveals that although large organisations are more likely to face ransom demands, they are also more resilient in recovery, with a higher percentage fully recovering within a week than smaller organisations.

Furthermore, the study underscores the significance of addressing vulnerabilities, as they remain the most common entry point for ransomware attacks. By prioritising patch management and bolstering cybersecurity protocols, organisations can mitigate the risk of exploitation and reduce the severity of potential breaches.

Moreover, while ransomware incidents often involve attempts to compromise backups, organisations that maintain robust backup systems have a higher chance of recovering their data without succumbing to ransom demands. This highlights the importance of implementing effective backup and recovery strategies as part of comprehensive cyber security measures.

Despite the challenges posed by ransomware, most organisations that experience data encryption manage to retrieve their data through backup restoration or, in some cases, by negotiating ransom payments. This underscores the importance of preparedness and response strategies in mitigating the impact of ransomware attacks.

In summary, while the surge in ransomware payments may raise concerns, it also underscores the importance of proactive cyber security measures. By addressing vulnerabilities, implementing robust backup systems, and fostering a culture of cyber security awareness, businesses can mitigate the risks posed by ransomware and safeguard their operations effectively.

A leading identity and access management services provider

Okta, a leading identity and access management services provider, has warned about a significant increase in credential-stuffing attacks targeting online services. These attacks, observed over recent weeks, have escalated in frequency and scale, fueled by the easy accessibility of residential proxy services, lists of previously compromised credentials (commonly known as “combo lists”), and automation tools.

Between March 18, 2024, and April 16, 2024, Duo Security and Cisco Talos reported widespread brute-force attacks targeting various services, including VPNs, web applications, and SSH services. Some affected services include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Miktrotik, Draytek, and Ubiquiti.

From April 19, 2024, to April 26, 2024, Okta’s Identity Threat Research team observed a surge in credential stuffing activity targeting user accounts, suggesting a coordinated effort using similar infrastructure.

Credential stuffing attacks involve cybercriminals using large username and password combinations, often obtained from previous data breaches or phishing campaigns, to gain unauthorised access to user accounts across various online platforms. 

These cyber attacks exploit the common practice of reusing login credentials across multiple accounts. By automating the process of trying these credentials on various websites, attackers aim to find matches that grant them unauthorised access to compromised accounts, posing risks such as data exposure and fraudulent activities.

Notably, the recent attacks observed by Okta utilise anonymising services like TOR and residential proxies such as NSOCKS, Luminati, and DataImpulse to route requests. These residential proxies leverage networks of legitimate user devices to evade detection, often without the users’ knowledge, either through intentional installation of “proxyware” or by unwittingly becoming part of a botnet due to malware infections.

Interestingly, most of the traffic in these attacks originates from mobile devices and browsers of everyday users rather than from VPS provider IP space. Okta’s advisory includes recommendations to mitigate the risk of account takeovers from credential stuffing attacks and provides insights into the tactics, techniques, and procedures (TTPs) observed in recent campaigns.

Leading retail store has to shut down network infrastructure following a ransomware attack

Carpetright, a prominent British retailer specializing in floor coverings and beds, recently faced a data security incident that led to disruptions in its phone lines and compelled the company to shut down its systems temporarily.

According to reports, Carpetright was the victim of a cyber attack. In a testament to the company’s preparedness, the IT team swiftly took action, including shutting down the network office at its headquarters in Purfleet, Essex. The attack also impacted Carpetright’s phone services, with callers being informed of the situation and asked for their patience.

In response to the incident, Carpetright has notified relevant law enforcement agencies and initiated an investigation to ascertain the nature and extent of the breach. Initial findings suggest that threat actors targeted the network at the company’s headquarters with malware, raising concerns about a potential ransomware attack.

An official email circulated among staff members confirmed the presence of a malicious virus within the network. Fortunately, Carpetright’s robust security measures allowed them to isolate the virus before any data could be exfiltrated. However, certain internal networks, including employee portals for tasks such as booking time off and accessing payslips, were temporarily taken offline as a precautionary measure.

This article states that the idea of the campaign was targeted at the Headquarters of CarpetRight. They wanted to shut down operations at headquarters aimed to contain the attack and safeguard customer data. Despite the disruption, Carpetright assures stakeholders that there is no evidence of compromised customer or employee data. The company is testing and resetting its systems, with ongoing investigations to prevent future incidents.

How to become Cybersafe

Contact Cybersafe.co.uk to ask for help on how we can help protect your business from cyber criminals. Whether you have sensitive data or confidential information within your business, you are always likely to be a target for cyber criminals.

Share the Post:

Related Posts