Cyber Insights | February 2024

SCAM ALERT

As people become more aware of phishing emails, cybercriminals must turn to alternative platforms to trick their victims. For example, many organisations use Microsoft Teams as a messaging and communication platform. But did you know that it can also be used for phishing attacks?

Microsoft Teams allows users not part of your organisation to message you. Cybercriminals recently exploited this feature to send phishing messages to Microsoft Teams users. The message includes a malicious file disguised as a PDF attachment. The scammers make the file look like a PDF file to trick you into thinking that you are downloading a normal attachment, but it’s really an installer file in disguise. The file actually contains malware that is installed once the file is downloaded.

As cybercriminals continue to find new attack methods, it’s more important than ever to remain alert!?

Follow these tips to avoid falling victim to a Microsoft Teams phishing attack:

• Be suspicious of unexpected messages, even if they appear to come from a trusted source, such as Microsoft Teams. When in doubt, always attempt to verify the authenticity of the person who sent you the message!
• File names aren’t always what they seem. Always be sure that an attachment is legitimate before you click on it!
• Remember, this type of phishing attack isn’t exclusive to Microsoft Teams. Scammers could use this type of attack on any messaging platform.

Exploit: Human Error

Football Australia:? Sports Governing Body

Risk to Business: SEVERE

Football Australia (FA) has experienced a data breach due to a blunder. A developer inadvertently left a crucial server reference in code accessible to the public, leaving a huge treasure trove of information open. The information exposed may include players’ contracts containing data like personally identifiable information and passport scans. Fan data on ticket purchases and information about the FA’s digital infrastructure was also exposed. Researchers discovered the 27 AWS buckets of exposed data, which have been available since early January 2024. FA said it had informed the Office of the Australian Information Commissioner (OAIC) about the breach.?Read more here

Exploit: Password Spraying

Microsoft: Software Company

Risk to Business:?MODERATE?

Microsoft has disclosed that several of its corporate email accounts were breached by a Russian state-sponsored hacking group, Midnight Blizzard. The company detected the attack on January 12, 2024. Microsoft’s internal investigation concluded that the attack was conducted by a group of Russian threat actors associated with Nobelium/APT29 (sometimes known as Midnight Blizzard or Cozy Bear). The software titan said the threat actors breached their systems in November 2023 by conducting a password spray attack to access a legacy non-production test tenant account. Microsoft says the hackers accessed a “small percentage” of Microsoft’s corporate email accounts for over a month, including accounts tied to the company’s leadership team and employees in the cybersecurity and legal departments. The company speculates that the threat actors were looking for information about their own gang. Read more here

Messaging apps such as WhatsApp, Discord, and WeChat are a great way to keep in touch with friends and family. But not all messaging apps are safe to use on your work device. Unapproved messaging apps may contain vulnerabilities that cybercriminals can exploit. If the cybercriminals succeed, they could access your organisation's network and other sensitive information.

Receiving Messages from Cybercriminals

Cybercriminals can use these apps to send messages containing malicious links or attachments. The messages may promise free items, inform you about an overdue bill, or prompt you to download an attachment for work. If you click the links or download the attachments, you may unknowingly download malware on your work device!

Third-Party Apps with Hidden Features

Cybercriminals can also create third-party apps to change your messaging app experience, such as making the app pink. While the third-party app may actually make your app pink, it can also grant cybercriminals access to your device. Once cybercriminals gain access, they can view any organisation's information on your device.

What Can I Do to Stay Safe?

Follow the tips below to protect yourself and your organisation from these types of scams:

• It's best to keep work and personal use separate. Only use work devices for tasks required by your job.
• Follow your organisation’s policies on downloading apps on work devices. If you’re unsure, learn who to contact for guidance.
• Never share personal or sensitive information through unsecured apps. Be especially cautious if you don’t know the person messaging you.

If you would like to discuss your cybersecurity needs, book a complimentary consultation here