Cyber Security Monitor: February 2025 – The Rising Threats You Need to Know

Cyber Security Monitor: February 2025

Stay one step ahead of cyber criminals with our regular news and tips

The recent fibre optic cable attack by climate activists on the UK’s insurance sector has highlighted the growing threat of ‘hacktivism’ to an organisation’s infrastructure.

It’s clear that operational resilience must address both physical and cyber risks holistically. It’s certainly going to be top of the agenda for many in the C-suite this year. We discuss a few practical steps that businesses can take to help secure their physical infrastructure.?

We also?take a closer look at the security risks of in-app browsers, the latest phishing technique used by Russian hackers and why setting up the right security controls on your printer is so important.

And lastly, a very warm welcome to the newest member of our Leadership Team, Claire Geyman who joins us as Director of Finance and Commercial Excellence.?

Cable-cutting activists are coming. So, what next?

The recent attack on fibre optic cables by climate activists in the City of London has forced organisations to re-examine not just their digital security but their physical infrastructure as well.

Climate activists from Shut the System have singled out the insurance industry as prime targets for their disruptive protests. January’s attacks were carried out at insurance sector hotspots across London, Leeds, Birmingham and Sheffield.

At a recent police event after the attacks, questions were raised about how easy it was for an activist to masquerade as a contractor and carry out wider disruption with just a hi-vis jacket, a pit lifter (to lift heavy manhole covers) and some wire cutters.

Police are urging organisations to thoroughly inspect their physical infrastructure and stay aware of any suspicious activity, including activists potentially carrying out reconnaissance for future planned disruptions.

Some other tips:

• Revisit your business continuity plan and update it to include strategies for minimising impact on physical infrastructure.
• If your organisation operates from a multi-tenanted building, speak to your building management about strengthening access control arrangements.
• Make your building’s security team aware of this new trend and ask them to check IDs of any contractors working near manholes around the building.
• Sign up to the one.network system to stay aware of any planned road works and traffic disruptions in your area.
• If you see anyone carrying out suspicious activity near utilities, report it immediately by calling 999. For retrospective reporting, it's 101.

In-app browsers are great… for surrendering your personal data

The next time you’re tempted to read a news article while scrolling through Facebook, Instagram or TikTok, pause for a second and consider the security risks.

Clicking on a browser link when you’re still logged in to your social media is made possible by in-app browsers (IABs). They are mini web browsers built directly into apps such as Facebook Instagram, TikTok and LinkedIn.

In-app browsers are different from traditional Chrome, Safari or Edge browsers that you typically use on your smartphone. You may think they make accessing external content easy, but as our new blog post points out, they come with a slew of security risks.

In-app browsers can track all your activity through every tap, swipe and click, allowing the social media companies who created them to collect a vast amount of your personal data. For instance, one of the main privacy concerns over TikTok is the app’s ability to record every keystroke you make on your phone.

The overall lack of transparency is a big concern for Intersys MD Matthew Geyman, who advises against using in-app browsers entirely. "If you want real control over your privacy, I recommend skipping the in-app browser and using your device's native browser instead. Not only is it more secure, but it keeps social media companies from building an even more detailed profile of your online life – whether for targeted ads or something more invasive."

Intersys welcomes Claire Geyman as?Director of Finance and Commercial Excellence?

We are delighted to welcome Claire Geyman as our Director of Finance and Commercial Excellence and the newest member of the Intersys Leadership Team.

Claire’s arrival coincides with Intersys’ current expansion drive and she will play a central role in implementing our long-term growth strategy.

Claire comes to Intersys with an impressive track record. She previously worked at Coloplast UK as Head of Finance and Commercial Excellence for North Europe Region. As a member of the senior leadership team, her remit included everything from managing the finance function to commercial excellence and overall company strategy. Her role there spanned 14 countries, six reporting units and seven different currencies.

Claire’s duties at Intersys will include overseeing finance operations as well as informing business strategy, fine-tuning operating models and creating efficiencies through data-driven decision-making.

Read more on our blog here.

Copy that: why hackers love the new Xerox printer flaw

Security researchers have found a new vulnerability in Xerox VersaLink C7025 Multifunction printers (MFPs). This loophole could potentially allow attackers with remote or local access to the printer’s admin interface to steal sensitive account details.

Experts are warning that a malicious actor could use the flaw to steal credentials from the victim organisation’s Windows Active Directory. This would allow them free reign over an environment and access to other critical Windows servers and file systems.

Intersys’ Head of Security Jake Ives has stressed the importance of securing printer environments and how many organisations get it wrong.

“Printers are a huge attack vector. Throughout my career, I've seen printers being used with default credentials in place and even, in more extreme cases, domain admin accounts used to facilitate the scan-to-email and/or scan-to-file system functions!”

Jake offers the below tips to tighten up your printer security:

• Network configuration: ensure your printers are configured on a separate VLAN. Ideally, they should not have wider internet access and be isolated from other networks, except for facilitating print jobs.
• Scan-to-email security: use a dedicated service account when using the 'Scan to email' function.
• Admin account security: avoid using the default username and password that shipped with the device even if the printer is on a segregated network. Always use a unique password on all appliances.
• Disable unnecessary functionality: You don’t need to broadcast the name of your printer’s wireless network for guests to be able to print from it. Enable the functionality you need and disable everything else.

For a full list of Jake’s printer security tips, check out his LinkedIn post here. Russian threat actor abuses Microsoft Teams device authentication

Microsoft security experts have warned of a new phishing technique used by Russia-affiliated hackers.

“Device code phishing” is a method where cyber criminals trick users into logging into productivity apps such as Microsoft Teams. They then steal the user’s login tokens to hack into the compromised accounts.

A victim typically clicks on an email containing a Microsoft Teams meeting invite. When they click on the invitation link, they are asked to authenticate it using a device code. There’s just one small problem. The code is generated by the hacker, who then receives a valid access token thereby stealing the authenticated session. The hacker can then take over the victim’s account, access sensitive information and send more phishing messages to other users via office emails.

Microsoft has also seen this technique used to lure victims on messaging apps such as WhatsApp and Signal. Microsoft has named the hacker group Storm-2372, which it believes is targeting various government and non-governmental organisations globally. Sectors such as IT services and technology, defence, telecommunications, health, higher education, energy, and oil and gas across Europe, North America, Africa and the Middle East have been exploited.

Microsoft has suggested the following safety advice:

• Restrict device code flow to only when it’s absolutely necessary. And in such cases, configure Microsoft Entra ID’s device code flow in your organisation’s Conditional Access policies.
• Continue to educate staff about common phishing techniques. Remember that a valid sign-in prompt always clearly identifies the application being authenticated. Any interactions with Microsoft Azure will prompt the user to cancel or continue to the app that they expect. If you don’t see this option, it could be a phishing lure.

Find more detailed security advice on the Microsoft blog.

Other vulnerabilities and updates

Windows Ancillary Function Driver for WinSock

Adobe security updates

Apple security update

Cisco security updates

?----------

CyberSecurity | CyberThreats | CyberAttack | CyberResilience | CyberRisk | Hacktivism | DataPrivacy | Phishing | CyberAwareness | InfoSec | CyberDefense | NetworkSecurity | ITSecurity | OperationalResilience | ThreatIntelligence | DigitalSecurity | Ransomware | CyberProtection | CyberHygiene | SecurityUpdates | CyberCompliance | FibreOptic | SecurityBreach | BusinessContinuity | PhysicalSecurity | AccessControl | InAppBrowsers | DataSecurity | CyberCrime | InsiderThreat | DarkWeb | MicrosoftTeams | PhishingScams | SocialEngineering | PrinterSecurity | ZeroTrust | CyberVigilance | CloudSecurity | EndpointSecurity | RiskManagement | SecurityBestPractices | ThreatDetection | CyberPolicy | ManagedSecurity | ITInfrastructure | DigitalForensics | VulnerabilityManagement | CyberSecNews | CyberSecurityStrategy