February cyber news round-up
Serious vulnerabilities are exposed in Microsoft Teams, the NCSC warns UK businesses of incoming Russia-based cyber events, and a European oil field suffers a multitude of cyber attacks.
February is bringing more of the latest news of cyber events from across the globe - check it out!
Hackers slip into Microsoft Teams chats to distribute malware
After seeing thousands of attacks since January, security researchers warn that attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation.
According to the report published by Avanan, the threat actor accesses a compromised Teams account and inserts an executable file called “User Centric” in a chat to trick the user into running it. Once executed, the malware writes data into the system registry, installs DLLs, and establishes persistence on the Windows machine.
The researchers say that the issue is aggravated by "the fact that default Teams protections are lacking" and "many email security solutions do not offer robust protection for Teams."
Microsoft quarterly report reveals how few users use MFA
Microsoft recently published their quarterly “Cyber Signals” report, in which they disclosed that 78% of organisations using Azure Active Directory (AD) do not use Multi-Factor Authentication (MFA).
In 2021, over 25.6 billion attempts to brute-force user accounts were detected and blocked by Azure AD, with Microsoft CISO Bret Arsenault saying that they see about 580 to 600 password attacks attempted every second.
A study done by software company Okta showed that organisations not running MFA are ten times more likely to be targeted than those that are. Arsenault commented on how this highlighted the importance of using MFA.
NCSC tells UK organisations to brace for Russian cyber attacks
The UK’s National Cyber Security Centre (NCSC) is urging organisations based in the UK to prepare for possible Russian cyberattacks. This comes amid growing tensions surrounding the ongoing Russia Ukraine situation, in which Ukraine has been bombarded by cyber attacks that many are attributing to the Russians.
The NCSC recommend the following actions for UK companies to protect their environments:
- Patch systems
- Improve access controls and enable multi factor authentication
- Implement an effective incident response plan
- Check that backups and restore mechanisms are working
- Ensure that online defenses are working as expected
- Keep up to date with the latest threat and mitigation information
European oil facilities hit by cyber attacks
IT systems have been disrupted by cyberattacks at Oiltankingin Germany, SEA-Invest in Belgium and Evos in the Netherlands.
Dozens of terminals with oil storage and transport around the world have been affected, with firms reporting that the attacks occurred over the weekend. All three companies' IT systems went down or were severely disrupted.
It is possible the incidents are unrelated. It may simply be the result of malicious attachments or links propagating via email, meaning companies with shared contacts can sometimes be hit close together. Another possible explanation could be that all the companies use the same software for operations that may have been compromised by attackers.