Blog

image
  • 2 November 2023

EleKtra-Leak: Unmasking the Cryptojacking Menace

In the ever-evolving landscape of cybersecurity threats, a new ongoing campaign has emerged, known as the Elektra-Leak. This campaign focuses on Amazon Web Services (AWS) Identity and Access Management (IAM) Credentials within public GitHub repos, aiming to exploit these vulnerabilities for cryptojacking activities.

image

  • 12 October 2023

Ransomware as a service: A successful business model

As Ransomware groups continue to grow, they become increasingly sophisticated and organised, developing help centres for victims to claim their data end even creating job postings on the dark web. It does seem these groups intend to stay rooted within the cyber landscape by integrating business-like strategies........

image

  • 27 September 2023

QR Phishing: The Scam That's Sneaking Up Behind You

QR codes, also known as Quick Response codes, have become increasingly popular in recent years. They are a convenient and versatile way to access information, such as menus, product information, and website content. However, QR codes can also be used for malicious purposes, such as phishing.......

image
  • 16 September 2023

A brief insight into the responsibilities of an Information Security Manager (ISM)

Information security is a very broad field. It spans across misuse of enterprise information, disruption, unauthorised access, and covers both physical aspects of security as well as cyber security. Technologies used include endpoint protection and response (EDR), vulnerability management tools, and security information and event management (SIEM) tools.......

image
  • 25 August 2023

Hit and Run’ Electric cars and the chips susceptible to hardware hacks

When we park or store our cars overnight, we often give thought to the valuable items, careful not to leave them in view or not in the car at all. But what if there was valuable extractable information stored within the car itself, giving rise to a potential attack surface vector that could fall into the hands of an opportune, patient or malicious actor.......

image
  • 18 August 2023

5G, the Next Generation of Networking?

With the increased commonplace of 5G technology around the country, interesting and unique challenges have come forward. The main difference to its predecessors is its much larger density of transmission towers due to its much higher frequency transmission range. This coupled with interesting network slicing abilities makes this one of the largest steps forward the technology has everseen........

image

  • 11 August 2023

Battling MFA Fatigue: A Rising Challenge in the Current Threat Landscape

Imagine that after a hard day’s work, you suddenly receive a multitude of multifactor authentication (MFA) prompts requesting that you accept. You must be thinking to yourself how annoying these notifications are. After declining a bulk of them, you suddenly tapped the “Approve” button to relieve all that stress of thinking it was probably maintenance work or an update. Have you realized what sort of consequences it will bring to yourself and the organization you are working for?.......

image
  • 14 July 2023

Cyber Security Associates becomes a Microsoft Solutions Partner for Security

Just over 18 months ago, Cyber Security Associates Limited (CSA) took the decision to use the Microsoft Security stack tooling as the primary capability to provide 24/7 Monitoring, Detection and Response (MDR) services. Using Microsoft Sentinel as the main vehicle to correlate, analyse and identify potential and actual cyber security threats and incidents has enabled the CSA Security Operations Centre to accelerate its growth and capabilities......

image
  • 12 July 2023

BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising

Threat actors linked to the BlackCat ransomware have been seen using malvertising strategies to propagate malicious WinSCP installs. Threat actors are now creating fake domains to imitate legitimate businesses to further spread malicious software through a technique called malvertising......

image
  • 7 July 2023

Mobile phone malware and the possible effects of hijacking

Our reliance on mobile phones has soared to unprecedented heights. We entrust them with everything; from banking to booking holidays, because of this the amount of personal data they hold can be frightening. In this blog post the profound effects of an attack on our devices is explored. Fortunately, the rise of full device encryption offers a glimmer of hope.....

image
  • 22 June 2023

Managing Cyber Security Risks from Third Parties

You may have heard the saying “A chain is only as strong as its weakest link”. Recent cyber security attacks have shown why this quote is relevant to all organisations that handle data. This article will highlight why third-party risk management is essential for your organisation’s cyber security.....

image
  • 18 June 2023

CSA partners with SentinelOne for Endpoint Protection

Cyber Security Associates has partnered with SentinelOne to provide clients with a fully managed service built upon the Singularity XDR platform. The SentinelOne Singularity security platform empowers SOC & IT Operations Teams with a more efficient way to protect information assets against today’s sophisticated threats......

image
  • 17 June 2023

Nice Capita: Incident Impact Research

Capita is a British multinational company that specializes in business process outsourcing and professional services. It is the largest such company in the UK, with a market share of over 29%. Capita has a wide range of clients, including central government, local government, and the private sector. It also has a property and infrastructure consultancy division.....

image
  • 2 June 2023

The Dark Side of QR Codes

The modern day era is constantly changing and we are increasingly integrating technology into our everyday lives to make daily tasks more easier and time efficient. Gone are the days of manually typing website addresses into browsers, thanks to QR Codes a contactless solution....

image
  • 11 May 2023

The Dark Side of AI: Unravelling The Next Wave of Cyber Threats

It comes as no surprise that as artificial intelligence (AI) rapidly evolve and becomes more widely accepted in different business sectors; it has also unveiled a darker side, attracting cybercriminals to harness the power of AI in order to unleash a new wave of sophisticated cyber-attacks....

image
  • 4 May 2023

The Rise of Malverposting

In recent years, the internet has become a hub for many activities, ranging from online shopping to social media platforms; it has also become a playground for cyber criminals who are always on the lookout for vulnerabilities to exploit....

image
  • 28 April 2023

Outdated WordPress Plugin – Eval PHP

In April 2023, a surge in the use of an outdated WordPress plugin called Eval PHP was reported by Sucuri, a website security firm. The plugin allows site administrators to embed PHP code on WordPress pages and posts and execute the code when the page is opened in the browser....

image
  • 27 April 2023

Capita Ransomware Incident Summary

On the 31st of March at 2:00pm, The Times reporter, Katie Prescott, published an article speculating on fears the UK outsourcing company Capita had been hit by a cyber-attack. Capita had previously....

image
  • 30 Mar 2023

Are Social Media Apps Like TikTok Spying on us?

During the Covid-19 pandemic, TikTok quickly became one of the most popular social media platforms around the world as a video-sharing app that allows users to create and share short clips. The app has gained a massive user base, especially among the younger generation. However, with its rapid growth, there have been concerns regarding the app's privacy and security.....

image
  • 3 Mar 2023

PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

An unidentified threat actor was identified by Menlo Labs using Discord to spread an evasive threat campaign that is targeting government institutions through the use of the PureCrypter downloader. The attack is performed through a secondary payload being sent by the PureCrypter campaign using the compromised domain of a non-profit business as a C2 (Command and Control) platform....

image
  • 30 Jan 2023

DEV-0569 & Google Ads

One of the most important tasks for an attacker using malware to successfully compromise a target, is how they plan to get the malware onto the device. Achieving this can be done in many ways, but one that has become increasingly popular is the use of google ads to trick victims into downloading malware in place of software that the victim is searching for....

image
  • 17 Jan 2023

The use of Cyber Warfare alongside Kinetic Warfare

Although the ongoing war between Russia and Ukraine is well known since the invasion in February 2022, the use of cyber warfare is still unknown to many. With the use....

image
  • 29 December 2022

Cyber Security Associates Joins Cyber Trade Mission to Estonia

The Founders of Cyber Security Associates (CSA), Dave Woodfine and James Griffiths recently joined members of BPE and other key stakeholders from the Gloucestershire cyber community to visit Tallinn in Estonia....

image
  • 25 July 2022

Fraudulent Google Play Store Applications are Infecting Unsuspecting Users with Malware

Although many users consider it safe to download applications from the Official Google Play Store, you could unknowingly be installing software that spies on you, bills you weekly or allows attackers to take remote control of your device....

image
  • 04 July 2022

The Ongoing Devaluing of Cryptocurrencies and Potential Impact on Cybercrime

“All the businesses shared a common trait: They all had value propositions that sounded like platitudes….Every one had a degree of arrogance in the, about changing the world, and none of them had real products aimed at real customers.”....

How A Ransomware Gang Caused A National Emergency

Conti are a ransomware group who have been hitting the headlines in recent months, but you might have heard of them before – they’ve been in the public eye since 2020....

Why The Future Of The Metaverse Depends On Its Security

The metaverse has been making headlines recently, with its promises of merging the digital and physical world. It’s something that sci-fi books and films have been promising for decades....

The Most Common Phishing Themes

Although we’re already a quarter of the way through the year, the cyber security company Zscaler has recently published its Threatlabz 2022 Phishing Report, detailing some of the most commonly observed phishing campaign themes....

Why You Should Consider A Cyber Assessment

Most systems evolve over time, especially when it comes to subscriptions to services such as Microsoft 365 and Azure Active Directory. These often release new updates and features.....

Uncovering the cracks in Easter egg attacks

Hear the phrase ‘Easter egg’, and we bet the first thing that pops into your head is a sweet treat. In the world of cyber security, though, an Easter egg could leave a bitter taste in your mouth....

The New Strong Customer Authentication Rules for Online Purchases

Strong Customer Authentication (SCA) became compulsory for services taking all types of electronic payment transactions from the European Economic Area (EEA) on the 31st of December, 2020....

CSA’s Understanding Of The Okta Data Breach So Far

When it comes to the Lapsus$ hacking group’s recent breach of Okta, the access management software company, our ears have been to the ground and our eyes locked onto the headlines....

The Cyber Risks of Connected Medical Devices

Internet of Things (IoT) devices have become ubiquitous in recent years - there are almost as many of them connected to the internet as there are people on the planet. In fact, research suggests that by 2025....

The Ransomware Gang That You Should Be Watching Out For

Late last year, the FBI issued a warning about the Cuba ransomware group. You may not have heard of them, but that doesn’t mean they shouldn’t be on your radar. In their warning, the FBI claimed that as....

Emergency Cyber Hygiene Advice

Many businesses are looking to bolster their cyber defences at the moment, as a result of the uncertainty surrounding the conflict between Russia and Ukraine. With the heightened cyber threat, the National Cyber Security Centre....

Critical Infrastructure Attacks: Considerations for Small-to-Medium Enterprises

In the UK, Critical National Infrastructure (CNI) is defined by the National Cyber Security Centre as ‘Those critical elements of Infrastructure (facilities, systems, sites, property, information, people, networks....

The Cybersecurity Risks of Remote Working, Potential Consequences and Mitigations

When the UK government announced all staff could return to offices on the 27th of January 2022, it became clear that remote and hybrid models of working had proved effective for many organisations - improved work-life balance....

QR Code Phishing Attacks Could be on the Rise

In the world of phishing, there’s a new(ish) player in the game. A survey conducted by Ivanti revealed that in 2021, 57% of people surveyed claimed they were increasingly using QR codes each day. 87% of those asked also claimed....

Why you should be on the lookout for BRATA

A common misconception is that only Windows, macOS, and Linux computers need cyber security in 2022. Android and iOS malware exists, and its presence in the Western world is increasing each day. Today we'll be looking into the ‘BRATA’....

Your data that Facebook could be tracking in 2022

It’s well-known that Facebook is one of the biggest players in the Information and Big Data industry. If you have a Facebook account, then the company will certainly have been collecting data on you. What might surprise you....

The Security Risks Of Smart Speakers

The IoT, or Internet of Things, encompasses everything connected to the internet, but is increasingly used to describe objects that communicate with one another, from smartphones and smart watches....

Cyber Essentials Changes: What You Need To Know

The Cyber Essentials scheme provides business and organisations with a certification that assures customers and clients that they’re committed to cybersecurity, and guarding their data against the most common online threats....

Cyber Essentials Changes: Critical Updates

Cyber Essentials is set to receive its biggest update yet soon, on 24th January 2022. The government-backed scheme, which is organised by the National Cyber Security Centre (NCSC), is a way for businesses to showcase....

Cyber Essentials Changes: Multi-factor Authentication

On 24th January 2022, the newest requirements for the Cyber Essentials scheme will come into force, in the scheme’s biggest overhaul since its launch in 2014. Backed by the government and organised by the NCSC (National Cyber Security Centre), the scheme....

Cyber Essentials Changes: Cloud Services

If you do business online, you’ll likely have already heard of Cyber Essentials. And, if you regularly read our blog then you will have already seen our first in a series taking a close look at the upcoming Cyber Essentials changes....

Cyber Essentials Changes: Home Routers

Since it launched back in 2014, Cyber Essentials has become the cyber security standard for companies and organisations to strive to. The government-backed scheme from the National Cyber Security Centre (NCSC) is the best way to....

What is SquirrelWaffle?

SquirrelWaffle is known as a dropper malware, where it would be used to download additional and potentially more destructive malware onto the system. Extra efforts have been made by the threat actors to keep it hidden and difficult to analyse....

CSA 12 Days of Cyber Christmas

As the end of the year fast approaches, we wanted to share a little refresher on ways to ensure your technology and data remains as safe as possible over the festive period and well into 2022. To stay in the spirit of the season, we’ve opted....

Planning To Shop Online This Holiday Season? Here Are The Cybercrimes You Need To Be Aware Of

Black Friday and Christmas are considered a blessing and a curse within the retail industry. It’s a time where retailers can expect to see a huge boom in sales as everyone makes a mad dash to take advantage of discounted prices and make sure....

This Apple “AirTag” Vulnerability could be harvesting your credentials

During late September, the headlines were hit with the news of a vulnerability within Apple’s AirTag. Targeting good Samaritans and the curious by using Cross-Site Scripting (XSS), the vulnerability allows malicious actors to steal iCloud credentials and....

Is Data More Valuable Than Jewels? The A-List Cyber Heist That’s Putting Ransomware Attacks On The Map

Cybercriminals don’t discriminate. It doesn’t matter how famous you are, if your information is vulnerable, then they will exploit it. And that’s exactly what the infamous Russian hacking group, Conti, has managed to do in their latest high-profile....

CSA adds Lookout Mobile Endpoint Security to growing solutions portfolio

Following the global pandemic, the mass migration to remote working was a necessary move. As things have begun to return to the ‘new normal,’ however, we noticed that many sectors are planning to stick with remote and hybrid models of working....

The Rising Popularity of NFTs and The Rising Security Threat

The art world is known for being ahead of the curve, adopting new and interesting technologies to push the boundaries of what we define art to be. Currently, the hottest pieces to land in the art scene are non-fungible tokens....

TG1021 (Praying Mantis): The new threat actor group that could be targeting your IIS servers!

Recently, an infamous threat actor group going by the name of TG1021 or Praying Mantis, has been caught targeting Microsoft IIS servers by exploiting vulnerabilities. In this blog, we’re taking a look at Sygnia’s Incident Response Team’s report....

Is Cyber Training and Education working?

The report from the ICO on the ‘surprising’ decline in personal data breaches has certainly opened up a topic of debate, which clearly leads us to think: is our cyber training and education really working?....

How did an unknown hacker steal over $600M in cryptocurrencies in the biggest ever crypto based cyber-attack?

On 10th August 2021, Poly Network announced in a tweet that it had been attacked. Not only had their network been breached, but the hacker had transferred enormous sums to their addresses right under Poly Network’s nose...

How to Prevent a Ransomware Attack

According to a 2020 survey by Sophos, 51% of organisations were hit by Ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks. At CSA, we know that these criminals are security experts....

Is your Microsoft M365 service secure from attackers? Are you sure?

The mass migration to remote working as a result of the coronavirus pandemic has seen many organisations adopt new platforms and applications to remain connected and productive. One popular application is Microsoft M365 thanks to....

Covid-19: How to prepare your staff for remote working

Since the initial Covid-19 outbreak, the nation’s workforce had to learn to quickly learn to adapt to the ever-changing rules and continuous lockdowns. The mass migration to remote working is something that had never been....

Covid-19: Cyber Criminals Launch Their Own ‘Virus’

Whilst the world is currently preoccupied with public health, cyber attackers have taken advantage of the vulnerable position many home workers are in and set about releasing their own ‘cyber virus.’....