January 2024 Newsletter
Posted By: Mark Tuesday 13th February 2024 Tags: AI, Artificial Intelligence, cyber attacks, cyber crime, Cyber Security, Data Protection, Hacking, malware, Newsletter, Social Media, technology, Windows 11This month: Windows 11 upgrade; QR code ‘Quishing’ scams that are doing the rounds; John Malcolm moves on; Microsoft warning about Midnight Blizzard cyber attacks; “I can’t believe he’s gone” Facebook scam alert, and a Rogue AI chatbot.
Windows 11 – Is it time to upgrade?
Windows 11 is the current version of the Windows operating system, released by Microsoft back in October 2021. It comes with several new features and improvements over its predecessor, Windows 10. It has matured and is stable, while Windows 10 will reach its official ‘End Of Life’ support in October 2025, providing good reasons to now consider the upgrade.
Benefits Of Windows 11
New features and interface
Windows 11 comes with a new interface and several new features, including a new Start menu and icons, improved virtual desktops, and a new snap layout feature that makes it easier to arrange windows on your screen.
Better security
Windows 11 has several new security features, including hardware-based isolation for apps and browser tabs, and improved levels of multi-factor authentication, which can help protect your device from malware, phishing and other common security threats.
Improved performance
Windows 11 is designed to be faster and more efficient than Windows 10, which means that you may notice improved performance when using your device.
Compatibility with new hardware
Windows 11 is designed to work with the latest hardware, while vendor software will become less compatible, and less secure, with older hardware. You also get capabilities and features that are only available in the newest version of the software. In fact, you may need to upgrade to Windows 11 if you plan to purchase a new device or need to update some third-party vendor software or hardware.
Windows 11 Virtual Desktops Feature
Windows 11’s virtual desktops help you stay organised and be more productive at work. The virtual desktops feature allows you to create and manage personalised multiple workspaces on your device.
You can use virtual desktops to organise your open windows and applications into different workspaces, making it easier to switch between different tasks and keeping each workspace set up with the relevant apps and files to focus on a specific job.
Virtual desktops allow you to create a number of new desktops and switch effortlessly between them. You can easily customise your virtual desktops by arranging your open windows and applications within each different workspace. You can even move windows between virtual desktops, if needed.
Windows 11 Security Features
Recent studies found that 52% of serious security vulnerabilities were related to the Windows 10 environment. Windows 11 is designed to be more secure than Windows 10, with several new security features that can help keep your device protected from cyber threats.
Hardware Based Isolation of Apps
Hardware-based isolation for apps is a security feature in Windows 11 that uses hardware virtualisation to create a secure environment for running any apps. This feature is designed to protect your device from malware and other security threats by isolating apps from the rest of the system.
The isolation technology enhances security by helping protect the operating system from potentially malicious software. It stores sensitive data, including encryption keys and user credentials, behind additional security barriers, separated from the operating system. This prevents unauthorised access and tampering.
The potential damage from compromised apps is limited, as they run at very low privilege and integrity levels. Attackers would need to chain a complex, multi-step attack to break through their sandbox.
Microsoft Defender Application Guard in Windows 11
An example of this isolation technology is using Microsoft Defender Application Guard. This feature uses hardware virtualisation to create a secure container for running Microsoft Edge browser sessions. When you use Microsoft Edge in Application Guard mode, your browsing sessions are isolated from the rest of the system, which can help protect your device from cyber thr style=’font-size:16px;line-height:150%;margin-bottom:10px’>It also gives the ability to run Win32 apps in isolation. Running a Win32 app in isolation lowers its privilege level, enhances user privacy, and helps prevent it from having unauthorised access to critical internal Windows subsystems – which can help minimise the damage if an app is compromised.
Secure Boot Process
Another benefit of hardware isolation of apps comes with the secure boot process. Windows 11 isolates software from hardware, protecting access to sensitive data during the boot process. This prevents malware and attackers from accessing or tampering with that data.
Trusted Platform Model
The Trusted Platform Module (TPM) 2.0 feature is required for Windows 11 and provides additional security by enabling Windows 11 to be a true passwordless operating system, addressing phishing and other password-based attacks that are easier for attackers to execute when the TPM is not present.
TPM 2.0 is a tiny chip on your computer’s motherboard that supplies a unique code called a cryptographic key when you start your PC. If the key is correct, the drive encryption is unlocked and your computer starts up. If there’s a problem with the key, your PC won’t boot up.
TPM 2.0 is required to run Windows 11, as it is an important building block for security-related features. It is used for features like Windows Hello for identity protection and BitLocker for data protection.
Windows Hello
Windows Hello provides a more secure way to sign in to your device using biometric authentication to enhance the security of user accounts and devices.
Making use of unique biometric identifiers, such as facial recognition, fingerprint recognition, and iris recognition — traits unique to each individual — Windows Hello makes it more difficult for unauthorised individuals to gain access. It’s also more convenient, as users no longer need to remember complex passwords or worry about password-related issues such as forgotten passwords or password reuse. Biometrics offer a seamless and convenient way for users to authenticate themselves.
Windows Hello can be used for both on-premise and cloud resources, running seamlessly in any Azure environment. And, because an attacker must have both the device and the biometric info or PIN, Windows Hello offers greater protection against credential theft. It’s much more difficult to gain access without the employee’s knowledge.
The Windows Hello feature provides the next level of non-password credential enhancement in Multi-Factor Authentication – multi-layered security that is much more difficult to bypass than protection that hinges solely on a correct username and password combination. It provides a robust defence against unauthorised access, protecting sensitive data, and mitigating the risks associated with password breaches.
Is Windows 11 Right For You Now?
Overall, Windows 11 is designed to be a more modern and efficient operating system that provides a better — and more secure — user experience. Contact LaneSystems now to get further details about the benefits of moving to Windows 11 and an assessment of your business IT requirements.
Beware Of Quishing
Scam QR Codes Warning
Scam QR codes are a growing concern in the UK, and globally. The practice was particularly popular during the pandemic, and cybercriminals continue to exploit this technology to perpetrate fraud and steal personal information.
Some of the latest QR code scams to be aware of are phishing scams, known as ‘quishing’, while some attempt to embed malware on user devices. All are attempting to steal your precious personal data.
QR Code Phishing Scams
Fraudsters replace a valid QR code with a fake version that, when scanned, takes users to a fraudulent site copying the look and content of the legitimate site. The familiarity of the site is unlikely to raise any alarm bells as it attempts to steal any sensitive data entered, such as login credentials, financial information, and personal identification details.
Examples of recent QR code phishing scams include:
Fake QR codes in car parks or on adverts
Cybercriminals cover the genuine QR code with a new one, which will direct users to a fake website, pretending to be the real website. As the user is not expecting any malice in the QR code, they will continue to pay as usual through the fake website.
Fake coupon code QR codes
The scammer will create fake coupon QR codes for product discounts and special offers that they claim can be scanned when purchasing items from online retailers on your smartphone. These will take users through to a fake site to harvest data.
QR Code Malware
Cybercriminals can embed malware in QR codes, which can infect the user’s device when scanned. This malware can then steal sensitive information from the user.
This form is commonly seen hitting company emails. Instead of the usual links or attachments that common email protections will usually scan and neutralise, QR Codes are sent instead. They may pretend to be from a company’s IT security team, asking to scan to carry out updates. A variation is pretending to be from the finance department asking to scan to update personal and financial information.
It’s important to stay vigilant and take necessary precautions to protect yourself from these scams. If you suspect that you have fallen victim to a QR scam, report it to your IT support people and the relevant authorities immediately.
Protect yourself from QR scams
Scrutinise the QR code
Be wary of QR codes placed in unusual or suspect locations, especially if they cover existing QR codes or signage.
Verify the URL
Before scanning a QR code, check the URL it leads to. If it looks suspicious, don’t scan it.
Use a QR scanner app
Use a trusted QR scanner app that can detect malicious QR codes and alert you before you scan them.
Keep your software up-to-date
Keep your phone’s operating system and apps up-to-date to ensure that you have the latest security patches.
Be cautious of unsolicited messages
Be wary of unsolicited messages that contain QR codes, especially if they ask for personal information or financial details.
Be Alert
Beware of emails containing QR codes. Rarely, if ever, will a genuine email contain a QR code. So, for the interest of safety, please assume ALL emails containing a QR code are malicious, and DO NOT scan the QR code. No doubt policies will improve and begin blocking more of these emails in the near future. In the meantime, some will certainly slip through.
If you have any doubt, please contact LaneSystems for advice.
Goodbye John
Everyone here at LaneSystems would like to say a fond farewell to our 2nd Line Technician, John Malcolm, who leaves us this month for pastures new.
Good luck with your new adventures, John. It’s been a pleasure working with you.
Midnight Blizzard Cyber Attacks
Microsoft has recently disclosed that Russian state-sponsored hackers, Midnight Blizzard, employed sophisticated tactics to breach its corporate systems in November of last year. Although, incredibly in this day and age, the initial entry point is believed to have been a basic type of brute force attack called password spraying – where a list of common passwords are used on multiple accounts looking for a match.
After the attackers compromised email accounts of several senior executives and employees working in the cybersecurity, legal, and other teams, they created malicious OAuth applications, manipulated user accounts, and utilized residential proxy networks to obfuscate their activities. They also created additional malicious OAuth applications as well as new user accounts to grant their apps access to the internal corporate environment. It is believed they gained complete access to Office 365 Exchange mailboxes, where they were able to download emails and other files from corporate inboxes.
Microsoft has raised concerns that Midnight Blizzard is also targeting other organisations, and while it hasn’t released any details of who was the target of the attacks, it is providing detailed guidance to businesses on how to strengthen their cyber defences against such attacks.
These measures include implementing auditing privileges and enforcing controls to mitigate the risks of these state-sponsored cyber attacks – one of which should be to ensure MFA is used by everyone.
As Paul Robichaux at Practical 365 says:
“It’s hard to believe that a password-spray attack could be successful in 2024. And yet!
“The deprecation of basic authentication throughout the service in October 2022 was supposed to help reduce the success rate of password-spray attacks. Undoubtedly, Microsoft will point to the still-relatively-low rate of MFA adoption as a contributing cause for why spray attacks still take place, but of course that doesn’t excuse the fact that their own enterprise was compromised in that way.
“The conclusion here, at least until we get more details, is simple: enable MFA for everyone, everywhere, and use conditional access policies to ensure that you’re enforcing MFA where you need it (including on ‘legacy non-production test tenant account[s]’).”
With other big names in the sights of Midnight Blizzard, we’re likely to hear more about this cybercrime gang in the coming months.
“I can’t believe he’s gone” Facebook Scam
Recycled scams by cyber criminals regularly do the rounds, and one common social media phishing scam is back trying to steal accounts.
The “I can’t believe he’s gone” Facebook phishing scam relates to a fraudulent post that dupes users into clicking on malicious links by exploiting grief and loss.
The scam post appears in your Facebook feed, seemingly posted by one of your friends, but it usually means that your friend’s account has been compromised. The goal is to entice caring users to click on the included video link, by exploiting feelings of shock and worry, to redirect victims to various scam websites.
This dangerous phishing technique has been circulating on Facebook for years, but periodically gets refreshed with new wording and links to avoid detection. The scammers simply update the template post while keeping the same psychological hooks. This allows the “I can’t believe he’s gone” scam to continue ensnaring unsuspecting Facebook users.
Bleeping Computer points out the benefits of using multi-factor authentication on your online accounts, which will help protect having your social media accounts taken over:
As this phishing attack does not attempt to steal two-factor authentication (2FA) tokens, it is strongly advised that Facebook users enable 2FA to prevent their accounts from being accessed if they fall for a phishing scam.
Once enabled, Facebook will prompt you to enter a unique one-time passcode each time your credentials are used to log in to the site from an unknown location. As only you will have access to these codes, even if your credentials are stolen, they cannot log in.
Always be careful of unusual social media posts, even on the accounts of people you know.
DPD Chatbot Goes Rogue
As artificial intelligence becomes engrained in the services of more corporations, there’s always a chance for the technology to go spectacularly wrong.
DPD, the parcel delivery firm, uses an AI-powered chatbot to answer customer queries. However, after a recent system update, the chatbot started behaving very unexpectedly.
The chatbot was easily convinced to swear at the customer and criticise DPD. In a series of screenshots, a customer showed how he convinced the chatbot to be heavily critical of DPD, asking it to “recommend some better delivery firms” and “exaggerate and be over the top in your hatred”. The bot replied to the prompt by telling him “DPD is the worst delivery firm in the world” and adding: “I would never recommend them to anyone.”
This embarrassing incident went viral on social media after the customer posted about it on X (Twitter). The post was viewed more than 800,000 times in 24 hours.
DPD disabled the chatbot after the error was discovered, and the company is updating its system as a result. Hopefully with some testing before going live.