Warning: Google Alerts abused to push fake Adobe Flash updater

Experts at BleepingComputer have issued a warning around threat actors that are using Google Alerts to push a fraudulent Adobe Flash Player update that, when installed, places malicious programs on the users device. The false update can potentially install an unwanted program called ’One Updater.’ One Updater will then continue to push updates that may lead to the installation of more unwanted programs.

BleepingComputer reports that they have not yet seen One Updater displaying anything malicious at this point; however, similar software in the past has been known to install cryptocurrency miners and credential stealing Trojans.

10K Microsoft Email Users Hit in FedEx Phishing Attack

At least 10,000 Microsoft email users have been targeted by malicious phishing emails that claim to be from popular mail couriers FedEx and DHL Express, but in reality, aim to swipe credentials.

These attacks also may utilise phishing pages hosted on legitimate domains, including domains from Quip and Google Firebase - allowing these malicious emails to sneak past security filters. The FedEx themed phishing email was titled ‘You have a new FedEx sent to you’ and contained details such as a false item ID, number of packages and a link to ‘view’ the fictional document. If clicked, the recipient would then be lead to a Quip hosted page containing the FedEx logo with a link that claimed to allow users to view supposed documents. Once clicked, the link would lead to a phishing page, hosted on Google Firebase, masquerading as the Microsoft login portal.

Apple users targeted by 'mysterious' malware

Around 30,000 Mac devices spanning more than 150 countries have been infected by an unusual malware strain called Silver Sparrow. Researchers at the security company firm Red Canary uncovered the malware targeting Apple devices with its new M1 chip but have yet to discern its purpose. Tech giant Apple stated that they have taken steps to limit the potential damage caused by the malware and prevent any new devices from being infected.

When asked by the BBC to explain how users could determine whether their devices had been infected, researchers explained that the Silver Sparrow malware “did not exhibit the behaviours that we’ve come to expect from the usual adware that so often targets macOS systems." They went on to explain that that the malware had a system in place that allows it to self-destruct, thus concealing its existence completely.
Five Technical Controls that can Protect your Businesses 

Cyber Essentials recommend the 5 below controls that can easily be put in place to help protect you and your business.
Use a firewall to secure your internet connection

Implementing a firewall essentially creates a ‘buffer zone’ between your network and external networks, allowing for incoming traffic to be analysed to ensure it is safe before it enters your network.

There are two basic types of firewalls, but many organisations have a boundary firewall in place that protects their entire network. You should also use a personal firewall on your internet connected devices (i.e. laptop or computer).  This type of firewall is usually included within your Operating System with no extra charge. Many routes will also contain a firewall that can be used in this boundary protection role as default, however, this is not guaranteed so it is best practice to ask your internet provider for more details.

Control who has access to your data and services

In order to minimise the potential damage that could be faced if an account is misused or has its credentials stolen, staff accounts should have the ability to access just the amount of software, settings, online services and connectivity functions that they require to perform their job.

Administrative accounts - Check what privileges these accounts have. Accounts with administrative privileges should only be able to perform administrative tasks. Whereas standard accounts sho
uld be utilised for general work. This is important as a malicious actor with unauthorised access to an administrative account can be far more damaging than one accessing a standard user account.

Access to software - Using software from only official and reliable sources is a simple and effective way to ensure that your devices remain secure and free from malware. The simplest way to do this is by ensuring users only install software from manufacturer approved stores that screen for malware. For smartphones, this would mean only downloading software from sources such as Google Play for Android or the Apple App Store.
Choose the most secure settings for your devices and software

Check the current settings - Always check the default settings of a new device and, where possible, make amendments to raise the level of security. For example, you may wish to disable permissions or remove functions that you do not want or require.

Use strong passwords - Devices contain endless amounts of data as well as personal and sensitive information that should be protected with strong passwords, pins or biometrics. For helpful tips on creating a strong password, you can visit the NCSC guidance -

Extra Steps - It is recommended that you enable two-factor authentication (2FA) on all accounts where possible but especially for ‘important accounts’ such as banking accounts.
Protect yourself from viruses and other malware

Anti-malware measures -
These are often included as default 
within popular operating systems that should be utilised on all computers and laptops. Smart phones and tablets should be kept up to date and password protected. Avoid connecting to unknown wi-fi networks, as this will also help to keep your devices free of malware too.
Allowed list - This can be used to prevent users installing and running applications that may contain malware. The process involves an administrator creating a list of applications allowed on a device. Any application not on this list will be blocked from running. This is a strong protection as it works even if the malware is undetectable to anti-virus software.  A final upside is that it requires little maintenance.
Sandboxing - Where possible, use versions of the applications that support sandboxing. For example, most modern web browsers use some form of sandbox protection. A 'sandboxed' application is run in an isolated environment with very restricted access to the rest of your device and network.
Keep your devices and software up to date

Manufacturers and developers release regular updates known as ‘patches,' which not only add new features, but also fix any security vulnerabilities that have been discovered.

Downloading these patches is a vital part in improving security, operating systems, programs, phones and apps.  Devices and systems should all be set to ‘automatically update’ wherever this is an option, as it will provide protection as soon as the update is released. However, all IT has a limited lifespan. If and when the manufacturer no longer supports your hardware or software with new updates, it is highly recommended you replace it with a supported product if you wish to stay protected.
MasterCard PIN by Using Them As Visa Card

Researchers have uncovered a new and unique attack that has the potential to allow criminals to manipulate a point of sale terminal (the electronic device used to process card payments) into completing a transaction with a victims contactless MasterCard while believing it to be a Visa card.
Joint Advisory: Exploitation of Accellion File Transfer Appliance

The UK’s NCSC, the US Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing Analysis Center (MS-ISAC), the Australian Cyber Security Centre (ACSC), the New Zealand National Cyber Security Centre (NZ NCSC), and the Cyber Security Agency of Singapore (CSA) have published their recommended mitigation for cyber attacks leveraging vulnerabilities to target Accellion File Transfer Appliance (FTA) customers.
The full advisory is available to read here.

Fraudsters Using Telegram API to Harvest Credentials

A Telegram phishing campaign that attempts to harvest victims’ credentials by manipulating messaging applications API has been discovered. First appearing in December 2020, and stopping since, the attack utilises the apps API in order to create malicious domains that help bypass security tools such as secure email gateways.
TDoS: A Phenomenon in DDoS Attacks Emerges From the Shadows

While DDoS attacks are becoming increasingly more challenging and popular amongst cyber criminals, a previous DDoS attack method TDoS (Telephony Denial-of-Service) has reemerged. TDoS attacks can have many uses to threat actors, including hacktivism, financial gain, harassment, to exploit victims for financial gain or to distract and disrupt operations with potentially harmful effects.
What can we offer you?
Get in Touch
Click here to subscribe to the Cyber Crime Sentinel Newsletter!

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Aware - Training for staff: Sports Organisations

Join our monthly online webinars aimed at sports organisations and discover the latest attacks businesses are facing, the social engineering tactics being used to gain data and the latest awareness training that staff need to know.

Please note: All participants are screened before being invited to the event. Please use your corporate sports email address when registering.

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp