Vaccination scams, IT and security news

Another week of IT and cybersecurity news. From vaccination scams, Microsoft using artificial intelligence to predict what we need to type next, to addressing trust issues in your customer’s digital journey - can you copy what the Post Office has done? This week we cover:

Scam – Fake COVID vaccine invites
Apple users infected with a mysterious malware
New Microsoft Word AI-powered text prediction feature
Post Office address digital services to improve customer trust
What is business critical? New service feature or security?
2017 NHS cyber-attack criminals charged in US
Hackney Council Cyber attack to cost ‘roughly’ £10m

Scam – Fake COVID vaccine invites

Please be wary of scam emails, SMS texts and calls to invite you to have your COVID vaccine. We are seeing report after report of scams. Their aim is to convince you to provide your bank details to pay for your vaccination and other personal data including your name and date of birth.

Mimecast have reported the coronavirus phishing scam informs them that:
“They have been selected for a vaccine jab based on family and medical history.”

We email contains convincing NHS branding It is important to remember that:

• The vaccine is completely free of charge.

The NHS will never ask you for:

• Bank account or card details.
• Your PIN or bank password.
• To prove your identity: and ask for a copy of your passport, driving licence, bills or pay slips.

Also, the NHS will not come to your home unannounced to give you your vaccine. Report scams to the National Cyber Security Centre by forwarding suspicious emails to report@phishing.gov.uk.

Suspicious text messages should be forwarded to 7726. This is a free-of-charge service provided by the National Cyber Security Centre.

Source: IT Pro

Apple users infected with a mysterious piece of malware

About 30,000 Mac devices have been infected with a mysterious piece of malware. “Silver Sparrow” has silently affected systems in more than 150 countries globally. Apple says it has taken steps to restrict the potential damage the malware, which targets devices with its new M1 chip, could cause. Its actions effectively prevent any new devices from being infected.

Please make sure your Mac devices as well as your apps and software are up to date.

Source: BBC

New Microsoft Word AI-powered text prediction feature

Microsoft Word will get AI-powered text prediction feature starting next month. Microsoft wants to help users to "write more efficiently by predicting text quickly, timely and accurately".

Word AI will also adapt to your writing style to give you the best recommendations, while keeping spelling and grammar errors to a minimum.

This feature will also soon be available in Outlook too. We think that if it’s anything like the predictive text on Gmail and Google Docs, it will be a great addition. Remember to update your software to activate the update once it is launched.

Source: Computing

Post Office address digital services to improve customer trust

This is interesting. The Post Office has identified weaknesses where they lack trust in their digital services. This is a really good exercise. Is there any part of your customer’s digital journey where you are vulnerable to a lack of trust? Can you pinpoint when your customer might feel apprehensive? It’s likely that there will be some kind of technology or automated solution. Speak to me if you want to know your IT options.

Source: Computer Weekly 

What is business critical – a new service feature or cybersecurity?

In the financial sector, start-ups have been warned not to place security on the back-burner by Consultation, after last year’s Solarwinds cyber-attack. This is true, but their findings can be applied across multiple sectors. Start-ups and SMEs may prioritise investing in new features (to improve your offering) rather than a security investment.

The article asks small businesses to reconsider this approach. For larger firms, cybersecurity steps are normally in place. They would typically have endpoint detection - which is a strong detection approach that finds unusual behaviour in networks and systems well before an attack become active. This type of security (endpoint detection) is what I would recommend to all businesses – whatever their size.

However, bigger firms have multiple legacy systems, that are cobbled together -which is their weakness.

If you need help clarifying where your security weaknesses lie AND what security measures you do and do not need, then get in touch.

NHS cyber-attack criminals charged in US

Can you remember back in 2017 when the NHS was stuck by a cyber-attack that brought the institution on its knees? Last week, the US Department of Justice (DoJ) and FBI charged three North Korean computer programmers from the Lazarus Group for their involvement in attacks against global organisations to steal money and cryptocurrency.

The NHS cyber incident was attributed to WannaCry ransomware, carried out by the Lazarus Group.

Read the DoJ and FBI announcement.

Hackney Council Cyber attack to cost ‘roughly’ £10m

The Mayor of Hackney, Philip Glanville, has revealed that last year’s cyber attack will cost the borough roughly £10m. The attack saw:

• Stolen resident data published on the dark web
• Land search tool impaired - freezing the borough’s property market
• Financial and operational systems inaccessible
• All payments stopped (both to receive and pay)
• Applications for its housing waiting list paused
• Systems STILL inaccessible to this day

The council have commented that the rebuild of their systems “shows the complexity of rebuilding services”.

What we can learn from this attack?

Rebuilding after an attack can be time consuming, costly and complex. The council have brought forward their technology budget to replace archaic systems.

Consider your systems – are they overdue an upgrade?

Speak to your IT department and ask them to contact your technology providers (vendors) e.g. Sage. Ask your vendors/technology providers about the security of the current version you are running.

So how did this attack happen? It’s suspected that this was a ‘brute-force’ attack - where an attacker tries all possible passwords and phrases for a system, or through a spam or phishing email campaign.

Source: Hackney Citizen

What next?

Sign up to my newsletter to keep informed about the latest IT and security news: