Latest Cybersecurity News

Jane Moya • October 31, 2024

Yorb is aware of a multi-stage phishing campaign currently impacting New Zealand organisations.


Compromised email accounts are being used by attackers to send phishing emails. This makes it look like it originates from trusted or known contacts. These phishing emails are being sent via Microsoft sharing invitations. The attacker gains access to a compromised email account, uploads a malicious file to their Microsoft OneDrive/SharePoint, and shares this out to the all the compromised accounts contacts.


What to look for:
  • This email is from a known contact or vendor you may deal with every now and again
  • The email contains a legitimate OneDrive share, which leads to a fake document. See below example
  • When you try to open the document, you are redirected to a fake Microsoft Sign-in page. It may look exactly right but check the URL at the top to make sure it is a Microsoft page. The below are two Microsoft Sign-in pages, can you spot the fake?

These fake log-in pages are used by attackers to steal your email address and password. It is all happening in real time, so when you enter them in to the fake page, the attacker is entering them into the real Microsoft login page. If you have MFA setup, you will get a prompt, and they will steal this code, or provide you with a number to enter into the Authenticator app thus letting them have access to your email account, and all the company data that you have access to.


The risk of compromise is very serious and can open your organisation up to all sorts of cyber crime. For example, Data Breach, Data exfiltration, Malware, Ransomware, further phishing attacks, Business Account Compromise, Money loss, only to name a few.


Please be vigilant of any sharing links received, especially from external email addresses. If you are not expecting something from the sender, check with them via a different channel. Call them on a phone number from their website, or a cell phone number you might have, or another contact from their company. If you reply to the email, its more than likely the attacker will be the one replying to you.


Remember, phishing attacks come in all shapes and sizes, this is only one type of phishing email that is on the rise now. Use your email awareness skills to check every email, be on the lookout for things that do not seem quite right.


Ask yourself:

  • Am I expecting this email from this person?
  • Should I verify this email via another contact method?
  • Should I be the one to receive this sort of request?
  • Why is this request urgent, and the person requesting is saying they cannot be reached?
  • This is not normally how we do things, why is this request different?
  • If I hover over the link, does it have the link to the site the email says it should?
  • Should I check with colleagues, or a third party before continuing here?
  • Is this a real email address, and in your Email Directory/Address Book?


Stay Vigilant, Stay Safe!

The Yorb Security Team

Recent Posts

By Yorb Limited November 21, 2024
Manawatu Toyota are an award-winning Toyota dealership with seven locations across New Zealand and a team of around 160 staff. The business has grown rapidly over the past 20 years, starting with Manawatu Toyota in Palmerston North before acquiring dealerships in Feilding, Levin, Masterton and Whanganui, as well as Tractor Repair Company (TRC).
By Daniel Goymer October 31, 2024
New Zealand’s first hyperscale data centre is set to open in 2024, marking a major milestone in the country’s digital landscape. First announced in 2020, this ambitious project once seemed like a distant vision. Now, it’s becoming a reality, connecting New Zealand to a global network of over 200 data centres, 190 points of presence, and 175,000 miles of terrestrial and subsea fibre. This expansion will offer significant advantages for local businesses, enhancing connectivity and opening up new opportunities. A local data centre can significantly improve data security and compliance, enabling businesses to meet local data residency requirements and adhere to the new Privacy Act. This is especially important for companies that handle sensitive customer information. Additionally, Microsoft’s new cloud services align with the growing emphasis on Māori data sovereignty. The data centre ensures that data remains within Aotearoa New Zealand’s borders, which is a crucial step in protecting Māori knowledge, culture, and data from foreign jurisdiction or governance. It will also provide access to Microsoft’s cloud services, including Azure, Microsoft 365, and Dynamics 365, offering scalable, highly available, and resilient solutions that can enhance business operations. Local data storage means reduced latency and faster access to data, leading to improved performance and reliability. This hyperscale data centre is more than just an infrastructure upgrade—Microsoft’s local presence will unlock new opportunities for innovation and growth, shaping the future of New Zealand’s digital economy.  While the transition from Australia to a local data centre may not happen overnight for all businesses, it's a development worth considering. If you’d like to learn more or have any questions, feel free to reach out.
By Daniel Goymer October 31, 2024
October 2025 still feels like a long way off, but with 70% of devices still running Windows 10, there is a lot of work for IT teams before that time to ensure devices are safely upgraded to Windows 11. Microsoft gives a predictable support period for all the software, five years of mainstream support, followed by five years of extended support. During the extended support phase, Microsoft continues to provide security updates to their products. Windows 10 was released in July 2015, and Microsoft will cease to provide security updates in October next year. Windows 11 was released in 2021 and over that time has matured to be a reliable solution that retains a similar look and feel. Furthermore, Windows 11 will run all the same software as Windows 10. The vast majority of hardware released in the past five years is also supported, though there are a few exceptions where some of the new security requirements cannot be met. To ensure all your systems continue to be supported past October next year, we strongly suggest clients start planning their upgrades now to avoid the late rush. Yorb is providing free upgrade assessments that will identify any potential upgrade issues and provide a roadmap to October 2025, please contact us to arrange your assessment.
Share by: