#NSBCS.055 - From the desk of the CEO | Empowering SMEs to Build Confidence in Cyber Security

Cyber Resilience
Written By Shane Bell
#NSBCS.055 - From the desk of the CEO | Empowering SMEs to Build Confidence in Cybersecurity

Source: NSB Cyber

 

From the desk of the CEO | Empowering SMEs to Build Confidence in Cyber Security

As we close out 2024, I wanted my last ‘From the desk of the CEO’ blog post to focus on one of my daily contemplations. How do we as an industry, make more meaningful impact in empowering Small and Medium Enterprises to build their confidence in cyber security?

As Co-Founder and CEO of NSB Cyber, I am proud to lead a company of trailblazers, dedicated to helping all of our clients navigate the complex world of cyber security, many of whom are SMEs. We are also an SME.

SMEs are the backbone of our economy, driving innovation, creating jobs, and fostering community growth. Yet, they often face unique challenges in protecting their digital assets from an ever-evolving threat landscape. As an industry, I am not convinced we are fully, or even collectively, aligned in trying to help.

Cyber security can feel overwhelming in the SME landscape. Limited resources, competing priorities, and complex technologies can make building a secure digital foundation seem out of reach. Also, the standards that many SMEs seek to implement can feel like a moving goal post. As an SME, you understand the problem, you want to do something about it, but sometimes you just need someone to give you a bit of a boost. All the better if this is someone you trust and who you know has genuine intent.

As an industry, I feel like our mission should be simple: to empower SMEs with practical, effective, and affordable cyber security solutions that inspire confidence and build resilience.

Now before all the LinkedIn warriors attack this post, I know there are frameworks designed specifically for SMEs and I also know that part of the overarching policy out of Canberra has an SME lens to it as well. Great. But in my experience, this often translates to a ‘cheaper, slimmed down and self-service’ version of cyber that requires SMEs to do all the heavy lifting themselves. Now isn’t that the problem in the first place? If an SME needs help starting, then a checklist or a self-service questionnaire doesn't translate to cyber in my view.

I think it is time for senior, experienced industry experts to get hands on, teach through demonstration and trade some of their margins for making Aussie businesses a harder target for cyber-criminals. Yes I know we all run businesses and yes I know we all require our businesses to be sustainable through profit, but if you diversify your offering and structure your cost modelling, you can carve out some capacity for SMEs and offer something meaningful at the right price point. That is if you really want to.

I believe cyber security is more than just protection, it’s a tool for growth. At NSB Cyber, we believe that by building trust with our SME clients, they can in turn build trust with their customers, partners, and employees. This means SMEs can unlock new opportunities and compete in today’s digital economy. It really is win win.

Our role as an industry is to simplify the process, offering tailored support, expert advice, and scalable solutions designed specifically for growing businesses. NSB Cyber will put our money where our mouth is on this in 2025, but more on that later.

To all of our clients, thank you for trusting NSB Cyber to be part of your journey. It means more than you know and more than we often say.

To the cyber industry, let’s work together to build a future where SMEs thrive securely.

Merry Christmas and Happy New Year to all from the team here at NSB Cyber.

#cybersimplified #defendwithconfidence #nostepsbackward

For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.

What we read this week

  • QR Codes Bypass Browser Isolation for Malicious C2 Communication - Mandiant has uncovered a new method to circumvent browser isolation technologies using QR codes to enable command-and-control (C2) operations. Browser isolation works by processing all web content in a remote environment, such as the cloud or virtual machines, instead of the local device. Mandiant’s technique bypasses these restrictions by embedding malicious commands into QR codes displayed as images on a webpage. Since visual content is not filtered during browser isolation, the QR codes reach the user’s local environment, where malware can capture and decode them to execute the commands. Although this method demonstrates vulnerabilities in browser isolation, it has practical constraints. It suffers from low data transfer rates (up to 438 bytes per second) and latency issues, as each QR code request takes about 5 seconds. Additionally, real-world countermeasures like domain reputation checks, URL scanning, or data loss prevention could mitigate its effectiveness.

  • Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day - On December 10, 2024, Microsoft released patches for over 70 security vulnerabilities, highlighting an actively exploited zero-day flaw in the Windows Common Log File System (CLFS). Identified as CVE-2024-49138, this vulnerability allows attackers to gain system privileges through a heap-based buffer overflow, requiring low privileges and no user interaction for exploitation. Over the past five years, CLFS has been a frequent target, with at least 25 documented vulnerabilities. To enhance security, Microsoft plans to implement Hash-based Message Authentication Codes (HMAC) to detect unauthorised modifications to CLFS log files.

  • Pro-Russian and Palestinian Hacktivists Target Australia - In November 2024, Australian organisations experienced over 60 cyberattacks from pro-Russian and pro-Palestinian hacktivist groups. The pro-Russian group NoName057(16) led these attacks, citing Australia's provision of 14 military boats worth over USD $9 million to Ukraine as a provocation against Russian interests. Also, Z-Pentest, aligned with pro-Russian groups, claimed to have disrupted operational technology systems in Melbourne and Sydney, although these assertions may serve as apart of their deterrence strategies.

  • Adobe Patches Over 160 Vulnerabilities Across 16 Products - Adobe recently released security updates addressing over 160 vulnerabilities across 16 products, including Experience Manager, Connect, Animate, and the Substance 3D suite. Approximately 90 of these vulnerabilities were found in Adobe Experience Manager, with most rated as important, potentially allowing arbitrary code execution or security feature bypass. Adobe Connect had 22 vulnerabilities, several of which were critical or high-severity, enabling arbitrary code execution and privilege escalation. Critical vulnerabilities in Adobe Animate could lead to arbitrary code execution, while issues in InDesign and Substance 3D Modeler might result in code execution or denial-of-service conditions.

  • Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam - Cybercriminals are impersonating as recruiters to distribute an updated version of the Antidot banking trojan, now referred to as AppLite Banker. They lure victims with enticing job offers, prompting them to download malicious Android applications disguised as employee-customer relationship management (CRM) tools. These dropper apps request extensive permissions, including access to Accessibility Services, enabling them to overlay screens and perform unauthorised actions. Once installed, the malware can capture unlock credentials, remotely control infected devices, and present fake login pages for various banks, cryptocurrency wallets, and social media platforms. The campaign targets users proficient in multiple languages, such as English, Spanish, German, and Russian, underscoring the importance of vigilance against unsolicited job offers and the installation of apps from unverified sources.

References
https://www.bleepingcomputer.com/news/security/qr-codes-bypass-browser-isolation-for-malicious-c2-communication/
https://www.securityweek.com/microsoft-ships-urgent-patch-for-exploited-windows-clfs-zero-day/     
https://securitybrief.com.au/story/pro-russian-palestinian-hacktivists-target-australia
https://www.securityweek.com/adobe-patches-over-160-vulnerabilities-across-16-products/
https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html
Shane Bell
Previous

#NSBCS.056 - Technical Attribution: A game of Cat-and-Mouse with Threat Actors
Next

#NSBCS.054 - The Takedown of Cybercriminal Mastermind Wazawakka