MMS Mobile Malware Alert – May 2022
O2 are seeing a significant rise in Flubot victims on the network. This current bout of malware was first identified by Vodafone on Wednesday 27th April 2022 and there have since been an increasing number of incidents over the customer base.
Flubot is a text message or MMS scam—part of a large-scale smishing (SMS phishing) attack using a malware named Flubot. It’s currently only impacting Android devices and is spread under the guise of a parcel tracking app or a message with a link to retrieve a voicemail. When the user clicks on the attached link, the malware is downloaded. Due to most TelCos utilising Spam Shield, it would appear cyber attackers have started to use both MMS and SMS. Whilst most UK SMS will be free, MMS will attract a charge per message which helps them to bypass the various controls in place to address spamming and smishing.
If a customer installs the app, the malware is able to take over their device and this allows more infected SMS/MMS to be sent to contacts within the device without their knowledge. The customer’s contacts and banking apps may also be at risk of being accessed by the fraudster.
For information on how to remove Malware, please see the NCSC’s Guidance page: https://www.ncsc.gov.uk/guidance/avoiding-banking-malware
Current Heightened Cyber Threat – February 2022
The National Cyber Security Centre (NCSC) have reiterated the need for UK organisations to bolster their online defences in response to the current situation in Ukraine.
Daisy continues to follow the published guidance and is monitoring the cyber-attack campaigns aimed at Ukrainian organisations and critical infrastructure to assess the consequences.
We will provide further updates as the situation develops.
Latest NCSC News Item:
https://www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences
NCSC Cyber Threats Advice & guidance collection:
https://www.ncsc.gov.uk/section/advice-guidance/all-topics?topics=Cyber%20threat&sort=date%2Bdesc
Daisy are aware of the current heightened cyber threat, in particular the increased globalised threat of ransomware.
We are following current NCSC guidance relating to cyber security resilience and encourage our customers and suppliers to do the same.
By subscribing to industry, vendor and specialised threat feeds (including the NCSC Early Warning Service and Cyber Information Sharing Partnership), we are able to monitor the changing threat landscape and prepare to respond as required.
Further NCSC guidance can be found here:
Joint advisory highlights increased globalised threat of ransomware:
https://www.ncsc.gov.uk/news/joint-advisory-highlights-increased-globalised-threat-of-ransomware
UK organisations encouraged to take action in response to current situation in and around Ukraine:
https://www.ncsc.gov.uk/news/uk-organisations-encouraged-to-take-action-around-ukraine-situation
Actions to take when the cyber threat is heightened:
https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened