Blog

Be vigilant, more cyber-attacks are on the way….

Wed, 10 Sep 2025 00:00:00 +0000

Around the world, tensions are rising. These days, hackers backed by governments are ramping up their attacks on businesses and government systems, hoping to cause disruption and chaos.

State-sponsored attacks

When we say “state-sponsored”, we mean cyberattacks that get support from a country’s government. That doesn’t always mean the government itself is pulling the strings, but it’s often providing help or at least turning a blind eye.

This support might come as money—either funding the hackers directly or paying for new tools. It could also mean giving them training, resources, or simply letting them operate freely inside their borders.

These attacks usually tie back to what the sponsoring country wants, whether that’s political or economic gain. Most of the time, the goal is to steal valuable business secrets from other countries, or to exploit how people are viewing situations in the world by using misinformation.

But sometimes, things get more serious. State-backed hackers might go after important systems like power or communications, trying to knock them offline.

State-sponsored techniques

With so much backing, these groups have a big collection of tools up their sleeves. Unlike lone hackers or small criminal gangs, state-sponsored groups focus their efforts on specific targets or goals.

If stealing sensitive information is the main aim, they’ll use attacks like:

Zero-day exploits: Taking advantage of software flaws that nobody knows about yet, often by targeting the people who make the software.
Spear phishing: Sending fake but convincing emails to trick people into sharing information or clicking dodgy links.
Watering hole attacks: Hacking websites their targets often visit, so anyone who drops by gets hit with malware.

When they want to damage important infrastructure, they might utilize:

Denial-of-service (DoS) attacks: Overloading a system with traffic so real users can’t connect.
Malware: Malicious software that can wipe out data, encrypt files for ransom, or just cause chaos.
Supply chain attacks: Hacking software to insert bad code, so anyone using them gets infected without realising.

And when the aim is to sway public opinion the aim to exploit human emotion through misinformation with:

Hacking and leaking: Stealing and releasing private info to embarrass rivals or change how people think.
Social engineering: Spreading fake stories, propaganda or stirring up trouble on social media.
Botnets: Using networks of hacked devices to boost fake news and push certain conversations online.

These tactics are smartly chosen for the situation. Attacks focused on spying usually take a long time and are carefully planned, often targeting big industries like defence, energy or finance.

On the other hand, attacks meant to cause chaos try to hit hard and fast, going after things like power grids or transport during tense times.

And when it’s about changing minds, hackers go for quantity—flooding social media with propaganda, especially during big events like elections.

So what can your organisation do?

Make staff aware to be careful with regards to email and telephone messages
Encourage staff not to pass out information to cold callers
Make sure your equipment is within manufacturer support and running the latest firmware and software
Keep computers up to date
Use endpoint security software (anti-virus, anti-ransomware) for computers
Use email security to scan email for threats
Encourage staff to only connect their endpoints to trusted networks
Work on the basis of least trust and verify to ensure someone is who they say they are and what they are requesting is valid

Remember this

It is always far EASIER AND CHEAPER to prevent an exploit than to deal with the aftermath.

It costs very little to keep your organisation safe and secure and to minimise any damage a potential hacker could do.

If you get your business or organisation Cyber Essentials or Cyber Essentials Plus accreditation then you also show other businesses or organisations that you take cyber security and protecting yours and their data seriously too.

If you want more information call us on 01722 411 999 and we will be happy to help.

Do you know if your business has been hacked?

Wed, 03 Sep 2025 00:00:00 +0000

There have recently been some high-profile hacks that have taken place, but do you know what the initial cause was? A 3rd party was duped into allowing access to M&S back-end systems.

What is more, these systems were not being monitored effectively so the compromise was unchecked, allowing the hackers time to do damage. You see when a system is compromised by hackers, they don’t do things immediately, they take their time.

On average it takes over 200 days before the compromise gets discovered. Especially now that everyone has moved some or all of their IT services into "The Cloud", that mystical place that magically hosts all the services that we consume without knowing exactly where they are, or let's be honest, who has access.

Most businesses use Microsoft 365 as their primary productivity service for email and collaboration in "The Cloud" but have no real idea where about in the world their data is sitting. The other thing that might surprise a lot of people is that it is not just one data centre in one country. Depending on how the tenant was initially setup, your data might actually be anywhere in the world, which could also be illegal depending on the data.

So what can you do?

First and foremost, using the wise words from Douglas Adam's "The Hitch Hikers Guide to the Galaxy"... Don't panic!

The Silver Cloud Business has a security service your business can subscribe to that does real time scanning of your Microsoft 365 tenant, that monitors who has accessed your tenant, from where and also when. Not only this but we can configure it to only allow people to login from specific locations, after all, most attacks are originating from outside the country. We can monitor a whole raft of things and create alerts for them.

Remember that prevention is better than a cure

By actively monitoring the tenant, businesses can intercept malicious activity long before any damage is done. Remember earlier where we reported that hackers have, on average, over 200 days of access to the environment before they are found. This is reduced to minutes or hours if the tenant is actively monitored for malicious activity. Hackers use social engineering to gain access to environments and rely on humans, who are the weakest link in any security chain. This is how most malicious access is granted to IT systems, by gathering information about employees, managers and the business from publicly available sources, mostly both personal and business social networks and it is why it makes monitoring and alerting imperative for any business that would like protection.

What can the monitoring suite do?

Our tenant monitoring suite of tools does a lot to help protect your business. The following is a list of some of what our monitoring suite can do:

Monitor your login location and block if it is not from an authorised location, which can be by IP address, city, region or country. This is because most hacks are not carried out in your immediate location.
Monitor who has admin rights and notify the business owner(s) via a regular report and creates an alert if someone has their rights elevated, allowing the business to keep track of who has been granted new admin rights.
Monitor new MFA (multifactor Authentication) methods, reporting of any changes as setting up new unexpected MFA methods is often a sign of an attack.
Azure / Entra application monitoring and create an alert if a new application has been associated to the tenant and then allow this application to either be blocked or accepted, depending on if the business was expecting a new application to be granted access to the tenant. Unauthorised applications being given access to your tenant is a common approach used by hackers to gain access to a tenant and compromise it.
Forced logout on a schedule which offers an additional layer of security by forcing users to have to re-authenticate to the tenant. It is also a really useful tool if the business has a scheduled shutdown and staff are not meant to be working.
Monitor and control working hours which means you can determine when people can access the tenant. It is a really great way to help staff manage their mental health, forcing them to be unable to work outside of business hours. But it also prevents hackers, who are often in completely different time zones, from gaining access to the tenant as well, as it narrows down the windows that people can access the online services.
Monitor groups and alert when an external user has been added which allows a business to keep track of who has been granted access to the systems and data and revoke the permission if a member of staff has granted more access than expected.
Monitor email forwarding and alert if someone has created email forwarding to external mailboxes. This is a common hack where email is compromised and secretly forwarded to an external mailbox, bypassing security and allowing the hacker to build a picture of the business over time. It is common for accounts teams mailboxes to suffer from things like this so they can gather information and do a social engineering attack, such as using a similar domain to one the company does business with, pretending to be from that client, saying "our bank account details have changed, here is your regular invoice" and getting them to pay into a different bank. They also setup rules to intercept emails from the real sender so they never show up in the inbox, so when the company chases for their payment or their invoices, they go into a black hole. Knowing who has setup email forwarding helps identify and stop this type of hack.
Mailbox monitoring alerting when permission changes are made to someone's mailbox. Do you know who has access to your mailbox? Would you like to know, does your mailbox hold information that others should not have access to? The monitoring suite will notify of any permission changes so that business owners can ensure only the right people have access to the right mailboxes.
Monitor mailbox transport rules and send an alert if these change. Mailbox transport rules are how the email server sends emails to the internet and a common hack is to add a mailbox transport rule that copies and forwards all email to a secondary recipient, allowing hackers to intercept all email being sent by your business. The monitoring tool alerts if any new transport rules are created, allowing them to be validated and approved or deleted if they are not expected. A lot of transport rules are genuine, but some can be malicious and should be removed.
Monitor inbox rules allows selected, important mailboxes in an organisation, like the accounts or HR mailboxes to be monitored to see any rules are created or any suspicious activity is occurring with the monitored mailboxes. Mailboxes that hold sensitive information are more likely to be targeted by bad actors with malicious intent.
External sender warnings to remind staff that the email they are sending is going outside of the organisation. This service can also be configured with an allow list of validated external recipients that regularly communicate with the business. It is also a great way of identifying people trying to spoof a known contact with an engineered domain name. Not many people would pick up on a transposition of letters so who would notice the difference between the two domain names spoonsoftheworld.com and spoonsofhteworld.com especially at a glance. Hackers rely on the human brain automatically sorting the words into the correct order and exploit this.
Internal spoofing protection detects spoofed emails and alerts the business to protect from emails slipping through the net and protects users from inadvertently thinking they are genuine emails.
Monitor sharing with external 3rd parties and generate alerts, allowing businesses to see where data is being shared with external recipients and allowing management to determine if the recipient is allowed or to remove the access.
Mass deletion alerts to notify the business if someone deletes a large amount of data from SharePoint. Allowing for the deletion to be intercepted, stopped and reversed if unauthorised, protecting business data from malicious or accidental removal and protecting it.

The suite of tools allows clients to pick and choose what needs to be monitored in their tenant, one, some or all of the monitoring for a flat, monthly fee.

The threat landscape has changed and businesses need to do more than ever in order to protect their systems. If you would like more information on the price or a demonstration of how the reports and alerts look and work, call us on 01722 411 999.

Remember, it is far cheaper, easier and effective to monitor your systems, than pay for the fallout and aftermath of a breach. It is not just the cost of the breach but the reputational fallout afterwards, most businesses do not have the financial means to survive the outcome of a hack.

Things to consider if you are using a VPN

Wed, 27 Aug 2025 00:00:00 +0000

There has been a considerable uptake in VPN usage, ever since the online safety bill was brought into force.

A lot of websites started to require UK residents to verify their age before being able to access content, and the thing is, it is not just adult entertainment sites, it has also meant sites that hold content that should not be viewed by children, such as some news stories, or websites that have information about weaponry.

This new barrier to access sites meant a lot of people sought improvisation, including pretending not to be located in the UK through the use of a VPN that terminates in a different country, making the user appear to be browsing from that country, so the UK laws do not applying to them when connecting to the site.

A lot of people also do not like the idea of being tracked when visiting a website if they are from the UK, when users from other countries are not tracked, which is why there has been such a huge uptake in VPN usage.

But, one of the downsides of using a VPN, to appear as though you are from a different country, means that you can inadvertently be locked out of your work account. This is because a lot of organisations use geolocation checks to make sure no one can hack their services from overseas, because, as far as your work is concerned, you are in the UK. If someone appears to be logging into your work systems from the USA with your account, then it could automatically lock you out.

The same can be found with websites for your bank or financial services, as they too will use login pattern recognition to check where you are logging in from.

So, if you are using a VPN to bypass these online challenges, just be warned that could find yourself getting locked out of sites you were not expecting, and you then have to go through the tedious process of regaining access.

Why is it important to segment your network.

Wed, 20 Aug 2025 00:00:00 +0000

We live in a connected world, with more and more devices connecting to the internet. We would often think nothing of in terms of what these "smart" devices do. They just make our lives a little bit more convenient because we can control them from our phones.

These smart devices are grouped together into something called the Internet of Things (IoT), because they are bespoke devices that have one purpose, the following are a few examples of interconnected or smart devices:

Boilers and thermostats
CCTV cameras
Dishwasher
Doorbells
Smart plugs
Smart lights
Smart speakers
Smoke alarms

Pretty much everything new that is electronic is designed with interconnectivity in mind, even cars and washing machines these days.

Every time you unbox a new bit of tech, it often asks to be connected to the internet so it can communicate with an app on your smart phone.

A question to ask yourself is, can you remember every device that is connected to your network, after all, a lot of things may have been connected over a period of time and it is often easy to forget what has or has not been joined to your network.

Convenience has a price

These interconnected devices are designed for your convenience, but this convenience comes with a price, and that price is that it could be opening up your network with gaping security holes, after all, do you know what operating system these devices are using, what issues they have, could someone take control of any of these devices and if they can, they are now connected to a device on your network, which means they could use it as a means to attack other devices inside your network.

Segment your network

One of the best thing you can do, especially with a wireless network, is to segment it into different uses. Most people are familiar with a business wireless network and a guest wireless network, where the two are segmented. This allows guests to connect to the internet without compromising your network security.

Modern wireless networks often support multiple SSIDs, meaning you can have multiple wireless networks, each segmented and separate from each other, without having them being able to communicate between them, each having a logical security barrier between them whilst at the same time, sharing the same internet connection. This is done using something called network address translation (NAT), that allows different networks to share the same connection whilst being unable to see each other.

If you have a guest network, why not an IoT network?

If you are taking this much trouble to segment your network for security by having a guest network, why wouldn’t you do the same for all of the smart devices as well and give them their own secure, segmented network to use?

This is why it is sensible to have an Internet of Things (IoT) network, dedicated to these devices only, so that if one is compromised in terms of its security, someone exploiting it, won’t be able to do much, keeping your business computers and data secure.

If you would like help segmenting your wireless so that smart devices have their own network, give us a call on 01722 411 999

Time is running out, don't ignore this problem until it is too late

Wed, 13 Aug 2025 00:00:00 +0000

Two months left, that's all. Two months in order to prevent this security risk from occurring.

Windows 10 Support Ends In...

If you are still running on Windows 10, you only have two months until it goes out of support with Microsoft and becomes a security risk in your organisation if it is connected to the internet.

There have been some high profile security incidents where their security was compromised, most notably Marks & Spencer, the Co-op, Harrods, and HM Revenue and Customs (HMRC).

Did you know that small organisations that suffer a security breach mostly fail from the fallout. The reputational damage and loss of revenue is usually too much for an organisation to recover from.

Windows 10 code was used to create Windows 11, almost 90% of Windows 11 is based on Windows 10 code, so anything found in Windows 11 will most likely be a flaw in Windows 10 as well, however there will be no fix for the Windows 10 flaws, all the while hackers will be notified of these security issues by the fact that Windows 11 is being fixed!

Don't leave it all to the last minute, hoping all your applications will run on Windows 11 if they are not tested yet. Use the time between now and October 14th to move away from Windows 10 in a controlled and managed way.

So why risk your organisation, why become a statistic when the cost of upgrading or replacing Windows 10 is so small.

Call us on 01722 411 999 to discuss upgrade options.

Could you get back your data if it were deleted?

Wed, 06 Aug 2025 00:00:00 +0000

A recent survey found that the majority of businesses that use cloud services think their data is automatically backed up because it is stored in the cloud, and were shocked when they found out that it wasn’t. There appears to be a lot of confusion about what happens when your data is put in the cloud with regards to the data being backed up.

And whilst cloud infrastructure, like Microsoft 365, has built in redundancy and resilience, it doesn’t mean your data sitting there has the same levels of protection, so we will go through how cloud infrastructure works and the resilience that makes people think the data is safe, confusing replicas of data with it being backed up.

But before we go into how cloud service resilience works, here is a quick question to ask yourself...

If you needed to get a file back that was deleted six weeks ago, would you be able to?

The bulk of responders said yes, but here's the crunch, when asked how, they couldn't answer, assuming the cloud provider would be able to restore their data, which is incorrect. Unless you are specifically paying for a backup, you won't have one.

Cloud infrastructure has built in resilience but not built in backups.

Microsoft owns a lot of data centres scattered around the world, so they can service their customers and also accommodate geopolitical legislation, such as GDPR that requires data to be stored within a geographic location.

Microsoft creates three working copies of your data with a primary, secondary and tertiary replica of your environments. If you use Microsoft 365 in your organisation, each person's email, data and shared data will be replicated between three data centres concurrently, it is all kept in sync. If something changes in the primary site, it is written to the secondary and tertiary sites simultaneously, keeping everything fully replicated and in sync.

If the primary data centre is knocked out, let say by fire, then one of the replica sites is promoted to primary, and a new tertiary site is spawned and brought into replication in a new data centre to ensure continued continuity.

As a user you'll be completely unaware that this is going on in the background, it is done automatically.

It is because of this resilience that a lot of people often mistake this protection as being a form of backup, but it isn't, it is just resilience to keep you working should a critical part of the cloud infrastructure stop working.

This replication and resilience of your data is just for current data though, if you were to delete some of your information, it is gone, if you were to want to get it back a few weeks later, there is very little you can do if you do not have a backup. Whist some data can be recovered from the recycle bin, if you are lucky, it is not a safe or reliable way to operate and a backup is the only way to ensure your data is safe.

Another misconception that there is a built in backup of your data is that you can go back to a previous version of your file because there is a feature in Microsoft 365 that allows you to roll back through previous versions of the file, however this doesn't work if your file is deleted or corrupted, especially if this goes unnoticed for a period of time. AND... this just applies to your files, NOT your email.

Last question to ask yourself, how long could you business keep going without any data, without your customer information and contact details, without any email, without your financial information including invoices and who owes your business money, how long could you keep going, be honest with yourself, after all it is your business that is impacted if you lose all your data.

This is why it is so important to have a regular backup, with the retention period that fulfils your needs. Not all data falls into the same requirements, some data needs to be protected for longer in some organisations, especially regulated industries, like financial services or child protection services.

Backups are REALLY cost affective, they are pennies per gigabyte and they can really save your business's bacon if there were ever a need to get data back. And it is not just data stored in the cloud, it is data that is critical to your business regardless of its location. You may store your data on a single computer, but is it protected and how often?

The Silver Cloud Business provides backup solutions that fit all businesses needs and requirements, if it is physical servers, with the need to be able to bring them online instantly in the event of a failure, or users' computers, or data in cloud services, including email and directory services, our backup solution can accommodate it all.

If you would like to find out how much a backup would cost your business, call us on 01722 411 999.