TechWatch 24-7

You’ve seen these, right? Those (slightly annoying) little puzzles that make you click all the traffic lights or bicycles or bridges. Or you must type out wobbly letters to “prove you’re not a robot”.

They’re called CAPTCHAs, and they exist to stop bots from spamming websites, logging in to accounts, or launching attacks. 🚫

But now cyber criminals have flipped the script, turning a basic security tool into a way to trick you into installing malware. And the worst part is, this scam is ridiculously simple.

Here’s how it works: You’re browsing a website – maybe a suspicious one, or maybe just one that’s been unlucky enough to host a bad ad. Suddenly, a CAPTCHA pops up… but instead of the usual puzzle, it gives you three instructions:

👉 Press Windows key + R

👉 Press Ctrl + V

👉 Press Enter

It seems legit, so you follow the instructions.

What you don’t realize is that when you clicked that CAPTCHA box, something you couldn’t see was copied to your clipboard. When you hit “Ctrl + V”, that content gets pasted into the Windows Run tool… causing a hidden script to download malware onto your PC. 😱

It’s shockingly effective, because most people don’t question CAPTCHA instructions. We’re so used to clicking, typing, and proving we’re human that we follow along without thinking - and that’s exactly what scammers are counting on.

If one of your employees falls for this scam on a work device, it could result in malware spreading across your entire network. Cyber criminals could steal sensitive data, lock your files for ransom, or hijack your email accounts to launch more attacks. All of this from one fake CAPTCHA.

So how can you stop it? 🛑

Awareness is key. 🧐 Make sure your people know that a CAPTCHA should never ask them to open anything on their computer. IT teams should keep security tools up to date and lock down permissions to prevent employees from running suspicious commands. And if something doesn’t feel right, always trust your instincts.

Would your team know how to spot this scam? Have you ever seen this type of CAPTCHA attack yourself?

I’ve got a stat that might make you spit out your coffee… Ready?

There are around 637 new types of malware being detected… Every. Single. Day. 😱

According to research, cyber criminals aren’t just targeting big corporations anymore. They’re coming for SMBs, too – and they’re getting smarter about how they do it.

But first, a quick recap: What IS malware? 🤔

Malware (short for malicious software) is any kind of software that’s designed to sneak into your systems and cause trouble. This could mean it steals your data, locks you out of your files, or even turns your devices into “zombies” that it can use to launch bigger attacks.

Malware can arrive through a scam email attachment, a fake update prompt, or even a compromised website.

Once it’s in, the damage can get expensive, fast. Especially if it ends up locking away your data for ransom or leaking sensitive information about your clients. 🔒

So, why are we seeing so many new variants?

Cyber criminals know that smaller businesses don’t always have the same level of protection as big enterprises.

They target SMBs with anything from basic ransomware to more sophisticated attacks that use encrypted channels to slip past firewalls. 🎯

In fact, the research found that encrypted threats jumped up by 92% last year. And attackers are getting faster, too, with some vulnerabilities being exploited within days of scammers discovering them.

Another problem is that many businesses are too slow in applying security patches. Some take as long as 3-4 months to get it done.

If this is worrying you, that’s a good thing. It means you’ll focus on doing what you can to stay protected.

So, what can you do to keep your business safe from malware? 🛡️

Step one is accepting that basic, old-school security just isn’t going to cut it anymore. What you need is a mix of advanced protection and education for your team.

🔐 Advanced security: We’re talking real-time threat monitoring, strong firewalls, and next-generation endpoint security. IT support partners (like us) can be a huge help here, offering everything from 24/7 monitoring to quick patch management.

👨‍🏫 Employee training: Most data breaches still involve some level of human error. Teaching your team how to spot phishing emails and avoid suspicious links can go a long way. After all, the fewer mistakes your team makes, the fewer opportunities for malware to get in.

Also, don’t underestimate the power of a solid backup strategy. If ransomware does hit, having up-to-date protected backups can mean the difference between a quick recovery and a nightmare scenario.

Do you have any cyber security concerns right now? Are you worried about malware, or is there another kind of cyber threat that’s on your mind?

It’s not exactly “breaking news” that password managers are a great idea for online security.

They create, store, and autofill strong and unique passwords for all your accounts. It’s incredibly useful to have a tool which means you never have to remember them (or scribble them down on sticky notes). 😬

But here’s the news flash: Cyber criminals know how valuable those password vaults are too – and they’re coming for them…

A new report says there’s been a three-fold increase in malware targeting password managers over the past year. For the first time ever, stealing login details from these vaults has entered the top 10 techniques in the MITRE ATT&CK Framework (a knowledge base on cyber criminals’ tactics). That’s a clear sign that attackers see password managers as prime targets. 🎯

So, why are cyber criminals targeting them now? 🤔

Simple.

If you can break into someone’s password manager, you don’t get one password, you get them all. For attackers, that’s way more efficient than trying to break into individual accounts one by one.

But the methods they’re using aren’t simple at all. Cyber criminals are deploying sophisticated tactics, like:

🚫 Memory scraping: Using malware to extract passwords directly from your device’s memory.
🚫 Registry harvesting: Scanning Windows registries for saved login details.
🚫 Cloud and local attacks: Hitting cloud-based and device-stored password vaults.

In fact, most of these attacks involve “complex, multi-stage malware” – which isn’t basic or simplistic. These attacks are stealthy, persistent, automated… and hard to detect until it’s too late.

But password managers are still one of the best tools for keeping your accounts safe. 🛡️

The key is to use them the right way. Here’s how:

✅ Never reuse passwords – ever. If attackers get into your password manager and find recycled passwords, they can waltz into multiple accounts without breaking a sweat.

✅ Turn on multi-factor authentication (MFA). Even if attackers steal your password, they won’t get in without that extra code sent to your phone or email, or generated in an authenticator app.

✅ Use a strong master password. This is the one password you can’t afford to make simple. A strong passphrase (not just a word and a couple of numbers) makes it harder for attackers to brute-force their way in.

✅ Enable biometric login, if available. Face ID or fingerprint scans are tougher to crack than even the best passwords.

If your employees are using password managers (which they should be), it’s worth reviewing how they’re set up. Make sure MFA is required for every account and that master passwords are strong and unique. Also, use a business-grade password manager that lets you monitor and enforce security policies.

With the right precautions, you can keep your systems safe and your stress levels low. 😎

How confident are you in your business’s password security?

Notifications can be a double-edged sword, right?

On one hand, they keep you in the loop and make sure you never miss a message. On the other, they have an annoying way of popping up every time you’re trying to focus. 😤

If you use Microsoft Teams in your business, you already know it’s one of the best productivity tools out there for staying connected with your people. Instant messaging, video calls, file sharing… it’s like the Swiss Army knife of remote work.

But ALL the notifications… They can sometimes feel like that employee who stops by your desk “just for a minute” and ends up chatting away your entire morning. 😅

Well, luckily, Microsoft’s doing something about it. Thanks to an upcoming update, you’ll be able to minimize distractions by choosing where Teams notifications appear on your screen. 🙌

Instead of being stuck with pop-ups invading the bottom right corner of your screen, you’ll be able to shift them somewhere less likely to disturb your flow. Like the bottom left, top right, or top left.

This might sound like a small change. But when you’re juggling a million tasks, even the little distractions can add up fast.

Imagine you’re deep into a spreadsheet, trying to make sense of all those numbers, when a notification suddenly covers the cell you’re working on. 😤 Cue frustration: You must stop, close the notification, and try to remember where you were.

Parking notifications out of the way means you’ll still get them, without them being in your face. 😮‍💨

For now, this feature’s only available if you’re part of Teams Public Preview or Microsoft 365 Targeted Release, but I’m hoping we’ll see a general rollout soon.

Either way, it’s nice to see Microsoft trying to give us a bit more control over our workspaces. 🙌

Would this new feature help you stay focused on the bigger stuff? Or do you like your notifications right there where you’ll notice them?