Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Teaming Up To Wreak Havoc On Corporate Users

It’s never a good thing when well-organized groups of hackers start working together, but that’s what appears to be happening.

Recently, evidence has emerged that the Black Basta ransomware gang has begun tight-knit cooperation with the infamous QBot malware operation. They share the specific goal of inflicting maximum damage on corporate targets.

While many different groups make use of QBot for initial infection, Black Basta’s use is somewhat different. The group is leveraging it to spread laterally through a network once they have infected it.

The partnership stands to be devastatingly effective.  Black Basta’s ransomware paired with QBot’s penchant for stealing banking credentials and injecting additional malicious payloads could easily deliver a one-two punch that would be very difficult for a company to recover from.

The bad news here is that QBot (also known as QakBot) can move quickly once inside a compromised network.

Fortunately, the way Black Basta is leveraging QBot, there is a window of opportunity between the time that QBot is moving laterally and the actual ransomware infection. So diligent IT Security professionals may be able to stop QBot’s spread before the ransomware payload is deployed.

That’s good in theory but the sad truth is that many companies won’t move quickly enough to stop the ransomware attack, which will leave them crippled from that and see their banking credentials compromised to boot.

Exactly how effective this new partnership will be remains to be seen, but both QBot and Black Basta have made names for themselves as fearsome hacking groups. Black Basta has been breaching dozens of networks over the course of their relatively short existence and QBot has made a name for themselves over a much longer period.

In any case, this is a dangerous combination and you will want to be on the alert for both groups and the ransomware they are deploying.  The hackers represent genuine threats, whether operating on their own or in tandem.

0
Posted on Author Atlantic Computer Services Categories Blog

Blog 1 – WHAT SMBs need to understand about cybersecurity

Think you are too small to be a cyber attack victim? Think again!

A recent study pointed out that SMBs are increasingly becoming targets of cybercriminals because their cybersecurity measures aren’t as strong, sophisticated, or effective as those of large companies. Often, SMB owners tend to think they are too small to be targeted; in fact, their size and lack of cybersecurity measures make them an easy target for cybercriminals. This blog focuses on what small- and medium-sized businesses need to understand about cybersecurity.

One of the first things to understand is–no matter how lucky or careful you are– cybersecurity breaches are bound to happen. You are, at any point in time, just one click away from getting your entire IT network or data compromised. While this truth is the same for both smaller and bigger organizations, as an SMB the impact on your business, revenue, and brand is likely to be far greater when compared to a bigger company.

Second, the landscape of cybercrime is constantly changing. The more security features and components you have in place, the more cybercriminals are changing their tactics. So, you need to be constantly on your guard to keep up with them and fortify your IT infrastructure from a security perspective.

0
Posted on Author Atlantic Computer Services Categories Blog

Emotet Malware Will Include Credit Card Theft In Attacks

If you’re involved in information security in any capacity, you’re probably quite familiar with the infamous Emotet botnet.  It’s one of the most dangerous and prolific botnets out there and it is a dire threat to organizations of all sizes.

The bad news is that the botnet is still being actively enhanced and is gaining new capabilities at regular intervals.

Most recently, its developers have added a new credit card stealing module that is designed to harvest saved credit card information stored in Google Chrome profiles.

Once it harvests information (name on the card, card number, security code, and expiration month and year), the malicious code will send that data to a command-and-control server controlled by the Emotet group.

The new capabilities were discovered by researchers at Proofpoint, and they reported being somewhat surprised that the new module was designed specifically to target Chrome users.  No other browsers are impacted by it.

Emotet has a fascinating history.  It first hit the internet in 2014 and when it first appeared, it was a simple banking trojan.

A concerted effort by law enforcement nearly destroyed the botnet. They took it offline as law enforcement officers pulled the plug on most of the botnet’s infrastructure.

Things were quiet for several months, but then in November 2021, Emotet returned like a malicious phoenix and has been causing trouble for IT professionals around the world ever since.

Controlled by the TA542 threat group also known as Mummy Spider, it can be used to deliver any number of second-stage payloads which makes it incredibly dangerous.

This is one malware you will have to stay on the alert for.  There’s no telling what new features the threat group will add next, and you may find yourself in Mummy Spider’s crosshairs.

0
Posted on Author Atlantic Computer Services Categories Blog

Medical Service Provider Data Breach Affects 2 Million Users

Depending on where you live, you may have received medical care from the Shields Health Care Group (Shields), or from a provider associated with them.

If so, be aware that the Massachusetts-based medical provider specializing in PET/CT scans, MRIs, radiation oncology, and ambulatory surgical services has been hacked.

The unknown hackers gained access to their network and stole data relating to more than 2 million users.

According to the breach notification that the company published on their website, Shield first became aware of the attack on March 28th of this year (2022).  Immediately after, they retained the services of third-party cybersecurity specialists, engaging them to assist in determining the scope and scale of the incident.

While that investigation is ongoing, here’s what we know so far:

A currently unknown group attacked the network and gained access from March 7 to March 21, 2022.

Consequently, they were able to steal database records of more than two million users, which included the following information:

  • User full name
  • Social security number
  • User date of birth
  • User home address
  • Provider information
  • Patient diagnosis
  • Billing information
  • Insurance number and related information
  • Medical Record Number
  • Patient ID
  • And other assorted treatment information

This is serious and more than enough data was exfiltrated to allow the hackers to steal people’s identities.  Whether they do it themselves or sell the information on the Dark Web remains to be seen. Either way, if your information was stolen because of this breach, you are very much at risk.

If you’re not sure, it’s worth your time to head to the Shields website.  There, you’ll find a complete listing of all the impacted medical facilities.  If you received treatment from any facility on the list, be on the alert and watch your credit and banking statements closely.

0
Posted on Author Atlantic Computer Services Categories Blog

Beware New Windows Vulnerability With Remote Search Window Access

You may not know the name Matthew Hickey, but you should thank him for a recent discovery that could save you a lot of grief.

Hickey is the co-founder of a company called Hacker House.  He recently discovered a flaw that could allow for the opening of a remote search window simply by opening a Word or RTF document.

This newly discovered zero-day vulnerability is about as serious as it gets.

Here’s how it works:

A specially crafted Word Document or RTF is created which, when launched, will automatically launch a “search-MS” command, which opens a Windows Search window.

This window lists executable files on a remote share and the share can be given any name the attacker desires such as “Critical Updates” and the like. That would naturally prompt an unsuspecting user to click the file name to run that file.

Naturally, clicking the file name wouldn’t do anything other than install malware, which is exactly what the hackers are trying to do.

Although not quite as dangerous as the MS-MSDT remote code execution security flaw, this one is still incredibly serious. Even worse, there is not currently a patch that will make your system safer.

The good news however, is that there are steps you can take to minimize your risks.

If you’re worried about this security flaw, here’s what you can do:

  • Run Command Prompt as Administrator.
  • To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOTsearch-ms search-ms.reg”
  • Execute the command “reg delete HKEY_CLASSES_ROOTsearch-ms /f”

Kudos to the sharp eyes of Matthew Hickey for first spotting this flaw.  We can only hope when the next zero-day rears its head, researchers like Mr. Hickey will be there to help point them out and show us how to defeat them.

0
1 22 23 24 25 26 236