Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

3 Reasons to prepare a business continuity plan

3 Reasons to prepare a business continuity plan if you haven’t done so already

A business continuity plan is the blueprint you need during an emergency to keep your business running smoothly. If you don’t already have one, here are 3 key reasons why you should focus on creating one ASAP.

It helps retain clients
As a business, if you have problems functioning, it will definitely affect your clients. For example, if your servers are down or your supply-chain mechanism is affected or your delivery process breaks, you won’t be able to fulfill your promise to your clients. Even worse, in some situations you may not even be in a position to communicate about the crisis to your clients adding to their frustration. A business continuity plan addresses these issues beforehand and can help reduce client dissatisfaction.

Salvaging brand image and reputation
There are certain events that end up affecting only your business. For example, ransomware attacks, virus attacks, data leaks, etc., Having a business continuity plan that caters for such events can be a blessing in times of such crisis.

Minimizing revenue loss
A business continuity plan can minimize the revenue losses that occur as a result of a crisis that interrupts your business operations.

In short, a business continuity plan helps minimize the impact of the crisis on your client relations, your brand image and your revenue by equipping you with a plan to handle the situation better.

0
Posted on Author Atlantic Computer Services Categories Blog

T-Mobile Reports Scam Calls Have Increased 116 Percent Since 2020

If you’re like most cellphone users,  you absolutely love the automatic call blocking feature that most companies offer as part of their standard service.  A call comes in from a “suspicious” number and the phone just blocks it.

That’s awesome and even better is you can add new numbers to it.  So on those occasions when a spam call gets through it’s a simple matter to add the problematic number to the “don’t let through” list and you’ve got one less thing to worry about.

Since those calls are out of sight and out of mind however, it’s easy to lose sight of the fact that they’re still happening.  In fact, according to data recently offered by telecom giant T-Mobile the company has blocked a staggering 21 billion scam, spam, and other unwanted robocalls so far this year.

Even more dismaying though is the fact that this year (2021) has seen scam call traffic jump by an almost unbelievable 116 percent compared with the data from last year.  That amounts to more than 425 million scam calls attempted every week.  It’s a mind-boggling crush of phone traffic thankfully blocked by the fine folks at T-Mobile and other carriers.

These calls run the gamut.  According to the company’s data the calls were related to a broad range of topics including fake vehicle warranty scams, scams related to the Social Security office, package delivery, and insurance related scams to name a few.

The company had this to say about its “Scam Shield” service:

“T-Mobile Scam Shield has identified or blocked over 21 BILLION calls for T-Mobile and Metro by T-Mobile customers through early December 2021. 

The lowest measured month for scam traffic was January 2021, identifying 1.1 billion calls as Scam Likely. By November, volume had increased exponentially, and T-Mobile identified double the January traffic at 2.5 billion calls as Scam Likely.”

Kudos to T-Mobile for fighting the good fight!

0
Posted on Author Atlantic Computer Services Categories Blog

New Remote Access Trojan Virus Hides In Windows Registry

There’s a new malware strain you should make sure your IT staff is aware of.  Called the Dark Watchman, it is a well-designed and highly capable RAT (Remote Access Trojan) paired with a keylogger written in C#.

First discovered by researchers at Prevailion this piece of malware likes to lurk in the Windows Registry and is used mainly by Russian-speaking threat actors for the purpose of (mostly) targeting Russian organizations.  That’s good news for the rest of us but if you are based in or do business with Russian firms then this one should be of concern.

The malware strain was first spotted in the wilds in early November of this year (2021) when the threat actor behind the code began distributing it via phishing emails that contained a poisoned ZIP file.  The ZIP of course contained an executable disguised as a text document.

If opened the victim gets a decoy popup message that reads “Unknown Format”, but the reality is that by the time the victim sees the message the malicious payload has already been installed in the background.

The malware itself is extremely lightweight measuring just 32kb in size. It is compiled in such a way that it only takes up 8.5kb of space.  It does however incorporate code that allows it to “live off the land” so to speak. Here it borrows what it needs from other binaries scripts and libraries on the target computer. It uses the Windows Registry “fileless storage mechanism” for the keylogger.

In its current form the Dark Watchman can perform the following operations:

  • Execute EXE files (with or without the output returned)
  • Load DLL files
  • Execute commands on the command line
  • Execute WSH commands
  • Execute miscellaneous commands via WMI
  • Execute PowerShell commands
  • Evaluate JavaScript
  • Upload files to the C2 server from the victim machine
  • Remotely stop and uninstall the RAT and Keylogger
  • Remotely update the C2 server address or call-home timeout
  • Update the RAT and Keylogger remotely
  • Set an autostart JavaScript to run on RAT startup
  • A Domain Generation Algorithm (DGA) for C2 resiliency
  • If the user has admin permissions, it deletes shadow copies using vssadmin.exe

All that to say it can do quite a lot of damage if its controllers want it to.  Be on the alert.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Using Big Brand Surveys To Scam Victims

Surveys have long been a playground of hackers and scammers.

That’s true at any time of the year but it’s especially true around the Holidays when such scams seem to attract even more unwitting victims.  In fact, some estimates place scammer profits revolving around fake surveys as being nearly $80 million a month. So it’s big business for them.

The particulars vary somewhat from one operation to the next.

Here’s how they work in general:

First the scammer targets a perfectly legitimate survey or giveaway offered by a big well-known company or brand.

They’ll copy the layout and format of this legitimate survey creating their own version of it.  By all outward appearances from the perspective of a visitor to the survey site, they’re taking advantage of a legitimate offer.

Naturally there are some telltale signs.  Most of these fake sites aren’t checked closely for quality control so you’re likely to catch spelling errors or grammatically incorrect phrases that could serve to give away the game. Of course there’s no hiding the URL but most of the people who land on a survey or giveaway page aren’t paying much attention to that.

Once on the page the victim is in the funnel. The survey proceeds as you’d expect with a request for personal information at the end.  Sometimes they ask for a credit card (which the victim is assured won’t be billed – it’s merely being used for ‘verification purposes.’)

And you know how the story ends.

Armed with this freshly gleaned information the scammers make off with it either running up big bills on the victim’s card or selling the data to the highest bidder.

This is a global issue.  It impacts people from all walks of life and from almost every country on the planet.  Don’t fall for it.  Do your due diligence or just say no to anything that looks like it’s too good to be true.

0
Posted on Author Atlantic Computer Services Categories Blog

New Ransomware Named AvosLocker Uses Multiple Tricks In Attacks

There’s a new strain of ransomware to be concerned about in the form of AvosLocker.

This is from security firm Sophos who warns that the new strain of human-operated ransomware is one to watch.

AvosLocker burst onto the scene over the summer of this year (2021). Having enjoyed some success with their product the gang behind the code is now on the hunt for partners in a bid to fill the gap left by REvil’s departure.

One of the key features of the malware’s design is the fact that it leverages the AnyDesk remote IT admin tool while running it in Windows Safe mode. We’ve seen malware that leverages Windows Safe Mode. Safe Mode loads with a minimal set of drivers and it is less well-protected but it isn’t exactly a common tactic.

AnyDesk is of course a perfectly legitimate tool used by thousands of professionals all over the world every day.  Here however it is being put to nefarious use and by combining it with running in Safe Mode and it allows the hackers to deal serious damage to their targets.

Peter Mackenzie is the Director of Incident Response at Sophos. Mackenzie says the group behind this new strain relies on simple but very clever tactics and methodologies to get the job done. So far, they’ve been amazingly successful.

The company had this to say about the new strain:

“Ransomware, especially when it has been hand-delivered (as has been the case in these Avos Locker instances), is a tricky problem to solve because one needs to deal not only with the ransomware itself, but with any mechanisms the threat actors have set up as a back door into the targeted network. No alert should be treated as “low priority” in these circumstances, no matter how benign it might seem.”

Wise words indeed.  Stay alert out there.

0
1 58 59 60 61 62 236