Tag Archives: Business Advice

Posted on Author Atlantic Computer Services Categories Blog

Browser Update Warnings May Actually Be Malicious Hackers

Researchers at FireEye have recently unearthed a particularly nasty new campaign that is both multi-faceted and dangerous. At the heart of the attack are hacked websites which display seemingly innocuous popup message informing the site visitor that their browser is out of date. It will helpfully provide a one-touch solution to the non-existen21t problem via a button that promises to download the latest version of the browser in question.

Naturally, it does no such thing.  Instead, it uses a series of JavaScripts to gather information about the target computer and send the details back to the command and control server.

The server then responds to the findings reported by the initial script by uploading the initial payload.  This varies based on the details gleaned, but generally includes some type of banking trojan malware and a backdoor such as Dridex, NetSupport Manager RAT, or similar.  If the initial scan reveals that the target computer is part of a corporate network, then an additional payload is also injected onto the target machine, but we’ll get to that in a moment.

The first part of the payload will busily ferret out login credentials and other sensitive information, exfiltrating any files of value back to the command and control server.

Only when this operation has been completed and if the computer is part of a corporate network will the second stage we referenced earlier trigger, which is a strain of ransomware, normally BitPaymer or DoppelPaymer. The ransomware spreads through the network as far as it is able, encrypting files network wide.

These two ransomware strains are known for their hefty ransom demands, which often run into the hundreds of thousands, or even millions of dollars.

This multi-stage approach is dreadfully effective.  It not only allows the hackers to squeeze a wide range of sensitive data from infected systems, but then, locks them down hard and demands a hefty payment.  Be sure your staff is aware.  This one’s about as dangerous as they come.

0
Posted on Author Atlantic Computer Services Categories Blog

Attachment Extensions Carrying Malware Banned On Microsoft Outlook

One of the most common means by which malware winds up on the computers of its victims is via an email attachment.  All it takes is one careless moment.  One click to open a file that turns out to be poisoned and you’re in for a world of trouble.

That’s the exact reason why email providers tend to be incredibly selective about what kinds of attachments their services allow.

Microsoft recently announced that they’re further restricting their number of allowable extension types, placing a total of 36 additional file extensions.  That’s thirty-eight new file types you won’t be able to download via Outlook Web, and it brings the total number of blocked file types up to 140.

The company had this to say about the matter:

“We’re always evaluating ways to improve security for our customers and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today.”

The good news is that you’re unlikely to notice the impact of the new additions, even though it sounds like a big increase.  That’s because most of the extensions the company plans to adopt are fairly exotic and seldom used.  When they are used, at least a significant percentage of the time, they’re used by hackers for nefarious purposes.

Here’s a list of the extensions Microsoft plans to add to the list:

  • .py
  • .pyc
  • .pyo
  • .pyw
  • .pyz
  • .pyzw
  • .ps1
  • .ps1xml
  • .ps2
  • .ps2xml
  • .psc1
  • .psc2
  • .psd1
  • .psdm1
  • .cer
  • .crt
  • .der
  • .jar
  • .jnlp
  • .appcontent-ms
  • .settingcontent-ms
  • .cnt
  • .hpj
  • .website
  • .webpnp
  • .mcf
  • .printerexport
  • .pl
  • .theme
  • .vbp
  • .xbap
  • .xll
  • .xnk
  • .msc
  • .diagcab
  • .grp

Again, most people have probably never even heard of, and don’t use these extensions anyway, so it shouldn’t have a huge or visible impact, but be aware that the change is coming.

0
Posted on Author Atlantic Computer Services Categories Blog

Companies Are Losing Billions To Business Email Compromises

The FBI’s statistics on BEC (Business Email Compromise) are alarming to say the least.  Over the last twelve months, the law enforcement agency has witnessed a 100 percent increase in the identified global exposed business losses attributable to BEC. Between June 2016 and July 2019, there were a total of 166,349 BEC incidents reported to the FBI, which led to total losses in excess of twenty-six billion dollars.

Worse, the cyber criminals engaging in these types of attacks don’t limit themselves to Fortune 500 companies.  They’re just as likely to target small to medium sized businesses as they are to target major international firms.

Typically, a BEC attack works something like this:

A fraudster will pose as either a high-ranking company official or a trusted business partner and begin email communication with a mid-level employee at your firm.  Over the course of that conversation, a request will be made to the employee to transfer funds to what the employee believes to be an account belonging to a longstanding business partner.

Thinking that they’re doing the bidding of their CEO or of a trusted business partner, these transfers are often made without a second thought. Of course, by the time it is discovered that the person the employee was communicating with was a fraud, the money is long gone and virtually impossible to recover. A BEC attack can take other forms too, however.

In fact, according to the FBI’s Internet Crime Complaint Center:

“One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information or Wage and Tax Statement (W-2) forms. Payroll diversion schemes that include an intrusion event have been reported to the IC3 for several years.  Only recently, however, have these schemes been directly connected to BEC actors through IC3 complaints.”

The bottom line is that this type of issue is getting worse and increasingly common.  Be sure your employees are aware and mindful of who they’re releasing funds to.

 

0
Posted on Author Atlantic Computer Services Categories Blog

New Ransomware Called TFlower Hacks Into Company Networks

Over the last two years, ransomware attacks have become increasingly common against businesses of all shapes and sizes.

While the attack vector saw a dip in popularity last year, this year it has come roaring back to the fore with several new strains of ransomware being developed and enjoying widespread use by hackers around the world.

One of the most recent entrants into the ransomware family is a new strain called “TFlower”, which made its first appearance in August of this year (2019).  Since that time, it has begun seeing increasingly widespread use, so if this is the first time you’re hearing about it, know that it likely won’t be the last.

TFlower is introduced into company networks when hackers take advantage of exposed Remote Desktop services.  Once the hackers have a toehold inside a company’s network, they’ll use that machine to connect to and infect as many other machines on the network as possible. Like many similar forms of malware, TFlower attempts to distract infected users while it’s encrypting their files.  In this case, it will display a PowerShell Window that makes it appear that some harmless software is being deployed.

While it’s encrypting a victim’s files, it connects to its Command and Control Server to keep the software owners apprised of its activities. Then it attempts to clear the Shadow Volume Copies and attempt to disable the Windows 10 repair environment. This makes it difficult, if not impossible to recover files via conventional means.  Note that it also attempts to terminate the Outlook.exe process so its data files can be encrypted.

When the software has done as much damage as it can do, it will litter the infected computer with a file named “!_Notice_!.txt” which explains that the computer’s files have been encrypted and in order to get them back, you’ll need to contact the malware owners at the email address provided for additional details.

Be sure your IT staff is aware, and given how this one is spread, check the security of your Remote Desktop services.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Can Now Use Fake Voices To Steal Money

You’ve almost certainly been seeing stories on the internet this year about the growing trend of Deep Fakes.

They are videos that are expertly engineered to give the appearance of some prominent figure or another saying something that he or she never actually said.

It’s a clever, computer generated ruse.

The reason it’s been making headlines is that Deep Fakes tend to be really good, which makes them notoriously difficult to spot. Their recent appearance, unfortunately, is negatively impacting the national dialogue on important issues.  After all, when you’re looking at what appears to be evidence of a prominent figure saying something shocking, of course you’re going to be inclined to believe your own eyes.

Naturally, it did not take the hackers of the world long to figure out a way to use this relatively new technology to their benefit.  Recently, a UK energy company’s CEO was tricked into wiring more than $220,000 USD to a Hungarian supplier.  He believed that he had received verbal instructions from his boss to do exactly that, and merely complied with the order.

The only problem?  His boss issued no such order.  It actually came from a hacker using deep fake software to precisely mimic the voice of the executive demanding that his underling pays the supplier within the hour.

A spokesman for the company’s insurance firm had this to say about the matter:

“The software was able to imitate the voice, and not only the voice:  the tonality, the punctuation, the German accent.”

Energy company employees caught onto the ruse when the hacker made a similar demand a short time later that same day.  The second time though, the energy firm CEO called his boss personally, only to discover that he was simultaneously dealing with his fake boss and the real one.

There’s no way to know how many times this has happened before, or how frequently it’s happening now. Even worse, our ability to create deep fakes presently far outstrips our ability to detect them.  That should give business owners everywhere pause.

0
1 17 18 19 20 21 23