Malware Stealing Usernames And Passwords At Alarming Rates

Much discussion has been had about the fact that hackers are becoming increasingly sophisticated, and their methods ever-increasing in their complexity.  While that’s certainly true, more complex isn’t always better.

Take, for example, the malware called Separ, which is a credential-siphoning bit of code, first detected in late 2017.

Separ has benefitted from ongoing development by the hackers controlling it, but what sets it apart from other malware strains is that it’s almost deceptively simple, and that simplicity is a big part of its success.

The program is surprisingly good at evading detection, thanks to clever use of a combination of short scripts and legitimate executable files that are commonly used for completely benign purposes. This allows them to blend in and be utterly overlooked by most detection routines.

The most recent iteration of the software is embedded in a PDF.  When an unsuspecting user clicks to open the file, Separ runs a chain of other apps and file types commonly used by System Admins.  The initial double click runs a simple Visual Basic Script (VBS), which in turn, executes a batch script.

The batch script sets up several directories and copies files to them. Then it launches a second batch script, which opens a decoy image to high command windows, lowers firewall protections, and saves the changes to an ‘ipconfig’ file.

Then, it gets down to its real work, again, relying on completely legitimate executables to collect passwords and move them to the hackers’ command and control server.

According to Guy Propper, (the team lead of Deep Instinct’s Threat Intelligence group):

“Although the attack mechanism used by this malware is very simple, and no attempt has been made by the attacker to evade analysis, the growth in the number of victims claimed by this malware shows that simple attacks can be very effective. The use of scripts and legitimate binaries, in a ‘living off the land’ scenario, means the attacker successfully evades detection, despite the simplicity of the attack.”

Be sure your IT staff aware.  It’s not always the most complex forms of malware that can get you.

Apple Developers Will Make Apps Usable On All Devices

Apple recently announced an important strategic change in direction that’s great news for developers.  In their next SDK release, developers will be able to build a single app that will work on every iPhone, iPad, and Mac the company makes.

The benefits to developers are obvious, with the biggest being a general reduction of development time.

There will be no need to make three different variants of an app to cover the entire Apple ecosystem.  It will also mean more potential customers if a development group has been focused on only one segment of that ecosystem.

The change will also give Apple a powerful advantage in that eventually, the company will be able to merge the Mac App Store and the App Store for iOS. That will reduce their digital footprint and make managing their vast holdings easier. In addition to that, it will streamline the approval process, allowing developers to submit a single binary for all Apple devices.

According to a statement recently published by the company, the new development kit could be pushed out by as early as June, which is generating a tremendous amount of excitement in the Apple development community.

Obviously, consumers will see a big win here as well.  Once the changes are complete and the two app stores are merged, there will be a single official hub where Apple users can get all their favorite Apps. They won’t even have to worry about cross-device compatibility, which will improve the overall user experience.

The bottom line is that it will make things easier for developers, make managing the process easier for Apple, simplify things, and improve the user experience for the legions of end users in Apple’s ecosystem. Kudos to the company for making the move.  Exciting changes are ahead!

Another Point Of Sale Data Breach Hits Retailers

Another week, another data breach. This time, the target of the breach was North Country Business Products (NCBP), a company that makes point of sale (POS) terminals for businesses.

Although NCBP was the target, they weren’t the ultimate victims of the breach. Hackers infiltrated NCBP’s network and installed malware onto the company’s POS terminals.

These were then sold to businesses around the country. In all, according to the latest information published by NCBP about the incident, a total of 139 business locations received these poisoned POS terminals. This allowed hackers to gain control of any payment information processed through those terminals.

In all, NCBP POS systems are installed in more than 6500 locations nationwide, meaning the scope and scale of this breach was approximately 2 percent of the company’s installed terminal base.

So far, North Country’s handling of the incident has been admirable. The breach occurred on January 3rd, 2019. The company discovered it on January 30th, but noted that the attackers ceased all activity on January 24th when they began detecting investigators probing for their presence.

NCBP has informed law enforcement, enlisted the aid of a third-party forensic investigator, and have published a list of all infected POS terminals on their website. All of the invested terminals are bars, coffee shops, or restaurants, with an even mix of standalone businesses and franchises.

The investigation into the matter is still ongoing. As yet, NCBP and the agencies assisting them have not determined exactly what the impact is or has been for each of the affected businesses.

All that to say, if you own an NCBP POS device, be sure to head to the company’s website to find out if your business is on the list of impacted customers. If so, you may have already been contacted by the company.

Right Clicking In Gmail Will Unveil Its New Features

When is a right click more than just a right click?  When Google reveals its latest changes to Gmail, of course!

The tech giant has recently announced that they’re going to be overhauling Gmail’s right click menu options. This will enhance its value by adding more and better functionality, with an eye toward improving the overall user experience.

The current right click menu offers the following functionality:

  • Move to Tab
  • Archive
  • Mark as Read
  • Delete

The coming changes will expand to include:

  • Search options
  • Reply and Forward functionality
  • Snooze
  • Mark as Unread
  • Movement Options
  • Labeling
  • The option to open an email in a new tab

You won’t have to take any action to gain the benefits of these new features.  The pending update will make them available to all Gmail users automatically.

In terms of a time frame, Rapid Release domains will begin receiving the update on February 11th 2019 although it can take up to fifteen days for the new features to become visible. The roll-out to the general public is slated for February 22nd, although it could be up to three days before the new menu options become visible to all users.

These are fantastic additions and we can hardly wait to start using them.  Odds are excellent that Google’s recent changes will have ripple effects that extend far beyond Gmail, too.  The reality is that menu functions tend to get taken for granted.  At this point, they’re so well established and entrenched that most people don’t even consider the possibility of tweaking them to improve overall functionality.

That’s unfortunate, but given the coming changes, the hope is that it will prompt other email providers and software vendors in general to go back to the drawing board and reassess their time-honored menu options to see what other improvements can be realized.

Email Provider VFEmail Had All Data Destroyed By Attacker

Do you use VFEmail?  If so, we’ve got bad news for you.

Hackers have successfully attacked the system and wiped all data from all of its servers in the US.

All data on those servers has been lost.  That means every email you had in your inbox and everything you had archived is gone.

According to a company spokesman, “At this time, the attacker has formatted all the disks on every server.  Every VM is lost.  Every file server is lost.  Every backup server is lost.”

The hackers made no attempt to lock files and ransom them.  They simply went in and destroyed, opting for maximum damage, and they succeeded. Although attempts are being made to restore the data, the outlook isn’t good.  Odds are overwhelmingly against anyone ever getting so much as a single email back.  Even if some data is ultimately recovered, users should not expect to get more than a fraction of their data back.

At this point, the company’s website is up and running again, but all of its secondary domains are down. These include:

  • Toothandmail.com
  • Powdermail.com
  • Openmail.cc
  • Offensivelytolerant.com
  • Metadatamitigator.com
  • Manlymail.net
  • Clovermail.net
  • Mail-on.us
  • Chewiemail.com

When you log onto your VFEmail account, you’ll be greeted with an empty inbox.

This isn’t the first time that VFEmail has come into the crosshairs of a hacking group.  In late 2015 a group called the Armada Collective targeted VFE and others with a massive DDoS attack, demanding ransom payments to halt the attack.  Unfortunately, this time, the hackers weren’t interested in taking prisoners or making money.

Sadly, this isn’t the first time a company has been brought to almost complete destruction.  In 2014, a company called Code Spaces was forced to close its doors when hackers breached their system and did the same thing.

If it can happen to Code Spaces and VFEmail, it can happen to your company too.  Beware.