Tag Archives: Malware and Virus Protection

Posted on Author Atlantic Computer Services Categories Blog

Cyber Security Best Practices For Businesses

Smaller companies often struggle to develop and invest in robust IT security systems, which can leave them relatively more vulnerable to cyber attacks.

If that’s the situation you’re in and you’re trying to decide what to invest in and where to use the money that you have to spend on IT security, here’s a quick overview of the basics you need to have covered.

1 – Door Access Control

Believe it or not, this properly falls under the cybersecurity umbrella since magnetic door locks and swipe cards (or similar technology) are ultimately managed via a server on your company’s network.

If you don’t have such a system in place, we strongly urge you to consider one. Once it’s in place, regularly review who has what level of access.

In addition to that, most door security systems include some type of monitoring software, and it pays to set up automated alerts when an employee shows as deviating from their usual routine.

Example:  If Linda’s regular work schedule has her swiping her card and entering the office just before 8AM, and leaving a little after 5PM and suddenly you see her coming in at 3:00 in the morning, that’s a sign that something is amiss and is well worth investigating.

2 – Encryption, Encryption, Encryption

Even if a hacker breaches your network, they can’t make use of any files they get their hands on if they can’t decrypt the data.

There are three types of encryption you want to be focused on:  Encryption at rest, encryption in use, and encryption in transit.  If your files are encrypted in all three states, a hacker is going to be hard-pressed to get anything useful from your network, even if they break in.

 3 – Ongoing Security Training

The sad truth is that all the fancy hardware and software in the world can be circumvented by going after the weakest link in your security chain, which is always your people.  If someone uses a weak password for the sake of convenience, that’s a way in for a hacker.

If someone is prone to opening email attachments from unverified sources, that’s another potential inroad. The problem is that too many employees don’t fully appreciate the security risks that these seemingly innocuous activities carry with them.  Make sure they know.  Make sure everyone knows.

There’s a lot more to robust security of course, and cybersecurity is constantly evolving, but if you start here, with these three items, you’ll be miles ahead.

0
Posted on Author Atlantic Computer Services Categories Blog

Latest Microsoft Patch Fixes Dozens of Bugs

Even if you don’t consistently install Microsoft’s security patches as soon as they’re released, the September 2022 patch released this week deserves immediate attention.

Dozens of bugs, flaws, and vulnerabilities were addressed in this iteration, including fixes for:

 

  • *30 Remote Code Execution vulnerabilities
  • 18 Elevation of Privilege vulnerabilities
  • 16 Edge/Chromium vulnerabilities
  • 7 Information Disclosure vulnerabilities
  • 7 Denial of Service (DoS) vulnerabilities
  • 1 Security Feature Bypass vulnerability

In addition to the above, the patch also addresses two zero-day vulnerabilities. The first of these is being tracked as CVE-2022-37969.

It was discovered independently by researchers from CrowdStrike, Zscaler, Mandiant, and DBAPP Security. Described as a Windows Common Log File System Driver Elevation of Privilege Vulnerability, hackers are currently exploiting this flaw in the wild.

The other is being tracked as CVE-2022-23960 and is described as a Cache Speculation Restriction Vulnerability.

The researchers at VUSec who discovered the issue have dubbed it “Spectre-BHB” and utilize Branch History Injection to allow for speculative execution. While it is similar to the Spectre security flaws found in chipsets last year, it is only tangentially related. Furthermore, there is no evidence that hackers are currently exploiting it.

On top of the impressive bug fixes, this release also includes improvements to Microsoft Defender and enhanced IT administrators’ capabilities to make it easier to control language-related features remotely in the OS.

Patch Tuesdays are always significant, but this one is even more critical than most. If you haven’t already done so, head to Microsoft’s website and install it on all your Windows 10 devices running versions 1809, 21H1, and 21H2. Also, note that one week before Microsoft released this patch, they released Windows 10 builds KB5017308 and KB5017315, which addressed various performance issues and patched twenty bugs.

Patch Tuesday is a regularly scheduled event. Microsoft rolls them out on the second Tuesday of each month at 10:00 AM PST.

0
Posted on Author Atlantic Computer Services Categories Blog

RDP Brute Force Attacks Blocked By Windows 11

A small but important feature was recently incorporated by the Windows 11 design team.  A new Account Lockout Policy enabled by default has been added.  This policy automatically locks user accounts (including Admin accounts) after ten failed sign-in attempts.

The account remains in a locked state for ten minutes, requiring users to wait that amount of time before they can try again.

The addition was made in a bid to prevent or at least minimize the risk of brute force attacks being made against systems. This is used in instances where different passwords are tried in rapid succession until an attacker gets a hit and is given some level of access on a target system.

It’s an excellent change because many human operated ransomware attacks rely on simple, brute force methods. Statistics gathered on the subject by the FBI indicate that between 70 to 80 percent of network breaches are because of brute force attacks.

The above describes the default settings, but Admins will have a great degree of flexibility in terms of deciding the exact policy.  The number of unsuccessful attempts before lockout can be varied. The lockout duration can be varied. The option to disable Admin accounts can be toggled on or off. Of course, the entire policy can be disabled if an Admin so desires.

Interestingly, Windows 10 has a similar lockout policy but it is not enabled by default, which is the important change here.

We regard this as another of those small but important changes that the Windows 11 team is making designed to make the new OS better, safer, and more secure than anything that Microsoft has released previously.

Kudos to the Microsoft engineers who are working tirelessly to ensure Windows 11 is a smashing success.  If the preview we’ve gotten to this point is any indication, it certainly will be!

0
Posted on Author Atlantic Computer Services Categories Blog

New Android Malware Disables WiFi To Attempt Toll Fraud

There’s a new threat to be aware of if you own an android device.  Microsoft recently warned that their researchers had spotted a new toll fraud malware strain wreaking havoc in the Android ecosystem.

Toll fraud is a form of billing fraud. It is a scheme whereby bad actors attempt to trick unsuspecting victims into either calling or sending an SMS to a premium number.

In this case, however, the scheme doesn’t work over WiFi so it forces the device the user is on to connect to the mobile operator’s network.

What typically happens in a non-scam situation is that if a user wants to subscribe to paid content, they need to use WAP (Wireless Application Protocol) and they need to switch from WiFi to the mobile operator’s network.

Most of the time, the network operator will send a one-time password for the customer to confirm their choice.

The threat actors running this scam don’t do that.  The toll fraud malware makes the switch automatically and without informing the user.  In fact, it actively suppresses warnings that might alert the user to what’s going on.  The result is that the user winds up with a hefty bill for a service they didn’t even know they were signing up for.

This is accomplished via JavaScipt injection which is hardly new. Although in this case, it’s being implemented in a novel fashion and is designed to keep the whole operation as discreet as possible.

The following items happen completely under the radar:

  • Disabling the WiFi connection
  • Navigation to the subscription page and auto clicking the subscription button
  • Intercepting the one-time password in cases where one is used
  • Send the OTP code to the service provider as necessary
  • And cancelling SMS notifications

This is a tricky one to defend against, so be sure your employees are aware and on the lookout for mysterious charges on their accounts.

0
Posted on Author Atlantic Computer Services Categories Blog

WordPress Plugin Leaves Sites Vulnerable

Researchers at Defiant authored the popular Wordfence security solution for WordPress users and they have detected a massive campaign that has seen hackers actively scanning for websites employing the Kaswara Modern WPBakery Page Builder plugin.

The plugin was recently abandoned by the creative team behind it before receiving a patch for a critical security flaw.

The flaw, tracked as CVE-2021-24284 would allow an attacker to inject a malicious Javascript into any site using any version of the plugin, which would allow the uploading and deletion of files that could easily lead to a complete takeover of the site targeted.

What makes this campaign so impressive is the fact that the hackers have scanned more than a million and a half sites so far, searching for vulnerable targets.  Fortunately, only a tiny percentage of sites scanned have been running the vulnerable plugin.

Based on the data collected, the campaign appears to have started on July 4th of 2022, and is ongoing to this day.  The attacks originate from more than ten thousand unique IP addresses, indicating a large, organized group of attackers. The identity of the group behind the campaign is not known at this time.

The bottom line here is simple.  If you are running this plugin, we recommend stopping immediately and uninstalling it. Since it has been abandoned by its authors, there’s no fix coming and no matter how helpful it may have been to you, it’s just not worth the risk.

Even if some other group adopts the plugin later, there’s no telling how long it might take for that to happen. Even if it did, there’s no way to know how long it might take them to develop a patch for it.  For now then, your best bet is to treat this plugin as toxic and steer clear of it.

0
1 2 3 4 43