Tag Archives: Malware and Virus Protection

Posted on Author Atlantic Computer Services Categories Blog

Fake Copyright Infringement Emails Used To Spread Malware

Hackers found a new way to slip malware past your defenses.  Researchers around the world have spotted a curious new campaign designed to scare victims by sending them emails warning of copyright infringement.

The email begins by warning that the recipient’s website is hosting copyright-protected content and threatens legal action if the offending material isn’t removed immediately.

The red flag here is that rather than simply spelling out what materials are copyright protected in the body of the email, the attackers include a ZIP protected archive file which supposedly provides the details.

Naturally, anyone who gets scared into opening the archive will not find any details. Rather, they will have inadvertently opened the door to allow LockBit 2.0 ransomware to be installed on their machine.

Worse, if that machine happens to be connected to your corporate network, the malware will spread laterally from there while infecting and locking files on as many devices as it can manage.

It’s a clever bit of social engineering.  Nobody wants to run afoul of copyrights, so the hackers are playing on common fears and the current campaign is well organized.  Not only are the emails slickly put together, but the hackers are using one of the most prolific ransomware strains out there.

You’re probably not actually displaying copyrighted materials on your website. Even if you were, the content in question would be mentioned prominently in the body of whatever email you got from the owner of the copyright.

Be sure your staff is aware of the current campaign.  Once someone opens the archive, it’s too late and your company will probably be facing some downtime, not to mention the loss of trust you’ll suffer.  It’s just not worth the risk.  Stay safe out there.

0
Posted on Author Atlantic Computer Services Categories Blog

Android And iOS Network Protection Added With Microsoft Defender

Recently, Microsoft added a new feature for Microsoft Defender for Endpoint (MDE) which has fans of the product cheering.

Once the new “Mobile Network Protection” feature is enabled on the iOS and Android devices you want to monitor, the security platform will provide the same robust protections and notifications that your other network devices currently enjoy.

The company had this to say about the recent addition:

“As the world continues to make sense of the digital transformation, networks are becoming increasingly complex and provide a unique avenue for nefarious activity if left unattended.

To combat this, Microsoft offers a mobile network protection feature in Defender for Endpoint that helps organizations identify, assess, and remediate endpoint weaknesses with the help of robust threat intelligence.”

This new feature is part of a larger, ongoing effort by Microsoft to expand Defender for Endpoint’s capabilities and provide an umbrella of protection that extends across multiple platforms.

Given the complexities of today’s network security environment, we’re thrilled to see tech giants like Microsoft taking bold steps to help simplify, and a cross platform security solution is seen by many as being the Holy Grail of the industry.  While it’s certainly true that Defender for Endpoint isn’t that yet, it’s clear that Microsoft is interested in seeing it become that.

Again, from Microsoft:

“With this new cross-platform coverage, threat and vulnerability management capabilities now support all major device platforms across the organization – spanning workstations, servers, and mobile devices.”

In addition to this new capability, the Redmond giant has also added a feature to MDE that allows admins to “contain” unmanaged Windows devices on their network if they are compromised, or even if there’s a suspicion that they might be.  This is in a bid to keep hackers from abusing those devices and moving laterally through corporate networks.

All of this is great news indeed and if you’re not yet taking advantage of Defender for Endpoint, we recommend giving it serious consideration.

0
Posted on Author Atlantic Computer Services Categories Blog

The Windows 11 Apps That Use Your Microphone And Camera

Are you a member of the Windows 11 Insiders group?  If so, then you already know that you get a sneak peek at all the cool new features the engineers at Microsoft are building into the new Operating System.

If you’re not yet a member of that group, then this announcement might entice you to join.

In a June Windows 11 Preview Build, the company added a new privacy feature that keeps track of apps that have access to your microphone, camera, location, and the like.

To view your installed apps and which ones have access to what, activate your Windows 11 Settings app and look under Privacy & Security.  There, you’ll see a section labeled “App Permissions” as a “Recent Activity” dropdown menu.

You’ll see a complete listing of apps stacked against every tracked category of information, putting it all right at your fingertips.

This is the latest of the new security features that the new OS will sport.  In addition to this, the company is also planning to make improvements to Microsoft Defender that will make it better at blocking phishing and malware attacks against users.

On top of that, Microsoft is currently developing a Personal Data Encryption feature that will protect users’ files when they’re not logged in by blocking access to that data until the user authenticates via Windows Hello.

Finally, the company is flirting with the notion of enabling both Credential Guard and Local Security Authority by default. Although, they have not made a firm commitment to either of those at the time this article was written.

These feature additions stand to make Windows 11 the most secure OS that Microsoft has ever offered.  We’re looking forward to seeing how Windows 11 is accepted by the broader public.

0
Posted on Author Atlantic Computer Services Categories Blog

You May Need To Replace Old Cisco VPN Routers

Do you own one or more of the following products made by Cisco?

  • The RV110W Wireless-N VPN Firewall
  • The RV130 VPN Router
  • The RV130W Wireless-N Multifunction VPN Router
  • The RV215W Wireless-N VPN Router

If so, be advised that a new and critical security vulnerability has been found that impacts your equipment.  It is being tracked as CVE-2022-20825.  With a severity rating of 9.8 out of a possible 10, it’s about as serious an issue as it’s possible to have.

What is worse is that because the equipment referenced above is older and at the end of its service life, Cisco announced that there will be no patches to address this recently discovered security vulnerability.

Per a recent Cisco security advisory, the flaw exists because of insufficient user input validation of incoming HTTP packets on impacted devices.

It should be noted that this flaw only impacts devices that have their web-based remote management interface enabled on WAN connections.  If you’re not doing that, then even if you have an older piece of Cisco equipment, you’ve got nothing to worry about.

If you’re not sure whether remote management is enabled or not, just use the following steps. Log into the web management interface and make your way to “Basic Settings” and then “Remote Management.”  From there, just verify whether the box is checked or not and you’re all set.

In cases like these, we do wish companies were willing to be a bit more flexible. However, on the other hand, it’s easy to see how an offer of more time would be abused. So while we feel your pain if you own one of the impacted devices and we also understand why Cisco is taking a hard line and not granting any wiggle room.

All that to say, if you’re still using one of the devices referenced above, upgrade to a newer piece of equipment as soon as possible.

0
Posted on Author Atlantic Computer Services Categories Blog

New Panchan Botnet Targets Linux Servers

If you’re involved with IT Security at any level and if your network includes Linux servers, keep a watchful eye out for the new Panchan botnet.

It first appeared in the wilds on March of this year (2022) and its main focus seems to be targeting Linux servers in the education sector and enslaving them to mine for cryptocurrency.

Panchan has several wormlike features that allow it to replicate quickly and spread laterally once it gets inside a network.  Additionally, the hackers behind the botnet have given it a raft of detection avoidance capabilities. That includes the fact that it uses memory-mapped miners and dynamic detection capabilities that allows it to stop all mining operations automatically if it detects that anomalous activities are being scanned for.

Panchan was written in Golang, which is both versatile and powerful.  Once it infects a target network, it creates a hidden folder inside itself under the name “xinetd.”

Once that’s done, it initiates an HTTPS POST operation to allow it to communicate with Discord, which is likely how the hackers monitor their new victim.

In terms of communicating back to its command-and-control server, Panchan utilizes port 1919 and note that these communications are not encrypted.

Researchers at Akamai first discovered this new threat and have mapped out its spread to this point.  They have discovered 209 compromised systems with more than 40 currently active infections.  The USA seems to be the botnet’s primary target with China as a distant second. Russia, Japan, India, and Brazil account for most of the rest.

Although the education sector seems to be the group’s primary focus for now, anyone running a Linux server should consider themselves at risk.  While this botnet isn’t as damaging as some, it is nonetheless a threat to be avoided.

0
1 2 3 4 5 6 43