Tag Archives: Microsoft

Posted on Author Atlantic Computer Services Categories Blog

New Phishing Attack Delivers Three Types Of Malware To Victims

Phishing campaigns get more effective the more closely they can imitate a trusted source.  Recently, security researchers at Fortinet discovered evidence of a phishing campaign that specifically targets Microsoft Windows users and installs three different types of malware on the systems it manages to infect.

Among other things, this campaign gives the hackers behind it the ability to steal usernames, passwords, banking details, and more. That is in addition to leveraging the infected system to secretly mine for cryptocurrency, which finds its way into a wallet controlled by the hackers.

To lure victims into infecting themselves, the Phishing campaign’s contact emails are all designed to appear as a payment report from a legitimate trusted source, which contains an attached Microsoft Excel document. It is conveniently included for the recipient’s review. Naturally, anyone opening the attached document dooms themselves, as it is poisoned and contains scripts designed to install malicious payloads in the background.

Phishing campaigns remain one of the most popular infection methods in the hacking world.  They tend to gravitate to those techniques that work and require relatively little in the way of effort.

Phishing fits that bill perfectly.  It’s usually a trivial matter to create an email that’s virtually identical to one you might get from a trusted source, and hackers have been poisoning Microsoft Excel files since the earliest days of the internet.

As ever, the best defense against these types of attacks is vigilance and mindfulness.  A quick phone call to the trusted source that supposedly sent you the email communication is almost always enough to verify whether it is real. Shockingly, few users take this step.

In a similar vein, clicking on embedded links in an email or downloading files should be done with a healthy dose of caution. That includes another phone call to the trusted source to be sure they did in fact send you something.

Unfortunately, that’s a lot easier to teach than it is to implement, as employees don’t have a good track record with either of those things.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Warns New Sysrv Botnet Variant Is Dangerous

Security researchers employed by Microsoft have recently spotted a variant of the Sysrv botnet.  They have dubbed the new variant Sysrv-K.

This new variant works in two ways.  First, it exploits a flaw in the Spring Cloud Gateway that allows remote code execution (tracked as CVE-2022-22947). Second, the botnet scans the web for WordPress plugins with older, unpatched vulnerabilities.

Of significance, this variant of the botnet can take control of web servers, which makes it dangerous indeed.

Additionally, Sysrv-K contains new features that the original Sysrv botnet lacked. These include exploits for six different Remote Code Execution vulnerabilities that target the ThinkPHP framework, Drupal CMS, the VMware products XML-RPC, XXL-Job, SaltStack, as well as MongoDB’s Mongo Express admin interface.

Microsoft’s researchers had this to say about their recent discovery:

“A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and their backups to retrieve database credentials, which it uses to gain control of the web server. Sysvr-K has updated communication capabilities, including the ability to use a Telegram bot.

Like older variants, Sysrv-K scans for SSH keys, IP addresses, and host names, and then attempts to connect to other systems in the network via SSH to deploy copies of itself. This could put the rest of the network at risk of becoming part of the Sysrv-K botnet.”

Sysrv-K constitutes a significant threat if you rely on any of the code mentioned above.  Be sure your IT Security staff is aware of this new threat so they can prepare for and guard against it.

Sadly, one thing we know for sure about 2022 is that this won’t be the last serious threat we are forced to bring to your attention in a bid to shed light on the latest activities in the hacking world.  Stay vigilant out there.

0
Posted on Author Atlantic Computer Services Categories Blog

Windows 11 May Release New Feature For Copying Information

If you’re a member of the Windows Insiders group, then you are likely already aware of this. If not, here’s something else to look forward to when Windows 11 is formally released.  Microsoft has been experimenting with a new “Suggested Actions” feature when you copy data onto your clipboard.

It all begins with Windows 11 build 22621 in the Beta channel and Build 25115 in the Dev channel. There you’ll see the new feature in action any time you copy something to your clipboard.  A bar will appear with one or more options, contextualized to the information you just copied.

For example, if you just copied a date in a sentence regarding a conference, you might get a bar that allows you to create an event for that data with a single click.  If you copy a phone number, the bar would populate with a button allowing you to place a call to that number with one click or tap and so on.

Currently, the feature is quite limited in its scope, and you only see a “Suggested Action” bar when copying certain types of data. If the feature catches on, it would be easy for Microsoft to expand the idea and potentially to expand it greatly.

At present, Microsoft is actively shopping for feedback about the new feature in the Feedback Hub under Desktop Environment > Suggested action on copy.  If enough people respond favorably to the new feature, it’s almost certain that Microsoft will keep it. If enough people write in with suggestions on what other types of data they’d like to see incorporated into the new system, those will most likely be added.

It’s a small thing but this is one way that the user base can help mold the shape and direction of Windows 11 and we’re very pleased to see it.  Kudos to Microsoft.

0
Posted on Author Atlantic Computer Services Categories Blog

New Method Hides Malware In Windows Event Logs

At least one group of hackers has learned a new trick you need to be aware of.  Security researchers at Kapersky Lab have discovered a malicious campaign-in-progress that is using event logs to store malware. That is a technique that has not been seen or documented until now.

This new methodology is designed for maximum stealth, allowing the threat actor to plant fileless malware in the target device’s file system.

The dropper used in this case makes a copy of the legitimate OS error handling file called “WerFault.exe.”  This is placed in C:WindowsTasks, and then it drops an encrypted binary resource to the wer.dll in the same location, which is used for Windows Error Reporting.

DLL hijacking is something that has been seen before.  It is a move that allows hackers to exploit a legitimate program that isn’t designed with many checks, which allows malicious code to be loaded into memory.

Denis Legezo is the lead security researcher at Kaspersky. Legezo notes that the loader itself is harmless, but the hackers have hidden shellcodes inside the Windows event logs, and that’s what allows it all to function.

Legezo’s team traced the attack back to its origins in September of 2021 when the victim was tricked into downloading a RAR file from the file sharing service File.io.

It’s a scary piece of work. Based on an analysis of the code, it seems clear that the threat actor behind this new technique is highly advanced.

The fear is that the details surrounding this new method will be widely shared on the Dark Web. This would allow other, less technically proficient threat actors to copy it. Given how difficult to detect the method is, it’s likely to become incredibly popular very quickly.

All that to say, if you’re an IT Security Professional, your life is probably about to get a whole lot harder unfortunately.

0
Posted on Author Atlantic Computer Services Categories Blog

Three Big Companies Working On Passwordless Login Options

Ask just about any IT security professional and they will tell you that weak user passwords are one of the biggest problems and most persistent threats to corporate networks.

Despite years of training, re-training, and near-constant reminders to strengthen passwords, users keep making the same mistakes.

They’ll re-use the same password across multiple properties. They may use an incredibly weak and easy to guess password that makes it easy for hackers to break in using simple brute force attacks against their accounts.

If passwords were to simply go away and be replaced by something better, legions of IT security folks would breathe a tremendous sigh of relief.

If Apple, Google, and Microsoft have anything to say about the matter, that is soon to be a reality.  All three companies are hard at work on a variety of passwordless schemes. If their plans remain on track, we’ll get to see the fruits of their labor sometime next year.

The three companies are currently working to implement passwordless FIDO sign-in standards across Android, Chrome, iOS, macOS, Safari, Windows, and Edge.  Taken together, those systems and software packages account for some 90 percent of network traffic today. It won’t be long now before the devices users employ will store a FIDO credential, dubbed a passkey, which is used to unlock your device and access all of your online accounts.

The passkey scheme is substantially more secure than a simple password because it’s protected with powerful cryptography and only shown to your online account when you unlock your device.  Contrast that with passwords, which leave users vulnerable to all manner of phishing schemes and are subject to being weakened by bad habits developed by the users themselves.

All of that is good news but it should be noted that we haven’t seen it in action yet. Even after the Big Three finish their work, there’s still the considerable task of implementing the use of the new passkeys into websites and other applications. It will be a while yet, but the good news is change is coming.

0
1 5 6 7 8 9 49