This week was a busy one for fighting Malware and Ransomware
here at the old Digital Sweatshop. Two
local businesses were seriously infected with malware and another dodged a
bullet when our techs were able to abort an infection before it took root when
the user called us before opening an attachment. Socially engineered e-mail attacks similar to
those we’ve listed below are proliferating and we strongly recommend that you
stress security training in your staff training plans. Also watch for our upcoming free webinar “Web
Security for the Workplace” coming in May.
More details will be forthcoming in future Security Alerts.
Beware of malicious
"Internal ONLY" emails
Hackers are trying to trick users into downloading malware
by sending out fake emails impersonating domain administrators.
The email, with "Internal ONLY" in the subject line, prompts
recipients to follow a link to an encrypted message:
A new Java-based, multi-platform remote access Trojan (RAT) called AlienSpy is being used to target both consumers and enterprise users. AlienSpy is a Java-based RAT (Remote Access Trojan).
AlienSpy is capable of collecting system information, uploading and executing additional malware and surreptitiously captures audio and video via the computer's webcam and microphone, steals passwords stored in browsers, performs keylogging and, of course, it allows attackers to access the infected computer remotely.
This malware is able to deactivate a number of AV and security tools, as well as to detect sandboxes. It actually uses encryption to mask it’s communication with the hackers C&C server.
AlienSpy is delivered via unsolicited emails notifying the recipients about payment and Swift details, order details, remittance errors, etc. The malware is in the attachment, which is usually an archive file (.zip or .jar).
New CryptVault ransomware "quarantines" files and downloads an info-stealer
If one malware threat in an email wasn’t bad enough, now hackers are hitting potential victims with a Twofer! Trend Micro researchers have found a new version of crypto-ransomware. It’s called CryptVault and encrypts files, makes them look like files quarantined by an AV solution, asks for a ransom and then downloads info-stealer malware as a bonus.
It arrives on targeted computers after the user is tricked into downloading and running a malicious attachment. It targets popular file types, mostly document, image, and database files.
After
encryption, the malware will display a ransom note when opened like this.
If that isn’t bad enough, the ransomware also
downloads and executes Browser Password Dump, a hacking tool capable of
extracting passwords stored by a number of popular web browsers, which are then
sent to the C&C server controlled by the attackers.
Emerging Trends in the threat landscapeSecurity researchers report that hackers are dramatically expanding their use of ransomware variants in their exploits. Here are some of the trends we’ve seen cyber-criminals use for their crypto-ransomware attacks:
More file types or extensions are being targeted, in order to cast a wider net of victims.
- CryptoLocker’s notoriety continues to live on—most new crypto-ransomware use CryptoLocker name to heighten the threat of loss by drawing on the reputation of its predecessor.
- Volume shadow copies are now being deleted to prevent file restoration. Shadow Copy is a Windows feature that takes manual and automatic copies of computer files and volumes. Deleting shadow copies places the victims at the mercy of the cybercriminals.
- Crypto-ransomware has gone “freemium.” Decrypting a few files for free might convince victims that they can still recover their encrypted files.
Security Evolution and Vigilance
These kinds of threat improvements are reasons why users should always be vigilant in protecting their devices and their files.
Safety awareness training can go a long way to reduce your vulnerability to these threats. For example, never open emails from unknown or unverified senders. It sounds so obvious but users fall victim to the tricks these hackers use all the time! Users can first check the reputation of websites before visiting them. When it comes to dealing with unknown or unverified emails, files, or websites, it’s better to err on the side of caution than risk infection. Lastly, we cannot stress the importance of using security solutions for devices, which can block all forms of threats.
Victims who find their files held ransom might be tempted to pay the fee in order to get their files. However, there is no guarantee that the cybercriminals will hold their end of the bargain. Users who pay the fee might just end up without any files or money.
Users can help prevent such instances by regularly backing up their systems and verifying that those backups work and periodically testing the restore function of those backups. The recommended rule for backup best practices is the “3-2-1” Rule: keep at least three copies of your data in two different formats, with one of those copies stored off-site.
These kinds of threat improvements are reasons why users should always be vigilant in protecting their devices and their files.
Safety awareness training can go a long way to reduce your vulnerability to these threats. For example, never open emails from unknown or unverified senders. It sounds so obvious but users fall victim to the tricks these hackers use all the time! Users can first check the reputation of websites before visiting them. When it comes to dealing with unknown or unverified emails, files, or websites, it’s better to err on the side of caution than risk infection. Lastly, we cannot stress the importance of using security solutions for devices, which can block all forms of threats.
Victims who find their files held ransom might be tempted to pay the fee in order to get their files. However, there is no guarantee that the cybercriminals will hold their end of the bargain. Users who pay the fee might just end up without any files or money.
Users can help prevent such instances by regularly backing up their systems and verifying that those backups work and periodically testing the restore function of those backups. The recommended rule for backup best practices is the “3-2-1” Rule: keep at least three copies of your data in two different formats, with one of those copies stored off-site.
Watch out for web sites that prompt you to download Adobe Flash
Updates
A malware, detected as TROJ_VICEPASS.A,
pretends to be an Adobe Flash update. Once executed, it attempts to connect to your
router or firewall to search for connected devices. It tries to connect to the
devices to get information. If successful, it will send the information to a
command-and-control (C&C) server and deletes itself from the computer.
Never let an unknown web site “update”
your Flash Player, Java, Acrobat or other utilities! Always update those types of files by going
directly to the publisher’s site for updates.
E-mail Spoofing Flaw Found on Google Apps Admin Console
Researchers have identified a security
issue in the Google Apps Admin console that can be exploited to claim any
domain and use it to send out spoofed emails.
Thanks,
Jeff Hoffman and your friends at ACT Network SolutionsSecurity, Data Protection and Network Management are our specialties
Delivering Innovative IT Solutions for over 26 years
No comments:
Post a Comment