WhatsApp is one of the world’s most popular messaging applications. With over 2 billion users, WhatsApp is known for its relative security, as it is one of the few messaging applications that offers end-to-end encryption. A modified version of WhatsApp, called YoWhatsApp, has been reportedly deploying malware.
Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.
This past year saw a dangerous 86% increase in the most dangerous types of malware out there, so we want to ask you an important question: are you ready to protect your business from the different types of threats you might encounter? We know a technology solution that might help this mission along, and we want to share it with you today: artificial intelligence.
When we think about cybersecurity, we usually think about protecting our computers from viruses, right?
I’d imagine a few of our older readers remember a time when you would go to the store and buy antivirus software that came in a big brightly-colored box with a CD in it each year.
As you probably already know, things aren’t as simple anymore.
There are countless cybersecurity threats out there, many of which wait until very unfortunate times to strike. One such time is over extended weekends or holiday breaks, when many companies shut down operations longer than the usual two-day weekend. In fact, this is such an issue that the Federal Bureau of Investigation and CISA have issued warnings in response to them.
We know, we know; you’re probably sick of seeing ransomware in headlines, and so are we, but we cannot stress enough how important having an awareness of it is for any business owner. A new study has found that businesses infected by ransomware who choose to pay up experience a different type of fallout--one that is a major cause for concern and a stark reminder that there are no guarantees with ransomware. Ever.
There is an entire litany of stereotypes that are commonly linked to the term “hacker”… too many for us to dig into here, especially since they do little but form a caricature of just one form that today’s cybercriminal can take. Let’s go into the different varieties that are covered nowadays under the blanket term of “hacker,” and the threat that each pose to businesses today.
Chances are, you not only have a smartphone, but that smartphone is also currently within arm’s reach. With these devices playing an increasingly important role in our personal and professional lives, these devices have proven to be a lucrative target for hackers to pursue. This week, our tip is meant to help you spot the warning signs that an application is hiding an attack.
The short, yet devastating, history of ransomware is littered with what amounts to individual horror stories. As you may well know, ransomware, is a particularly devious and potentially devastating strain of malware that, when enacted, locks a computer’s files down so that the user can’t access them. In their stead, a message is relayed that instructs them to contact a third party to pay a ransom for access to the files. This is where the threat gets its name.
If your employees are given an Android device to use for work, or if they bring in their own as a part of BYOD, you may want to pay special attention to what follows.
Hackers continue to innovate and cause trouble for businesses of all industries and sizes. One of the more interesting recent tactics includes utilizing a malicious Twitter account to command a botnet of Android devices to do its bidding. Twitoor is considered to be the first real threat to actively use a social network in this manner, making this a major cause for concern.
Halloween is a time when people of all ages dress up as something spooky that they’re really not. For the scariest of hackers, every day is like a reverse Halloween as they try to scam victims by pretending to be someone safe and trustworthy--a persona that they’re really not. This Halloween, don’t get tricked by the haunted hack!
Botnets are proving to be a difficult hurdle for security professionals, and it’s easy to understand why. Distributed Denial of Service attacks that can knock down servers or services, as well as hordes of remote-controlled zombie computers, are two of the most dangerous ways that hackers use botnets to serve their purposes. What can you do to protect your business from botnets?
Social media is a great way for organizations to share information about their products and services, but while it’s great for those who want to reach a new audience, it’s also exposing you to another audience that you may not want to be familiar with: hackers. Believe it or not, there are hackers who are trying to take advantage of the personal information you share on your social media accounts.
Computing systems are always vulnerable to some obscure hack or another, and researchers are always trying to find ways to shore them up and prevent future attacks. One previously undiscovered hack literally sounds far-fetched. It uses the sounds that your hard drive makes to help a hacker steal data from your machine, including encryption keys designed to keep your data safe and secure.
The threat in question targets the hard drive’s actuator. DiskFiltration looks at the sounds emitted by the actuator as it writes data to the drive’s platters. Granted, the malware needs to be paired with the correct device, which makes the malware a bit trickier to exploit than it sounds.
You can take a deep breath and relax, as this method doesn’t look like it will be an effective attack medium for hackers. DiskFiltration will only work if the recording device is very close (within six feet) of the system. What’s more is that it needs to be near it for an extended period of time. The data rate caps out at 180 bits each minute, so the longer the device has to be sitting around, the higher the chances of someone finding the device and foiling the plan. Another huge problem for DiskFiltration is that it only works with hard disk drives. Solid state drives don’t make sounds that the malware can filter through, and besides, SSDs are better than hard disk storage anyway.
If you’re worried about DiskFiltration, here are two ways that you can keep silent about your data.
Encourage Employees to keep Inventory of their Desktops
The physical part of DiskFiltration needs to be very close, so it’s possible that your employees might spot something out of place on their desk. Ask them to stay vigilant when it comes to their workspace, as there are plenty of other threats out there that utilize unfamiliar devices (like USB drives). Educate them on the fact that threats come not just from the Internet, but from other hardware as well.
Upgrade Your Hardware to Solid State Drives
Since SSDs don’t make much noise, DiskFiltration becomes pointless. In general, SSD can improve the way that your business functions, as it’s more stable than the hardware used within a hard disk drive. You can’t go wrong with SSD, as it will help your business in the long run and keep developing threats like DiskFiltration at bay.
To learn more about the latest threats and how to combat them, subscribe to our blog.
The branch of malware known as Ghost Push now has a new component, Gooligan, and it certainly lives up to its name. Google was struck by an attack that infected over one million Android users, with over 13,000 additional devices adding to that total on a daily basis.
Gooligan is able to steal the authentication tokens that are required to access data contained in many of Google’s popular offerings, including Drive, Docs, Gmail, and the G Suite.
However, it would seem that, instead of extracting personally identifiable information, the culprits have elected to install malicious Google Play apps to generate fraudulent ad revenue. Reports have said that this modus operandi nets the attackers about $320,000 every month, and that Gooligan may be the biggest recorded breach of Android devices, ever.
This makes it all the more fortunate that Gooligan has, as of yet, shown no signs of stealing any of the data it could potentially have accessed. Google has even gone on record in their belief that, “The motivation… is to promote apps, not steal information.”
While Google has since removed the apps that include Gooligan from the Play Store, there could potentially be countless more similar threats, lurking in wait of their next victim. This means that, should your employees be able to access the Play Store on their work devices, your business could be a potential victim.
Therefore, every member of a business should be informed of the seriousness of clicking around mindlessly when using a business device. Institute a policy of only allowing business-related apps on company devices, and require any BYOD devices to be thoroughly vetted by IT.
Do you have a plan to prevent unauthorized applications from appearing on company devices? Let us know in the comments!
You might take extreme measures to keep your business’s devices from contracting the odd virus or malware, but what if all of your efforts are for nothing? You could have the greatest preventative solutions out there, but you can still get infected by some nasty threats, the reason being that the device was infected before you even started using it. You might be surprised by how often this happens, even to wary business owners.
On June 12th, the U.S. Department of Homeland Security issued a warning to power grid operators and electric utilities concerning a newly surfaced malware called CrashOverride (aka Industroyer). Only, it’s not entirely new. The world has seen this before and the fallout from it is concerning.
The warning comes from the Computer Emergency Readiness Team’s (CERT’s) National Cybersecurity and Communications Integration Center (NCCIC). In it, public reports from ESET and Dragos reported “a new highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine.”
You may recall a similar incident hitting the news not too long ago when workers at a Ukrainian power distribution center watched helplessly as hackers took control of their computers, and used them to shut down heat and power for over 230,000 citizens. Though the power wasn’t out for very long (somewhere between one-to-six hours, depending on location), the control centers are still suffering from the attacks several months later. In addition to turning off the power, hackers also overwrote crucial firmware, which left 16 substations unresponsive to remote commands. This is the first confirmed instance of hackers successfully taking down a power grid, and it’s thought that these hackers were very meticulous and sophisticated in the execution of this attack.
Last year, the FBI began a campaign to raise awareness of the potential issue by briefing electrical power companies of the risk. Although, the possibility of such an attack hitting the United States was deemed improbable. Thankfully, there is currently no evidence to suggest that this malware has affected critical infrastructure in the U.S., but the recent CERT warning suggests that such an attack has grown more probable. This risk is due to CrashOverride having the potential to be modified to target vulnerabilities in U.S. critical information network and systems via the malware’s tactics, techniques, and procedures (TTPs).
To give you an idea of how dangerous the malware is, the Dragos report links the malware to the group responsible for Sandworm, a wicked zero-day vulnerability that executed code within affected systems by opening a backdoor for later access. This threat utilizes phishing attacks and has the ability to spread between networks with the goal of disrupting systems and stealing sensitive information.
In the CERT warning, the recommended way to handle CrashOverride is for utility companies to take a proactive stance when it comes to cybersecurity. This includes implementing techniques for providing and identifying malware. In truth, this is the same approach to cybersecurity that we recommend for all businesses, regardless of industry, size or location. As the sophistication of cybercrime continues to develop, properly monitored and maintained networks are a company's first line of defense. Contact us today to learn more about network security and best practices.
A new malware swept across the globe Tuesday, incorporating facets of many ransomwares that have made headlines recently. While it originally appeared to be a variant of the Petya ransomware, it has been determined that it shares more in common with WannaCry. However, “NotPetya,” as it has been named, has a few additional features that experts say make it worse than either of its predecessors.
Why NotPetya Isn’t Really a Ransomware
The first clue that researchers had that NotPetya had a different motivation was the fact that the ransom only demanded the Bitcoin equivalent of $300. Secondly, the only means of getting the decryption key was to send an email to an address hosted by German email provider Posteo. Despite the lack of preparation the payment method appeared to have, NotPetya itself was clearly designed to be able to infiltrate as many networks as possible and do maximum damage once inside.
A Hybrid Hacking Attack
Since the attack commenced, researchers have ascertained that despite its initial similarities with Petya, NotPetya shares many traits with other malicious programs. Like WannaCry, the attack that affected much of Europe, NotPetya leverages EternalBlue. EternalBlue is a National Security Agency hacking tool that targets unpatched systems and steals the passwords that allow administrator access. In addition to EternalBlue, NotPetya also utilizes EternalRomance, another code that was stolen from the NSA.
Once NotPetya has infected one computer, it extracts passwords from its memory or the local filesystem to allow itself to spread--including onto updated and patched Windows 10 systems.
How To Protect Your Files
First off, don’t expect that you can retrieve your files just by paying the ransom. Even if those responsible for NotPetya intended to keep their word and return them once paid, Posteo has shut down the provided email account victims were to receive their keys from. As a result, unless a victim was already following certain best practices, their files are as of yet unrecoverable.
However, this does not mean that everyone is vulnerable to this attack. Before the EternalBlue and EternalRomance exploits were distributed on the dark web, Microsoft had already released patches for the vulnerabilities. However, if these patches were not applied, a user’s systems were (and are) still vulnerable.
The best method to avoid infection from this kind of attack is to ensure your users understand the importance of cyber security efforts, and that all of your business’ systems are reinforced against the latest threats by keeping your defenses up-to-date.
Furthermore, even an infected user is not without hope if they have been backing up their files. If they have done so, all they have to do is disconnect their computer from the Internet, reformat their hard drive and restore their data from their backup solution. However, for this to work, you have to also be sure that your backups are up-to-date, and that your backup is stored in an isolated location, separate from your network.
The Connection, Inc has the experience and expertise to help prevent you from becoming a victim of a malware like this, whether we help you manage your backups or help educate your users to avoid attacks like these in the first place. Give us a call at (732) 291-5938 today.
Ransomware is a tricky piece of malware that locks down the precious files located on a victim’s computer, then (in theory) will return access to them when a ransom has been paid. Depending on the files stored on a victim’s computer, they might simply blow it off and not worry too much about losing access to a couple of pictures or videos--but what if this ransomware threatened to expose your web browsing history?
Mobile? Grab this Article
