How Botnets Infect Your Computers

How Botnets Infect Your Computers

The increase of IoT devices and their lack of security is giving rise to several cyber threats, including botnets. Botnets not only target corporate devices but infect home IoT devices like security cameras. One of the largest botnet attacks was the Mirai botnet attack in 2016. Hackers managed to infect 500,000 devices and used them to engage in DDoS attacks which shutdown services like Spotify and Netflix.

Although the attack happened in 2016, Mirai botnet (as well as other botnets) is still active today. A report by Fortinet found that Mirai was one of the most active botnets in the second quarter of 2018.

Source: Spamhaus Botnet Threat Report 2019

What is a Botnet?

A botnet is a network of IoT devices that have been infected with malware and are controlled by hackers. Hacker control networks of infected devices by having them communicate using peer-to-peer networks or through a command and control (C&C) server.

How Do Botnets Work?

Hackers start creating botnets by first infecting as many devices as possible. This is done through spreading malware via malicious email attachments, pop up ads or downloads. Some botnets can self propagate and scan for vulnerable devices to infect automatically.

Once a device is infected, hackers will try to control the devices. They can either use a peer-to-peer connection where infected devices share communication with other infected devices or connect the device to a C&C server. The C&C server is where hackers relay instructions to control the infected devices. Hackers often spread C&C servers throughout the world so they’re more difficult to find and bring down.

Being able to control hundreds of thousands of computers all at once allows hackers to engage in large scale attacks. Examples of malicious activities botnets can carry out include DDoS attacks, send out viruses, steal data and more. Botnets can be hard to detect because they don’t use a large amount of computing power, meaning they can infect devices for years.

How to Protect Against Botnets

Since botnets are hard to detect, preventing your device from being infected is critical. Here are three things you can do to defend against botnets.

1. Employ advanced protection: Integrating advanced security solutions like those from our security solutions package (Secure IT) can help protect against botnet infections. Using a combination of antivirus, endpoint protection, SIEM and firewalls will provide multiple layers of defense and reduce opportunities for hackers to infect your systems.

2. Patch and update regularly: Using legacy systems or failing to update your software and hardware can leave you vulnerable to attacks. It’s important to make sure that your systems, applications and browsers are always updated to the latest version. Patching against these security vulnerabilities can prevent hackers from using known exploits and infecting your devices.

3. Isolate infected machines: Detecting and removing infected machines from your network helps prevent the threat from spreading to other devices. As soon as an infected computer is discovered, it’s important to disconnect the device right away. Once you’ve isolated the infected machine, you need to clean the machine and remove the malware. If a computer is not cleaned up properly after an infection, it can become reinfected.

Threats of the Week – June 24, 2019

Threats of the Week – June 24, 2019

Plurox Malware

A new strain of malware has been spotted in the wild by the Kaspersky security team. Named Plurox, this new malware is a cut above the usual malware strains security researchers encounter on a daily basis.

According to Kaspersky, Plurox, despite being in early testing, has some pretty advanced features and can act as a backdoor into infected enterprise networks, can spread laterally to compromise even more systems, and can mine cryptocurrencies using one of eight different plugins.

In other words, the malware can work as a backdoor trojan, a self-spreading virus, and a crypto-miner, all at the same time.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Plurox malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-11708

Mozilla Firefox has announced security updates for Firefox and Firefox ESR.

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user’s computer.

Source: Mozilla

How do you protect yourself?

Security vulnerabilities are fixed in Firefox 67.0.4 and Firefox ESR 60.7.2. Ensure your browser is up to date.

Ryuk Ransomware

A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted.

With this new variant, the ransomware will check the output of arp -a for particular IP address strings, and if they are found, will not encrypt the computer.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

4 Ways Legacy Systems Challenge Security

4 Ways Legacy Systems Challenge Security

As technology continues to upgrade and change, many systems that are currently in place in organizations tend to become outdated.

For example, Microsoft recently announced that Windows Server 2008 and SQL Server 2008 will be reaching end-of support. This means that Microsoft will no longer be updating and patching security vulnerabilities to these products.

When manufacturers make these announcements, it means that organizations that continue to use outdated systems are using what’s considered to be legacy systems. It’s ultimately up to an organization as to whether or not they want to upgrade their systems but using legacy systems can present several security challenges.

Source: Accenture

Why are legacy systems being used?

It seems like as technology advances, companies should be updating alongside with it to better serve customers and remain competitive. However, there are several reasons why companies would continue to use legacy systems. It can be tough for a business to upgrade their systems, especially when their operations are tailored around them. This can affect data as it can be lost or corrupted. Some companies may not want to update due to the high costs of their current systems not being amortized. As a result, legacy systems can be seen in several industries, opening them up to several security risks.

4 Ways Legacy Systems Are Security Risks

1. Security vulnerabilities: Legacy systems are vulnerable to cyber attacks. When manufacturers end support for their systems, it means they stop updating any security vulnerabilities too. This means that hackers can exploit unpatched vulnerabilities and gain access to your systems. These systems may also lack updated security features necessary to protect data and/or may not support new security software.

2. Lack of talent resources: IT professionals are constantly updating their skills and knowledge so that they can support the latest platforms. As a result, the talent pool of knowledge for legacy systems grows smaller. This can make it harder for you to find the right people to help support your systems. Since legacy systems require more work to maintain, it’s important you have the right experts looking after these systems.

3. Data loss: Legacy systems may not always be compatible with new apps or software, leading to data silos. Research by Snaplogic found that 41% of organizations have critical company data is trapped in legacy systems that cannot be accessed or linked to cloud services, costing organizations approximately $140 million. This can lead to organizations forgetting about data in these systems and system administrators may fail to backup the data or implement necessary security controls to protect it.

4. Compliance issues: Legacy systems put organizations at risk to cyber attacks which can lead to compliance risks. Countries all over the world have implemented privacy standards like GDPR and PIPEDA in response to protecting personal identifiable information. Failing to comply with these standards can lead to penalties and fines if you experience a data breach.

If you are unsure about the security of your legacy systems or have questions about upgrading, contact an expert at Jolera today.

Threats of the Week – June 24, 2019

Threats of the Week – June 17, 2019

IPStorm Malware

A new malware campaign aimed at Windows machines features a novel technique to control the resulting botnet, with the group behind it hiding their communications using a P2P network.

It’s not known who the author of IPStorm is or where they are operating from, but the malware has a ‘reverse shell’ functionality that can allow hackers to execute any arbitrary PowerShell code on the infected machine.

What’s interesting about the malware, according to researchers at cybersecurity firm Anomali, is that it is the first malware found in the wild that is using IPFS’ p2p network for its command and control communication. By using a legitimate p2p network, the malware can hide its network traffic among legitimate p2p network traffic.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against IPStorm malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-7845

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player versions 32.0.0.192  and earlier. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

Source: Adobe

How do you protect yourself?

Ensure Adobe Flash Player is updated with the latest version (Version 32.0.0.207).

Buran Ransomware

The RIG exploit kit is now infecting victim’s computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.

While there are some minor changes in the new Buran variant, the encryption process for the most part appears to be the same as the one distributed in Russia.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Buran ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

How Hackers Use Social Media to Target Your Employees

How Hackers Use Social Media to Target Your Employees

Social media is a gold mine for data because so many people use it. About 94% of Canadian internet users have at least one social media account, according to research from the Social Media Lab at Ryerson University. This means your employees are most likely on social networking sites. By simply looking up a company on LinkedIn, hackers can find out who their employees are. From there, they can do more research and find other social media accounts they have. Hackers can use information gleamed from social networking sites to engage in social media profiling and find ways to target your employees with attacks.

Source: Weber Shandwick

What is Social Media Profiling?

People share a lot on social media, from their interests the company they work for and even where they currently are. All this data is blueprint of who you are and can be used to create a profile. Social media profiling is commonly used in marketing. Marketers often build profiles of potential clients and use them to refine their marketing strategies. But just as marketers look through data to see how to get consumers to buy items, hackers can use social media data to see what will entice someone to click on a phishing link and spread malware.

How Social Media Can Be Exploited

Sharing on social media is so ingrained in our culture that we often don’t think about the impacts our posts can have. In fact, these platforms consistently encourage us to share ideas, videos and photos with others. Unfortunately, this can lead people to take social media data and use it maliciously. Here are three ways hackers can target you based on your social media posts.

1. Social engineering: Social media makes it easier for hackers to manipulate potential victims by impersonating friends, family, brands, or celebrities. It can be hard to determine a fake account because hackers can steal photos of real people and use them to seem legitimate.

2. Passwords: Hackers can guess your passwords or the answers to your security questions based on information from your social media accounts. People often use pop culture characters or sports teams as part of their passwords. If you constantly tweet about a sports team or like a Star Wars page on Facebook, hackers can use this information and engage in password spray attacks. If you happen to use an insecure password, this can give hackers access to your accounts.

3. Phishing: Social media makes it easier for hackers to craft phishing emails that you will most likely click on. For example, if you tweet about a Netflix show, chances are you have an account. Hackers can look at this and use this information to send a phishing email related to your Netflix account.

Using Social Media Safely

Social media is a fun tool for your employees to collaborate and unwind. It’s important that your employees use social media safely to help protect their data and your company. Here are three tips for using social media safely.

1. Train employees: Employees should undergo mandatory security training every year so that they are aware of the ever changing cyber risks they can experience while online. Cyber crime is a threat that can impact them in both their personal and professional lives. Enrolling employees in a cyber awareness training course like Secure IT – Training will help them understand the threat landscape and encourage them to build good cybersecurity habits that will protect them from these threats.

2. Be cautious: It’s important to use social media with caution when posting on your accounts and when deciding who to allow into your networks. Tweeting that your boss is away may seem innocent but a hacker can use this information to commit CEO fraud. It’s also important to use caution when accepting random friend requests or connections on LinkedIn. By letting strangers into your network, you open yourself up to the risk of your information being used for malicious purposes. Be wary when responding to messages and don’t click on links or download any attachments.

3. Protect your endpoints: It’s important to have endpoint security to protect your laptops, desktops and mobile devices. Some people use social media as part of their job but even those who don’t may be on social networking sites while at work. Using an endpoint solution like Secure IT – Endpoint will help prevent threats and improve your security posture.   

Threats of the Week – June 24, 2019

Threats of the Week – June 10, 2019

BlackSquid Malware

A new form of malware has emerged from the depths to attack web servers with a barrage of exploits designed to land illicit cryptocurrency miners.

The overall aim is to compromise web servers, network drives, and removable storage to install XMRig, a Monero cryptocurrency miner script, on target machines.

In addition, BlackSquid is capable of brute-force attacks, anti-virtualization, anti-debugging, and anti-sandboxing techniques, as well as worm-like propagation capabilities.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against BlackSquid malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-2093

Android has released its monthly security bulletin. The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Source: Android

How do you protect yourself?

Ensure your Android is updated with the latest version.

Maze Ransomware

A variant of the Maze Ransomware, otherwise known as the ChaCha Ransomware, has been spotted being distributed by the Fallout exploit kit. An interesting feature of this ransomware is that it says the ransom amount will be different depending on whether the victim is a home computer, server, or workstation.

An interesting feature of this ransomware is that it will try and detect whether the computer is a home computer, workstation, domain controller, server, etc and then states it changes the ransom amounts accordingly.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Maze ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

3 Ways Shadow IT Is Putting You at Risk

3 Ways Shadow IT Is Putting You at Risk

With the increase of consumer cloud apps like Dropbox and the use of social messaging apps, employees may feel more comfortable using these services to collaborate and work. The concept of BYOD also gives employees more choice in what they use for business purposes. However, the use of these unauthorized services can lead to shadow IT and become a security risk.  Gartner estimates that by 2020, one-third of successful attacks experienced by enterprises will be on data located in shadow IT resources.

shadow it

Source: NTT Communications

What is Shadow IT?

Shadow IT refers to any IT systems, devices, software or applications that are used by employees but are not managed by an organization’s IT team. Such examples can include an employee sharing files via Google Drive or customers connecting to your guest network.

Shadow IT can have benefits such as increasing productivity and making work more efficient for workers. However, it can also lead to security gaps.

Shadow IT as a Security Risk

Using shadow IT may seem harmless but can end up putting data at risk. Most shadow IT isn’t supported with the security functions or standards that are present in those that are managed by your IT team. And if the IT department isn’t aware of them, they can’t take the steps to make sure they’re secured. Here are three examples of how shadow IT acts as a risk.

1. Data loss: When using unauthorized software, there’s always risk of data loss. This can occur to due to a variety of ways, such as accidentally installing malware or not using a secure password. Data on shadow IT may not also be backed up with your usual backups.

2. Unpatched vulnerabilities: Software vendors are constantly releasing security patches to update the latest vulnerabilities. It’s usually the job of the IT department to ensure that these patches are installed in a timely manner. When using shadow IT, there’s a risk of unpatched vulnerabilities residing in your network. These can be exploited by hackers and used to steal data or cripple your network.

3. Compliance risks: Data being transmitted through unauthorized channels can make it harder for organizations to comply with regulations like GDPR. Shadow IT makes it harder for companies to keep track of the systems and software being used. This puts personal identifiable information at risk and can lead to regulatory fines.

3 Ways to Manage Shadow IT

Shadow IT can be complex to manage as it has both pros and cons for an organization. Policing what employees can and cannot use can lead them to feel restricted and frustrated. On the other hand, letting employees use third party software or apps can be a security risk. Here are three tips to handle shadow IT.

1. Monitor your network

In order to detect shadow IT, you need to continuously monitor your network for new or unknown devices and suspicious activity. One way to monitor for shadow IT is to use an advanced detection system like Secure IT SIEM. Secure IT SIEM will analyze data from your devices, correlate the information and produce log data, which we provide in a monthly report. Based on this data, you can identify whether external applications are being used and how often data is being uploaded and downloaded. This will help you gain visibility into your network.

2. Prioritize your risks

It’s important your employees understand the risks of using shadow IT by ensuring that controls are in place for the services with the highest risks to your network. Using measures that are already in your network like firewalls can help reduce risk by blocking access to unauthorized services. Inform employees about why you’ve blocked the certain application so that they understand the risks of using shadow IT.

3, Ensure your IT works for your business

Your IT infrastructure is an integral part of your business and should work in tandem with your overall operations. If your employees are turning to shadow IT, it may be because current IT services aren’t allowing them to work effectively enough. Make sure the software and hardware you are using works for your business. Partnering with a service provider like Jolera can help you optimize your infrastructure to meet your business needs.

Threats of the Week – June 24, 2019

Threats of the Week – June 3, 2019

HawkEye Keylogger

Attackers have been observed targeting businesses on a worldwide scale during the last two months with the HawkEye keylogger malware according to a report from IBM X-Force.

As part of the April and May malicious campaigns which focused on business users, attackers used malspam emails to target organizations from numerous industry sectors like “transportation and logistics, healthcare, import and export, marketing, agriculture, and others.”

“HawkEye is designed to steal information from infected devices, but it can also be used as a loader, leveraging its botnets to fetch other malware into the device as a service for third-party cybercrime actors,” says IBM X-Force’s research team.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against HawkEye Keylogger and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-12329

According to the researcher’s proof-of-concept, the bug works by spoofing DuckDuckGo’s privacy browser’s omnibar. The exploit works with the help of a specially crafted JavaScript page which utilizes the setInterval function, needed to reload an URL every 10 to 50 ms.

The vulnerability can be exploited in URL spoofing attacks where the URL displayed in the address bar is changed to trick users into believing the website they’re visiting is legitimate and not controller by attackers.

Source: SensorsTechForum

How do you protect yourself?

DuckDuckGo’s security team concluded that the flaw doesn’t need a fix as it ‘doesn’t seem to be a serious issue’ and marked the bug as informative.

Sodinokibi Ransomware

Recent variants of Sodinokibi accounted for scaling issues as the ransomware family steadily moves to target large enterprises.

According to Coveware, some of the most recent samples of Sodinokibi used an encryption process that created multiple victim ID profiles and encrypted file extensions and corresponding Tor pages where victims could receive payment instructions.

Source: Security Intelligence

How do you protect yourself?

Proper security measures must be in place to defend against Sodinokibi Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

3 Types of Backup and How to Store Your Data

3 Types of Backup and How to Store Your Data

Protecting your data is vital to your business, which is why it’s important to back your data up. There are several risks to your data, such as accidental deletion, physical disasters or ransomware. According to Verizon’s 2019 Data Breach Investigations Report, ransomware is the second biggest malware threat and accounted for 24% of malware-related breaches. By not backing up your data, you risk losing it forever. Backing up your data ensures that you have a copy of your important files so that they can be accessed in case of emergency. It’s important to backup your data regularly to ensure you have the latest files saved.

Source: Clutch

The best way to backup your data will depend on the size of your business and your needs. When considering your backup plan, it’s important to think about the types of backup that will work for your business and where you want to store the backed up data.

Types of Backup

Choosing the right type of backup is vital for your business backup strategy. There are three common types of backup.

Full backup

Full backup is considered to be the basic type of backup for businesses. As the name implies, it is a full copy of all the files and folders chosen to be backed up. Due to the large amounts of data full backup involves, it takes longer to create and takes up more space.

Incremental Backup

Incremental backup refers to backing up the files that have changed since the most recent backup. An incremental backup will make sure that only the newest files or latest version of files are backed up. This requires less storage than a full backup since it is only backing up data in increments.

Differential Backup

Differential backup is similar to incremental backup in that it also backups copies of new or updated files. However, this backup model will also copy the files created since the original backup.

Ways to Backup Data

Once you decide what type of backup strategy is necessary for your business, you need to choose where to store your backups. Here are three ways you can backup your data.

Cloud Storage

Cloud storage solutions like Store IT – Cloud Backup store data on virtual machines that reside in the cloud. Data is easily accessible via internet and allows data to be saved offsite. This eliminates the need for a physical onsite appliance and enables access from anywhere. The biggest advantage to cloud storage is the ability to scale up and down depending on business needs. Since the cloud relies on the internet, it’s important that all data in the cloud is encrypted and secured from hackers.

On Premises

On-premises storage refers to local storage within an organization’s site. Data is usually stored on a physical device in house. Organizations may prefer to use on-premises storage because it allows for immediate access of data. However, in the event of a disaster (such as a flood or fire), the onsite storage system can be destroyed. It can also be more costly due to having to manage the onsite appliance as well as having to upgrade if more storage space is needed.

Hybrid

Hybrid cloud storage is an approach that combines local and offsite storage. Hybrid storage uses a combination of public clouds (like AWS or Azure), on premises computing and private clouds. This option offers flexibility by allowing workloads to shift between the options as demands and needs change. Our Store IT – Hybrid Backup combines a purpose-built onsite backup appliance and secure replication to the cloud.

To find out more about what backup option is best for your business, contact us for more information.

Threats of the Week – June 24, 2019

Threats of the Week – May 27, 2019

Babylon RAT

 

 

Researchers spotted a phishing campaign delivering a multi-feature, open-source remote administration tool known as Babylon RAT.

Cofense observed that the Babylon RAT samples distributed in this campaign were written in C# and came with an administration panel written in C++. This control feature allows the malware to manage multiple server configuration options around port numbers, network keys for authentication and IP versions. Together, these features enable digital attackers to customize the malware according to their needs.

A deeper analysis of the campaign revealed that the initial command-and-control (C&C) server connection that was made after execution came hardcoded in the binary.

Source: Security Intelligence

How do you protect yourself?

Proper security measures must be in place to defend against Babylon RAT and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-9815

 

 

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads.

Note: users need to update to macOS 10.14.5 in order to take advantage of this change.

Source: Mozilla

How do you protect yourself?

Update to Firefox 67.

 

Satan Ransomware

 

 

First observed in early 2017, the malware has received constant updates to more effectively compromise machines and maximize the attackers’ profits. One of the observed campaigns, Fortinet’s security researchers note, also employed a cryptominer.

Satan is targeting both Linux and Windows machines and attempts to propagate by exploiting a large number of vulnerabilities.

Depending on the campaign, the initial spreader can propagate either via private networks only or through both private and public networks. The Windows component of the ransomware still employs the EternalBlue exploit from the NSA-linked Equation Group.

Source: Security Week

How do you protect yourself?

Proper security measures must be in place to defend against Satan Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.