Increased Necurs Botnet Activity Means More Malware

Security, ,
26
Jul 2016

serveimage Malware is often forwarded by swarms of infected PCs known as botnets; just recently the Necurs botnet has really ramped up its activity to cause havoc.

The Necurs botnet, which has been active for several months, suddenly went quiet for three weeks, but, on June 22, it was responsible for sending 160 million malicious emails. This is a huge amount of traffic and particularly troubling for businesses.

It’s important that you understand what the Necurs botnet is capable of and how to avoid being swallowed up in its activities, so I’m going to run through how it works.

Understanding a Botnet

First off, we need to understand what a botnet is, so let’s take a look at that.

Although it sounds like a futuristic android, it’s much more contemporary than that. Also known as zombie computers, a botnet is a collection of PCs which have become infected and allowed external users to access them.

In these cases the hackers are looking to exploit these PCs and their bandwidth to carry out all manner of dubious actions. These can range from crippling websites with huge amounts of traffic they can’t cope with (a Distributed Denial of Service Attack) or mass email campaigns containing malicious software.

The botnet ‘army’ is created by exploiting open ports on PCs which allow Trojan viruses to gain access and deliver their payload. The botnet controller then has remote access to many thousands of PC to carry out bigger attacks very quickly.

What Does Necurs Contain?

serveimage

Necurs main operation, at the moment, is to deliver two particularly nasty packages in the form of Locky and Dridex.

Locky is part of an increasingly popular attack known as ransomware. This malicious software is most often sent as an Office document which requests that you enable macros to translate some nonsensical text. Once this request is approved then Locky gets to work by encrypting your personal files and demanding payment to decrypt them.

Dridex is a piece of malware, also activated by Office documents, which looks to cause financial chaos by stealing banking information such as login credentials. It carries this out by monitoring network activity and taking screenshots of user activity.

Protect Yourself From Necurs

serveimage (1)Becoming part of a botnet not only threatens your own security, but also risks the security of millions of other users all over the world. That’s why you need to make sure you’re fully aware of how your PC can become enslaved, so it’s crucial you take the following steps:

  • Ensure you have a firewall which is turned on at all times. This provides a first line of defense which can monitor any unusual network activity on your PCs.

Even if you’re not part of a botnet you still need to remain vigilant due to the emails being sent by infected computers. Both Locky and Dridex can create a lot of trouble for businesses, so it’s vital that you don’t fall foul to their deceptive attachments.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Why Bank Robbers are Going Digital

Security, ,
19
Jul 2016

Digital-MoneyBank robberies have long since put the fear of god into bank tellers, but bank robbers are now turning increasingly towards more sophisticated digital attacks.

Whereas a good old fashioned bank heist would involve shotguns and masks, the contemporary bank robber relies on nothing more than a keyboard and a mischievous sense of ingenuity. And, whilst you would think banks were pretty keen on cyber security, two major banks in Vietnam and Bangladesh have recently fallen victim to cyber hackers.

It’s always important to understand the methods and motivations of hackers, particularly when finances are targeted, so let’s take a look at what’s been happening.

A Digital Crime

The banks that have been attacked recently are Vietnam’s Tien Phong bank and the Bangladesh Bank. Luckily for Tien Phong the attack was intercepted, but the Bangladesh Bank was less lucky and lost close to $81 million.

But how did these attacks happen in the first place? After all, our money is surely safe in a bank, isn’t it? Unfortunately, in this day and age, nothing which involves computerized systems appears to be safe. And, in both of these bank robberies, our old foe malware was responsible yet again.

Hacking the Banks

Security concept: Lock on digital screen

Financial institutions are constantly in communication with one another in order to complete transactions. Naturally, the numbers of transactions that take place in any one day are astronomical, so they rely on the SWIFT network to facilitate all these transfers.

It’s believed that the attackers were able to glean login details for SWIFT from bank officials, but how this occurred is not exactly clear. Unfortunately, due to human error and naivety, login details can easily fall into the wrong hands. Anyway, this entry to the system gave the hackers free reign to conduct a number of lucrative transactions which would swell their own bank accounts.

Malware was then executed within the SWIFT system to alter payment confirmations; the malware’s aim was to cover up the illegal transactions which had been carried out. And the malware, although slightly altered, was the same code used in both Bangladesh and Vietnam.

Tien Phong managed to intercept the hack on their finances as they noticed a number of shady transactions taking place; this allowed them to prevent the fraudulent movement of funds. Bangladesh Bank, however, did not manage to block all the transactions and lost around $81 million – although up to $1 billion worth of illegal transactions were attempted.

Is Your Money Safe

Thankfully, your money is pretty safe within a bank. Even if they do suffer any losses through cyber-crime, it will be the bank who takes the hit and not your personal account. However, it does raise some interesting questions about security.

The complexity of banking systems means that it’s likely an insider was used to help gain access to SWIFT and then understand how to complete the transactions. And SWIFT was compromised far too easily by the hackers, so this indicates a major lapse in the network’s preventative measures.

Hopefully, the banks and SWIFT will move to adopt more cautious approaches to security clearance and protecting their systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Flash Malware Comes Embedded in Office Document

Security,
12
Jul 2016

nine-days-later-flash-zero-day-cve-2016-4117-already-added-to-exploit-kits-504356-3Adobe has suffered another embarrassing attack which exploits their Flash software and this time the malware has been hidden in an Office document.

It seems that almost every week another vulnerability is exposed in Flash, a piece of software which once ruled the internet and powered practically every website worth its salt. However, times change and it’s fair to say that Adobe seem to be constantly fighting to plug the flood of attacks on Flash.

And this recent attack is particularly troubling for businesses as it was delivered in an Office document. Now, you would be hard pushed to find a business which doesn’t handle Office documents, so it’s a good idea you get acquainted with this latest attack.

Flash Gets Attacked (Again)

This latest exploit of a Flash vulnerability (named CVE-2016-4117) was first detected on 8th May 2016. It was an exploit which had not been seen previously, so there were absolutely no patches or fixes in place to prevent the malicious attacks. And this lack of ready-made solutions is why it’s known as a zero day attack.

Once the attackers had identified this exploit, they uploaded their payload onto a web server from where it could be distributed to the whole world. However, for this payload to affect even a single computer, it had to be downloaded to a computer first.

By trading on the naivety of individuals for whom internet security is not a recognized risk, the attackers hid automatic instructions within an Office document which would download the exploit. The simplest way to transmit this malicious code around the world was through email as many users trust the presence of an Office attachment.

However, upon opening the Office document, the automatic code within would be activated and download the exploit from the attackers web server. And, as this code was downloaded, a decoy document would be displayed to prevent detection of any unsavory behavior taking place.

After exploiting this initial vulnerability, the malware would then contact a second web server which could then distribute further instructions. The simplest instruction could be to crash the system resulting in a significant and costly downtime. However, there was also the potential for the attackers to take control of the infected systems and extract data.

Thankfully, for anyone using Flash, Adobe managed to release a fix to the CVE-2016-4117 vulnerability, but this was only after four days of panic. And, believe me, a piece of malware can spread and cause a lot of chaos within four days!

How Many More Attacks Will Flash Absorb?

Exploit-Kit-strikes-again-Attackers-taking-advantage-of-unpatched-Flash-vulnerability_LK-635x333

Attackers currently seem hell bent on using Flash to deliver their nasty payloads and it’s becoming embarrassing for Adobe. Many other software developers – such as Firefox – are now actively preventing the usage of Flash due to the security risks connected to it.

We still have to deal with Flash, though, so vigilance is crucial. And this is why you need to ensure that all your staff is aware of the potential dangers of opening email attachments from unknown sources. Only then will you be able to feel confident that your systems are not going to be compromised.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Phishing Attacks Skyrocket by 250% Between Oct 15 – Mar 16

Security,
05
Jul 2016

phish

Phishing attacks have long been a concern for anyone using computers, but a recent report has highlighted how these attacks have now risen by 250%.

Compiled by the Anti-Phishing Working Group (APWG), the report states that, during Q1 2016, there were nearly 290,000 active phishing sites online. This may not sound huge considering that there are around a billion websites online, but this is the highest number of phishing sites online since records began in 2004.

Phishing, therefore, is a credible and growing threat, so I think its best we get up to date with what phishing is and how these attacks are taking place.

What is Phishing?

spear-phishingPhishing is the process of stealing personal information (login details, credit card details etc) from consumers through the following methods:

  • Social Engineering – This is perhaps the most well-known method for extracting sensitive information from individuals. Using emails which convincingly spoof official emails, from corporations such as banks, they use disguised links to send victims to fake sites which contain features such as login screens. Obviously, these are false and simply record login credentials which can then be executed on the genuine site by the phishers.
  • Technical Subterfuge – This method employs the use of crimeware which is a type of software that hides in the background and records sensitive information such as login credentials. Also, many crimeware kits hijack users’ browsers to redirect them to phishing sites where the users unwittingly provide personal information.

What Does the Report Show?

A number of interesting insights have been provided by APWG’s report, so let’s take a look at these to understand how they unfold:

  • The most infected country is China where 57% of all computers are infected with malware. Considering how productive China is, at present, this makes for an alarming statistic as it’s likely that any business involved in production will be receiving emails containing crimeware from China on a regular basis.
  • Around 77% of all phishing websites are based in the US and the majority of these are forcibly set up by phishers who break into web hosting networks. This highlights major security flaws in US web hosting networks which is of particular concern for US businesses who own a website.
  • The two most affected industry sectors are Retail (43%) and Financial (19%). These two also happen to be two of the most popular industries housed online. After all, who doesn’t shop or bank online these days? Therefore, it’s a clever move by phishers to target these industries and use them to deceive consumers.

How Do You Combat Phishing?

browser-safety-built-in-phishing-protectionOnce phishing has completed its mission of stealing personal information, it can create utter chaos for those affected. And, for a business, this could include gaining access to sensitive areas of your network e.g. confidential client information such as financial records. This is bad news for any business, so remember the following:

  • Just because an email features an official logo it doesn’t mean it’s an official email from that company, so don’t rely on this for authenticity.
  • Safe websites will always begin https:// and not http://, so make sure you always check whether that all important “s” is present.
  • Although phishing is best known for stealing bank information, phishers are likely to target anything from your personal email details to your Facebook login credentials.
  • Credible companies will never ever request that you email personal information to them. If you receive emails demanding such information then just delete them as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More