Windows 10S is NOT Immune from Ransomware

Security,
22
Aug 2017

gettyimages-551984543-2

Microsoft has claimed that their latest upgrade to Windows 10 (10S) is immune to all known ransomware. However, it appears that this isn’t quite true.

Windows 10S is a streamlined upgrade of Microsoft’s current operating system (OS) and it promises increased speed, stability and security. Naturally, this claim of invulnerability is certainly impressive, but, effectively, it’s also issued a challenge to the online community to test the strength of this security.

It’s a brave move, perhaps one which was necessary after the various security issues with Windows 10 shortly after its launch, but it’s now looking rather embarrassing for Microsoft as Windows 10S has already been breached.

Hacking Windows 10S

win10virus

Launched at the start of May, Windows 10S survived several weeks without having its defenses breached, but this security has now come tumbling down. Security expert Matthew Hickey of Hacker House managed to make his way through the security capabilities of Windows 10S in just three hours.

How did he do this though? Microsoft, after all, should know a thing or two about security, right? Well, Hickey actually employed an old fashioned technique of hacking called DLL injection. A particularly sneaky form of hacking, DLL injection runs malware within a running process that is deemed not capable of carrying a threat by the operating system in question.

This hack was carried out by one of the most common malware attacks seen in contemporary hacking, a Microsoft Word document packed full of malicious macros (automated commands). Although Microsoft Word now has an anti-malware system, this does not detect issues with files that have been shared on the network – which is exactly where Hickey had downloaded the infected document to.

Hickey was then able to activate the malicious payload in the Word document and found he was able to take control of the PC by giving himself full administration privileges. Using Metasploit – software designed to look for loopholes in cyber defenses – Hickey eventually managed to secure himself full system privileges. And this meant, in theory, that he could begin disabling firewalls and anti-malware software.

With the system’s defenses completely disabled, Hickey could easily have installed ransomware on the PC, but he refrained from doing this in order to protect other PCs on the network.

An Unhackable OS?

adobe-after-effects-master-creates-downloadable-version-of-windows-10-wallpaper-485537-2-e14394812989461-695x336

At no point did Microsoft claim that Windows 10S was 100% protected from any form of hacking, but by claiming that it was safe from ransomware they were setting themselves up for a mighty fall. And now that Matthew Hickey has revealed just how easy the hack was – and a three hour hack is relatively quick in terms of a previously unhacked operating system – it’s likely that even more exploits will be revealed.

And, although Hickey’s attack was a ‘friendly’ hack, it underlines just how fragile cyber security can be. Despite all the bold claims by Microsoft, Windows 10S doesn’t appear to be any more secure than previous versions and this is very troubling for consumers.

Once again, user knowledge and awareness is highly important as the root cause of this attack was an infected Word document. Your employees must understand the important of identifying malware and not rely on software as, even when Microsoft are involved, it’s impossible to claim something is secure enough to give you full protection.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Ways to Combat Malware

Office IT, Security, ,
15
Aug 2017

Privacy-ShieldThe impact of a malware attack can be highly problematic for organizations, but if you know how to protect yourself, it doesn’t have to be so bad.

Whilst it’s certainly easy to know when you have been hacked, it’s just as easy to prevent falling victim to malware in the first place. And when you consider just how devastating a malware attack can be, the need for this prevention suddenly becomes apparent.

To help keep you on the right side of security, I’m going to show you 5 ways to combat the threat of malware.

  1. Educate Your Team

The best form of defense against malware isn’t necessarily state of the art software combined with highly paid security experts, it’s actually your own employees. And this is because almost all malware attacks are down to human error such as opening an infected email attachment or falling for a phishing email scam.

However, by educating your employees, you can begin to inform them on the number of different methods that hackers may use to launch a malware attack. Knowledge is a highly valuable weapon when dealing with malware, so make sure your employees are armed with the relevant information to help protect your systems.

  1. Run ALL Updates and Patches

Microsoft-and-Adobe-Windows-Security-patch

Security vulnerabilities in software are one of the most common routes for hackers to deliver their malware to your system. Thankfully, many of these security vulnerabilities are picked up the software publishers and updates/patches are released to rectify these flaws.

Once these vulnerabilities are public knowledge, though, the hackers are bound to try these routes in their next set of attacks. And the hackers know that many people fail to install updates/patches as soon as they’re prompted, so this can severely compromise their system.

  1. Segment Your Network

Older devices on your network may – due to the age of their relevant operating system – no longer receive support or patches and this puts them at an immediate risk from malware. Rather than leave these devices on your main network, it’s recommended that they’re taken offline and have a separate network for these devices with no internet connection. Immediately, by taking out the weak links, you’ve strengthened your defenses.

  1. Use Antivirus Software

Sure, antivirus software is usually a day or two behind any major malware attacks, but it still remains a fantastic way to cope with the day to day threats of malware. Helping to identify the most well-known and common malware threats, antivirus software can help to significantly reduce the risk of a malware attack taking place on your systems. Not only can they quarantine the threat (to help aide identification), but they can also put an immediate end to that piece of malware.

  1. Backup ALL Your Files

CR-BG-Computer-Backup-System-Hero-08-16

With ransomware becoming a bigger and bigger threat to your data, it would certainly pay to make regular backups of ALL your files. With this data backed up, even if you do fall victim to a ransomware attack, there’s no need to pay the ransom as you can simply access your backed up data. However, please note that you need to keep at least one copy of this data offline in order to protect yourself fully.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

IBM Ships Malware Infected USB Drives by Mistake

hardware, Security,
08
Aug 2017

IBM-LogoMalware is a particularly virulent strain of hacking and can spread very quickly. However, when it gets help from a tech giant, it can spread even quicker.

It’s now been discovered that IBM have, quite accidentally, managed to ship USB flash drives containing malware. Now, the hacking threat of USB sticks is a readily acknowledged problem in the world of computing, but these attacks originate from anonymous, concealed hackers. IBM, obviously, haven’t gone out of their way to commit such malicious attacks, but the fact remains that it was their product which was used to help spread this infection.

It’s a highly embarrassing revelation for IBM and, once again, reinforces the fact that you need to be continuously on your guard against malware. Let’s take a look at exactly what happened and how one of the biggest names in computing found themselves duped into becoming a delivery method for malware.

How IBM Infected its Customers

Organizations are constantly facing a battle to create more storage for the increasing amounts of data involved in business, so IBM created the Storwize storage system. The installation tool shipped with the Stowize V3500, V3700 and V5000 is housed on a USB flash drive for ease of use, but it’s this flash drive which has been pre-loaded with malicious software.

Normal installation of the IBM tool usually takes place in a temporary folder on the computer’s hard drive, but the infected drives also install a malicious file to this temporary folder. This malicious file then sets about editing the user’s system registry in order to load up the malware every time the user logs on. A number of different Trojans – such as Pondre, Reconyc and Faedevour – have all been detected on the USB drives and this points towards the involvement of cybercriminals.

Naturally, IBM is very embarrassed by the whole fiasco and have been reticent to disclose information on how these USB drives came to be infected and just how many users are at risk. What they have advised is that the infected flash drives will have the part number ‘01AC585’ clearly labelled on them, so, at the very least, IBM customers can quickly check if they’re open to infection.

Treating the Infection

usbmalware

IBM’s immediate solutions to the infected USB drives are as follows:

  • Run your antivirus software to identify and remove any threats. The Trojans contained on the USB drives are well known and easily treated once caught.
  • Destroy the drive as soon as possible to completely eliminate the threat. IBM have now made the required (and non-malicious) software available on their website, so the need for the USB drive is now redundant.

Whilst this should rectify the risk of your system becoming compromised, it does little to quell the bad PR it’s caused for IBM. It also hammers home the fact that hackers are looking for more ingenious ways to deliver their malicious payloads, even having the nerve to piggyback their way onto systems through official IBM products. Obviously, the telltale signs of infections will still be there, so if you aren’t already running the following checks, you should certainly start:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

4 Ways That Hackers are Targeting Your Employees

Office IT, Security,
01
Aug 2017

hacking-apple-idHackers are now turning to employees of organizations to help breach their defenses and this can be knowingly or unknowingly, but how are they doing it?

As this hacking technique doesn’t rely purely on digital attacks, it’s a unique problem in the world of cyber-security. Sure, the end result is the same in that the hackers want to access digital information, but this method of getting a head start makes their attacks more covert than ever.

To help you understand how these exploits can be initiated and unfold, I’m going to show you 4 ways that hackers are hacking your employees.

  1. USB Stick Hacks

USB sticks can cause huge issues for your PCs due to the amount of automated hacking software which can easily be loaded onto them; in some extreme cases, USB sticks can also be used to completely destroy a PC. More often than not, these attacks can be initiated by old fashioned human curiosity. A recent study showed that of 297 flash drives left in a college parking lot, over half of these drives ended up being plugged into a PC. Therefore, staff need to be made aware that unauthorized devices should never be plugged into their workstations.

  1. Website Information

Many organizations display details of their employees on their website in order to show the people behind the business. Whilst this is a great method for engaging customers and clients, it also allows hackers to begin building a portfolio of information on targeted individuals e.g. with access to photos and email addresses, it’s possible to not only target these email addresses, but actually track them down in real life. This opens up your employees to direct approaches and is a good reason why information about employees should be minimized on the public internet.

  1. Phishing

The oldest, and perhaps simplest, method of hacking employees is by phishing. Deceptively convincing, phishing attacks often take the form of genuine looking emails requesting personal information. The most common technique is for the hacker to fake a company email in order to obtain sensitive data e.g. emails are often dispatched which appear to originate from the organization’s IT department and request login details, but actually originate from outside the business. Employees need to receive regular training on how to spot phishing emails.

  1. Vishing and SmishingsmishingSTILL

A relatively new approach to hacking employees is via vishing (obtaining information via phone calls) and smishing (mining for data through SMS messaging). Vishing often takes the form of a phonecall from a potential customer, but it’s actually a hacker trying to learn information about the organization’s structure and security through careful questioning. Smishing tends to target employees with links that they’re encouraged to click and then forwards them to a phishing website to extract data. Again, good training is crucial to ensure your staff can recognize these threats.

These four methods of hacking your employees use a number of highly sophisticated methods that prey on human curiosity and misplaced trust. They’re also remarkably easy to execute, so the key is to remember that regular training to increase awareness is the best defense against such attacks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Phishing Scams Target the End of Tax Year

Phishing,
25
Jul 2017

thumb_shutterstock_79924000_1024

The tax season is a stressful time of year for businesses, but now hackers are targeting this period in order to steal employee data and funds.

Using a social engineering approach, hackers are able to trick businesses into relinquishing highly sensitive information and, in particular, W-2 details such as individual employees’ wages and salary. And with this form of social engineering becoming more and more active, it’s affecting an increasing number of businesses.

Seeing as every business has to deal with their taxes in a responsible manner, this is an area of hacking which needs to be closely guarded against; this need for security is even more necessary as it can affect individual employees. Therefore, we’re going to take a closer look at this increasing threat.

Tax Season Hacking

290x195cybercrime99Tax fraud has, traditionally, been a form of hacking reserved for only the most advanced hackers, but with the rise of relatively simple social engineering methods, this hacking technique has steadily become more accessible.  Many smaller businesses are now being targeted and these can include non-profit organizations, restaurants and schools.

And with tax themed spam traps increasing by over 6000% between December 2016 to February 2017, it’s a highly worrying time of year and businesses need to be on their guard. What form, though, do these attacks take?

Well, there are a number of attack methods and these are:

  • Processed Tax Refund – Spam emails which claim to originate from the IRS have been appearing in email inboxes and advise that they are due a tax refund which has now been processed. All the recipient needs to do is open an attachment to get started, but this attachment actually contains infected macros which can give hackers remote access to your PC.
  • W-8BEN Phishing Scam – the W-8BEN form is used by Non-US citizens to clarify their tax exemption details and involves passport and personal information. As this type of data is highly sensitive and valuable, hackers are now targeting this information by sending emails purporting to be from the IRS and requesting copies of the recipients’ completed W-8BEN form and scans of their passport.
  • W2 Data Theft – Due to the valuable data contained in W2 forms (wages, taxes etc), many cybercriminals are targeting these. Copies are sent to businesses for all their employees, so hackers are actively trying to breach network security to procure these forms and any associated tax databases in order to sell this information on the dark web.

Combatting Cyber Tax Crime

tax_id_theft-small

The most important factor to bear in mind with this form of cybercrime is that the IRS will NEVER email you to request personal information. Although this seems like common sense, many people are tricked by this approach and willingly give out information when they’re promised tax refunds. The main things to look out for and consider with these types of scam are:

  • Emails with poor grammar and spelling – Government agencies tend to have their emails thoroughly proofread before being sent out to the general public en masse.
  • Dubious links – Although links contained within phishing emails may appear genuine, if you hover your mouse cursor over these links then the true destination of the link will be revealed; if this address is different to the one written in the email then it’s highly likely this is a dangerous link.
  • Common sense – If you’ve already filed your tax reforms and aren’t expecting a tax refund then you should be highly suspicious of any emails regarding these issues.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 3 4 5 6 7 9