Hackers Change Tactics with the Kirk Ransomware

Ransomware
11
Jul 2017

ransom-noteRansomware is regularly in the news, so we’re beginning to understand it more. However, a new form of ransomware is now changing the landscape.

Bitcoin has always been the preferred payment method for releasing encrypted files following an attack, but the newly detected Kirk ransomware is not interested in Bitcoin payments. Instead, it’s demanding its ransom through the relatively new cryptocurrency known as Monero.

Now, ransomware is a troublesome piece of malware at the best of times, so if the hackers behind these attacks are changing tactics then it’s important to be aware of what’s happening. And that’s why I’ve decided to take a closer look at the Kirk ransomware to help eliminate any confusion.

Understanding Kirk

18kwxnye6wxtljpg

Kirk ransomware is a piece of malicious code which appears to be going about its business in the normal manner. Researchers believe that its preferred method of attack is to impersonate the network stress tool Low Orbital Ion Cannon (LOIC). Once the ransomware has been activated, Kirk gets to work by encrypting the user’s files – it’s currently believed that it targets a total of 625 different file types.

The target is unaware of what’s happening as all that happens is that a message box pops up which mimics the LOIC company slogan of “Low Orbital Ion Cannon | When harpoons, air strikes and nukes fail | v1.0.1.0”. Meanwhile, the files are being encrypted as the victim carries on with their daily activities. However, a ransom note is soon deposited into the same folder as the ransomware; this note is then displayed in a window for the victim to learn that a number of their files have been encrypted with the .kirk filename.

The only way to decrypt the files is by paying the ransom payment to the hackers. This, it is hoped, will facilitate the purchase of the Spock decryptor – note the Star Trek reference – but researchers are yet to get their hands on this decryptor to evaluate its validity as a solution. Now, the interesting thing about Kirk is that it demands its payment in Monero which is causing a whole host of new problems.

Bitcoin is a notoriously difficult currency to lay your hands on, you can’t just go down to the bank and expect the teller to exchange your dollars for Bitcoins. Instead, you need special merchants to trade your dollars and this isn’t particularly cheap or easy. However, where Kirk differs is that it’s requesting payment from an even more obscure monetary source, so this has the potential to leave victims completely baffled.

Combatting Kirk

whatisransom

At present, the Kirk ransomware hasn’t been cracked and there is no known rescue for encrypted files aside from making the payment. Therefore, it’s crucial that you take the following steps to avoid falling victim to the Kirk ransomware:

  • Don’t activate untrusted macros that are embedded in Microsoft Office documents as this is how ransomware is usually activated.
  • The only way to truly know if an Office document is genuine is by opening it but, to minimize the risk, try installing a Microsoft Office viewer as this will allow you to view it without macros.
  • Provide annual training to your employees on malware and the many forms it can take. It’s a lack of knowledge which leads to people activating ransomware.
  • Maintain regular backups of your files as this gives you some breathing space (and saves you the cost of a ransom) if your files do become encrypted.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

DNSMessenger is a New Method of Cyber Attack

Security, Services,
04
Jul 2017

DNS-Messenger

We’re used to hackers using conventional attack strategies, so, although we can defend these, it means hackers are looking for more discreet attack methods.

And, just recently, hackers have been looking to exploit routes in and out of our PCs which are not usually monitored for malicious activity. It makes sense for hackers to seek out these poorly defended access points as, for hackers, the best hack is an easy hack.

For businesses, though, it raises a lot of questions on just how in-depth and conscientious your security efforts need to be; in order to help you understand the situation and nature of these attacks, I’m going to discuss the DNSMessenger threat.

DNS as a Means of Attack

The Domain Name System (DNS) is the method by which the domain name of a website, computer or network is converted into an IP address which is a numerical code that can be recognized by PCs e.g. one of the many IP addresses for Google is 74.125.224.72

Now, as DNS helps PCs to communicate with many other systems, it provides a very useful route for hackers to breach defenses. Thankfully, it’s very difficult for hackers to hack directly into the DNS channels, but by using a malware exploit they can gain access. And it’s all part of a trend in the evolution of malware.

Users are prompted to download an MSWord document – containing malicious code – through an email phishing campaign which sets the attack in motion. The malicious payload is written in the Powershell language which permits administration tasks to become automated. It’s at this point that the hackers can identify user privileges and plan the next step of the attack which utilizes the DNS.

Using the DNS, hackers are able to send commands directly to the user’s system and effectively have free rein over that system. What’s particularly deceptive (and clever) about this attack method is that it’s very difficult to monitor; few systems monitor DNS traffic and Powershell operates purely in the system’s memory rather than relying on external files which are easily identifiable.

Combatting DNS Attacks

Security-Icon-Microsoft-696x464

Whilst there are niche software solutions that can help protect businesses from DNS attacks, the simplest solution is by educating your staff on the telltale signs of malware and phishing:

  • If you do not recognize an email address then, under no circumstances, click on any links or files contained within it. And, even if you do recognize the sender’s email address, run a quick audit on the email’s content as the sender’s account could have been hacked – badly worded and poorly formatted emails are often a sign of hacked emails.
  • The DNSMessenger attack is only able to unleash its payload once the infected Word document is opened and the recipient clicks on the pop up window prompting them to “Enable Content”. By enabling the content, the recipient is unwillingly giving permission for their system to be hacked, so always treat this request with suspicion.

These preventative methods are fairly simple, but, due to the volume of emails people receive these days, there doesn’t seem to be the time to carry out these quick checks. However, with hackers taking their attacks in new directions which are incredibly difficult to monitor, a few seconds thought could save your systems from a nasty attack.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Biggest IT Security Threats in 2017

Security
27
Jun 2017

download

With the ever increasing rise in cyber security attacks, PC users are becoming more vigilant. However, do they know what they should be wary of in 2017?

The IT security landscape is constantly changing, so what may be considered a contemporary threat one year, may soon fall into obscurity as defenses improve. However, certain security threats seem to be becoming more and more prevalent. Therefore, it’s make sense to acquaint yourself with the most likely attacks you’re going to experience in the near future.

And, as luck would have it, I’ve decided to take a quick look at the biggest IT security threats coming in 2017.

Rise in Ransomwareransomware-expert-tips-featured

Ransomware made big headlines in 2016, but far from being swiftly dealt with, it’s expected that ransomware attacks are going to rise in 2017. With the source code for ransomware software becoming readily available online, it’s encouraged hackers to become competitive and improve on each other’s brand of ransomware. When this is coupled with the relative ease that ransomware can generate revenue for the hacker, it’s no surprise that more and more attacks are on their way.

Big Data Causes More Risk

Big Data is causing huge ripples throughout the business community as it’s an approach which is focusing IT efforts on analyzing large sets of data to improve operations. However, as big data is so new, the business community doesn’t yet know how to marshal it efficiently.

With such huge data sets being openly shared between departments and businesses, the security of this data is being severely compromised. This presents a severe problem if security is breached due to the large amount of data at risk. Big Data needs to be correctly controlled and access restricted otherwise it will be in the headlines for all the wrong reasons.

Business Email Compromise (BEC) Scams

BEC scams hit businesses all over the world last year and some high profile names fell victim to this straightforward scam. By sending emails purporting to be from company CEOs, hackers have been able to con employees in to sending out either sensitive information or, in extreme cases, transfer bank funds. And, with pay outs from BEC scams reaching as high as $140,000, hackers are going to maximize their efforts on this simple and easy attack this year.

Internal Threats to Increase

insider-threats

Hackers are well aware that IT security teams are gradually getting better at blocking their attempts to infiltrate their defenses, so that’s why the hackers are turning to those on the inside. Sometimes this literally means teaming up with an employee on the inside to facilitate the theft of data. However, this inside threat can sometimes be the result of blackmail following the hacking of an employee’s social media account and the threat of revealing personal information. This is a difficult form of hacking to combat, but reinforces the need of good employee education on IT security in and out of the workplace.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

USB Drives: Simple, But Deadly Hacking Devices

hardware,
26
Jun 2017

bad_USBWe’re all used to using USB devices with our PCs for easy connections, but it’s this convenience which also makes them perfect for hacking.

The hacks that grab the headlines are those that are distributed online and through email due to the huge numbers of people these can attack; USB sticks – and, in fact, any USB devices – are limited in their range due to their physical existence, but this doesn’t mean they can’t cause huge problems in localised areas. And hacks involving USB devices can completely disable your PC, so this can have a huge impact on the ability of your business to operate.

Therefore, we’ve decided it’s a good opportunity to give you a quick lesson on the USB hacks that can affect you and how you can counter this everyday threat.

The World of USB Device Hacks

destroy-or-hack-computers-with-USB-pendrive

Due to the presence of autorun software loaded on to USB sticks, all a hacker needs to do is ensure that their infected USB stick is plugged into a PC to activate it’s malicious payload.  Sometimes, though, USB devices don’t even need to be plugged into the PC, so this is why they’re particularly tricky to identify and combat. Here are some of the most common hacks contained within USB devices:

  • USBdriveby – This USB stick is easily identified by the chain attached to it (apparently this is so the user can wear it round their neck!) and contains a particularly nasty surprise inside. Once plugged into a PC, it begins to imitate your keyboard and uses keystrokes to disable firewalls, opens backdoors to allow remote control and tells network monitoring apps that everything is okay.
  • KeySweeper – Disguised as a USB wall charger, the KeySweeper hack is a very well concealed device which uses wireless connections to identify and spy on local Microsoft wireless keyboards. And, by monitoring keystrokes, KeySweeper can quickly obtain login details and transmit these back to a remote location.
  • BadUSB – Another USB stick hack, BadUSB impersonates your keyboard to allow itself to reprogram firmware associated with your existing USB devices e.g. network cards can be reprogrammed to send users to sites containing malicious software which can soon infect your entire network.

All of these hacks are very simple, but can cause a lot of damage, so how do you combat them?

Combatting USB Hacks

rubber_ducky

Thankfully, when it comes to USB hacks, there are some very simple steps you can take to combat them:

  • Educate your users on the dangers of USB devices. Some hackers have been known to drop infected USB sticks in the car parks of large corporations in the hope that a curious employee will plug them into their work PC.
  • Never ever use pre-owned USB devices in your business, always purchase new devices which can’t have been tampered with.
  • Lock USB port use on the PCs that make up your business and only allow access to trusted administrators. This is perhaps the most guaranteed way to prevent any infected USB devices activating their contents as the USB ports will essentially be disabled and unable to do anything.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Hospitals Hit Hard by WannaCry Ransomware

Uncategorized
22
May 2017

locky-ransomware-FB

Due to their activities, hospitals need to be highly secure. However, a recent ransomware hack on UK hospitals has questioned just how secure they are.

Huge swathes of data are held by hospitals and the majority of it is highly personal and sensitive. Not only that, but hospitals rely on their IT systems to carry out highly important work such as maintaining operating equipment, retrieving patient information and even refrigerating blood samples.

Therefore, anything which even slightly impedes these operations can have a huge, disruptive impact. Unfortunately, for the UK’s hospitals (mostly run through the government NHS system), they have been hit hard by the WannaCry ransomware. Let’s take a look at how this major hack happened.

What’s WannaCry?

WannaCrypt

WannaCry is a form of ransomware that exploits a vulnerability contained within the Server Message Block (SMB) which is a network protocol to help facilitiate access to shared files and printers etc. It’s not yet been revealed exactly how WannaCry has managed to infect the UK’s hospital systems, but it’s rumoured to be through the usual infection methods of Microsoft Office attachments or suspicious links.

Once WannaCry is executed in the SMB it begins to encrypt almost all the files on that PC with an extension of “.WRCY” and then displays a ransom window which demands payment of $300 worth of bitcoins to decrypt the compromised files. A ransom note is also placed on the users system in the form of a text document to detail the ransom demands once more.

What’s surprising about this attack is that the SMB vulnerability was actually patched by Microsoft almost two months previously in March. Those users and networks who implemented this patch will have survived the WannaCry attack, but countless others failed to install the patch. It’s suspected that many of the UK hospitals attacked were unable to install this patch due to the number of legacy systems involved.

And it’s not just the UK’s hospitals which felt the wrath of WannaCry. Car giant Nissan found that their UK manufacturing plant was also attacked and this led to production of their cars being halted. However, it isn’t just the UK which was targeted as reports show that over 40,000 similar attacks have now been registered in over 70 countries.

Avoid the Ransom Demands

wannacry

It may seem difficult to combat such a huge, global cyber-attack which is capable of bringing government organizations to their knees, but prevention can make a real difference in these situations.

The most important lesson to learn from WannaCry is that updates issued by software manufacturers must never be ignored. Sure, it may require a quick reboot, but surely a few minutes inconvenience is preferable to having all your files compromised and in the hands of an anonymous attacker?

It’s also vital that you have up to date antivirus software and network protection as, in the case of WannaCry, these can identify the ransomware before it has a chance to take hold of your computer. Again, these can be inconvenient due to the cost, but the long term benefits to your organization can be immense.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 76 77 78 79 80 125