Necurs

Personal financial information is always highly private, so if this is compromised it’s a real invasion of privacy. Sadly, US banks are now under attack from malware.

Driven by the infamous Necurs hacking botnet, Trickbot is a form of malware that is currently carrying out sustained spam campaigns against US banks. It’s a cyber-attack which has been targeting financial organizations for around a year now, but it’s only recently that these attacks have been focusing on US banks.

Now, the majority of adults in the US use online banking services, so this is the kind of attack which needs to be brought to the attention of the masses. And, not only is there a security lesson for consumers to be found within this attack, but there’s also plenty for organizations to learn about good security practices.

TRICKBOT-BSS-IMAGE-

Tricky Trickbot

Trickbot utilizes, as its name suggests, trickery to achieve its nefarious needs and, in particular, it embraces a redirection scheme. Usually, when you’re transferred from one webpage to another then you can clearly see that the URL changes in your browser to demonstrate where you’re heading to. However, when being redirected by malware, the victim is first sent to an alternate website on a completely different server. As a live connection is kept with the intended website – in this instance an online banking service – this remains displayed with the user’s browser.

And lurking on these alternate websites is the malware’s malicious payload. In the case of Trickbot, these websites use webinjection to infect the victims with JavaScript and HTML coding which go on to steal login details and financial coding from affected users. Naturally, with this sort of sensitive data, hackers can go on to cause widespread damage to individuals finances, but how do people fall foul of these malware scams?

According to the security experts at Flashpoint, Trickbot is spreading its reach through the use of huge spam email campaigns. An example of this was seen in a spam email which claimed to be a bill from an Australian telecommunications organization, but actually contained JavaScript code which activated the Trickbot loader and compromised browsers in what is known as a man-in-the-browser attack.

Trickbot, however, is not a new, unique threat and Flashpoint believes that Trickbot is related to the Dyre banking Trojan which was last active in 2015. The build of both Trickbot and Dyre, so it would appear that either source code is being recycled or members of the same team are involved.

2302145_orig

How to Beat Trickbot

The key to beating Trickbot and not falling victim to its trickery is by simply verifying the emails in your inbox. And the most important checks to make are:

  • Do you recognize the sender of the email? If it’s an unusual or unknown sender name then just ignore it and, if it comes complete with an attachment, definitely ignore it.
  • What is the email asking for? Financial organizations, for example, will never email you to request sensitive data or to head online and enter this data into websites.
  • Are there any links in the email? If they have an unusual address you don’t recognize then don’t click on them as they could be sending you anywhere. And, even if the link reads as a genuine URL, this could still be disguising an alternate URL – hover over the link with your mouse to reveal the true direction of the link.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


2017_Petya_cyberattack_screenshot

A major cyber attack has swept across the globe and, once again, it’s taken the form of ransomware to shut down computers and demand Bitcoin ransoms.

Known as Petya – the Russian word for stone – has managed to halt operations at a chocolate factory in Australia and even one of Russia’s biggest oil companies, so the scale and sophistication of its attack is clear to see. Following the recent WannaCry ransomware attack, Petya has made headlines in a security landscape where safety appears to be far from guaranteed.

As this is such a widespread attack – and the fact that new ransomware attacks are appearing weekly – it seems like the perfect time to look at Petya and reinforce what you can do to protect yourself.

The Story behind Petya

Although it’s difficult to confirm, it’s believed that the Petya attack originated in the Ukraine. Reports suggest that the ransomware was spread through the update server for MeDoc which is a popular brand of Ukrainian accounting software. Consumers believed they were simply downloading a new update for their software, but it was actually a powerful slice of malware which then spread like wildfire.

Petya.Random

This latest variant of Petya, however, is even more powerful than its original incarnation. It’s believed that Petya now comes loaded with a tool named LSADump which harvests data and passwords from all the PCs located on that network. Petya also appears to be encrypting every single file on the infected PCs through the master boot record – this helps your PC boot up Windows at startup.

Most disturbingly, though, it’s being reported that Petya may not even be ransomware and may, instead, simply wipe everything from a PC with no chance of recovery. While the thought of having to pay a small ransom to retrieve data is troubling enough, the idea that your data may never be retrieved brings a whole new level of concern to Petya.

Defending Against Petya

Regardless of whether Petya encrypts or destroys files, it remains a highly sophisticated strain of malware that no PC user wants to find on their system. Kaspersky and Symantec have assured consumers that their anti-virus software will actively identify and protect against Petya, but for many users this may be too late.

cyber-security-2296269_960_720

Unfortunately, despite the spate of attacks taking advantage of Windows vulnerabilities, many PC users are still incredibly lax when it comes to installing security updates and patches. The main reason for this procrastination is an issue of time, but what’s five to ten minutes of installing updates and rebooting compared to having all the files on your entire network encrypted or even deleted?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More