facebook-messenger

Facebook has 2 billion users, so it’s more than likely that the majority of your employees use it. However, did you know that Facebook can spread malware?

Malicious links – which appear to be for video files – are now being sent to users by their friends, but these links are highly deceptive. The main aim seems to be to collect login credentials and it doesn’t appear to download any malicious software such as ransomware. So, it may not be the most dangerous piece of malware, but it’s certainly a nuisance and indicates that a major malware attack could easily spread through millions, if not billions of systems.

Social media is an important sector of the business world now, so we’re going to take a look at exactly what’s happened in Facebook messenger and the best practices to avoid falling victim.

Click This Link…

The malicious messages arrive in users’ inbox and start with the user’s first name and simply say ‘video’ followed by a link which uses either a bit.ly or t.cn address. The link will then take the user to a Google Docs document which mimics a landing page and appears to house a playable video.

What’s interesting about clicking the video in question is that the destination it takes the user to is dependent on their web browser. Chrome users are taken to a fake YouTube page which downloads a malicious Chrome extension and Firefox users are redirected to a page requesting a download of malware disguised as a Flash player install. The malware delivered to Firefox users appears to consist of adware, so this indicates a financial motive, but the Chrome extension’s objective isn’t entirely clear.

Although there doesn’t appear to be any major damage caused by this malware campaign, it’s still considered a massive threat as it’s believed the malicious links are being spread by hijacked accounts. And this ensures that more and more spam is spread across Facebook and more login credentials are harvested along the way.

Now-Hackers-Can-Hack-Facebook-Messenger-App-To-Read-Or-Alter-Messages

Avoiding Facebook Malware

While email still packs a major punch in the world of malware, hacking messenger software is a natural progression due to its shift in popularity for communicating. And the Facebook Messenger malware demonstrates that there’s a possibility it could evolve into something much more dangerous. Therefore, it’s important that you take the following precautions to protect your organization’s networks:

  • Social media – on a personal level – access should be restricted, if not entirely banned, as it’s considered a huge distraction to workers. And, with this latest malware campaign, it would appear that it will soon become a popular access point for hackers to exploit – in fact, this isn’t the first Facebook hack to make headlines.
  • Employees need to be educated about the danger of clicking random links even if they’re sent by close friends. It only takes one click of a link for a hacker to gain access to every PC on your network, so this danger needs to be emphasized to all employees as part of their IT induction.
  • The importance of good password security should regularly be communicated to your staff. Facebook, for example, contains a vast amount of personal information such as where users works and, coupled with stolen login credentials, this could give hackers a head start on infiltrating your organizations network; this risk is magnified if passwords are not personalized for different applications.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Necurs

Personal financial information is always highly private, so if this is compromised it’s a real invasion of privacy. Sadly, US banks are now under attack from malware.

Driven by the infamous Necurs hacking botnet, Trickbot is a form of malware that is currently carrying out sustained spam campaigns against US banks. It’s a cyber-attack which has been targeting financial organizations for around a year now, but it’s only recently that these attacks have been focusing on US banks.

Now, the majority of adults in the US use online banking services, so this is the kind of attack which needs to be brought to the attention of the masses. And, not only is there a security lesson for consumers to be found within this attack, but there’s also plenty for organizations to learn about good security practices.

TRICKBOT-BSS-IMAGE-

Tricky Trickbot

Trickbot utilizes, as its name suggests, trickery to achieve its nefarious needs and, in particular, it embraces a redirection scheme. Usually, when you’re transferred from one webpage to another then you can clearly see that the URL changes in your browser to demonstrate where you’re heading to. However, when being redirected by malware, the victim is first sent to an alternate website on a completely different server. As a live connection is kept with the intended website – in this instance an online banking service – this remains displayed with the user’s browser.

And lurking on these alternate websites is the malware’s malicious payload. In the case of Trickbot, these websites use webinjection to infect the victims with JavaScript and HTML coding which go on to steal login details and financial coding from affected users. Naturally, with this sort of sensitive data, hackers can go on to cause widespread damage to individuals finances, but how do people fall foul of these malware scams?

According to the security experts at Flashpoint, Trickbot is spreading its reach through the use of huge spam email campaigns. An example of this was seen in a spam email which claimed to be a bill from an Australian telecommunications organization, but actually contained JavaScript code which activated the Trickbot loader and compromised browsers in what is known as a man-in-the-browser attack.

Trickbot, however, is not a new, unique threat and Flashpoint believes that Trickbot is related to the Dyre banking Trojan which was last active in 2015. The build of both Trickbot and Dyre, so it would appear that either source code is being recycled or members of the same team are involved.

2302145_orig

How to Beat Trickbot

The key to beating Trickbot and not falling victim to its trickery is by simply verifying the emails in your inbox. And the most important checks to make are:

  • Do you recognize the sender of the email? If it’s an unusual or unknown sender name then just ignore it and, if it comes complete with an attachment, definitely ignore it.
  • What is the email asking for? Financial organizations, for example, will never email you to request sensitive data or to head online and enter this data into websites.
  • Are there any links in the email? If they have an unusual address you don’t recognize then don’t click on them as they could be sending you anywhere. And, even if the link reads as a genuine URL, this could still be disguising an alternate URL – hover over the link with your mouse to reveal the true direction of the link.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


password-security

Customer details such as passwords need to be stored in databases, but what happens when these get hacked? 8Tracks radio service recently found out.

Following a breach of the security around their user data, 8Tracks had the rather unenviable task of announcing a major password security alert. And, seeing as this had the potential to affect 18 million users who are signed up to the service, it demonstrated the fragility of cyber security when it’s not enforced to the letter – as Tumblr found out last year.

The reasons behind this breach are incredibly simple, but the impact of such a breach has the potential to cause major damage for millions of users. It’s a cautionary tale and one which can provide an important lesson to learn.

How were 8Tracks Users Hacked?

8Tracks suspect that their databases were breached following a cyber-attack on one of their employee’s Github accounts – an online storage facility for open source programming code. Github offers two-factor authentication, but, in this instance, the 8Tracks employee didn’t activate this which left them at a slight disadvantage to hackers. And, following an alert from Github that this account had been subject to an unauthorized password change, it became clear that access to 8Tracks networks had also been compromised.

It’s believed that access to prime databases and production servers were not at risk as they were protected by SSH keys which involve sophisticated cryptography and challenge-response authentication. However, the backdoor left open by the 8Tracks employee did expose back up databases which contained email addresses and passwords for 8Tracks users. The passwords, thankfully, were encrypted using salt and hash methods – these techniques make passwords very hard (but not impossible) to crack.

Although it would be highly difficult to hack these salted and hashed passwords through brute force techniques, the very small chance of success was a major headache for 8Tracks. As a result, they had to advise all their customers who had signed up with an email address – those signed up through Facebook and Google authentication were not affected – that they had to change their password immediately. 8Tracks themselves then had to secure their employee’s Github account, change passwords for their own backup systems and restrict access to their repositories.

hacking-2300793_960_720

 

What’s the Impact of the 8Tracks Hack?

It may seem as though the 8Tracks hack is all done and dusted now that users have been advised to change their passwords and the 8Tracks system secured accordingly, but there’s a further problem. For the 18 million users affected, it’s more than likely that a large number of them use the same email address and password to sign into countless services such as Facebook, online banking and even to access their organizations systems, so these are now at risk from unauthorized access.

And this is why it’s so important that password security is taken seriously. Many organizations are now turning to online password storage facilities such as LastPass which provide highly encrypted systems to store the many passwords that your employees may need on a day to day basis. Not only should you consider using systems such as this, but if you’re offered the chance of using two-factor authentication, it should be a no-brainer that you activate this immediately to create stronger defenses for your data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More