Trickbot Malware Shows that Hackers are Getting Cleverer

Hackers, malware, Ophtek, Spam, , , ,
21
Jul 2020

Malware is a thorn which we find in our sides on a regular basis. But what happens when this thorn becomes even harder to tackle? The answer is Trickbot.

First released in 2016, Trickbot has made its name by using a variety of attack methods. The malware has been shown to steal Bitcoin, target banks and harvest login credentials. Naturally, this makes it a very dangerous piece of malware. But as with a virus that attacks humans, this malware is constantly changing its DNA. New features have regularly been added to Trickbot which not only makes it harder to detect, but also makes it more dangerous.

Trickbot has the potential to cause significant damage to your IT setup, so it’s important to know what you’re up against.

The Lowdown on Trickbot

The most common infection method used by Trickbot is through the use of malicious spam campaigns. Emails that pretend to be from financial institutions are used to distribute infected attachments and URLs that the victims are urged to action. And, once the payload has been activated, it’s unlikely that the victim will be aware. Trickbot will communicate with a remote command and control centre almost silently and, at the same time, infect other PCs on the same network.

Trickbot’s Latest Trick

As we mentioned earlier, the hackers behind Trickbot thrive upon their ability to evolve the malware. And their latest upgrade to Trickbot is both innovative and deceptive. This is most keenly demonstrated by its ‘anti-virtual machine’ strategy. One of the safest ways for security professionals to analyze malware is within a virtual machine environment. Therefore, in order to hide its operations, Trickbot will stop working when it detects a virtual machine.

And, believe it or not, one of the simplest ways to do this is to analyze the PCs current screen resolution. Any screen resolution that is set to 1024×768 and below will cause Trickbot to terminate its operations. This means that security researchers using a virtual machine to will draw a blank. This is a very clever technique and is one that allows Trickbot to reactivate once the PC is restarted into a higher resolution.

How Do You Stop Trickbot?

Anti-malware software such as Malwarebytes is capable of detecting and removing most strains of Trickbot, but there will always be a slight delay when it comes to new strains. And, of course, you should never rely on removing infections as the best strategy for defense. Instead you should make every effort to prevent infection in the first place. This can be achieved in the following ways:

  • Evaluate All Incoming Emails: It’s essential that your staff is aware of the dangers of phishing emails. Thankfully, the tell-tale signs are easy to detect and, with this knowledge to hand, it should become much harder to fall victim to Trickbot. 
  • Avoid Malicious Websites: Given their deceptive nature, it’s easier said than done to avoid malicious websites. However, it’s crucial that you have the ability to identify malicious websites. This will severely limit the chances of downloading malware such as Trickbot. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Beware of Fake Resumes Packed with Malware

Hacking, malware, Ophtek, Security, Zloader, , , ,
23
Jun 2020

Hackers are keeping busier than ever and evolving their strategies almost daily; their latest method for attack is to target the humble resume.

Ask any HR professional to tell you how many resumes they receive in a week and they will be able to show you a mountain of them. Even in a business landscape which has changed dramatically over the last 20 years, a resume remains a crucial calling card for employment. And this is why hackers are keen to exploit them. It’s not just that a resume can easily be loaded with malware, it’s more that organizations are so familiar with them they are unlikely to suspect them.

Hackers, of course, thrive on complacency, so it’s time to take a look at what could be lurking inside that next resume.

Malware Laced Resumes

Resume themed scams are on the rise in the US and this latest installment centers around the use of the ZLoader malware. As with many strains of malware, ZLoader is designed to steal credentials. These credentials can include stored passwords and browsing histories, but also banking credentials. And what’s most concerning is that many of these infected resumes are being sent to financial institutions.

But what exactly do these compromised resumes look like? And how are they activated? Well, this is what happens:

  1. Recipient receives an email with a title along the lines of “Job Application” or “Advertised Job”.
  1. Upon opening the email, the recipient is encouraged to open an attached Excel document which claims to be a resume.
  1. If the Excel document is opened, the recipient is then prompted to activate a macro to enable the content.
  1. Unfortunately, activating the macro will only enable a download of the ZLoader malware to the recipient’s PC.
  1. One of ZLoader’s main attack strategies is to infect systems with a malicious app called Zeus which can record keystrokes and steal banking information.

How to Tackle Suspicious Resumes

ZLoader is a form of malware which has been around for several years now. And, thankfully, this means that many anti-malware tools are effective at identifying it and eliminating it. However, if ZLoader is only active for a few minutes it can steal valuable and damaging information. Therefore, it’s always advisable to practice the following:

  • Be Wary of Attachments: Even the most trusted source can be compromised and at the mercy of digital attacks. Say, for example, you receive a resume from a friend – does this mean you should open it without a second thought? The answer is no and this is because your friend’s email address could easily have been hacked. All email attachments should, as a result, be scanned with anti-virus software or checked by an IT professional. 
  • Never Enable Macros: A macro can be very useful for automating certain processes and features in an Office document. But this also makes them perfect for launching malware attacks. If you are ever prompted to enable a macro within an Office document you should verify that it is safe to run. And, again, this should be verified by an IT professional who will have more experience with malicious macros.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Snatch Malware Proves That Safe Mode Isn’t so Safe

malware, Network, Ophtek, Ransomware, Security, Security Threats, , , ,
14
Jan 2020

We’ve all had to boot into safe mode on our PCs at some point and you would assume it’s a safe environment. But the Snatch malware is proving otherwise.

Safe mode is a configuration mode that you can request your PC to boot into at startup. In safe mode, your PC will only execute essential applications. The functions of your PC will be limited, but it’s the perfect environment for fixing problems and removing various forms of malware. But it appears that Snatch is a brand of malware which can thrive in safe mode.

Snatch is a multi-factor threat which can cause real damage to your business, so it’s a slice of malware that you need to be protecting yourself against. To give you a head start, we’ve put together a quick lowdown on Snatch.

What is Snatch?

Snatch is a newly discovered malware variant which contains two key threats: a ransomware function and the ability to log and steal user data. It’s not the first piece of malware to come loaded with these threats, but its infection strategies are unique. Using brute force attacks, Snatch is targeting the PCs of various organizations. So far, this sounds far from unusual as brute force attacks are a fairly conventional form of hacking. But Snatch has a unique strategy.

Following the initial infection, Snatch forces the PC to reboot. And it’s at this point that Snatch informs the PC to boot into safe mode. It’s believed that this unusual, yet clever, step is initiated in order to avoid anti-virus software which is often disabled in safe mode. From here it can execute its malicious payload. Snatch will then begin encrypting files and demanding ransoms that have been as high as $35,000. There is also evidence that surveillance threats are present in Snatch, so data harvesting is likely to start once the infection is unleashed.

Protecting Yourself from Snatch

The Snatch malware has the capability to cause extensive damage to your organization in terms of both finances and credibility. It’s also disturbingly efficient as it deletes any volume shadow copies of the files it encrypts. By deleting these volume shadow copies, Snatch is ensuring that it’s impossible to restore the encrypted files. Therefore, it’s crucial that you protect your PCs from Snatch by:

  • Practice Good IT Security: The backbone of any secure network is based upon the actions of those using it. And this is why it’s important that all your users understand the basics of IT security. By embracing these practices it’s possible to keep your PCs protected from the majority of majority of malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

All You Need to Know About the Titanium Malware

malware, Ophtek, Security, Security Threats, Titanium, , , ,
26
Nov 2019

The Titanium malware has been released into the wild and is already making plenty of headlines. But what’s the full story behind this backdoor malware?

New malware is released every day, but certain strains are more dangerous than others. And Titanium certainly stands out. It’s a piece of malware which is highly advanced in terms of technology and pushes the boundaries of hacking. Any organization which values its privacy and security, therefore, needs to be aware of Titanium. Hacking, after all, hits productivity hard and this is magnified when it’s an advanced hack.

So, to help protect your computer network and maintain productivity, we’re going to tell you all you need to know about the Titanium malware.

Where Did Titanium Come From?

A major hack needs a major ‘talent’ behind it and Titanium certainly satisfies this condition. The perpetrator is believed to be the hacking group known as Platinum. And, in the last few years, Platinum has gained notoriety for developing persistent threats in the Asia-Pacific area. Believed to be state-sponsored, Platinum has access to funds and technology to develop advanced hacking tools. And this is exactly what Titanium is.

Titanium spreads from PC to PC in a number of different ways:

  • Vulnerable intranets that have already been exploited by malware allow Titanium to get a foothold before infecting multiple workstations
  • Stealthily infecting Windows installation tasks and installing itself at the same time as legitimate software
  • Using a shellcode which is activated as part of the Windows logon process to ensure it’s active from startup

What Does Titanium Do?

Titanium is advanced malware and is able to infect computers in a number of different ways. It’s a combination which marks it out as a major threat, but what does Titanium actually do? Well, once it’s unleashed, it can do the following:

  • Read, send and delete any file contained within the infected PC
  • Edit configuration settings on the PC
  • Receive commands from a remote server

Titanium is particularly virulent due to its emphasis on stealth. The potential for mimicry within Titanium is strong as it can imitate a wide range of legitimate software. And it’s this skill for imitation which enhances Titanium’s ability to deceive and spread.

How Do You Tackle Titanium?

With its combination of multiple infection threats, ability to imitate and connection to remote servers, Titanium is a slice of malware you want to avoid. While it may be dangerous, it isn’t impossible to avoid. To keep one step ahead of Titanium make sure you practice the following:

  • Only install software that comes from a legitimate source e.g. purchased products and not illegal torrents
  • Make sure that network activity is continuously monitored to detect any unusual traffic
  • Double check all requests for software upgrades/firmware as these could easily be compromised by Titanium
  • Use a firewall at all times to help prevent unauthorized connections in and out of your network

Titanium may be very quiet at the moment – Kaspersky are yet to detect any current activity – but vigilance is recommended due to the forces behind it. By understanding the threat of Titanium you can ensure that your network is protected from yet another pressing threat.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Identify Fake and Scam Websites

fake websites, Hacking, malicious code, malicious websites, malware, Ophtek, scam websites, , , , ,
05
Nov 2019

We use the internet on a daily basis and visit countless websites along the way. But they’re not always the real deal. And sometimes they can be malicious.

The internet is a wonderful place and the websites that make it up can make a real difference to your business. Sadly, this opportunity is often subverted by criminals and hackers to be much more dangerous.  And, with each new step the internet takes, there are even more chances for these criminals to take advantage of. For example, online payment sites such as PayPal have allowed businesses to work closely with their customers to deliver hassle free payment methods. But, with a financial element at play, these sites have been heavily targeted.

Hackers have developed sophisticated techniques for setting up fake and scam websites, so it’s difficult to identify these fraudulent sites. However, by learning a little more about these techniques you can learn how to identify fake and scam websites.

What Do You Need to Look Out For?

There are a number of tell-tale signs adopted by fake and scam websites, so make sure you take note of the following when browsing online:

  • Always Check the URL: The address bar of your browser is one of the most important tools at your disposal when trying to identifying a fake website. The URL listed in the address bar may look genuine, but it’s crucial that you always look a little closer. A URL may read, for example, bankofamerica.com.authorization-process.com and look genuine due to the first part of the URL. But, on this occasion, bankofamerica.com is only acting as the sub-domain. The domain that you have actually visited is authorization-process.com. 
  • Secure Connections: You should only ever visit websites that have secure connections. This security is indicated by either a HTTPS prefix on a URL or the presence of a padlock image next to the URL. Without these indicators then the connection will be unsecured and your data can easily be viewed. Naturally, a genuine website will always deliver these security indicators, so if these are not present then leave the website immediately. 
  • Search Out Trust Seals: Websites that are secure pride themselves on this achievement. And this hard work is rewarded in the form of trust seals which can take the form of Google Trusted Store, Norton Secured and GeoTrust logos. A website with these, and similar, logos is trustworthy. But it’s very easy for a hacker to copy one of these logos on to any website they want. Thankfully, most trust seals can be clicked on to display verified certificate information. If this does not appear then assume that the trust seals are faked. 
  • Check the Grammar: A genuine website will have been written and proofread by professionals. But a fake website will often be designed in a rush and by people whose first language is not English. And the result is a website full of spelling mistakes. So, if you believe you’re on PayPal, but see it mistakenly spelled as PayPal then you can rest assured you’re not on the genuine site. 
  • Too Many Ads: Online ads are part and parcel of life now. But sometimes it may seem as though there are too many on a website. And this is the calling card of a fake or scam website. The excess adverts popping up are often malicious in themselves, so if you experience more than two when loading up a new page you should tread carefully and begin analyzing the web page further.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 13 14 15 16 17 19