5 Different Types of Malware to Look Out For

botnets, fileless malware, malvertising, malware, Ophtek, Ransomware, spyware, , , , , ,
06
Oct 2020

The world of malware is a complex one due to the sheer variety of forms it can take. And it’s these differences which make it difficult to deal with.

The term malware is generally used as an all-encompassing term to describe a piece of malicious software. But, over the years, many different strains of malware have emerged as hackers evolve their tools and techniques. These strategies are often put into action to help avoid detection, but sometimes these new strains are the result of changes in technology.

Regardless of the reasons for developing a new malware variant, the end result is the same: a threat to your PC.

It’s vital that these threats are countered to protect your networks and your data; the best way to secure this safety is by understanding the different types of malware.

Identifying the Most Common Malware Variants
It’s difficult to put a precise number on all the malware strains that are out in the digital wild, but these are five of the most common forms:

1. Ransomware: One of the most debilitating forms of malware, in terms of finance and productivity, ransomware has generated many headlines over the last few years. It’s a type of malware which infects PCs and encrypts crucial files. The only way to decrypt these locked files is by paying a ransom, usually demanded in an untraceable cryptocurrency, in order to obtain a key for their release.

2. Malvertising: We all find online adverts irritating, but usually all we have to do is either close or mute the advert. With malvertising, however, things are more sinister. A new take on malware, malvertising laces legitimate online adverts with malicious files . And what’s most troubling about this malware strain is that it doesn’t require any user action e.g. clicking on the advert. If the advert runs then the malware is active.

3. Botnets: Hackers like to strengthen their attacks and one of the simplest ways for them to achieve this is by infecting large numbers of PCs. By collecting together whole networks of PCs, a hacker can use these numbers, and associated processing power, to launch large attacks on other networks and websites. These botnets are created through malware attacks and are causing particular problems within IoT networks.

4. Spyware: Data is crucial to organizations and, due to its value, is also highly prized by hackers. Not only can data be used to access secure systems, but financial data is extremely valuable. Therefore, hackers are keen to steal this data; spyware represents one of the easiest methods of achieving this. Once a PC is infected with spyware it’s every action is monitored, logged and transmitted e.g. keystrokes are recorded to reveal sensitive login details.

5. Fileless Malware: One of the more recent developments in malware, fileless variants are exactly what they sound like: no files necessary. Fileless malware sidesteps the traditional route of operating within the hard drive and, instead, works within a PCs memory. This is a clever approach as anti-malware software concentrates on hard drive activity. From the relative safety of a PCs memory, fileless malware leaves little evidence of its presence.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

ATM Manufacturer Rocked by Malware Attack

ATM Attack, malware, Ophtek, Security, , ,
15
Sep 2020

We all use ATMs on a regular basis and are well aware of the need for security when using them. But what happens when the manufacturer gets hacked?
The number of malware attacks and infections in 2020 are, as ever, exceptionally high. With Kaspersky blocking 726,536,269 attacks alone in the first three months it would be surprising if any PC has avoided the attentions of hackers. With a strong set of defenses, however, your PC should have remained safe and secure. But the same cannot be said for NCR Corporation, a manufacturer of ATMs. A lapse in security allowed their network to be breached by a piece of malware known as Lethic.

The fact that a major corporation’s defenses were breached is concerning enough, but what’s most troubling is that it’s located in the personal finance sector. Let’s take a look at what happened and see what we can learn.

How Did Lethic Attack NCR?

A series of computers located in a non-production lab, located outside of the US, owned by NCR have been found to be infected with the Lethic malware. Far from being a new form of malware, Lethic has been out in the digital wild since 2008. You may be wondering how such an old piece of malware can deceive modern defense systems and it’s a good question. To avoid detection, hackers simply alter the code of existing malware to change the structure detected by security systems. It’s a relatively quick method of coding which essentially gives the hacker a new piece of malware.

Lethic has, in the past, generally been used to wage spam campaigns. But it’s capable of much more thanks to its arsenal of trojan tools. These include the ability to download additional malware, data logging and remote access. This is the last thing that any company, especially one involved in ATM manufacturing, wants to leave itself open to. At the moment it’s not clear how Lethic breached NCR, but security firm Prevailion has confirmed that unauthorized data transmissions were detected for over six months. Thankfully, NCR have confirmed that the infected PCs were completely separate from any networks involved in developing ATM software or storing customer details.

Avoiding Malware Attacks

If Lethic had managed to find its way into the operating software for ATMs then NCR would have had a huge disaster on their hands. Nonetheless, all breaches need to be avoided. So, make sure that your organization always follows these best practices:

Install Anti-Malware Software: While these systems can never claim to be effective against 100% of malware, a strong anti-malware app will stop the majority of malware in its tracks. This prevents data loss and network damage quickly and automatically.

Think Before Clicking: Social engineering is a significant factor in deploying malware and this means that emails and the links they contain may not be what they seem. Therefore, always take the time to double check an email to confirm it is genuine.

Always Update: Vulnerabilities in software provide the simplest route into a PC for a hacker. But you can shut off these routes by keeping on top of any software updates/patches. Always install these updates immediately to eliminate any vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Trickbot Malware Shows that Hackers are Getting Cleverer

Hackers, malware, Ophtek, Spam, , , ,
21
Jul 2020

Malware is a thorn which we find in our sides on a regular basis. But what happens when this thorn becomes even harder to tackle? The answer is Trickbot.

First released in 2016, Trickbot has made its name by using a variety of attack methods. The malware has been shown to steal Bitcoin, target banks and harvest login credentials. Naturally, this makes it a very dangerous piece of malware. But as with a virus that attacks humans, this malware is constantly changing its DNA. New features have regularly been added to Trickbot which not only makes it harder to detect, but also makes it more dangerous.

Trickbot has the potential to cause significant damage to your IT setup, so it’s important to know what you’re up against.

The Lowdown on Trickbot

The most common infection method used by Trickbot is through the use of malicious spam campaigns. Emails that pretend to be from financial institutions are used to distribute infected attachments and URLs that the victims are urged to action. And, once the payload has been activated, it’s unlikely that the victim will be aware. Trickbot will communicate with a remote command and control centre almost silently and, at the same time, infect other PCs on the same network.

Trickbot’s Latest Trick

As we mentioned earlier, the hackers behind Trickbot thrive upon their ability to evolve the malware. And their latest upgrade to Trickbot is both innovative and deceptive. This is most keenly demonstrated by its ‘anti-virtual machine’ strategy. One of the safest ways for security professionals to analyze malware is within a virtual machine environment. Therefore, in order to hide its operations, Trickbot will stop working when it detects a virtual machine.

And, believe it or not, one of the simplest ways to do this is to analyze the PCs current screen resolution. Any screen resolution that is set to 1024×768 and below will cause Trickbot to terminate its operations. This means that security researchers using a virtual machine to will draw a blank. This is a very clever technique and is one that allows Trickbot to reactivate once the PC is restarted into a higher resolution.

How Do You Stop Trickbot?

Anti-malware software such as Malwarebytes is capable of detecting and removing most strains of Trickbot, but there will always be a slight delay when it comes to new strains. And, of course, you should never rely on removing infections as the best strategy for defense. Instead you should make every effort to prevent infection in the first place. This can be achieved in the following ways:

  • Evaluate All Incoming Emails: It’s essential that your staff is aware of the dangers of phishing emails. Thankfully, the tell-tale signs are easy to detect and, with this knowledge to hand, it should become much harder to fall victim to Trickbot. 
  • Avoid Malicious Websites: Given their deceptive nature, it’s easier said than done to avoid malicious websites. However, it’s crucial that you have the ability to identify malicious websites. This will severely limit the chances of downloading malware such as Trickbot. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Beware of Fake Resumes Packed with Malware

Hacking, malware, Ophtek, Security, Zloader, , , ,
23
Jun 2020

Hackers are keeping busier than ever and evolving their strategies almost daily; their latest method for attack is to target the humble resume.

Ask any HR professional to tell you how many resumes they receive in a week and they will be able to show you a mountain of them. Even in a business landscape which has changed dramatically over the last 20 years, a resume remains a crucial calling card for employment. And this is why hackers are keen to exploit them. It’s not just that a resume can easily be loaded with malware, it’s more that organizations are so familiar with them they are unlikely to suspect them.

Hackers, of course, thrive on complacency, so it’s time to take a look at what could be lurking inside that next resume.

Malware Laced Resumes

Resume themed scams are on the rise in the US and this latest installment centers around the use of the ZLoader malware. As with many strains of malware, ZLoader is designed to steal credentials. These credentials can include stored passwords and browsing histories, but also banking credentials. And what’s most concerning is that many of these infected resumes are being sent to financial institutions.

But what exactly do these compromised resumes look like? And how are they activated? Well, this is what happens:

  1. Recipient receives an email with a title along the lines of “Job Application” or “Advertised Job”.
  1. Upon opening the email, the recipient is encouraged to open an attached Excel document which claims to be a resume.
  1. If the Excel document is opened, the recipient is then prompted to activate a macro to enable the content.
  1. Unfortunately, activating the macro will only enable a download of the ZLoader malware to the recipient’s PC.
  1. One of ZLoader’s main attack strategies is to infect systems with a malicious app called Zeus which can record keystrokes and steal banking information.

How to Tackle Suspicious Resumes

ZLoader is a form of malware which has been around for several years now. And, thankfully, this means that many anti-malware tools are effective at identifying it and eliminating it. However, if ZLoader is only active for a few minutes it can steal valuable and damaging information. Therefore, it’s always advisable to practice the following:

  • Be Wary of Attachments: Even the most trusted source can be compromised and at the mercy of digital attacks. Say, for example, you receive a resume from a friend – does this mean you should open it without a second thought? The answer is no and this is because your friend’s email address could easily have been hacked. All email attachments should, as a result, be scanned with anti-virus software or checked by an IT professional. 
  • Never Enable Macros: A macro can be very useful for automating certain processes and features in an Office document. But this also makes them perfect for launching malware attacks. If you are ever prompted to enable a macro within an Office document you should verify that it is safe to run. And, again, this should be verified by an IT professional who will have more experience with malicious macros.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Snatch Malware Proves That Safe Mode Isn’t so Safe

malware, Network, Ophtek, Ransomware, Security, Security Threats, , , ,
14
Jan 2020

We’ve all had to boot into safe mode on our PCs at some point and you would assume it’s a safe environment. But the Snatch malware is proving otherwise.

Safe mode is a configuration mode that you can request your PC to boot into at startup. In safe mode, your PC will only execute essential applications. The functions of your PC will be limited, but it’s the perfect environment for fixing problems and removing various forms of malware. But it appears that Snatch is a brand of malware which can thrive in safe mode.

Snatch is a multi-factor threat which can cause real damage to your business, so it’s a slice of malware that you need to be protecting yourself against. To give you a head start, we’ve put together a quick lowdown on Snatch.

What is Snatch?

Snatch is a newly discovered malware variant which contains two key threats: a ransomware function and the ability to log and steal user data. It’s not the first piece of malware to come loaded with these threats, but its infection strategies are unique. Using brute force attacks, Snatch is targeting the PCs of various organizations. So far, this sounds far from unusual as brute force attacks are a fairly conventional form of hacking. But Snatch has a unique strategy.

Following the initial infection, Snatch forces the PC to reboot. And it’s at this point that Snatch informs the PC to boot into safe mode. It’s believed that this unusual, yet clever, step is initiated in order to avoid anti-virus software which is often disabled in safe mode. From here it can execute its malicious payload. Snatch will then begin encrypting files and demanding ransoms that have been as high as $35,000. There is also evidence that surveillance threats are present in Snatch, so data harvesting is likely to start once the infection is unleashed.

Protecting Yourself from Snatch

The Snatch malware has the capability to cause extensive damage to your organization in terms of both finances and credibility. It’s also disturbingly efficient as it deletes any volume shadow copies of the files it encrypts. By deleting these volume shadow copies, Snatch is ensuring that it’s impossible to restore the encrypted files. Therefore, it’s crucial that you protect your PCs from Snatch by:

  • Practice Good IT Security: The backbone of any secure network is based upon the actions of those using it. And this is why it’s important that all your users understand the basics of IT security. By embracing these practices it’s possible to keep your PCs protected from the majority of majority of malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 14 15 16 17 18 21