IBM-LogoMalware is a particularly virulent strain of hacking and can spread very quickly. However, when it gets help from a tech giant, it can spread even quicker.

It’s now been discovered that IBM have, quite accidentally, managed to ship USB flash drives containing malware. Now, the hacking threat of USB sticks is a readily acknowledged problem in the world of computing, but these attacks originate from anonymous, concealed hackers. IBM, obviously, haven’t gone out of their way to commit such malicious attacks, but the fact remains that it was their product which was used to help spread this infection.

It’s a highly embarrassing revelation for IBM and, once again, reinforces the fact that you need to be continuously on your guard against malware. Let’s take a look at exactly what happened and how one of the biggest names in computing found themselves duped into becoming a delivery method for malware.

How IBM Infected its Customers

Organizations are constantly facing a battle to create more storage for the increasing amounts of data involved in business, so IBM created the Storwize storage system. The installation tool shipped with the Stowize V3500, V3700 and V5000 is housed on a USB flash drive for ease of use, but it’s this flash drive which has been pre-loaded with malicious software.

Normal installation of the IBM tool usually takes place in a temporary folder on the computer’s hard drive, but the infected drives also install a malicious file to this temporary folder. This malicious file then sets about editing the user’s system registry in order to load up the malware every time the user logs on. A number of different Trojans – such as Pondre, Reconyc and Faedevour – have all been detected on the USB drives and this points towards the involvement of cybercriminals.

Naturally, IBM is very embarrassed by the whole fiasco and have been reticent to disclose information on how these USB drives came to be infected and just how many users are at risk. What they have advised is that the infected flash drives will have the part number ‘01AC585’ clearly labelled on them, so, at the very least, IBM customers can quickly check if they’re open to infection.

Treating the Infection

usbmalware

IBM’s immediate solutions to the infected USB drives are as follows:

  • Run your antivirus software to identify and remove any threats. The Trojans contained on the USB drives are well known and easily treated once caught.
  • Destroy the drive as soon as possible to completely eliminate the threat. IBM have now made the required (and non-malicious) software available on their website, so the need for the USB drive is now redundant.

Whilst this should rectify the risk of your system becoming compromised, it does little to quell the bad PR it’s caused for IBM. It also hammers home the fact that hackers are looking for more ingenious ways to deliver their malicious payloads, even having the nerve to piggyback their way onto systems through official IBM products. Obviously, the telltale signs of infections will still be there, so if you aren’t already running the following checks, you should certainly start:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


hacking-apple-idHackers are now turning to employees of organizations to help breach their defenses and this can be knowingly or unknowingly, but how are they doing it?

As this hacking technique doesn’t rely purely on digital attacks, it’s a unique problem in the world of cyber-security. Sure, the end result is the same in that the hackers want to access digital information, but this method of getting a head start makes their attacks more covert than ever.

To help you understand how these exploits can be initiated and unfold, I’m going to show you 4 ways that hackers are hacking your employees.

  1. USB Stick Hacks

USB sticks can cause huge issues for your PCs due to the amount of automated hacking software which can easily be loaded onto them; in some extreme cases, USB sticks can also be used to completely destroy a PC. More often than not, these attacks can be initiated by old fashioned human curiosity. A recent study showed that of 297 flash drives left in a college parking lot, over half of these drives ended up being plugged into a PC. Therefore, staff need to be made aware that unauthorized devices should never be plugged into their workstations.

  1. Website Information

Many organizations display details of their employees on their website in order to show the people behind the business. Whilst this is a great method for engaging customers and clients, it also allows hackers to begin building a portfolio of information on targeted individuals e.g. with access to photos and email addresses, it’s possible to not only target these email addresses, but actually track them down in real life. This opens up your employees to direct approaches and is a good reason why information about employees should be minimized on the public internet.

  1. Phishing

The oldest, and perhaps simplest, method of hacking employees is by phishing. Deceptively convincing, phishing attacks often take the form of genuine looking emails requesting personal information. The most common technique is for the hacker to fake a company email in order to obtain sensitive data e.g. emails are often dispatched which appear to originate from the organization’s IT department and request login details, but actually originate from outside the business. Employees need to receive regular training on how to spot phishing emails.

  1. Vishing and SmishingsmishingSTILL

A relatively new approach to hacking employees is via vishing (obtaining information via phone calls) and smishing (mining for data through SMS messaging). Vishing often takes the form of a phonecall from a potential customer, but it’s actually a hacker trying to learn information about the organization’s structure and security through careful questioning. Smishing tends to target employees with links that they’re encouraged to click and then forwards them to a phishing website to extract data. Again, good training is crucial to ensure your staff can recognize these threats.

These four methods of hacking your employees use a number of highly sophisticated methods that prey on human curiosity and misplaced trust. They’re also remarkably easy to execute, so the key is to remember that regular training to increase awareness is the best defense against such attacks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


DNS-Messenger

We’re used to hackers using conventional attack strategies, so, although we can defend these, it means hackers are looking for more discreet attack methods.

And, just recently, hackers have been looking to exploit routes in and out of our PCs which are not usually monitored for malicious activity. It makes sense for hackers to seek out these poorly defended access points as, for hackers, the best hack is an easy hack.

For businesses, though, it raises a lot of questions on just how in-depth and conscientious your security efforts need to be; in order to help you understand the situation and nature of these attacks, I’m going to discuss the DNSMessenger threat.

DNS as a Means of Attack

The Domain Name System (DNS) is the method by which the domain name of a website, computer or network is converted into an IP address which is a numerical code that can be recognized by PCs e.g. one of the many IP addresses for Google is 74.125.224.72

Now, as DNS helps PCs to communicate with many other systems, it provides a very useful route for hackers to breach defenses. Thankfully, it’s very difficult for hackers to hack directly into the DNS channels, but by using a malware exploit they can gain access. And it’s all part of a trend in the evolution of malware.

Users are prompted to download an MSWord document – containing malicious code – through an email phishing campaign which sets the attack in motion. The malicious payload is written in the Powershell language which permits administration tasks to become automated. It’s at this point that the hackers can identify user privileges and plan the next step of the attack which utilizes the DNS.

Using the DNS, hackers are able to send commands directly to the user’s system and effectively have free rein over that system. What’s particularly deceptive (and clever) about this attack method is that it’s very difficult to monitor; few systems monitor DNS traffic and Powershell operates purely in the system’s memory rather than relying on external files which are easily identifiable.

Combatting DNS Attacks

Security-Icon-Microsoft-696x464

Whilst there are niche software solutions that can help protect businesses from DNS attacks, the simplest solution is by educating your staff on the telltale signs of malware and phishing:

  • If you do not recognize an email address then, under no circumstances, click on any links or files contained within it. And, even if you do recognize the sender’s email address, run a quick audit on the email’s content as the sender’s account could have been hacked – badly worded and poorly formatted emails are often a sign of hacked emails.
  • The DNSMessenger attack is only able to unleash its payload once the infected Word document is opened and the recipient clicks on the pop up window prompting them to “Enable Content”. By enabling the content, the recipient is unwillingly giving permission for their system to be hacked, so always treat this request with suspicion.

These preventative methods are fairly simple, but, due to the volume of emails people receive these days, there doesn’t seem to be the time to carry out these quick checks. However, with hackers taking their attacks in new directions which are incredibly difficult to monitor, a few seconds thought could save your systems from a nasty attack.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


download

With the ever increasing rise in cyber security attacks, PC users are becoming more vigilant. However, do they know what they should be wary of in 2017?

The IT security landscape is constantly changing, so what may be considered a contemporary threat one year, may soon fall into obscurity as defenses improve. However, certain security threats seem to be becoming more and more prevalent. Therefore, it’s make sense to acquaint yourself with the most likely attacks you’re going to experience in the near future.

And, as luck would have it, I’ve decided to take a quick look at the biggest IT security threats coming in 2017.

Rise in Ransomwareransomware-expert-tips-featured

Ransomware made big headlines in 2016, but far from being swiftly dealt with, it’s expected that ransomware attacks are going to rise in 2017. With the source code for ransomware software becoming readily available online, it’s encouraged hackers to become competitive and improve on each other’s brand of ransomware. When this is coupled with the relative ease that ransomware can generate revenue for the hacker, it’s no surprise that more and more attacks are on their way.

Big Data Causes More Risk

Big Data is causing huge ripples throughout the business community as it’s an approach which is focusing IT efforts on analyzing large sets of data to improve operations. However, as big data is so new, the business community doesn’t yet know how to marshal it efficiently.

With such huge data sets being openly shared between departments and businesses, the security of this data is being severely compromised. This presents a severe problem if security is breached due to the large amount of data at risk. Big Data needs to be correctly controlled and access restricted otherwise it will be in the headlines for all the wrong reasons.

Business Email Compromise (BEC) Scams

BEC scams hit businesses all over the world last year and some high profile names fell victim to this straightforward scam. By sending emails purporting to be from company CEOs, hackers have been able to con employees in to sending out either sensitive information or, in extreme cases, transfer bank funds. And, with pay outs from BEC scams reaching as high as $140,000, hackers are going to maximize their efforts on this simple and easy attack this year.

Internal Threats to Increase

insider-threats

Hackers are well aware that IT security teams are gradually getting better at blocking their attempts to infiltrate their defenses, so that’s why the hackers are turning to those on the inside. Sometimes this literally means teaming up with an employee on the inside to facilitate the theft of data. However, this inside threat can sometimes be the result of blackmail following the hacking of an employee’s social media account and the threat of revealing personal information. This is a difficult form of hacking to combat, but reinforces the need of good employee education on IT security in and out of the workplace.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


puppetmaster-1
We all expect hackers to use malicious code to access our sensitive data and networks, but the easiest way for them to gain access is actually through us.

It’s easy to feel that your data and network is secure once you’ve armed yourself with firewalls and antivirus software, but the truth is that hackers can easily circumnavigate your defenses by coming at them from a non-digital angle.

And hackers are frequently turning to social engineering in order to trip us up and access our systems and networks quicker than ever before. Giving hackers an easy ride is the last thing you want to do, so it’s time to brush up on the dangers of social engineering.

What is Social Engineering?

You’re probably most familiar with social engineering through those ridiculous emails which promise you millions of dollars in exchange for helping out a Nigerian prince with a bank transfer. All you have to do is forward your bank details, social security number, driving license and shoe size to an associate of this Nigerian prince to help facilitate the process…

Obviously, this is nothing more than a scam and it’s been around for well over 10 years and most people recognize this, but some people still fall for it! Thankfully, emails such as this are swiftly diverted to our spam folders these days, but hackers are adapting more sophisticated and personalized methods such as the breach of Snapchat’s defenses following an email which purported to be from Snapchat’s CEO.

And, believe it or not, but some real life social engineers are confident enough in their abilities to walk into businesses and start hacking computers in front of blissfully ignorant employees. If anything defined the evolution of social engineering and hacking then it’s this, so how do you combat the rise of social engineering?

Combatting Social Engineering

bigstock-man-and-data-protection-concep-39531229-720x380
As social engineering is such a deceptive method of hacking – which sometimes doesn’t even involve an internet connection – it’s very difficult to rely on your tried and trusted firewalls and antivirus software to safeguard yourself. Therefore, it’s crucial that you put other defenses and processes in place:

  • Slow down and think – Social engineering thrives upon its victims letting their guard down and this often happens due to them acting too quickly. Say, for example, you receive an email from your CEO requesting sensitive data, you don’t want to keep the boss waiting, but is it genuine? Would the CEO come direct to you for this or would he delegate this through the appropriate channels?

 

  • Don’t rely on email filters, rely on people – With a few tweaks, it’s easy to get any email through any email filter. And that’s why you need to rely on the knowledge of your employees. The best way to ensure that employees can recognize social engineering attempts is through regular training on what the tell-tale signs are.

 

  • Monitor your servers – Due to the ability of social engineers being able to literally walk in and take what they want, you need to make sure that your servers are monitored by CCTV. This allows you to identify and record any unauthorized access to prevent the most embarrassing form of data theft for any organization.

 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More