T9000 Trojan Can Compromise Skype and PC Security

Security, ,
15
Mar 2016

skype-lockAside from when video connections drop out, is a useful piece of software for businesses. However, the T9000 trojan is compromising Skype’s security.

Skype is an amazingly innovative app which has helped make the world that little bit smaller and cost effective. The days of having to pay extortionate rates to call people on the other side of the globe are over. And you can even throw in video conferencing as an added bonus!

Unfortunately, hackers are also innovative and if they discover there’s even a minuscule opportunity to breach a piece of software they’ll pounce upon it. Researchers at Palo Alto Networks have discovered that this is exactly what is happening with Skype and the T9000 trojan.

As Skype is an essential business tool, it was crucial to look through what the T9000 is capable of and how to protect yourself.

The Hard Facts about the T9000

Virus Detected

The T9000 trojan is actually an upgrade of the T5000 trojan which was first spotted in 2013/14. The delivery route of the T9000 trojan appears to be through spear phishing emails in the form of infected Rich Text Format (RTF) files which contain exploits for Microsoft Office controls.

Once the malware contained within these RTF files is activated, the following processes take place:

  • The first step the malware takes is to check for the presence of the 24 most common security products e.g. Kaspersky, AVG and McAfee
  • The malware is then installed onto the system’s hard drive and performs a number of checks which allow the T9000 trojan to relay information about the user’s system to the control and command centre supporting the attack
  • Three plugins (tyeu.dat, vnkd.dat and qhnj.dat) are then decompressed and executed on the infected system
  • The tyeu.dat plugin is the one which will hijack Skype through a user prompt next time Skype is started

If this user prompt is authorized then the T9000 can begin spying on the user’s Skype sessions.  This allows the T9000 the perfect opportunity to steal screenshots, audio and video data from the infected system.

The vnkd.dat plugin also works away in the background with its main intent being to steal files from the hard drive or any removable devices. Finally, the qhnj.dat plugin gives the control and command center the opportunity to send commands to the infected computers and spy on any user activity.

Protecting yourself from the T9000

virus_protection

The T9000 trojan is a very sophisticated piece of malware which threatens the security of your system on a number of different levels. The key to avoiding infection, as ever, is to practice good security methods.

Training staff on the dangers of unknown and unusual attachments is paramount, but your staff are only human and mistakes will no doubt be made. The T9000, however, is not infallible, so if your business has professional network security in place the threat will be limited or stopped in its tracks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Malicious Emails Caused Power Outages

Security, ,
08
Mar 2016

email-threatsMalware causes many security concerns, but, just recently, hackers have been targeting the Ukraine’s electric distributors to bring havoc to power supplies.

Instead of merely targeting secure data such as financial and classified information, the authors behind the malware – known as Black Energy – are infiltrating the systems at leading energy suppliers to cause widespread disruption.

To better understand the serious risk that this can bring to a business, we decided to investigate exactly how the hackers are executing this attack.

What’s a Spear Phishing Email?

The malware attacks in the Ukraine have been carried out with the help of a spear phishing email, but what exactly is this?

Well, it’s pretty similar to your standard phishing email, but a little more sophisticated.

A spear phishing email attempts to deceive you by demonstrating a level of familiarity. For example, instead of starting with Dear Sir/Madam, it’s likely to use your actual name e.g. Dear Ben. And it’s also likely to make a reference, in some way, to an event in your life e.g. marriage, online purchase etc.

And where do they pull this information from? It’s pretty simple, social media sites and pretty much anywhere online where you may upload personal information.

By demonstrating some familiarity with yourself, the hacker is able to lower your defenses and increase their chances of extracting information and potential access to your system.

How Did Black Energy Gain Access?

Powerlines_2

The Black Energy malware attack involves a spear phishing email which contains a seemingly innocent Excel document. Once this document is opened, the recipient is advised to enable macros, but this is a big mistake!

Once the macros are enabled, the Trojan downloader loads up malware which is capable of executing files, keylogging secure data and taking screenshots. This backdoor into the infected system is operated through a Gmail account and contributes to the difficulty in tracing the hackers.

 

The Effect on Power Companies

Ukrainian power companies such as Prykarpattyaoblenergo and Kyivoblenergo have been attacked by Black Energy and suffered widespread disruption to their operations. The biggest impact of this has been the resulting outages in power for local regions.

Although it’s not been confirmed or denied, it’s unlikely that the Black Energy creators were actively involved in flicking the power switch off. It’s more likely that infected systems struggled to operate and are unable to boot correctly or freeze.

The cumulative effect of these symptoms is that the energy companies are unable to run their system as intended and things start to go wrong. In several cases, this has resulted in the reported power outages.

Obviously, energy is essential everyone in the surrounding community, so this threat is being taken very seriously.

Combating Spear Phishing Emails

fake-email

Spear phishing emails appear very genuine, but their deceptive power should not be underestimated as the Ukraine has learned. Business staff need to remain vigilant of all emails coming into their business in order to maintain security.

The authors behind Black Energy are yet to be identified, so the threat of them (and others like them) striking again remains a very real risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

No More Passwords: Could Passwords Become Extinct?

Security,
23
Feb 2016

No more passwords

We’re all used to creating and remember passwords when working with sensitive data, but could Google make the password a thing of the past?

Passwords are essential when it comes to working with PCs due to the amount of confidential data that they may contain and process. When it comes to business usage, it’s likely that you’re going to need several different passwords to access all your software and hardware needs.

Google, keen as ever to re-invent the digital wheel, has decided that perhaps it’s time to approach data security in a different manner. That’s why they’re trying to implement smartphones as the key factor in accessing data.

Let’s take a look at why Google are doing this and how they plan to achieve it.

The Problems with Passwords

Facebook-Password-Sniper-v1.2-Hack

You’re probably well aware that passwords are inconvenient. After all, the number of passwords you need to use on your PC at work can become disorientating, so it’s no surprise when you forget them. As a result you’ll tap in a couple of guesses and find yourself locked out. It’s then down to your IT team to manually reset your password.

Aside from this inconvenience, though, there are a number of reasons why passwords are not the best way of securing data:

  • Many users use the same password for all their accounts to avoid having to remember numerous passwords. It’s a nice, quick solution but if their password is hijacked then it compromises all their accounts
  • Hackers are able to use spyware and keystroke loggers to easily steal users passwords without them knowing
  • Password reset questions are often very easy to guess, so this offers an easy route into your systems for hackers

There are obviously problems with relying on the humble password, so how are Google going to take security to a new level?

No More Passwords

gmail-password-forgot

Google plans to eliminate the need for passwords to access your Google account by tapping into the modern obsession with smartphones.

Here’s how it’s going to work:

  1. You’ll head over to the Google sign in page and enter your email address as per normal.
  2. At this point your smartphone will receive a notification message asking you to confirm your login.
  3. Once you authorize this – with one tap of the “YES” button – your device (be it PC, tablet or smartphone) will be given access to your Google account.

And don’t worry if your smartphone has run out of battery or you’ve lost it. You’ll still have the option to use your password to login to your Google account.

What Does This Mean for Your Business?

Google’s vision paints an interesting future for your business and the way in which you protect your computer systems. It also highlights the lack of security behind passwords and how you need to ensure that your business is well protected from the threat of hackers.

If Google’s trial is successful then it’s likely that we’ll see this new approach to security filtering into the business world fairly quickly. And not only will it protect your data’s security, it will also reduce the amount of man hours spent resetting passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Important is Cloud Security for Small Businesses?

Security,
09
Feb 2016

Cloud Computing

Cloud computing allows you to run programs and store data on the internet and is a world away from the traditional method of physical installs and servers.

It offers flexibility, enhances collaboration and reduces overheads, but many businesses are wary of cloud computing. Sure, it’s a new way of doing things, so this is always going to induce a little anxiety. However, there have also been numerous headlines about the cloud’s security which has raised concerns.

To try and sort the myths from the facts, We’re going to take you through the security aspects of cloud computing.

Cloud Security Breaches are Big News

We’ve all heard a scare story about the cloud becoming breached and the most famous of these is probably ‘The Fappening’ which saw Apple’s iCloud breached to obtain personal photos of celebrities.

The Fappening, naturally, was distressing for those celebrities involved, but also brought to the public’s attention that maybe data isn’t that secure up in the cloud. Matters haven’t been helped by similar concerns being raised such as the possibility that stealing millions of Apple iCloud passwords can be achieved with a simple phishing email.

However, there are always going to be hackers, so is it fair to label cloud computing as a proposition which is too risky? Or is it just a simple case of monitoring the cloud’s security as you would any other type of network?

A Secure Provider is Essential

cloud_swiss_army_knife_nobg

With cloud computing being a relatively new phenomenon it’s not a surprise that there’s a little ambiguity over whom exactly is responsible for what. Cloud vendors are more than happy to provide you with the infrastructure to start cloud computing, but the levels of security are going to vary between providers.

Many cloud vendors may expect your in-house IT team to take on at least some of the responsibility for your cloud network. The problem is, though, that cloud computing is such a new form of networking that most in house IT teams simply don’t have the necessary knowledge to secure their cloud effectively.

Therefore, with the threat landscape ever expanding, it’s important that you identify a cloud vendor who can provide a fully experienced team of personnel to monitor the cloud’s security. The costs, obviously, will increase, but for the peace of mind it brings, it’s relatively small change.

Increasing Your Cloud Security In-House

cloud_security

Now, I know that I just said it’s not a good idea to take on cloud security yourself, but there are certainly ways you can help maximize it at your end!

Remember that your whole network can become compromised by the smallest mistake. This is why it’s essential that you take the following steps:

  • Remind staff of the importance of choosing strong passwords. I always feel that it’s a good idea to insist on the need for a number, symbol and uppercase letter in a password. It may mean that they’re harder to remember, but it also means they’re harder to guess.
  • Increase the level of authentication required for even the most basic applications e.g. instead of just asking for a username or password, follow this up with the need to enter a code sent by SMS to approve access to certain network areas.

Should You Move to the Cloud?

The cloud is, undoubtedly, the future of computing and will prove to be a significant factor in businesses remaining competitive. It’s always difficult to break from the traditional methods of working, especially with security concerns ever present, but as long as you ensure security is tight then it’s the logical step forwards.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Email Security Tips for Small Businesses

Security,
25
Jan 2016

Email Security

Email security is a crucial focus for your business, but as it offers a gateway into your systems you need to understand how to keep it secure.

If your email security is below standard then you’re opening up your network and sensitive data to the mercy of malicious software e.g. trojan horses, malware and viruses which can really disrupt your business and compromise your data.

No business wants this type of risk bubbling away in the background, so we’re going to take you through 5 essential tips which will ensure your emails are secure.

1. Does It Have to Be Emailed?

There’s a tendency to assume that because email is available it has to be used. And many people feel that, seeing as email servers have plenty of storage, that all those attachments are just fine to be stored there.

However, both these methods ensure that data is readily available should your servers be hacked.

Therefore, if you’ve got a highly important report which contains sensitive data it may be best to seek an alternative delivery method e.g. via courier. And do attachments need to stay on the email server? No, they don’t. They can easily be archived to external hard drives which offer security and plenty of retrieval options.

2. Don’t Access Emails from Public Networks

6_secure_email_iStock

It seems as though everywhere you go these days there’s a public wifi network that you can hop onto in a couple of seconds. This accessibility means you can connect with your emails no matter where you are, so many people take advantage of it.

However, the security of these public networks can never be predicted. Due to their ubiquity they’re also the regular targets of hackers. This means that secure data such as your passwords are at risk and this can grant hackers a foothold in your system.

Sometimes, though, you’re going to need to access your emails on the move, so connecting via a public network will be your only option. To protect against any viable security threats, the best practice is to employ two factor authentication for your email servers to provide extra security.

3. Password Resets

padlock-security-protection-hacking

Employees love to keep their password the same for as long as possible because it means it’s easy to remember. And the easier to remember it is, the less chance there is that they’ll have to go through the hassle of ringing their IT department to reset it.

However, this type of complacency leads to your emails becoming vulnerable as it becomes easier to infiltrate your system over a long period of time.

That’s why we would recommend that your email software forces users to routinely change their password every 4 – 6 weeks. And if emails are entered incorrectly 3 times then make sure that email account is locked straightaway!

4. Filter All Attachments

Malicious content is most likely to enter your business’ network through email attachments, so it’s vital that you set up email filters to protect your business. These filters will help block any suspicious attachments and give you the time to review them before releasing them into your system.

Remember, hackers are becoming increasingly sophisticated and are able to package malicious software into seemingly innocent files e.g. a spreadsheet entitled “Monthly Sales Report” may appear genuine, but something nasty may be lurking in the background.

5. Train Your Staff on Email Security

email security training

Staff, of course, represent the final wall between emails and your servers, so it’s important they receive training on email security.

This should be carried out upon their induction into your company, but it’s also a good idea to regularly email updates around warning of any on-going threats. This knowledge allows them to understand what they should be looking out for and helps keep your email security sage.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 30 31 32 33 34 47