anti-malware Archives

Macros make our lives easier when it comes to repetitive tasks on PCs, but they’re also a potential route for malware to take advantage of.

The most up to date version of MS Office prevents macros from running automatically, and this is because macros have long been identified as a major malware risk. However, older versions of MS Office still run macros automatically, and this puts the PC running it at risk of being compromised. Legacy software, such as outdated versions of MS Office, comes with a number of risks and drawbacks, but budgetary constraints mean many businesses are unable to update.

Malicious MS Office Macro Clusters

A macro is a mini program which is designed to be executed within a Microsoft application and complete a routine task. So, for example, rather than taking 17 clicks through the Microsoft Word menu to execute a mail merge, you can use a single click of a macro to automate this process. Problems arise, however, when a macro is used to complete a damaging process, such as downloading or executing malware. And this is exactly what Cisco Talos has found within a cluster of malicious macros.

Several documents have been discovered which contain malware-infected macros, and they all have the potential to download malware such as PhantomCore, Havoc and Brute Ratel. Of note is that all of the macros detected so far appear to have been designed with the MacroPack framework, typically used for creating ‘red team exercises’ to simulate cybersecurity threats. Cisco Talos also discovered that the macros contained several lines of harmless code, this was most likely to lull users into a false sense of security.

Cisco Talos has been unable to point the finger of blame at any specific threat actor. It’s also possible that these macros were originally designed as a part of a legitimate cybersecurity exercise. Regardless of the origins of these macros, the fact remains that they have the potential to expose older versions of MS office to dangerous strains of malware.

Protect Your Systems from Malicious Macros

The dangers of malicious macros require you to remain vigilant about their threat. Clearly, with this specific threat, the simplest way to protect your IT systems is to upgrade to the latest version of MS Office. This will enable you to block the automatic running of macros and buy you some thinking time when you encounter a potentially malicious macro. As well as this measure, you should also ensure you’re following these best practices:

Always Verify Email Attachments: a common delivery method for malicious macros is through attachments included with phishing emails. This is why it’s crucial that you avoid opening macros in documents which have been received from unknown sources. As with all emails, it’s paramount that you verify the sender before interacting with any attachments.
Install All Security Updates: almost all software is regularly updated with security patches to prevent newly discovered vulnerabilities from being exploited. Macros are often used to facilitate the exploitation of software vulnerabilities, so it pays to be conscientious and install any security updates as soon as they’re available.
Use Anti-Malware Software: security suites, such as AVG, perform regular, automated scans of your PCs to identify any potential malware infections. In particular, many of these security suites target malicious macros, so they make a useful addition to your arsenal when targeting the threat of macros.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

A malware infection is always bad news but imagine being infected with multiple strains at once. Welcome to the new threat of malware cluster bombs.

Researchers at the cybersecurity firm KrakenLabs have revealed the dangers of a new malware technique launched by Unfurling Hemlock, a new threat actor group. Their malware cluster bombs have been verified as active in at least 10 countries, but most Unfurling Hemlock’s targets have been US-based. This attack has also been active for some time, with evidence of the earliest infections going back to February 2023.

The mere concept of malware cluster bombs is enough to worry any IT professional, so that’s why we’re going to delve a bit deeper and discuss how you can keep your IT systems safe.

Understanding Unfurling Hemlock’s Attack

This new attack starts, as with many malware attacks, through malicious emails or malware loaders. It would appear, perhaps to cover their own tracks, Unfurling Hemlock are paying other hackers to distribute their malware. The initial attack is focused around a malicious file named WEXTRACT.EXE. Within this executable is a collection of compressed cabinet files, each of which contains a strain of malware.

The final part of the attack comes when all of the malicious files have been extracted and are executed in reverse order. Each cluster bomb is believed to contain multiple strains of malware, so while the number is varied, the impact is always significant. Among these malware strains are a cocktail of different attacks, with botnets, backdoors, and info stealers all detected so far. Unfurling Hemlock’s ultimate aim, aside from causing digital chaos, is unknown, but KrakenLabs believe the threat actor may be harvesting sensitive data to sell.

The malware cluster bomb approach is innovative and effective for two reasons: the opportunities for monetization are increased and the multiple strains in use mean that persistence is enhanced. Ultimately, dropping ten strains of malware onto one device is more likely to provide opportunities for threat actors than a single strain.

Staying Safe from Malware Cluster Bombs

It’s clear that malware cluster bombs represent a serious threat to your IT infrastructure, and that’s why you need to keep your defenses secure. You can put this into action by following these best practices:

Regular Software Updates: ensure that all software, including operating systems and applications, is regularly updated and patched. Automated patch management tools can help make this easier, and Windows allows you to set automatic updates for Microsoft apps. Regular updates protect against known vulnerabilities and exploits which malicious actors often target with malicious files.
Antivirus and Anti-malware Solutions: always use reputable antivirus and anti-malware software across your network. These tools should be regularly updated to recognize and handle the latest threats. High-level security solutions will provide real-time protection, scanning, and removal of malicious files. This is conducted by regular scans and monitoring to ensure potential threats are detected and dealt with promptly.

Employee Education: carry out regular training sessions for employees to recognize phishing attempts, suspicious emails, and other potential threats. Training should include best practices for safe internet use, identifying social engineering tactics, and reporting suspicious activities. Your employees are your first line of defense, so it’s crucial you reduce the likelihood of attacks due to human error.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

Latin America Banks Targeted by BBTok Malware Variant

anti malware, antivirus software, banking malware, banking trojan, BBTok Malware, firewall, Ophtek, Phishing Emailanti-malware, antivirus, banking malware, BBTok, firewall, malware, Ophtek, phishingOphtek, LLC

Nov 2023

Back in 2020, a new banking trojan by the name of BBTok emerged into the digital landscape and was responsible for numerous attacks. And now it’s back.

Banks in Brazil and Mexico appear to be the main targets of BBTok’s new campaign, and it’s a variant which is far more powerful than any of its previous incarnations. Its main deceptive threat is that it is able to spoof the interfaces of 40 different banks in Brazil and Mexico. This means that it’s perfectly placed to harvest sensitive data. In particular, this new strain of BBTok is deceiving victims into disclosing their credit card details and authentication codes. This gives the campaign a financial angle and highlights the serious threat it poses.

How Does BBTok Launch Its Attacks?

BBTok’s latest strategy begins with a phishing email, one that contains a malicious link which kickstarts the attack by launching the malware alongside a dummy document. BBTok is particularly successful as it has been coded to deal with multiple versions of Windows, and it also tailors the content of the attack to both the victim’s country and operating system. BBTok also allows the threat actors behind it to execute remote commands and steal data without the victim being aware.

Most notably, however, is the way in which BBTok replicates the interface of numerous banking websites – such as Citibank and HSBC – to truly deceive the victim. Appearing to be genuine at first glance, these interfaces are used to trick victims into entering security codes and passwords associated with their accounts. This gives the threat actors full access to their financial data and, more disturbingly, full control over their finances. This means that unauthorized payments and bank transfers can quickly land the victim in severe financial trouble.

How to Stay Safe from Banking Malware

In an increasingly digital world, where we all make numerous financial transactions online every week, it’s important to remain guarded against banking malware. As well as the financial damage that malware such as BBTok can cause, it can also create a foothold for threat actors to delve deep into your networks. And this represents a major threat to the security of both your data and your customer’s data. Accordingly, you need to stay safe, and here are some crucial tips to help you:

Beware of phishing emails: your employees should always be cautious when opening emails or clicking on links from unknown sources. As with BBTok, many banking trojans spread through phishing emails which trick you in to visiting fake banking websites. This provides threat actors with the perfect opportunity to harvest your credentials. Therefore, make sure that your employees know how to quickly identify a phishing email and what to do with them.
Install a firewall: putting a firewall in front of your network is a vital step in strengthening your digital defenses. Firewalls act as keen-eyed gatekeepers who scrutinize incoming and outgoing traffic, this allows them to determine whether traffic is trusted and whether any alarms need to be raised. Banking trojans, of course, often transmit stolen data out of your network, so a firewall is the perfect way to identify and prevent this activity.
Strong endpoint security: to protect your network against malware, it’s essential that you employ robust cybersecurity measures throughout your business. In particular, employee workstations and mobile devices are most at risk, so installing advanced antivirus and anti-malware software here should be a priority.

For more ways to secure and optimize your business technology, contact your local IT professionals.

British Snacks in Short Supply Due to Ransomware Attack

anti malware, Backup Strategies, Employee Training, Ophtek, PC Security, PC Training, Ransomwareanti-malware, backup, Ophtek, PC Security, rensomware, TrainingOphtek, LLC

Feb 2022

British shoppers have been warned to expect some of their favorite snacks to be in short supply following a ransomware attack on a major manufacturer.

KP Snacks has been producing snacks in Britain since the 1850s, but this production has recently run into a major obstacle: ransomware. Cyber criminals have successfully launched a ransomware attack on KP Snacks, and its effects are running deep. Due to the impact of the ransomware on their IT infrastructures, KP Snacks has had to advise stores that delays in production are expected. As a result, British shoppers are likely to be facing empty shelves when they head out to pick up their favorite snacks.

Snack food may not be crucial to society, but the impacts of this hack demonstrate why organizations need to remain vigilant.

The Story Behind the Snack Attack

Following an unexplained outage of their IT systems, KP Snacks investigated and discovered that they had fallen victim to a strain of ransomware. The exact details of the ransomware in question has not, as of yet, been disclosed. However, rumors are circulating that the attack was launched by the WizardSpider group, a gang of hackers who attacked the Irish health service in 2021. It’s alleged, according to leaked sources, that KP Snacks was given five days to pay a ransom fee, but clarification on this is lacking.

The response of KP Snacks has been to launch a defensive strike against the attack. Being a major organization, the snack makers had a cybersecurity response plan which was quickly put into action. Third-party security experts have also been drafted in to complete a forensic analysis of the firm’s IT infrastructure. Nonetheless, the disruption to productivity has hit KP Snacks hard. As well as their IT systems being compromised, their communications systems have been hit equally hard. In modern business, these two elements are essential for operating and, as a result, supply shortages are expected.

Protecting Yourself Against Ransomware

While a shortage of snacks may sound like a mild inconvenience, this is only the tip of the iceberg. Not only is there a financial risk for KP Snacks, but the company’s employees can also expect financial ramifications e.g. delayed payments due to compromised IT systems and even the threat of redundancy. Naturally, this is a situation that no organization wants to find itself in, so make sure you always follow this advice:

Always Backup: the main impact of ransomware is that it encrypts files before demanding a ransom fee to decrypt them. However, you can minimize the impact of this effect by ensuring you have a strong backup strategy in place. This will provide you with access to your data and provide you with business continuity.

User Training: ransomware can be activated in a number of different ways such as infected emails, malicious links and running outdated software. Thankfully, shutting these attack routes down is relatively easy with the correct training. Therefore, regular staff training is vital when it comes to securing your IT defenses.

Install Anti-Malware Tools: it’s almost impossible to detect every single threat in the digital wild, but anti-malware tools will protect you from most of them. Installing anti-malware tools is simple and instantly provides an enhanced level of protection against ransomware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Malicious Macros Target Old Versions of MS Office

Malware Cluster Bombs: A New Threat

Latin America Banks Targeted by BBTok Malware Variant

British Snacks in Short Supply Due to Ransomware Attack

Tag Archives: anti-malware