Defense firms in over a dozen countries have found themselves targeted by a new backdoor threat named as ThreatNeedle. And it’s hitting firms hard.

The last thing that a defense firm wants is for their networks to be breached. Not only does it damage their reputation as a defense firm, but it puts significant data at risk. Hackers, of course, love to cause trouble, so a defense organization is the perfect target. But the hackers behind the ThreatNeedle malware are more than just a minor hacking group. The threat is believed to come from Lazarus, a secretive hacking group with ties to the North Korean government.

As this is a major threat we’re going to put ThreatNeedle under the microscope for a closer look.

What is ThreatNeedle?

ThreatNeedle takes a spear phishing approach to begin its campaign and does this by faking email addresses that look as though they belong to the target company. This move, which is relatively easy with an email server and the right software, allows the victims to be lulled into a false sense of security. This scenario is then exploited by embedding malicious links or attaching infected documents. Often, these emails have been laced with a COVID-19 theme in order to fully engage the user, but any subject may be used to rush the recipient into action.

The attackers, once the ThreatNeedle payload has been unleashed, are then able to take control of the victim’s PC. Naturally, this means that they will carry out typical hacking attacks such as:

  • Executing remote commands to run applications and download further malware
  • Send workstations into hibernation mode to disrupt IT activities
  • Log data and transmit to a remote PC where it can be archived and exploited

However, ThreatNeedle also has an innovative ace up its sleeve. Generally, if a network is segmented then malware will be limited to the segment it infects. This limits the amount of damage that can be caused to an entire network. So, for example, a set of PCs which are not connected to a network by the internet should be safe from all hacks. Unfortunately, ThreatNeedle is able to take advantage of IT department’s administrator privileges. This grants them the opportunity to access all segmented areas of a network. And it maximizes the damage they can cause.

How Do You Protect Against ThreatNeedle?

As with all malware, you don’t have to fall victim to ThreatNeedle. You just need to keep your wits about you and understand its threat. You can do this by carrying out the following:

  • Educate Staff on Phishing Emails: It’s important that your staff are fully trained on the dangers of phishing emails. Social engineering is a popular technique employed by hackers, but it can be thwarted if you know what to look for.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


bitcoin-miner

You don’t need dynamites to find Bitcoins, just enough knowledge and computer hardware.

Malware not only steals your personal data, but can also hijack your system and network resources to work on things you don’t approve of.

Bitcoin and other forms of cryptocurrencies have skyrocketed in popularity in recent months.  The cryptocurrency craze isn’t reserved just for investors as virtually anyone can get their hands on these lucrative digital coins—given they have the necessary resources.  What we’re talking about is: if you don’t have money to invest in Bitcoin, you can mine the Bitcoins.  Mining these coins, however, will require some computer know-how and hardware.

Stealing Without Physically Taking

When it comes to knowledge of how hardware works and where digital information flows, cybercriminals and hackers are ahead of the game.  What they lack is the hardware, but why do they need to purchase their own hardware when they can steal your processing power?  All they have to do is run malicious code on your computer to hijack the computer’s resources remotely and us it to mine Bitcoins for themselves.

Beginning late last year, a slew of malware aimed at hijacking computers for mining Bitcoins began infecting unsuspecting victims.  Where and how these tools make their way onto people’s computer can vary, but it is especially troubling if the source is a popular website like Yahoo.

Yahoo admitted in January that its advertising platform was utilized by cybercriminals to distribute hijacking malware and viruses.  Fox IT, a cybersecurity firm, estimates that as many as 2 million Yahoo users were affected by the exploit.  Yahoo, however, has not given an estimate how many of its users clicked the scam ads.

Must Click the Ad That’s Slick!

While most of us will try to ignore any type of ads that appear on a website, savvy marketers will always find a way to deploy attractive and mind boggling banners that will trick us into clicking.  Criminals are also marketers in a sense, and so it is likely that they used these marketing tactics to lure people into clicking their ads on Yahoo.

task manager

If you’re not running any resource intensive tasks, the task manager should display low CPU and memory usage.

If you’re a Yahoo user, and notice that your computer is running unusually slow as of late, check your computer’s resource monitor to see which process is taking up abnormally large amount of bandwidth, memory and CPU usage.  Any process or application that is hogging up too much system resources could potentially be one of these Bitcoin mining malwares.

If you’re having a hard time navigating and figuring out whether or not you’re a victim of the Bitcoin malware, please contact our IT professionals and we’ll be more than happy to give you a hand!

Read More


password-cracker

Pulling an account password can be hard or easy, it’s up to you.

The bottom line for when it comes to personal security on the internet is you must take care of it yourself.  Many .com companies will make lofty promises of keeping your private data secured, but when things go bust they don’t take responsibility when your account is compromized.

Read More