Trickbot Malware Shows that Hackers are Getting Cleverer

Hackers, malware, Ophtek, Spam, , , ,
21
Jul 2020

Malware is a thorn which we find in our sides on a regular basis. But what happens when this thorn becomes even harder to tackle? The answer is Trickbot.

First released in 2016, Trickbot has made its name by using a variety of attack methods. The malware has been shown to steal Bitcoin, target banks and harvest login credentials. Naturally, this makes it a very dangerous piece of malware. But as with a virus that attacks humans, this malware is constantly changing its DNA. New features have regularly been added to Trickbot which not only makes it harder to detect, but also makes it more dangerous.

Trickbot has the potential to cause significant damage to your IT setup, so it’s important to know what you’re up against.

The Lowdown on Trickbot

The most common infection method used by Trickbot is through the use of malicious spam campaigns. Emails that pretend to be from financial institutions are used to distribute infected attachments and URLs that the victims are urged to action. And, once the payload has been activated, it’s unlikely that the victim will be aware. Trickbot will communicate with a remote command and control centre almost silently and, at the same time, infect other PCs on the same network.

Trickbot’s Latest Trick

As we mentioned earlier, the hackers behind Trickbot thrive upon their ability to evolve the malware. And their latest upgrade to Trickbot is both innovative and deceptive. This is most keenly demonstrated by its ‘anti-virtual machine’ strategy. One of the safest ways for security professionals to analyze malware is within a virtual machine environment. Therefore, in order to hide its operations, Trickbot will stop working when it detects a virtual machine.

And, believe it or not, one of the simplest ways to do this is to analyze the PCs current screen resolution. Any screen resolution that is set to 1024×768 and below will cause Trickbot to terminate its operations. This means that security researchers using a virtual machine to will draw a blank. This is a very clever technique and is one that allows Trickbot to reactivate once the PC is restarted into a higher resolution.

How Do You Stop Trickbot?

Anti-malware software such as Malwarebytes is capable of detecting and removing most strains of Trickbot, but there will always be a slight delay when it comes to new strains. And, of course, you should never rely on removing infections as the best strategy for defense. Instead you should make every effort to prevent infection in the first place. This can be achieved in the following ways:

  • Evaluate All Incoming Emails: It’s essential that your staff is aware of the dangers of phishing emails. Thankfully, the tell-tale signs are easy to detect and, with this knowledge to hand, it should become much harder to fall victim to Trickbot. 
  • Avoid Malicious Websites: Given their deceptive nature, it’s easier said than done to avoid malicious websites. However, it’s crucial that you have the ability to identify malicious websites. This will severely limit the chances of downloading malware such as Trickbot. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What is Hacking?

Hackers, Hacking, Hijacks, Ophtek, Security, Viruses, , , , , ,
02
Jul 2019

We all know that hacking goes on. And it certainly goes on in business. But how much do we know about it? The truth is we don’t know as much as we should.

The general consensus is that most people know what a hacker is and how they go about their business. This is why there are so many anti-hacking products available. However, using these products on their own isn’t enough to guarantee safety. In fact there is no guarantee. But you can enhance your protection significantly with an understanding of the basics of hacking. It’s important to know what a hacker is attempting to do. With this in mind you have a much better chance of preventing or resolving the hack.

What is Hacking?

Hacking causes chaos. Lots of chaos. And that’s not an understatement. But what exactly is it? It can be many things, but the basic core of hacking is to compromise devices. These can include PCs, networks and smart devices. Regardless of the device a hacker wants to gain unauthorized access to it. Sometimes this access can be used to steal data and sometimes it can be to cause sabotage. There are a wide range of techniques involved and we’ll take a look at them later.

Who are the Hackers?

The traditional image of a hacker that most people have in their minds isn’t entirely accurate. The pimply nosed, teenage hacker of cartoons may well exist in one form or another, but they’re not the only hacker out there. Due to the financial gain on offer from hacking, a number of criminal gangs are now developing sophisticated hacking methods to earn a nice income. And then there are the political gains that can be provided by hacking. There are a wide range of hackers out there, but identifying them is very difficult as they’re notoriously good at covering their tracks.

What Type of Hacks Are There?

The complexities of IT software and hardware mean that there is the potential for a variety of hacking techniques. Some of the most common methods are:

  • Ransomware: This is every organization’s worst nightmare. A relatively new form of malware, ransomware is spread through malicious emails that encourage recipients to click a link. If these links are clicked then a series of processes are executed that leave the victim’s hard drive encrypted. And the only way to decrypt the files is by paying a cryptocurrency ransom. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Infected Websites Are Mining Cryptocurrency

bitcoin, cryptocurrency, Hacking, Security, Security Threats, , ,
06
Apr 2018

Hackers are now infecting websites in order to take control of your PC’s processor and help power the resource heavy activity of cryptocurrency mining.

Cryptocurrencies, such as Bitcoin, have been generating countless headlines in the last year due to the huge values being attributed to them in the financial world. Now, despite cryptocurrencies being purely digital, they still need to be mined to help produce new coins. Naturally, this isn’t a simple task or, otherwise, everyone would be doing it and making millions. Instead, you need plenty of time and even more computing power to carry out the mining process.

For a hacker, of course, harnessing such huge amounts of computing power isn’t exactly rocket science, so it’s no surprise that this is their latest enterprise. And, to make this task a little easier, they’ve started infecting websites to help steal your processing power and power their cryptocurrency mining.

Mining for Cryptocurrency

While leaching off the CPU of innocent users to facilitate cryptocurrency mining is nothing new, the use of websites to help capture this valuable resource is a new one on security experts. And the manner in which it’s being done is ridiculously simple.

Hackers are setting up malicious adverts on websites that run a JavaScript file directly in the browser whenever that site is opened. There’s no need for the hacker to have direct access to the victim’s PC, everything takes place in the victim’s browser. And, if the victim has JavaScript enabled, then the malicious code will automate and hand over a significant amount of their processor power to the hacker’s mining activities.

There are certainly more sensitive hacks – such as those which exploit or encrypt your data – but the real bugbear of having your CPU taken advantage of is the impact it has on your computer’s performance. Mining cryptocurrency requires significant processing power to power through the labor intensive tasks involved, so this drain on resources is going to cause your system to grind to a halt.

Is a Website Hacking Your Processor?

Organizations, in particular, do not want to see their productivity affected by a slowdown in performance, so it’s crucial that you understand the warning signs of these infected sites. If the internet is in use and your system starts slowing down then you should check the performance of your CPU by:

  • Right clicking the taskbar on your PC and selecting Task Manager. This will allow you to access the Performance tab where you can see which resources are taking up your processor’s usage.

If opening a webpage is causing your PC’s performance to rocket, then there’s a chance that this could be down to an infected webpage. The simplest way to deduce this is by closing individual webpages and monitoring the effect within your Performance tab in Task Manager.

Final Thoughts

These infected websites are not going to cause major damage to your organization, but they are going to put a drain on your resources. Understanding that any potential reductions in processor speed could be caused by this new method of hacking is vital to stay on top of your digital security.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Risks of Running Windows XP

Repairs and Upgrades, Software, ,
24
Sep 2013

Windows-XP-Hanging-Up-Hat

The clock is ticking for computers still running Windows XP. As of April 8th 2014, Microsoft will no longer be releasing updates for Windows XP. What does this mean for your office or home computers still running Windows XP? Your office or home computers are at risk if you have any computers still running Windows XP.  Read on to get the details.

What was so special about Windows XP?

Windows XP was released in 2001 as a major overhaul to Windows 98 and Microsoft’s very unpopular Windows ME operating system. Some of the biggest advantages to Windows XP includes:

  1. Due to it’s widespread use and popularity, there is a lot of support info out there.
  2. It is simple, clean and easy to use for in its time.
  3. You need less hardware (RAM, CPU power, etc) to run Windows XP.
  4. Being extremely popular means more hardware vendors support it.

Now keep in mind most of these general qualities applied up to when Microsoft released Windows 7.  2010 was the last year Windows XP was the most widely used operating system on the planet since Windows 7 was more efficient and reliable.

What’s the risk in running Windows XP?

1. Patching

After April 8th, 2014 Microsoft will no longer be releasing patches and updates to Windows XP. Why should this matter to you? When Microsoft finds a bug in one of it’s more modern operating systems like Windows 7 or Windows 8, it is very likely that the same bug exists in Windows XP since all of Microsoft’s operating systems share similar code under the hood.

As soon as an update is released for Windows 7 or Windows 8, anyone in the public can look at what was fixed, which is practically pointing out exactly where Windows XP is vulnerable.

2. Lacking modern security measures

In the past, computers were more vulnerable to viruses passed through files being passed through a USB drive, Floppy or CD Drive. Nowadays most infections occur over the internet by relying on bugs in your internet browser or your operating system.

Windows 7 and Windows 8 have these updates built in. However Windows XP simply doesn’t support the software too help prevent the computer from being infected. The below figure shows the number of infections that were cleaned by operating system. Keep in mind all of these computers were up to date.

XP vs 7 vs 8 infections

Figure 1: Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as reported in the Microsoft Security Intelligence Report volume 14

How can you check if you are running Windows XP?

xp-startup-screen

The easiest way to check if you are running Windows XP it to restart your computer and check for the Windows XP boot up logo as shown above.

How can you protect your office or home computers?

At this point there is no guaranteed way to keep Windows XP and to be safe. You should be planning to upgrade your operating system by purchasing Windows 7 or Windows 8.

4a0a817f_Windows-7-screen

I would recommend Windows 7 as it is similar to Windows XP and has a very intuitive interface. Both operating systems have great hardware support, so you should not need to upgrade unless your computer comes with a hand crank to turn on.

Read More
1 3 4 5