How Malicious Emails Caused Power Outages

Security, ,
08
Mar 2016

email-threatsMalware causes many security concerns, but, just recently, hackers have been targeting the Ukraine’s electric distributors to bring havoc to power supplies.

Instead of merely targeting secure data such as financial and classified information, the authors behind the malware – known as Black Energy – are infiltrating the systems at leading energy suppliers to cause widespread disruption.

To better understand the serious risk that this can bring to a business, we decided to investigate exactly how the hackers are executing this attack.

What’s a Spear Phishing Email?

The malware attacks in the Ukraine have been carried out with the help of a spear phishing email, but what exactly is this?

Well, it’s pretty similar to your standard phishing email, but a little more sophisticated.

A spear phishing email attempts to deceive you by demonstrating a level of familiarity. For example, instead of starting with Dear Sir/Madam, it’s likely to use your actual name e.g. Dear Ben. And it’s also likely to make a reference, in some way, to an event in your life e.g. marriage, online purchase etc.

And where do they pull this information from? It’s pretty simple, social media sites and pretty much anywhere online where you may upload personal information.

By demonstrating some familiarity with yourself, the hacker is able to lower your defenses and increase their chances of extracting information and potential access to your system.

How Did Black Energy Gain Access?

Powerlines_2

The Black Energy malware attack involves a spear phishing email which contains a seemingly innocent Excel document. Once this document is opened, the recipient is advised to enable macros, but this is a big mistake!

Once the macros are enabled, the Trojan downloader loads up malware which is capable of executing files, keylogging secure data and taking screenshots. This backdoor into the infected system is operated through a Gmail account and contributes to the difficulty in tracing the hackers.

 

The Effect on Power Companies

Ukrainian power companies such as Prykarpattyaoblenergo and Kyivoblenergo have been attacked by Black Energy and suffered widespread disruption to their operations. The biggest impact of this has been the resulting outages in power for local regions.

Although it’s not been confirmed or denied, it’s unlikely that the Black Energy creators were actively involved in flicking the power switch off. It’s more likely that infected systems struggled to operate and are unable to boot correctly or freeze.

The cumulative effect of these symptoms is that the energy companies are unable to run their system as intended and things start to go wrong. In several cases, this has resulted in the reported power outages.

Obviously, energy is essential everyone in the surrounding community, so this threat is being taken very seriously.

Combating Spear Phishing Emails

fake-email

Spear phishing emails appear very genuine, but their deceptive power should not be underestimated as the Ukraine has learned. Business staff need to remain vigilant of all emails coming into their business in order to maintain security.

The authors behind Black Energy are yet to be identified, so the threat of them (and others like them) striking again remains a very real risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Hidden Dangers of the GlassRAT Trojan

Security, Uncategorized, ,
13
Jan 2016

glassrat trojan

We all know that trojan viruses are the masters of stealth when infecting systems, but the GlassRAT Trojan may just be the stealthiest trojan yet.

We’re constantly advised to be on our guard against ‘zero day vulnerabilities’ which are brand new viruses that attack software before the vendor is aware of a breach. However, what many of us aren’t aware of is the threat of zero detection malware threats.

In the case of the GlassRAT Trojan, it’s been stealthily operating since 2012, so that’s over three years of security carnage it’s been able to quietly carry out. Obviously, this new form of security threat is something you need to be aware of, so let’s take a look at it.

What is GlassRAT?

The GlassRAT Trojan appears to be undetectable by most antivirus programs and this is due to it being signed with a seemingly legit digital certificate. However, the digital certificate is far from legit as it looks as though it’s been ‘borrowed’ from a separate Chinese software company.

The Trojan seems to have been targeting Chinese nationals working at multinational companies and infiltrates security systems with its digital certificate. The ‘dropper’, which delivers the Trojan via a fake Flash installation, erases itself from the system once it has installed its malware.

The malware is then clever enough to avoid detection by standard security scans and proceeds to carry out the following cybercrimes:

  • Transfer unauthorized files
  • Steal data
  • Transmit information about the victim’s system

Given that GlassRAT has been operating for three years without trace it represents a significant threat to data security.

Who’s Behind  the GlassRAT Trojan?

It’s suspected that GlassRAT originated in China due to its targeting of Chinese nationals and the stolen Chinese digital certificate, but this is purely speculation at present and, perhaps, seems a little too obvious.

From the limited information available, it may be possible to link the GlassRAT activities with previous malware attacks. Previous cyber-attacks on Mongolian and Philippine authorities used two domains which are also connected with GlassRAT, so investigations continue to look into this as a possibility.

However, at present, the creators of GlassRAT are still at large and it’s fair to say they have had plenty of time to cover their tracks.

How Do You Combat Threats Such as GlassRAT?

18312140_l

The enigmatic nature of the GlassRAT trojan certainly makes it a difficult beast to protect against. However, businesses can help their security efforts by ensuring they follow basic security procedures such as:

  • Monitoring all incoming files
  • Training staff on the dangers of unknown attachments.

Although GlassRAT is very difficult to detect, it’s not impossible. By arranging detailed network forensics to be carried out on your systems, zero detection malware threats can be uncovered. This approach will highlight any suspicious activity to identify any particularly deceptive malware.

The question, though, that remains is: just what else is stealthily lurking on our systems and putting vast quantities of data at risk?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Malware Helps Protect Infected Routers

Security,
02
Dec 2015

larger-15-ROUTERS-WiFi-generic2

Malware is generally viewed as a nasty virus which causes nothing but chaos. However, a new piece of malware called Linux.Wifatch seems to improve security.

Usually the preserve of security breaches and data privacy concerns, malware is mostly in the news for disrupting commercial and domestic PC activity. Naturally, it’s an area where everyone needs to be on their guard to protect their data.

However, what if there were a new type of malware which bucked the trend and actually protected you from other forms of malware? It would be pretty special, right? And, it looks like it’s already here in the form of Linux.Wifatch, so let’s take a look at exactly how it works.

How Has Linux.Wifatch Found a Niche?

Internet routers are wonderful little devices, but the majority of users are notoriously sloppy when it comes to safeguarding them. You see, people are eager to get it out of the box and connected to the net as soon as possible, so they don’t even consider adjusting the default password or admin settings.

And it’s this neglect towards security that has allowed hackers easy access to countless networks in the past. In fact, November 2014 saw a huge security breach in Vietnam where millions of broadband routers had their traffic hijacked to mask online cyber crime being carried out by hackers.

Linux.Wifatch, however, looks to be a unique remedy to this potential threat.

What is Linux.Wifatch?

virus-de-computador

Linux.Wifatch is an intriguing piece of code which – as per most malware – sneaks into your system in a rather underhand manner. In the case of Linux.Wifatch it’s believed that it breaches your router by way of the telnet protocol – this software helps test connections to servers.

However, once it’s made its way into your router, it does the decent thing and closes the connection it’s got through on to prevent any more malware sneaking in. Not content with closing the doors, Linux.Wifatch will then prompt the router administrator to then change the router password. And it’s final chivalrous act is to set off in search of other malware in the router to destroy.

Is Linux.Wifatch All Good?

It may sound like a friendly virus, but don’t forget that Linux.Wifatch is still malware and the ‘mal’ stands for malicious! Sure, it provides some protection to your router, but it simply shouldn’t be there in the first place.

1afca28

And Linux.Wifatch itself actually has a number of backdoors built into it to allow the author of the virus to use your router as they please.

With the virus spreading globally and affecting tens of thousands of users, it’s creating a lot of panic that this seemingly ‘white hat’ piece of software could suddenly turn nasty. So, in my opinion, the uncertainty surrounding Linux.Wifatch means a much better solution is to take your router security seriously from day 1 to prevent any security breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

KeyRaider Malware Causes Havoc for Apple Devices

Security, , ,
22
Oct 2015

trouver-et-suprimer-malware-keyraider-infoidevice

Users running Apple’s iOS software may have been exposed to a nasty piece of malware which threatens to steal user data and make unauthorized app purchases.

This malicious software has been dubbed ‘KeyRaider’ and has been responsible for uploading sensitive user information to a central server. This type of data theft is alarming enough, but affected users are also having to contend with KeyRaider purchasing apps without authorization.

The KeyRaider infection, so far, only appears to affect Apple devices which have gone through the ‘jailbreak’ process, but up to 225,000 accounts have been compromised as a result.

How did KeyRaider Start?

Jailbreaking an Apple device involves removing hardware restrictions enforced by iOS and is a fairly common practice for Apple users who are tech savvy. The aim of jailbreaking is to give more control over how the device runs and to enhance functionality.

9544245659_899baface2_z

Now, a whole industry has sprung up around jailbreaking in order to really highlight what an Apple device can do and to show off developers’ coding skills. And at least one amateur developer has decided to exploit this desire by creating jailbreak tweaks which hide a nasty surprise.

Once these tweaks are installed on an Apple device the system becomes compromised and puts the user at risk of a serious infringement of their security.

The Malicious Tweaks in Full

Two jailbreak tweaks in particular have been identified for putting users at risk of contracting the KeyRaider malware and they are:

  • iappstore – This jailbreak tweak promises to allow jailbroken devices to download paid apps from the App Store without spending a single cent.
  • iappinbuy – Many apps require users to make in-app purchases to enhance that app’s experience e.g. unlocking extra features in games. And this particular tweak pledges to circumnavigate the payment.

Despite many Apple users doubting the authenticity of these tweaks, they were downloaded over 20,000 times. And every single download puts users’ personal data at risk.

What Type of Data Is Being Stolen?

KeyRaider appears to be stealing three types of data from users under the following categories:

  • Usernames, passwords and the Apple devices ‘global unique identifier’
  • Push notification service certificates and private keys
  • App Store purchase logs

These three forms of data carry very powerful user information which is allowing KeyRaider to create high levels of panic particularly due to the financial edge.

How to Protect your Apple Device

sunset_ios_8_wallpaper-copy-1160x725

The simplest piece of advice we can give you is NOT to jailbreak your Apple device. They’re pretty amazing bits of kit as they are, so some things are better off left alone. However, I appreciate that many people want that little bit extra, so we advise the following:

  • Do NOT download the iappstore or iappinbuy app.
  • Avoid downloading anything from Cydia Substrate which is like the App Store, but for jailbroken devices – this is where the malicious tweaks first surfaced.
  • If something sounds too good to be true – such as not paying for paid apps – then it probably isn’t worth installing.

By following this advice you will safeguard your Apple device from disruptive malware such as KeyRaider.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

SmartPhone Malware Found on Popular Brands

Security,
20
Oct 2015

study-reveals-xiaomi-huawei-lenovo-phones-contain-malware-by-default

It’s not just PCs that are at threat of malicious software (malware), smartphones are fast becoming the prime target for malware, but how has this happened?

First of all, what exactly is malware? Essentially, it’s a nasty string of code or a program which enters software with the main aim of stealing data, taking control of your system or flooding your device with irritating ads.

And you only have to look at the rise of the smartphone to understand exactly why it’s such an attractive prospect for installing software. More people now use their smartphone to access the internet than they do their laptop and this has led to the following issues:

  • Even the most advanced PC user does not fully understand smartphone security as it involves different software and operating systems
  • The average smartphone user is not even aware that their phones can be hacked or monitored

However, the latest malware scandal to hit the smartphone world involves three Chinese smartphone manufacturers (Lenovo, Xiaomi and Huawei) actually preloading their phones with malware. Not exactly the most honest strategy for reassuring users that their data is safe, is it?!

Uncovering the Scandal

881665_NpAdvMainFea

Smartphone malware has been a growing concern for some time, so the German security firm G Data decided it was time to asses the landscape.

And their study reported some shocking findings.

Smartphone malware epidemics are now so common that they’re being discovered roughly every 14 seconds. That means by the time you’ve finished reading this article around 15 smartphone malware epidemics will have erupted. This is very troubling news for every smartphone owner who values their security.

Many brands have been implicated in the scandal, but the most prominent and weighty accusations have been leveled at Lenovo, Xiaomi and Huawei.

Who’s to Blame?

Obviously, once a scandal as hot as this lands, the accused are quick to clear their name and the brands affected have claimed that whilst the malware does exist, it has been installed on their phones by third-party middlemen.

Xiaomi has gone on to comment that this will only occur when purchasing their smartphones through unauthorized dealers. Now, whilst this does sound plausible it’s not ringing true with a number of consumers.

Many consumers feel that the brands involved in the scandal are knowingly involved in the scandal and are, in fact, making a quick buck from allowing this malware to be installed on their smartphones. It doesn’t help that Lenovo has recently been implicated in a bloatware scandal with their laptops, so the level of distrust for such large brands is widespread.

However, actually proving that the manufacturers behind the malware install is incredibly difficult. The malware itself actually clings on to other innocent apps, much like a parasite, and even if these apps are installed it then heads straight to the smartphone’s firmware. This makes it very difficult to pinpoint exactly how the malware got on the smartphone.

The Future of Smartphone Malware

android-malware-01

G Data has conceded that they probably haven’t uncovered the full extent of pre-installed smartphone malware, so many other brands and models could be infected before they’re even turned on for the first time.

This is quite concerning for the huge number of smartphone users which seems to be growing larger by the day. Understanding that your smartphone is at risk is therefore essential in this day and age. And avoiding unauthorized dealers should be an absolute given to limit your chances of falling prey to malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 23 24 25 26 27 29