Active Directory Being Targeted By Malware Called TrickBot

The malware named TrickBot has some new tricks up its sleeves. Recently, a new strain of the malware was spotted in the wild with new capabilities that allow it to target the Active Directory database stored on compromised Windows domain controllers.

While TrickBot has never been seen as one of the most dire threats in the malware universe, this new functionality does make it dangerous.

Domain administrators need to be aware of the dangers associated with hackers gaining access to and exploiting Active Directory. The directory stores user names, password hashes, computer names, groups, and a variety of other sensitive data.

To understand how TrickBot manages this feat, it's important to dig into a few technical details. For example, when a server is promoted as a domain controller, the Active Directory database is created and saved on that machine in the c:WindowsNTDS folder. One of the files contained in this folder is ntds.dit, which is the specific file that contains all of the Active Directory services information.

Given the sensitivity of this information, Windows encrypts the data using a BootKey, which is stored in the System hive of the Registry. Since ntds.dit is opened by the domain controller, it's not possible for any external process to access the data it contains. Although Windows Domain Controllers have a tool called ntdsutil that allows administrators to perform maintenance on the database.

TrickBot gets around this by taking advantage of the "Install from Media" command into the %Temp% folder, where it can be compressed and sent to a command and control server controlled by the hackers. Once they've got their hands on the file itself, it's easy enough to crack it open to get what's inside. That of course, spells trouble for the organization that owns the server.

All that to say, if TrickBot isn't currently on your radar, it deserves a spot there. Its new capabilities make the malware significantly more dangerous.

Call SpartanTec, Inc. for professional help in protecting your business against malware and other online threats

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Why Is Maintaining The Cybersecurity In Your Business Important?

Now is the best time for businesses to check how their handling their company data. Over the past few decades, technology has become a crucial component of any workplace. From financial transactions and email correspondence, to work documents and networking, companies of all sizes depend on technology to stay connected all the time and perform their work efficiently. But, when such communication lines are compromised or threatened, it could lead to a disastrous effect on a company.

The cyberattacks on TalkTalk back in 2015 is among the most high profile incidents as it result to a record fine of £400,000 because of its security failings. In line with that, Three Mobile was also victim of cyberattack, wherein 200,000 of its client information were exposed.

However, it’s not only the bug businesses that need to worry about cybersecurity. Even if you only have a small business or even those who have small to medium enterprises are still vulnerable to cyberattacks.

Know The Latest Cyber Security Threats

Data breaches may result in lost files, assets, or intellectual property as well as website or system corruption. There are several kinds of online security threats these days. These include scammers who send fraudulent emails, impersonate a legal business, as well as malware and viruses.

Data Leak Protection

Among the most personal and rampant threats when it comes to cybersecurity is data leaks. They can cause damage to business and individuals alike. All companies hold a wide range of data from employee data to customer information, which usually contains sensitive details which could easily be vulnerable if businesses do not take the needed steps to protect them.

Limiting the amount of personal information that is made available to the public is one good way of making data is secured from possible leaks.

However, there are other methods available to minimize the possibility of exposure. You should consider setting up a burner email, which is a dummy email account that your company can use when they sign up for a service or site that they do not want to provide their real email address to. In case your email account has been compromised, there is the “Have I Been Pawnd” online tool that lets users search through different data breaches to determine if their email address has been breached.

Ransomware Protection

Ransomware is another cyber security threat for businesses. It is a kind of malware that encrypts the data of a businesses and can only unlocked in exchange for a large fee. Although the data that’s saved on the computer could be vulnerable to ransomware, these kinds of cyberattacks have also grown in popularity with the emergence of cloud services for data storage.

An increasing number of business are choosing the cloud for storing data. But there appears to be a misconception that cloud data storage is much safer and secure than the hard drive of a computer. Businesses must make sure that the valuable data is always backed up in different places.

Even though malicious programs and software continue to develop, security software these days are adapting to cope with online threats, too. That is why it is crucial for businesses to update its anti-virus software all the time.

On the other hand, there’s also a misconception that anti-virus alone can deal with ransomware. Companies have to make sure that they invest in a reliable software that could protect them against cyberattacks.

Call SpartanTec, Inc. if you need professional IT services that can help maintain the cybersecurity of your company. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantec-wilmingtonnc.business.site/

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro

Wyze User Information Leaked Include Emails And Other Data

Wyze is one of the many manufacturers of consumer-grade smart devices. They recently confirmed that user data belonging to nearly two and a half million of its customers was exposed. The root cause of the exposure was traced back to an unsecured database connected for nearly a month to an Elasticsearch cluster. This was during a period of time spanning December 4th to December 26th, 2019.

The company did not discover the database on their own. Rather, they were following a tip given to them by a reporter. This was following the developments of security researchers operating out of a company called Twelve Security, who initially discovered the database.The reporter published the article he was writing after contacting the company, but apparently, not in coordination with them.

Having been alerted to the problem, the company took swift action, but in this case, perhaps it was too swift. According to Dongsheng Song, one of the co-founders of the company and its current Chief Product Officer:

"We locked down the database in question before we were able to verify it was exposed. We did this as a precaution because the published article referenced a database connected to 'Elasticsearch': a search tool that we also used on our query database."

As to impacts, it has been confirmed that the database in question contained WiFi SSIDs, customer email addresses and smart device nicknames,.It did not contain passwords or any financial information, so although it's a serious issue, it's not as bad as it could have been.

Song also noted in a blog post on the matter that "there is no evidence that API tokens for iOS and Android were exposed, but we decided to refresh them as we started our investigation as a precautionary measure."

In a nutshell, the handling of this incident was botched and uneven, but it could have been much, much worse. Wyze dodged a bullet, as did the company's customers.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

Upgrade From Windows 7 Now To Avoid Security Risks

By the time you read these words, the last day for Windows 7 support has already come and gone. The date set by Microsoft has been well known to most Windows 7 users for a while now, and the end of the line is officially January 14th, 2020. 

If your organization still has a few machines running on Windows 7, from here on, you're on your own. Every new bug found should be treated as a zero-day because no new security patches or bug fixes are coming.

If you cannot or will not migrate away from Windows 7, you're going to find yourself increasingly at risk. Fortunately, there are third-party solutions that can help mitigate that risk, including Cynet. Cynet describes itself as autonomous breach protection for Windows 7 users.

Cynet's founder and CEO Eyal Gruner had this to say:

"The reality is that Windows 7 is alive and kicking in many organizations, even if Microsoft chooses not to protect them anymore. It should be a wake-up call to any CISO to ask himself or herself how to adjust to this new reality.

One of our main guidelines when building Cynet 360 was to be able to operate in a fast-changing environment, meaning that every type of attack is analyzed from multiple perspectives, each resulting in a different protection mechanism. If we take exploits targeting Windows 7 as an example, there is first the exploit protection per-se. By closely monitoring process behavior in memory, the detection engine can easily detect behavioral patterns that are typical to exploits and would never occur in a legitimate process."

This then, is one possible security solution. You'll pay a hefty premium for it, but if you need your Windows 7 machines and want a measure of security, the added cost is part of the equation. The costs of upgrading to Windows 10 may be less, so look into it.

Call SpartanTec, Inc. and let our IT experts update all of your computers' operating system to avoid security risks and protect them against online threats.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

Landrys Restaurant Chain Latest Victim Of Credit Card Breach

If you're not familiar with Landry's, you're probably familiar with at least some of the restaurants the company owns.

The company recently issued a formal 'Notification of Data Breach' in which they disclosed that an unauthorized user was detected on their systems and that POS malware had been used between March 13 2019 and October 17, 2019.

In addition to that, in a few cases and locations, malware had been in place since January 18, 2019.

In all, they own more than six-hundred restaurants around the country, including:

• Landry's Seafood
• Chart House
• Saltgrass Steak House
• The Bubba Gump Shrimp Co.
• Claim Jumper
• Morton's
• McCormick and Schmick's
• Mastro's Restaurant
• The Rainforest Café
• Del Frisco's Grill
• And More

Fortunately, back in 2016, the company implemented a robust end-to-end encryption system, so any payment data sent through it would not have been compromised. Unfortunately, Landry's restaurants also have order entry systems that have card readers attached. These are not part of the end-to-end encryption system. Thus, any credit cards swiped through these systems would have seen their payment information compromised.

There's no way to be sure whether your card was swiped in a way that bypassed the encryption system. If you dined at any of Landry's restaurants between January 18, 2019 and October 17, 2019, the safest course of action is to assume that your payment card data may have been compromised. You should report the incident to your credit card provider to have a new card issued.

The investigation into this mater is ongoing and at this time. The company has not released any estimates on the number of payment cards that may have been compromised. Even if you opt not to report your card compromised, it pays to keep a close eye out on your account to monitor it for suspicious activity.

Call SpartanTec, Inc. if you want to make sure that your company's payment system as well as all your business data are protected from malware, hackers, and other potential threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

New Hacking Method Looks Like A Locked Computer

Scammers have breathed new life into an old scam.

For years, the old 'Law Enforcement Lock' trick has been used to cheat unsuspecting victims of their hard-earned money. The new wrinkle works like this:

Scammers will redirect users using the Chrome web browser to sites that host a full-screen image of a Windows 10 desktop with a notice that appears to come from local law enforcement agencies. This pages informs the user that their computer has been locked for some unspecified illegal activity.

The groups running this sort of scam make sure to display a legitimate government URL in order to make it look more convincing. Victims of this scam are informed that they can unlock their computer again by paying the fine via credit card, right then and there.

Of course, the computer actually isn't locked at all. However, this scam has taken in a surprising percentage of users who aren't paying close attention.

A typical lock screen from the scammers will bear a message that closely follows this script:

"Your browser has been locked due to viewing and dissemination of materials forbidden by law of (country name), namely pornography with pedophilia, rape and zoophilia. In order to unlocking you should (amount and currency type) fine with Visa or MasterCard. Your browser will be unlocked automatically after the fine payment.

Attention! In case of non-payment of the fine, or your attempts to unlock the device independently, case materials will be transferred to (name of local law enforcement agency) for the institution of criminal proceedings against you due to commitment of a crime."

As you can see from the grammatical errors in the script, this is by no means an official announcement, but it looks real enough that it sends people into a panic, causing them to enter credit card information without thinking.

Naturally, this information is harvested and resold on the Dark Web, putting money in the scammers' pockets. Make sure your employees are aware of it, and stay vigilant.

Call SpartanTec, Inc. if you want to make sure that your computers and your networks are safe from hackers and scammers. 

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

ISO Files Are Being Used To Deliver Malware

Researchers at Trustwave have observed a notable increase in the use of .ISO files to deliver malware. Hackers have relied on poisoned disk image files for years to deliver malware to their targets.

It makes sense in a Windows environment because it allows attackers to disguise their payloads as an innocent, standard file type.

In terms of scope and scale, the Trustwave researchers have noted a 6 percent increase in 2019 of this particular attack vector. It is noteworthy enough to be of genuine concern, especially given the fact that .ISO files are often overlooked by antivirus software. That makes it more likely that attackers can deliver their payload undetected.

In one particular campaign unearthed by the researchers, the attackers sent an email that appeared to come from FedEx and offered package tracking information. This was in an attempt to trick recipients into clicking on a file to gain additional information about an incoming package. Of course, the package didn't actually exist, and clicking on the (.ISO) file installed a malicious payload on the victim's computer.

It should be noted that .ISO files are not the only image file used in this way. Trustwave also reports a modest uptick in the use of Direct Access Archive (DAA) files. Use of DAA files for the purpose of delivering malware is seen as being somewhat less efficient and effective than using the .ISO format. That's because specialized software is required to open a .DAA file.

Nonetheless, if a hacking group has done their due diligence and knows the software is installed on a target computer, the DAA file represents another possible inroad that's likely to go undetected.

Hackers are becoming increasingly inventive, using old tricks mixed with new to infect target systems, making it more difficult than ever for harried IT managers to keep their networks safe. Stay on high alert. The threat landscape is more unpredictable than ever.

Don't let your systems and network be at risk. Keep hackers, malwares, and other potential threats at bay. Call SpartanTec, Inc. now.

SpartanTec, Inc.

Wilmington, NC 28412

(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Cities Served:

Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro

A Guide To Backup and Disaster Recovery

Knowing the basics of backup and disaster recovery is important when it comes to minimizing the effects of unexpected downtime on your company. Across different industries, companies know that downtime could immediately lead to lost revenue. Unfortunately, human error, natural disasters, as well as ransomware attacks may jeopardize the IT resources’ availability. Downtimes could decrease employee productivity, stop business processes, and derail client interactions.

Assessing different deployment technologies and options, defining crucial key term, as well disaster recovery could assist you in creating effective strategies for preventing the results of downtime.

Understanding backup and disaster recovery?

There is an essential difference between backup and disaster recovery. When you say backup, it is the process of creating extra copies of data. Whenever you do this, you protect the data. You may have to restore backup data in case you come across database corruption, accidental deletion, or issues with a software upgrade.

Meanwhile, disaster recovery has something to do with the planning and process for immediately re-establishing the accessibility of applications, IT resources, and data following an outage. That plan may include switching over to the redundant storage units and servers until your main data center is up and running again.

Why Is Planning Important?

You should never ignore backup and disaster recovery. If you need several hours to get back data that may have been lost following an accidental deletion, your partners and clients will do nothing, and unable to finish processes that are critical to your business operations, especially those that depend on technology.

And it case it takes days to get your system back up and running following a disaster, you may be at risk of losing customers permanently. Given the money and time you may lose in these cases, investing in backup and disaster recovery are totally justified.

Important Key Terms

Knowing a few important terms could help you in making strategic decisions. It also lets you evaluate your back up and disaster recovery methods.

Recovery Time Objective – is the time you need to recover your company’s normal business operations following an outage. If you are setting your RTO, you have to take into account the amount of time you are willing to lose as well as how that time would affect your organization’s bottom line. The RTO may differ significantly from one business to another.

Recovery Point Objective – it refers to the data that you could afford to lose in light of a disaster. You may be required to copy the data to a remote data center all the time so that in case there is an outage, it won’t lead to data loss. Or you may also choose to lose five minutes or an hour worth of data.

Failover – it is a disaster recovery process that involves offloading tasks to your backup systems automatically in such a way that’s seamless to the users. You may fail over from the main data center to your secondary site, using redundant systems that are all set to take over right away.

Failback – it is the process of disaster recovery that involves switching back to its original systems. When the disaster is over and your main data center is up and running, it’s important for you to have the ability to fail back seamlessly.

Restore – it involves transferring the backup data to the data system or the main center. This process is considered as a part of the backup rather than the disaster recovery.

Disaster recovery as a service (DRaaS) is a managed method for disaster recovery. The hosting and management of the infrastructure will be handled by a third party. The infrastructure that’s being handled is used for disaster recovery related processes. It also allows firms to have those processes to be managed for them.

Prioritize Workloads

Once you’ve have a good understanding of the important concepts about disaster and recovery, it is time to use them on your workloads. Several companies have several RPOs and RTOs that show the importance of every workload to their business.

Check Deployment Options

The next thing when it comes to creating a disaster recovery plan is to check deployment options. Do you need to keep back up data or disaster recovery functions on premises? Do you need a hybrid cloud or public cloud approach?

Cloud

Cloud based backup and disaster recovery methods are gaining in popularity these days among companies of different sizes. Several cloud solutions offer the infrastructure needed to store data and in some instances, the required tools to manage the backup and the disaster recovery solutions.

On-Premises

In certain instances, keeping some backup and disaster recovery processes on site or on premises could assist you in retrieving data and recovering the IT services immediately. By having some sensitive data within the premises may seem attractive when you have to follow strict data privacy as well as data sovereignty rules.

Technologies

Based on which deployment options you select, you may have different alternatives for the kinds of processes and technology that you use for backup as well as for disaster recovery.

Call SpartanTec, Inc. if you are ready to take the next step. Let our team help you set up the best backup and disaster recovery strategy for your organization.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Data Breaches Continue With Three New High Profile Cases

As 2019 draws to a close, we can say definitively that the year has been another record-breaking one where data breaches are concerned. Hackers around the world have been busy in recent weeks, with a trio of high-profile breaches making headlines.

In late November, one of China's largest manufacturers of smartphones (OnePlus) reported that an unauthorized third-party accessed their user data.

According to a company spokesman, "only a limited number" of customers were impacted and no payment information was accessed. Although the hackers did make off with customer names, addresses, phone numbers and physical addresses.

To this point, OnePlus has not released the exact number of compromised records. Their best estimates put it as a breach comparably sized to the one that the company suffered in January, which impacted some 40,000 users.

On November 28th 2019, Palo Alto Networks suffered a breach. It included personal information belonging to both current and former employees, and happened when an unnamed third-party gained unauthorized access to their network. In this case, the compromised data included employee names, dates of birth, and social security numbers. It gave the hackers more than enough information to steal the identities of the employees whose information was compromised.

Also in November of this year, Desjardins Group, which is Canada's largest federation of credit unions, announced that they had been breached. It resulted in the compromise of personal data belonging to some 4.2 million of its members, which included social insurance numbers, physical addresses and the banking habits of compromised members.

These, of course, are just the latest in an unending stream of breaches in 2019. If things remain on their current trajectory, we can expect that 2020 will be yet another record breaking year. Buckle up, it's going to be a bumpy ride.

Fortunately, there are ways to secure your devices and networks. Call SpartanTec, Inc. and let our team of IT experts set up the most effective strategy to protect your data and avoid potential breaches.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/