Active Directory Being Targeted By Malware Called TrickBot

The malware named TrickBot has some new tricks up its sleeves. Recently, a new strain of the malware was spotted in the wild with new capabilities that allow it to target the Active Directory database stored on compromised Windows domain controllers.

While TrickBot has never been seen as one of the most dire threats in the malware universe, this new functionality does make it dangerous.

Domain administrators need to be aware of the dangers associated with hackers gaining access to and exploiting Active Directory. The directory stores user names, password hashes, computer names, groups, and a variety of other sensitive data.

To understand how TrickBot manages this feat, it's important to dig into a few technical details. For example, when a server is promoted as a domain controller, the Active Directory database is created and saved on that machine in the c:WindowsNTDS folder. One of the files contained in this folder is ntds.dit, which is the specific file that contains all of the Active Directory services information.

Given the sensitivity of this information, Windows encrypts the data using a BootKey, which is stored in the System hive of the Registry. Since ntds.dit is opened by the domain controller, it's not possible for any external process to access the data it contains. Although Windows Domain Controllers have a tool called ntdsutil that allows administrators to perform maintenance on the database.

TrickBot gets around this by taking advantage of the "Install from Media" command into the %Temp% folder, where it can be compressed and sent to a command and control server controlled by the hackers. Once they've got their hands on the file itself, it's easy enough to crack it open to get what's inside. That of course, spells trouble for the organization that owns the server.

All that to say, if TrickBot isn't currently on your radar, it deserves a spot there. Its new capabilities make the malware significantly more dangerous.

Call SpartanTec, Inc. for professional help in protecting your business against malware and other online threats

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Why Is Maintaining The Cybersecurity In Your Business Important?

Now is the best time for businesses to check how their handling their company data. Over the past few decades, technology has become a crucial component of any workplace. From financial transactions and email correspondence, to work documents and networking, companies of all sizes depend on technology to stay connected all the time and perform their work efficiently. But, when such communication lines are compromised or threatened, it could lead to a disastrous effect on a company.

The cyberattacks on TalkTalk back in 2015 is among the most high profile incidents as it result to a record fine of £400,000 because of its security failings. In line with that, Three Mobile was also victim of cyberattack, wherein 200,000 of its client information were exposed.

However, it’s not only the bug businesses that need to worry about cybersecurity. Even if you only have a small business or even those who have small to medium enterprises are still vulnerable to cyberattacks.

Know The Latest Cyber Security Threats

Data breaches may result in lost files, assets, or intellectual property as well as website or system corruption. There are several kinds of online security threats these days. These include scammers who send fraudulent emails, impersonate a legal business, as well as malware and viruses.

Data Leak Protection

Among the most personal and rampant threats when it comes to cybersecurity is data leaks. They can cause damage to business and individuals alike. All companies hold a wide range of data from employee data to customer information, which usually contains sensitive details which could easily be vulnerable if businesses do not take the needed steps to protect them.

Limiting the amount of personal information that is made available to the public is one good way of making data is secured from possible leaks.

However, there are other methods available to minimize the possibility of exposure. You should consider setting up a burner email, which is a dummy email account that your company can use when they sign up for a service or site that they do not want to provide their real email address to. In case your email account has been compromised, there is the “Have I Been Pawnd” online tool that lets users search through different data breaches to determine if their email address has been breached.

Ransomware Protection

Ransomware is another cyber security threat for businesses. It is a kind of malware that encrypts the data of a businesses and can only unlocked in exchange for a large fee. Although the data that’s saved on the computer could be vulnerable to ransomware, these kinds of cyberattacks have also grown in popularity with the emergence of cloud services for data storage.

An increasing number of business are choosing the cloud for storing data. But there appears to be a misconception that cloud data storage is much safer and secure than the hard drive of a computer. Businesses must make sure that the valuable data is always backed up in different places.

Even though malicious programs and software continue to develop, security software these days are adapting to cope with online threats, too. That is why it is crucial for businesses to update its anti-virus software all the time.

On the other hand, there’s also a misconception that anti-virus alone can deal with ransomware. Companies have to make sure that they invest in a reliable software that could protect them against cyberattacks.

Call SpartanTec, Inc. if you need professional IT services that can help maintain the cybersecurity of your company. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantec-wilmingtonnc.business.site/

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro

Wyze User Information Leaked Include Emails And Other Data

Wyze is one of the many manufacturers of consumer-grade smart devices. They recently confirmed that user data belonging to nearly two and a half million of its customers was exposed. The root cause of the exposure was traced back to an unsecured database connected for nearly a month to an Elasticsearch cluster. This was during a period of time spanning December 4th to December 26th, 2019.

The company did not discover the database on their own. Rather, they were following a tip given to them by a reporter. This was following the developments of security researchers operating out of a company called Twelve Security, who initially discovered the database.The reporter published the article he was writing after contacting the company, but apparently, not in coordination with them.

Having been alerted to the problem, the company took swift action, but in this case, perhaps it was too swift. According to Dongsheng Song, one of the co-founders of the company and its current Chief Product Officer:

"We locked down the database in question before we were able to verify it was exposed. We did this as a precaution because the published article referenced a database connected to 'Elasticsearch': a search tool that we also used on our query database."

As to impacts, it has been confirmed that the database in question contained WiFi SSIDs, customer email addresses and smart device nicknames,.It did not contain passwords or any financial information, so although it's a serious issue, it's not as bad as it could have been.

Song also noted in a blog post on the matter that "there is no evidence that API tokens for iOS and Android were exposed, but we decided to refresh them as we started our investigation as a precautionary measure."

In a nutshell, the handling of this incident was botched and uneven, but it could have been much, much worse. Wyze dodged a bullet, as did the company's customers.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

Upgrade From Windows 7 Now To Avoid Security Risks

By the time you read these words, the last day for Windows 7 support has already come and gone. The date set by Microsoft has been well known to most Windows 7 users for a while now, and the end of the line is officially January 14th, 2020. 

If your organization still has a few machines running on Windows 7, from here on, you're on your own. Every new bug found should be treated as a zero-day because no new security patches or bug fixes are coming.

If you cannot or will not migrate away from Windows 7, you're going to find yourself increasingly at risk. Fortunately, there are third-party solutions that can help mitigate that risk, including Cynet. Cynet describes itself as autonomous breach protection for Windows 7 users.

Cynet's founder and CEO Eyal Gruner had this to say:

"The reality is that Windows 7 is alive and kicking in many organizations, even if Microsoft chooses not to protect them anymore. It should be a wake-up call to any CISO to ask himself or herself how to adjust to this new reality.

One of our main guidelines when building Cynet 360 was to be able to operate in a fast-changing environment, meaning that every type of attack is analyzed from multiple perspectives, each resulting in a different protection mechanism. If we take exploits targeting Windows 7 as an example, there is first the exploit protection per-se. By closely monitoring process behavior in memory, the detection engine can easily detect behavioral patterns that are typical to exploits and would never occur in a legitimate process."

This then, is one possible security solution. You'll pay a hefty premium for it, but if you need your Windows 7 machines and want a measure of security, the added cost is part of the equation. The costs of upgrading to Windows 10 may be less, so look into it.

Call SpartanTec, Inc. and let our IT experts update all of your computers' operating system to avoid security risks and protect them against online threats.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

Landrys Restaurant Chain Latest Victim Of Credit Card Breach

If you're not familiar with Landry's, you're probably familiar with at least some of the restaurants the company owns.

The company recently issued a formal 'Notification of Data Breach' in which they disclosed that an unauthorized user was detected on their systems and that POS malware had been used between March 13 2019 and October 17, 2019.

In addition to that, in a few cases and locations, malware had been in place since January 18, 2019.

In all, they own more than six-hundred restaurants around the country, including:

• Landry's Seafood
• Chart House
• Saltgrass Steak House
• The Bubba Gump Shrimp Co.
• Claim Jumper
• Morton's
• McCormick and Schmick's
• Mastro's Restaurant
• The Rainforest Café
• Del Frisco's Grill
• And More

Fortunately, back in 2016, the company implemented a robust end-to-end encryption system, so any payment data sent through it would not have been compromised. Unfortunately, Landry's restaurants also have order entry systems that have card readers attached. These are not part of the end-to-end encryption system. Thus, any credit cards swiped through these systems would have seen their payment information compromised.

There's no way to be sure whether your card was swiped in a way that bypassed the encryption system. If you dined at any of Landry's restaurants between January 18, 2019 and October 17, 2019, the safest course of action is to assume that your payment card data may have been compromised. You should report the incident to your credit card provider to have a new card issued.

The investigation into this mater is ongoing and at this time. The company has not released any estimates on the number of payment cards that may have been compromised. Even if you opt not to report your card compromised, it pays to keep a close eye out on your account to monitor it for suspicious activity.

Call SpartanTec, Inc. if you want to make sure that your company's payment system as well as all your business data are protected from malware, hackers, and other potential threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

New Hacking Method Looks Like A Locked Computer

Scammers have breathed new life into an old scam.

For years, the old 'Law Enforcement Lock' trick has been used to cheat unsuspecting victims of their hard-earned money. The new wrinkle works like this:

Scammers will redirect users using the Chrome web browser to sites that host a full-screen image of a Windows 10 desktop with a notice that appears to come from local law enforcement agencies. This pages informs the user that their computer has been locked for some unspecified illegal activity.

The groups running this sort of scam make sure to display a legitimate government URL in order to make it look more convincing. Victims of this scam are informed that they can unlock their computer again by paying the fine via credit card, right then and there.

Of course, the computer actually isn't locked at all. However, this scam has taken in a surprising percentage of users who aren't paying close attention.

A typical lock screen from the scammers will bear a message that closely follows this script:

"Your browser has been locked due to viewing and dissemination of materials forbidden by law of (country name), namely pornography with pedophilia, rape and zoophilia. In order to unlocking you should (amount and currency type) fine with Visa or MasterCard. Your browser will be unlocked automatically after the fine payment.

Attention! In case of non-payment of the fine, or your attempts to unlock the device independently, case materials will be transferred to (name of local law enforcement agency) for the institution of criminal proceedings against you due to commitment of a crime."

As you can see from the grammatical errors in the script, this is by no means an official announcement, but it looks real enough that it sends people into a panic, causing them to enter credit card information without thinking.

Naturally, this information is harvested and resold on the Dark Web, putting money in the scammers' pockets. Make sure your employees are aware of it, and stay vigilant.

Call SpartanTec, Inc. if you want to make sure that your computers and your networks are safe from hackers and scammers. 

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

ISO Files Are Being Used To Deliver Malware

Researchers at Trustwave have observed a notable increase in the use of .ISO files to deliver malware. Hackers have relied on poisoned disk image files for years to deliver malware to their targets.

It makes sense in a Windows environment because it allows attackers to disguise their payloads as an innocent, standard file type.

In terms of scope and scale, the Trustwave researchers have noted a 6 percent increase in 2019 of this particular attack vector. It is noteworthy enough to be of genuine concern, especially given the fact that .ISO files are often overlooked by antivirus software. That makes it more likely that attackers can deliver their payload undetected.

In one particular campaign unearthed by the researchers, the attackers sent an email that appeared to come from FedEx and offered package tracking information. This was in an attempt to trick recipients into clicking on a file to gain additional information about an incoming package. Of course, the package didn't actually exist, and clicking on the (.ISO) file installed a malicious payload on the victim's computer.

It should be noted that .ISO files are not the only image file used in this way. Trustwave also reports a modest uptick in the use of Direct Access Archive (DAA) files. Use of DAA files for the purpose of delivering malware is seen as being somewhat less efficient and effective than using the .ISO format. That's because specialized software is required to open a .DAA file.

Nonetheless, if a hacking group has done their due diligence and knows the software is installed on a target computer, the DAA file represents another possible inroad that's likely to go undetected.

Hackers are becoming increasingly inventive, using old tricks mixed with new to infect target systems, making it more difficult than ever for harried IT managers to keep their networks safe. Stay on high alert. The threat landscape is more unpredictable than ever.

Don't let your systems and network be at risk. Keep hackers, malwares, and other potential threats at bay. Call SpartanTec, Inc. now.

SpartanTec, Inc.

Wilmington, NC 28412

(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Cities Served:

Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro