Old School Virus Called KBOT Is Hitting Networks

There was a day when worms were once common, terrifying threats on the internet. In the early days of the world wide web, there were a number of famous attacks that were considered highly advanced for their time.

Time and technology have moved on of course, and these days, modern malware is significantly more advanced.

Except for KBOT. KBOT is a blast from the past. Recently discovered by Kaspersky researchers, KBOT has been dubbed "the first living virus in recent years that we have spotted in the wild."

They describe the virus as follows:

"KBOT poses a serious threat because it is able to spread quickly in the system and on the local network by infecting executable files with no possibility of recovery. It significantly slows down the system through injects into system process, enables its handlers to control the compromised system through remote desktop sessions, steals personal data, and performs web injects for the purpose of stealing users' bank data."

As you can see from this brief description, this piece of malware might be old school, but it's a serious threat. By destroying the files it infects, it's not just a matter of getting rid of the infection. Invariably, you'll have to reinstall all the infected code on the PC.

In addition to being a highly destructive virus, it's also designed to steal vast quantities of data. Then it makes a priority of connecting to its command and control server once it establishes a hold so it can send back any data it's been coded to target.

If it's not already on your radar, it certainly deserves paying attention to. If you find yourself unfortunate enough to be on the receiving end of a KBOT infection, know that it will cause a tremendous amount of damage and bring your network to its knees before you get it under control.

SpartanTec, Inc. is here to analyze your network and help you design a plan to keep your data secure.  We work with companies of ant size and can provide services from a secure firewall to 24/7 monitoring.  Contact us for a free analysis.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-418-4792
https://www.spartantec.com/

Dangerous New Trojan Can Infect Systems Through Wifi

If you're not already familiar with the Emotet trojan, it deserves a special spot on your radar. It's one of the most dangerous forms of malware in the world today.

Their success is thanks to the fact that its creators have worked hard and diligently to keep it upgraded by bolting on a variety of modules that enhance its capabilities in new, and sometimes terrifying ways.

Recently, researchers at BinaryDefense have spotted a particularly nasty new module that allows the trojan to infect other devices nearby. Called a "WiFi Spreader," it allows the trojan to hop wirelessly from one device to another.

Granted, this capability does not guarantee a 100 percent infection success rate, because the nearby device may have protection protocols in place. It does, however, provide a new attack vector the malware can utilize to spread itself farther than it otherwise might.

The implications of this are staggering. If Emotet makes its way onto your system and the strain you have has the WiFi Spreader module, it poses many risks. It poses risks to your own network, to the personal devices your employees carry that aren't connected to your network, and also to any other networks in close proximity to yours. Whether the networks are one floor up, or down, right next door, they are also at risk.

Also, consider the implications of an Emotet infection in a shared work environment. For example, WeWork office space, or a constellation of small companies that share one floor of an office and work in close proximity to one another. These kinds of arrangements are increasingly common and will absolutely complicate forensic investigations of malware infections.

If there's a silver lining here, it is the fact that according to Binary Defense, the WiFi spreader doesn't work on Windows XP SP2 or Windows XP SP3. That is because it utilizes functions that are incompatible with those builds. In any case, stay vigilant and be on the lookout for Emotet. It's one of the most dangerous forms of malware out there.

Call SpartanTec, Inc. if you need the help of IT experts in securing your business data, devices, or networks.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Password Manager Malware Tricks Users Into Revealing Passwords

There's a new threat making the rounds called 'Metamorfo' that you should be aware of. The malware began its life as a banking trojan.

This news is from researchers at Fortinet, who report that the malicious code has recently gotten some upgrades that make it particularly nasty.

Like many similar programs, this one finds its way onto target machines by way of phishing emails. In this case, the vehicle of choice seems to be emails that claim to have an invoice attached in the form of a Microsoft Word document.

If a user receives this email and opens the 'invoice' he or she will be informed that the message cannot be properly displayed without enabling macros. Of course, enabling macros is the mechanism that allows Metamorfo to be installed on the target device.

Once installed, the malicious code will first check to be sure it's not running in a sandbox or virtual environment. Once it has confirmation that it is not, it will run its Autolt script execution program, which it uses to evade detection by antivirus programs that may be running on the target system.

Safe from detection, it will then shut down any browser sessions that may be running and prevent any new browser windows from using the auto-complete function when entering passwords. It then begins prompting the users to manually enter their passwords. When they do, the keystrokes are mapped and sent to a command and control server that the hackers control. It's a fiendishly clever way of making sure the hackers harvest as much password information as possible from each system they infect.

Be very wary of opening attachments from any unknown and untrusted source and make sure all your systems are fully patched and up to date. It's not a perfect solution, but it will certainly minimize your risk.

Call SpartanTec, Inc. and let our team help you develop and set up the most effective and suitable cybersecurity strategies that customized according to your business security needs.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

A Definitive Guide To Managed IT Services

Managed IT services refers to solutions that aim to replace or augment the management of certain business functions by a third party contractor. In the past 10 years, managed services have grown substantially, especially within the IT industry. In this area, managed services include managing technologies like telephony, core network, and data center. Meanwhile, legacy managed services include core IT maintenance obligations such as patch management and break/fix.

What Is MSP?

An MSP or managed service provider is a firm that owns and remotely manages a service or technology and permits the use of the said service or technology to any client through a subscription.

Why Use Managed IT Services?

Although managed services are not solutions that are suitable for all business, it is a clear cut solution to a few important business challenges that are faced by businesses of all shapes and sizes.

High hardware cost – technology architecture is costly and there’s no guarantee that they won’t be obsolete after a few years.

Specialized technology – conventionally, firms could hire a few IT staff to develop, manage, and fix problems across the whole IT enterprise. Now, to guarantee availability and high performance, IT teams are created for every IT function.

Cost of qualified staff – IT staff are in high demand and they are expensive.

Shortage of qualified personnel – even if you have an IT team, the question is if you have enough. Is your team qualified when it comes to maintenance?

Cost of constant maintenance – If you don’t have issues with maintenance, the members of your IT staff could concentrate on projects that could enhance your business like updating the CRM or creating new lead generation analytics and so on.

Are There Any Complaints About Managed IT Services?

Managed service providers provide an affordable and convenient way to help companies run smoothly. But, in an effort to maximize profits while cutting back their resource investment, several MSPs have decided to take a shortcut.

Inflexible programs – there are some providers that develop rigid program specifications at the expense of the clients. Flexibility is oftentimes the reason why the client turns to managed IT services, to begin with.

Low touch client service – with strict communication lines, there are a few MSPs that can automate away access to human professionals.

A Reliable MSP Partner

There are several MSPs these days that offer a range of services, to be used in different ways. Some are truly value-added partners while others are just service vendors. So how do you differentiate a vendor from a true partner?

A good managed IT service partner is the one that provides great advice, challenges you, and provides an honest critic. A good partner is one who is transparent in all of their dealings with their client and above all, handles sensitive problems, hiccups or shutdowns that affect your business just like their very own.

At SpartanTec, Inc., we believe in creating committed partnerships with our clients. We develop collaborative prosperity that affects businesses positively. Call us now for more information.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Active Directory Being Targeted By Malware Called TrickBot

The malware named TrickBot has some new tricks up its sleeves. Recently, a new strain of the malware was spotted in the wild with new capabilities that allow it to target the Active Directory database stored on compromised Windows domain controllers.

While TrickBot has never been seen as one of the most dire threats in the malware universe, this new functionality does make it dangerous.

Domain administrators need to be aware of the dangers associated with hackers gaining access to and exploiting Active Directory. The directory stores user names, password hashes, computer names, groups, and a variety of other sensitive data.

To understand how TrickBot manages this feat, it's important to dig into a few technical details. For example, when a server is promoted as a domain controller, the Active Directory database is created and saved on that machine in the c:WindowsNTDS folder. One of the files contained in this folder is ntds.dit, which is the specific file that contains all of the Active Directory services information.

Given the sensitivity of this information, Windows encrypts the data using a BootKey, which is stored in the System hive of the Registry. Since ntds.dit is opened by the domain controller, it's not possible for any external process to access the data it contains. Although Windows Domain Controllers have a tool called ntdsutil that allows administrators to perform maintenance on the database.

TrickBot gets around this by taking advantage of the "Install from Media" command into the %Temp% folder, where it can be compressed and sent to a command and control server controlled by the hackers. Once they've got their hands on the file itself, it's easy enough to crack it open to get what's inside. That of course, spells trouble for the organization that owns the server.

All that to say, if TrickBot isn't currently on your radar, it deserves a spot there. Its new capabilities make the malware significantly more dangerous.

Call SpartanTec, Inc. for professional help in protecting your business against malware and other online threats

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Why Is Maintaining The Cybersecurity In Your Business Important?

Now is the best time for businesses to check how their handling their company data. Over the past few decades, technology has become a crucial component of any workplace. From financial transactions and email correspondence, to work documents and networking, companies of all sizes depend on technology to stay connected all the time and perform their work efficiently. But, when such communication lines are compromised or threatened, it could lead to a disastrous effect on a company.

The cyberattacks on TalkTalk back in 2015 is among the most high profile incidents as it result to a record fine of £400,000 because of its security failings. In line with that, Three Mobile was also victim of cyberattack, wherein 200,000 of its client information were exposed.

However, it’s not only the bug businesses that need to worry about cybersecurity. Even if you only have a small business or even those who have small to medium enterprises are still vulnerable to cyberattacks.

Know The Latest Cyber Security Threats

Data breaches may result in lost files, assets, or intellectual property as well as website or system corruption. There are several kinds of online security threats these days. These include scammers who send fraudulent emails, impersonate a legal business, as well as malware and viruses.

Data Leak Protection

Among the most personal and rampant threats when it comes to cybersecurity is data leaks. They can cause damage to business and individuals alike. All companies hold a wide range of data from employee data to customer information, which usually contains sensitive details which could easily be vulnerable if businesses do not take the needed steps to protect them.

Limiting the amount of personal information that is made available to the public is one good way of making data is secured from possible leaks.

However, there are other methods available to minimize the possibility of exposure. You should consider setting up a burner email, which is a dummy email account that your company can use when they sign up for a service or site that they do not want to provide their real email address to. In case your email account has been compromised, there is the “Have I Been Pawnd” online tool that lets users search through different data breaches to determine if their email address has been breached.

Ransomware Protection

Ransomware is another cyber security threat for businesses. It is a kind of malware that encrypts the data of a businesses and can only unlocked in exchange for a large fee. Although the data that’s saved on the computer could be vulnerable to ransomware, these kinds of cyberattacks have also grown in popularity with the emergence of cloud services for data storage.

An increasing number of business are choosing the cloud for storing data. But there appears to be a misconception that cloud data storage is much safer and secure than the hard drive of a computer. Businesses must make sure that the valuable data is always backed up in different places.

Even though malicious programs and software continue to develop, security software these days are adapting to cope with online threats, too. That is why it is crucial for businesses to update its anti-virus software all the time.

On the other hand, there’s also a misconception that anti-virus alone can deal with ransomware. Companies have to make sure that they invest in a reliable software that could protect them against cyberattacks.

Call SpartanTec, Inc. if you need professional IT services that can help maintain the cybersecurity of your company. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantec-wilmingtonnc.business.site/

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro

Wyze User Information Leaked Include Emails And Other Data

Wyze is one of the many manufacturers of consumer-grade smart devices. They recently confirmed that user data belonging to nearly two and a half million of its customers was exposed. The root cause of the exposure was traced back to an unsecured database connected for nearly a month to an Elasticsearch cluster. This was during a period of time spanning December 4th to December 26th, 2019.

The company did not discover the database on their own. Rather, they were following a tip given to them by a reporter. This was following the developments of security researchers operating out of a company called Twelve Security, who initially discovered the database.The reporter published the article he was writing after contacting the company, but apparently, not in coordination with them.

Having been alerted to the problem, the company took swift action, but in this case, perhaps it was too swift. According to Dongsheng Song, one of the co-founders of the company and its current Chief Product Officer:

"We locked down the database in question before we were able to verify it was exposed. We did this as a precaution because the published article referenced a database connected to 'Elasticsearch': a search tool that we also used on our query database."

As to impacts, it has been confirmed that the database in question contained WiFi SSIDs, customer email addresses and smart device nicknames,.It did not contain passwords or any financial information, so although it's a serious issue, it's not as bad as it could have been.

Song also noted in a blog post on the matter that "there is no evidence that API tokens for iOS and Android were exposed, but we decided to refresh them as we started our investigation as a precautionary measure."

In a nutshell, the handling of this incident was botched and uneven, but it could have been much, much worse. Wyze dodged a bullet, as did the company's customers.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/