The malware at the heart of the campaign is Emotet, which began life as a banking trojan, but it has morphed into something quite different in recent times.

It's now a full-fledged botnet and its creators are leasing it out to anyone who can pay.

Make no mistake, the latest configuration of Emotet isn't a threat to be taken lightly. Last year, it accounted for almost two thirds of malicious payloads delivered via phishing attack. The malware was heavily used throughout much of 2019, suffered a marked decline during December, and then came roaring back to the fore in January of 2020.

While the major thrust of this latest campaign is aimed at financial institutions, a small number of attacks have been made against companies in the media, transportation, and food industries.

The campaign is being conducted largely by phishing emails that contain a Microsoft Word Document that pretends to be an invoice for a service recently rendered. The email subject line varies but in all cases it mirrors the invoice and/or bank details.

Naturally, if a recipient attempts to open the invoice, he or she will get a popup box indicating that Macros must be enabled in order to properly view it. If the recipient clicks the button to enable macros, the malicious payload will be installed.

This is time tested and a reliable method of getting malicious code onto target machines. It's been around for years, but it's still in use because it's so effective. Make sure your employees are aware of the threat and stay vigilant. If the early indications mean anything, 2020 is going to be a very trying year.

If you have business in the financial sector, don't leave your network, systems, and devices unprotected. Call SpartanTec, Inc. now.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

New Phishing Emails Use Convincing Security Credentials

Unit 42 is a research division of Palo Alto Networks. Their researchers have discovered a sneaky and surprisingly effective phishing campaign that appears to have been launched in January of this year (2020).

When targeted by this attack, a user will get an email containing a braded document containing the name of a legitimate cybersecurity provider.

The name of a known cybersecurity provider alone generates a certain amount of trust in the reader. In addition, the email contains a password protected document, which naturally is the kind of security that a company in the security business would utilize.

Most of the emails contain subject lines that indicate the recipient is entitled to a refund or a free security product upgrade. That builds on the trust already established and gives the user an enticement for opening the enclosed file that has been password protected "with their security in mind."

Naturally, nothing could be further from the truth. If the user unlocks the protected file, he or she unwittingly enables the macros embedded in the file, which will then activate and install NetSupport Manager. The manager is surprisingly a completely legitimate remote access control program, but used here for nefarious purposes.

As long as it's running quietly in the background, it gives the people who sent the email a secret inroad into the machine and the network it is connected to.

Not only is the use of a known cybersecurity firm name a sneaky bit of social engineering, but the use of a perfectly legitimate remote connection tool is as well. That is because no antivirus software on the planet would flag the tool, which gives the hackers using it in this way a completely untraceable means of gaining access to a wide range of networks.

Be on your guard against this threat. It's insidious, and the folks behind it could do a lot of harm to your company. Call SpartanTec, Inc. now and let our team of IT experts help you.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Treat Ransomware As Data Breaches And Report It Right Away

It’s only been a few months into the year but there’s already been a significant increase in the use of ransomware that steals data. It is a type of ransomware that encrypts the data of the victim and extracts it to the server of the attacker.

The data that’s been stolen will then be used to force the victim into paying their specified ransom. But, evidence shows that cybercriminals also utilize the data to execute phishing attacks on customers and business partners of the victim firm.

IT experts suggest that businesses disclose these ransomware incidents as soon as possible. Reporting incidents, especially the ones that involve ransomware that’s can exfiltrate data is important to prevent other companies from falling victims to a similar attack.

Lack of Disclosure

As of the moment, companies are not legally required to report ransomware incidents. Organizations that have fallen victim to ransomware could fix the problem, by paying or not paying the cybercriminals and resume regular business operations, without telling their partners, customers, or the public about the cyberattack.

This is a common response with traditional ransomware. The data of the company was encrypted but it was not read, altered, or extracted. In theory, PII or personally identifiable information was exposed so the company doesn’t have to deal with business interruption and reputational loss that come after they report the incident.

This kind of reasoning won’t hold up when it involves data-stealing ransomware. Nemty, DoppelPaymer Sodinokibi, Maze, and other ransomware groups have started using methods that allow them to extract the data of their victim to a remote server where they could read, manipulate, and use the data however they like. The data that was stolen will be used to force their victims to pay the ransom. But it can also be used for spearfishing attacks.

Data Theft and Spear Phishing

Spear phishing refers to a cyber attack that targets certain people in a company to access crucial data like staff credentials, financial data, in this situation, deliver ransomware through suspicious email attachments.

Given that actors have access to the data of the company, and in some cases, emails – lets them make very convincing email messages. In certain instances, those emails might even look like a reply to a message, which makes it look like it is a legitimate email to the victim.

Companies Stand Silent When It Comes To Cybersecurity

When a business face a ransomware attack, its business partners, suppliers, and customers will be on the lookout for targeted attacks. But, this is not the case. Because organizations are not required to report ransomware incidents, there is some motivation for businesses to come forward and admit that their company was hit by ransomware.

What Should Businesses Do?

Data stealing ransomware are becoming increasingly rampant. Now is the time to start referring to ransomware incidents like data breaches.

All ransomware incidents must be thought of as data breaches until they are proven otherwise. Governments create a legislation wherein ransomware attacks to be considered as data breaches and ask the affected business to immediately issue notifications.

Call SpartanTec, Inc. now and let our team set up the most effective cybersecurity measures to protect your business against today’s most common online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

5 Ways To Prevent Data Breaches

Businesses need to prioritize data security especially these days when high profile information security breaches are almost always making the headlines. Organizations today face a one in four chance of having an information data breach that would cost about $2.21 million over the next two years. The aftermath of a data breach includes distrust, revenue loss, decreased loyalty among customers, and a negative reputation for your brand.

Prevent Information Security Breach

Asset Inventory

Visibility of what software and hardware assets you have in your network, as well as physical infrastructures, would help you get a greater understanding of the security posture of your organization. An asset inventory could also be used to create ratings and categories around the vulnerabilities and threats your assets may come across with. Ratings and categories for these vulnerabilities could assist you in prioritizing the remediation efforts that would occur on these assets.

Information security breaches add emphasis to endpoint protection. It’s not enough to have an antivirus installed to prevent a major breach. As a matter of fact, if you depend only on your antivirus software, you’ll be leaving your endpoints such as your laptops and desktops, widely exposed. Your devices would become the entry points for breaches.

An in-depth endpoint solution would utilize encryption to stop data leaks and loss, implement unified policies to protect data across all your endpoints, networks, servers, thereby lowering the possibility of a data breach.

Vulnerability and Compliance Management

Using a VCM or vulnerability and compliance management tool or at least completing a vulnerability assessment can help you pinpoint weaknesses, gaps, as well as misconfigurations in the security within your virtual and physical environments. VCM could check your IT assets and infrastructure continuously for compliances, vulnerabilities, as well as configuration best practices. An effective VCM lets you develop an action plan for remediating such vulnerabilities and designate them to the appropriate employees.

Audit Security Posture Regularly

Undergoing audits on a regular basis to determine potential new openings in governance and compliance would help in your security posture validation. A security audit would be a more comprehensive assessment of your business’ security policies compared to the penetration testing or vulnerability assessment. A security audit will take into account the dynamic nature of the business and how the company deals with information security Myrtle Beach.

Common Questions During A Security Audit

• Does your business have documented policies about information security?
• Did you set up escalation profiles, management processes, and processes document and monitored, and a playbook in case there’s a breach?
• Did you prepare network security mechanisms?
• Did you set up a log and security monitoring?
• Did you come up with a Disaster Recovery & Business Continuity Plan?
• Did you test your applications for security flaws?
• Do you have a change management process set up at each level within the IT setting?
• How do you back up your files and media? Who can access the backup? Have you tested your restore procedures?
• Have you reviewed the auditing logs? When do you review them?

Employees Must Be Trained and Educated

Once you have completed your security policy audits, you can now implement a written employee policy that involves data security and privacy. You need to conduct security training regularly so that all of the staff members know about these newly created policies since they won’t comply with policies they are not familiar with. When you are setting up your security policy for your staff, you should take into account training on these things:

• Using different unique passwords on devices that are used at work
• Enforcing a documented system for employees, contractors, or vendors who are set to leave your company (laptop access, key cards, passwords, etc.)
• Training staff on the importance of reporting data security leaks or information security breach
• Developing a policy that will describe how your staff should deal with, get rid of, restore, and even send data

Your staff requires training on the kinds of phishing attacks that take place these days. Phishing is a common method used by cybercriminals to spread ransomware in an organization. If you could train and educate your staff about the signs to search for in a dubious email, your business will be well served.

Call SpartanTec, Inc. now and let our team of IT experts help you establish security measures and protocols to mitigate online security threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Old School Virus Called KBOT Is Hitting Networks

There was a day when worms were once common, terrifying threats on the internet. In the early days of the world wide web, there were a number of famous attacks that were considered highly advanced for their time.

Time and technology have moved on of course, and these days, modern malware is significantly more advanced.

Except for KBOT. KBOT is a blast from the past. Recently discovered by Kaspersky researchers, KBOT has been dubbed "the first living virus in recent years that we have spotted in the wild."

They describe the virus as follows:

"KBOT poses a serious threat because it is able to spread quickly in the system and on the local network by infecting executable files with no possibility of recovery. It significantly slows down the system through injects into system process, enables its handlers to control the compromised system through remote desktop sessions, steals personal data, and performs web injects for the purpose of stealing users' bank data."

As you can see from this brief description, this piece of malware might be old school, but it's a serious threat. By destroying the files it infects, it's not just a matter of getting rid of the infection. Invariably, you'll have to reinstall all the infected code on the PC.

In addition to being a highly destructive virus, it's also designed to steal vast quantities of data. Then it makes a priority of connecting to its command and control server once it establishes a hold so it can send back any data it's been coded to target.

If it's not already on your radar, it certainly deserves paying attention to. If you find yourself unfortunate enough to be on the receiving end of a KBOT infection, know that it will cause a tremendous amount of damage and bring your network to its knees before you get it under control.

SpartanTec, Inc. is here to analyze your network and help you design a plan to keep your data secure.  We work with companies of ant size and can provide services from a secure firewall to 24/7 monitoring.  Contact us for a free analysis.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-418-4792
https://www.spartantec.com/

Dangerous New Trojan Can Infect Systems Through Wifi

If you're not already familiar with the Emotet trojan, it deserves a special spot on your radar. It's one of the most dangerous forms of malware in the world today.

Their success is thanks to the fact that its creators have worked hard and diligently to keep it upgraded by bolting on a variety of modules that enhance its capabilities in new, and sometimes terrifying ways.

Recently, researchers at BinaryDefense have spotted a particularly nasty new module that allows the trojan to infect other devices nearby. Called a "WiFi Spreader," it allows the trojan to hop wirelessly from one device to another.

Granted, this capability does not guarantee a 100 percent infection success rate, because the nearby device may have protection protocols in place. It does, however, provide a new attack vector the malware can utilize to spread itself farther than it otherwise might.

The implications of this are staggering. If Emotet makes its way onto your system and the strain you have has the WiFi Spreader module, it poses many risks. It poses risks to your own network, to the personal devices your employees carry that aren't connected to your network, and also to any other networks in close proximity to yours. Whether the networks are one floor up, or down, right next door, they are also at risk.

Also, consider the implications of an Emotet infection in a shared work environment. For example, WeWork office space, or a constellation of small companies that share one floor of an office and work in close proximity to one another. These kinds of arrangements are increasingly common and will absolutely complicate forensic investigations of malware infections.

If there's a silver lining here, it is the fact that according to Binary Defense, the WiFi spreader doesn't work on Windows XP SP2 or Windows XP SP3. That is because it utilizes functions that are incompatible with those builds. In any case, stay vigilant and be on the lookout for Emotet. It's one of the most dangerous forms of malware out there.

Call SpartanTec, Inc. if you need the help of IT experts in securing your business data, devices, or networks.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Password Manager Malware Tricks Users Into Revealing Passwords

There's a new threat making the rounds called 'Metamorfo' that you should be aware of. The malware began its life as a banking trojan.

This news is from researchers at Fortinet, who report that the malicious code has recently gotten some upgrades that make it particularly nasty.

Like many similar programs, this one finds its way onto target machines by way of phishing emails. In this case, the vehicle of choice seems to be emails that claim to have an invoice attached in the form of a Microsoft Word document.

If a user receives this email and opens the 'invoice' he or she will be informed that the message cannot be properly displayed without enabling macros. Of course, enabling macros is the mechanism that allows Metamorfo to be installed on the target device.

Once installed, the malicious code will first check to be sure it's not running in a sandbox or virtual environment. Once it has confirmation that it is not, it will run its Autolt script execution program, which it uses to evade detection by antivirus programs that may be running on the target system.

Safe from detection, it will then shut down any browser sessions that may be running and prevent any new browser windows from using the auto-complete function when entering passwords. It then begins prompting the users to manually enter their passwords. When they do, the keystrokes are mapped and sent to a command and control server that the hackers control. It's a fiendishly clever way of making sure the hackers harvest as much password information as possible from each system they infect.

Be very wary of opening attachments from any unknown and untrusted source and make sure all your systems are fully patched and up to date. It's not a perfect solution, but it will certainly minimize your risk.

Call SpartanTec, Inc. and let our team help you develop and set up the most effective and suitable cybersecurity strategies that customized according to your business security needs.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/