Hackers Turn To New Trick Called SEO Poisoning

Hackers have a new tool in their toolbox you should be aware of. Called SEO Poisoning or sometimes "search poisoning" the attack relies on Black Hat SEO techniques to optimize web content.

Researchers from Menlo Security have spotted two separate campaigns one linked to the SolarMarker backdoor and the other leveraging REvil ransomware to infect unsuspecting netizins.

Here's how the attacks work:

The hackers gain access to legitimate sites that rank well on Google and inject them with a variety of specific search terms.

Because the site is respected and ranks highly on its own surfers who find their way onto the site are more likely to accept that anything on the site is legitimate. The hackers leverage this trust by adding poisoned content to the site. This poisoned content appears in search results to be a PDF file requiring a download in order to view it.

When a user clicks on a download link they seal their fate. Behind the scenes they are redirected multiple times ultimately winding up at a poisoned site controlled by the hackers where a malicious payload is dropped onto the visitor's device.

Both of these campaigns have leveraged respected WordPress sites taking advantage of an undisclosed flaw in a plugin called 'Formidable Forms.' The hackers install their malicious PDFs in the wp-content/uploads/formidable/ folder.

Most cybercriminals who deploy ransomware demand exorbitant fees to regain access to your files. These two campaigns are notable for making much smaller demands ranging between $1,500 and $7,500.

If you have a WordPress site and you use the Formidable Forms plugin download the latest version as soon as possible. The plugin's developers moved quickly to address the issue and a fix is available. As long as you are running version 5.0.10 or later you should be fine.

Call SpartanTec, Inc. now if you need help in protecting your business against various cybersecurity threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New TodayZoo Phishing Campaign Is Going After Passwords

Microsoft recently reported on the existence of an unusual phishing campaign designed primarily to harvest the passwords of unsuspecting victims.

One of the things that makes the campaign so unusual is the fact that it appears to be built by using bits of code copied and pasted from the work of other hackers. Call it a "FrankenPhishing Campaign" if you will.

Microsoft borrowed from the story of The Island of Doctor Moreau and has dubbed this campaign "TodayZoo". While it may be crude and cobbled together from the work of other it has been both large and successful enough to gain attention.

The campaign does a surprisingly admirable job of impersonating Microsoft's own brand. The campaign makes use of a technique called "zero point obfuscation" which makes use of HTML text written in a font size of zero designed to evade human detection.

This tool is a simple and almost crude plan and yet it has proved to be surprisingly successful. Users get an email that appears to be from Microsoft. The body of the email indicates that the user's Microsoft 365 account has been compromised and the user's password must be reset.

The email contains a link but of course, the link only points to a dummy version of the password reset page. The moment the user enters his or her login credentials all they're doing is handing them over to the people who orchestrated the phishing campaign or the cybersecurity threat.

Note that most phishing campaigns that work this way collect the login credentials on one site then forward them onto some other. In this case, the people behind the campaign are simply storing the credentials on the site that collects them.

All of this points to a group of enthusiastic amateurs. It's an audacious campaign and they will undoubtedly learn from it and improve. Odds are excellent that this is not the last we've heard from this group.

Call SpartanTec, Inc. now if you need the help of professional experts in keeping your information safe from hackers, phishing campaigns, and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New TodayZoo Phishing Campaign Is Going After Passwords

Microsoft recently reported on the existence of an unusual phishing campaign designed primarily to harvest the passwords of unsuspecting victims.

One of the things that makes the campaign so unusual is the fact that it appears to be built by using bits of code copied and pasted from the work of other hackers. Call it a "FrankenPhishing Campaign" if you will.

Microsoft borrowed from the story of The Island of Doctor Moreau and has dubbed this campaign "TodayZoo". While it may be crude and cobbled together from the work of other it has been both large and successful enough to gain attention.

The campaign does a surprisingly admirable job of impersonating Microsoft's own brand. The campaign makes use of a technique called "zero point obfuscation" which makes use of HTML text written in a font size of zero designed to evade human detection.

This tool is a simple and almost crude plan and yet it has proved to be surprisingly successful. Users get an email that appears to be from Microsoft. The body of the email indicates that the user's Microsoft 365 account has been compromised and the user's password must be reset.

The email contains a link but of course, the link only points to a dummy version of the password reset page. The moment the user enters his or her login credentials all they're doing is handing them over to the people who orchestrated the phishing campaign or the cybersecurity threat.

Note that most phishing campaigns that work this way collect the login credentials on one site then forward them onto some other. In this case, the people behind the campaign are simply storing the credentials on the site that collects them.

All of this points to a group of enthusiastic amateurs. It's an audacious campaign and they will undoubtedly learn from it and improve. Odds are excellent that this is not the last we've heard from this group.

Call SpartanTec, Inc. now if you need the help of professional experts in keeping your information safe from hackers, phishing campaigns, and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

This Mac Malware Should Have Users Worried

Researchers from Microsoft have reported the discovery of a new variant of macOS malware called WizardUpdate.

The new version should worry all Mac users because it has been upgraded to incorporate enhanced evasion and persistence tactics that will make it more difficult to track, locate and ultimately stop.

WizardUpdate is also known as UpdateAgent and it is based on code that is distributed via download repositories. That is where it masquerades as a legitimate and safe software. Although the researchers found no direct indication of how this new variant is distributed it follows that the group behind the code would use similar if not outright identical techniques.

WizardUpdate has had a short but interesting history when it comes to cybersecurity breaches. It was first discovered in November 2020. In its earliest incarnation the code could do little more than collecting and exfiltrating basic system information. That proved to be but a simple test. Since its initial release WizardUpdate has seen numerous upgrades.

The latest build includes the following capabilities:

• To grant admin permissions to regular users
• To leverage existing user profiles to execute commands
• To modify PLIST files using PlistBuddy
• To bypass Gatekeeper by removing quarantine attributes from downloaded payloads
• To grab the full download history for infected Macs by enumerating LSQuarantineDataURL String using SQLite
• And to deploy secondary payloads downloaded from cloud infrastructure

Microsoft had this to say about the newly discovered strain:

"UpdateAgent abuses public cloud infrastructure to host additional payloads and attempts to bypass Gatekeeper, which is designed to ensure that only trusted apps run on Mac devices, by removing the downloaded file's quarantine attribute."

"It also leverages existing user permissions to create folders on the affected device. It uses PlistBuddy to create and modify Plists in LaunchAgent/ LaunchDeamon for persistence."

WizardUpdate by any name is a scarily capable malware strain and Mac users should be on high alert.

Call SpartanTec, Inc. now and let our team of IT support professionals help set up the most effective cybersecurity measures to protect you from malware and other types of online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

The First Line of Defense for Data Security

At the end of World War I, German engineer Arthur Scherbius constructed a device that would become central in another worldwide conflict of unimaginable magnitude over 20 years later: the Enigma machine. The machines, which steadily became more complex with each iteration, consisted of a series of rotors that, by themselves, encrypted messages input via the attached typewriter. Each rotor performed a simple substitution cipher, but when run through multiple rotors, the encryption reached a staggering level of complexity.

Initially used for transmitting sensitive company secrets in the commercial sector, the technology was eagerly adopted by the German military machine before World War II. After war broke out across Europe once again, Enigma encoding became central to the operation of the Axis powers, used for sending vital, sensitive intelligence across the airwaves. Due to the complexity of the Enigma system, the Germans were certain that the code would not, and could not, be broken.

But the Germans were wrong. Using photographs of stolen Enigma operating manuals obtained by a German spy, the Polish General Staff’s Cipher Bureau managed to construct an Enigma machine of their own, enabling them to covertly decrypt substantial amounts of Axis intercepts. Ahead of the impending invasion of Poland, the Poles shared their knowledge with the French and British military to expedite the defeat of the Germans. A massive team at Bletchley Park in Buckinghamshire, led by code-breaking master Alan Turing, became the central location for Allied efforts to keep up with Enigma operations.

Germany, still convinced the code was fundamentally unbreakable, continued using Enigma for a wide array of communications. But even the most complicated four-rotor Enigma systems were eventually decrypted. Great pains were taken to ensure the Germans never learned their precious code had been broken, labeling any intelligence gained from Enigma as “Ultra,” keeping the significance of Bletchley Park’s operations under wraps. Ultra-intelligence was used sparingly to avoid German suspicion.

The efforts of the Polish Cipher Bureau, Alan Turing, Bletchley Park, and the hundreds of men and women who contributed to the cracking of the Enigma code were described as “decisive” in the shortening of the war, and, at the high end, are estimated to have saved over 14 million lives.

Much like the Germans who assumed Enigma was uncrackable, most business owners believe their current, potentially outdated, cyber security measures will keep their data safe. But, in the contemporary age where digital information is as precious as gold, cybercriminals are working around the clock to penetrate even the most robust security solutions. You can bet they’ve already created a workaround for your current antivirus. What was good enough before may not be good enough today. After all, it’s simply impossible that a security solution like firewalls from even two years back could be equipped to defend your precious data from a cutting-edge hacking technology that didn’t even exist when it was created.

Today, companies that fail to stay abreast of the latest cybersecurity trends — clinging foolishly to their own Enigma — are certain to pay the price down the line. Once the lock is picked, you need a new lock, and criminals are cracking new locks every day.

Luckily, as your IT provider, we’re data security experts, and we constantly seek the latest and most robust security solutions. Don’t leave your company’s security up to a false sense of confidence. Always be looking at options to upgrade your digital security and backup and make it a sure thing.

 

Call SpartanTec, Inc. now if you need help in bolstering your data security to keep your business protected against various online threats.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Criminals Are Using YouTube Video Channels To Spread Malware

YouTube has long been a hunting ground used by hackers and scammers to push all manner of hoaxes, scams and malicious code onto unsuspecting users. A security researcher known only as Frost is working for Cluster 25. Frost has reported a significant uptick in the number of malware campaigns orchestrated from YouTube.

Overwhelmingly these campaigns are pushing Trojans onto the PCs and smart devices of their victims.

Frost has identified what appear to be two clusters of malicious activity occurring simultaneously. One of these is pushing the RedLine trojan and the other is pushing Racoon Stealer.

Literally thousands of videos and channels have been made in the conduct of these two campaigns. Based on Frost's personal observation the campaigns are adding 100 new videos and 81 channels every twenty minutes.

He had the following to say about the identified campaigns:

The videos in question cover a wide range of topics. The hackers behind the campaigns tend to favor videos about software cracks, how to guides that outline how to get around software licenses, cryptocurrency, software piracy, game cheats and VPN software.

The videos are at least vaguely helpful and contain a link that the video's authors claim is to a tool that will help the viewer on his or her quest related to the topic of the video. Naturally the link is nothing of the sort and clicking on it will install malicious code on the viewer's device.

The cyberthreat has gotten serious enough that YouTube's owner Google made a formal statement about the matter.

Google's statement reads in part as follows:

"We are aware of this campaign and are currently taking action to block activity by this threat actor and flagging all links to Safe Browsing. As always, we are continuously improving our detection methods and investing in new tools and features that automatically identify and stop cybersecurity threats like this one. It is also important that users remain aware of these types of threats and take appropriate action to further protect themselves."

The moral of the story is simple: Be very careful about any links you click.

Call SpartanTec, Inc. now if you need help in protecting your business and network against malware and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

A Proven Method To Secure Your Business’s Network

People don’t usually think about small businesses when discussing cybersecurity. The media covers breaches in governmental and big-business security in excess. These entities usually have lucrative targets that attract the attention of hackers but are often backed up with an extremely protective network security system that’s difficult to crack. When hackers can’t break the big system, they turn their attention to easier targets.

While most hackers want the opportunity to crack a high-risk target, these situations are few and far between. Instead, they turn their attention toward much lower-hanging fruit. This is where small businesses come in; they still have access to money and data but have much lower defense than a governmental entity. Luckily, many average cyber security strategies can keep the would-be hackers away. Their methods are always changing, though, and it helps to be one step ahead of the game.

These are the best current cybersecurity strategies you can put into place.

Cloud Security

Cloud security is the protection of data stored online via cloud computing platforms from theft, leakage and deletion. As more and more businesses switch from hard-drive data storage to remote databases, this practice is becoming more and more commonplace. Methods of providing cloud security include firewalls, penetration testing and virtual private networks (VPN), to name a few. While many people feel that their data and information are better stored on a hard drive on their own network, data stored in the cloud may actually be more secure, depending on the system’s defense strategy. Be wary, though: not all cloud securities are made the same. Do your research and pick one that will best protect your data.

Network Security

Network security is the protection of the underlying networking infrastructure from unauthorized access, misuse or theft. This is what your network administrator will need to put into place in order to keep your devices and data secure. The best approach to protecting your network is to create a strong WiFi password. Random numbers and letters work best for a small business since nobody but those who need it will be able to guess the password. In addition to a strong password, you’ll also have to anticipate any type of internal attack.

VPNs And Firewalls

A VPN can help protect your security by masking your IP address. This essentially means that you’ll be connected through a different server, making it much harder for the government or websites to pinpoint your location. It also encrypts all network data by creating a secure tunnel. A firewall is simply a shield that protects your computer from the Internet. Firewalls can help restrict access to sites that could be damaging to your network. Both of these tools can be highly effective when used properly, but they do not protect against all threats.

Updates And Upgrades

While it might seem simple, consistently updating and upgrading your technology tools can keep you much more secure. The developers of many of these tools are constantly looking for new threats that pose a risk to their program. They’ll issue patches to make sure any holes are filled. You just need to make sure that all of your tools are updated in a timely manner and verify that the updates are installing.

Data Backups

You should always have multiple backups of your business’s data. You never know when a power surge or some type of natural disaster might cause your current files to be deleted. You can prevent this issue by regularly backing up your data.

Employee Training

It’s important to limit employee access to systems and data owned by your company. Not everyone needs to have access, so only give it to those who can’t work without it. There should also be some type of security training for all employees. Phishing schemes and weak passwords create just as many issues as hackers do. Finally, you should make sure everyone in your workplace is security-conscious. A single breach could critically hurt your business. Your employees need to understand this so they can be proactive as well.

No matter which route you take, the most important thing you can do for your small business is protect its network. Governmental entities and big businesses do not suffer from security lapses nearly as bad as small businesses. A security lapse could even stop your business dead in its tracks.

Call SpartanTec, Inc. now if you need professional help in securing your business and your network.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence