New Emotet Malware Found A New Way To Distribute

Emotet is one of the most feared malware strains circulating right now. The team behind it has managed to infect a staggering array of targets all around the globe. To say that it is a major threat would be an understatement. Recently the group behind Emotet just upped the ante even further. Researchers have recently discovered that the malware is now being distributed via a new channel.

The new channel is a malicious Windows App Installer that appears to be an innocuous Adobe PDF reader. Windows App Installer is a built-in feature of both Windows 10 and 11 and systems can be infected by "tricking" users to click attachments in emails which trigger the App Installer.

Emotet's preferred methodology revolves around a "conversation in progress" approach.  An email is crafted that already has several replies. So at a glance it appears that the recipient and whomever sent this email have already been conversing about something. The "most recent" reply says some variation of "please see attached" and contains a PDF file.

When the recipient clicks the file the built in App Installer is triggered and the malware is installed. Note that this completely bypasses most malware and cybersecurity measures because the recipient is making a conscious decision to open the file in question.

The campaign is amazingly well put together.  The attachment and subsequent prompts appear to be legitimate Adobe Acrobat components right down to sporting an official company icon and a certificate marking it as a trusted application. So there's no reason for a user to think that there's anything amiss unless they look more closely at the email containing the attachment.

That's exactly what the hackers are counting on.  They know that people are busy and may only give the body of the email a cursory glance before clicking to see what all the fuss was about.

As ever vigilance and mindfulness are the keys to avoiding these types of shenanigans. Many employers overlook employee training because they assume their employees are aware of how to look for spam in their emails.

SpartanTec, Inc. provides employee training and spam protection. Call us today before your network falls prey to malware. Activate your two free hours of IT support now.

People also ask
Is Emotet a virus?
Emotet is a computer malware program that was originally developed in the form of a banking Trojan. The goal was to access foreign devices and spy on sensitive private data. Emotet has been known to deceive basic antivirus programs and hide from them.
https://www.spartantec.com/2021/12/09/block-off-malware-from-computer/

Is Emotet a ransomware?
Emotet is a malware strain and a cybercrime operation believed to be based in Ukraine. The malware, also known as Heodo, was first detected in 2014 and deemed one of the most prevalent threats of the decade. Emotet is known for renting access to infected computers to ransomware operations, such as the Ryuk gang.

https://www.spartantec.com/2021/11/29/mistake-employees-cybersecurity/

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Business Continuity and Your Organization

Business Continuity, also known as Business Continuity Management (BCM), is a collection of procedures, processes, program design and supporting policies that are used to assist an organization in recovering from a disaster. It helps to ensure that a company can continue to function without interruption, no matter what the adverse circumstances. Business continuity is not something that can be implemented immediately after a disaster. To ensure that an organization is able to maintain service, consistency, recover from a disaster, business continuity must be planned and actively managed.

SpartanTec, Inc. is a business continuity platform that integrates and innovates. It ensures that all business functions are accessible to customers, employees, suppliers, and any other entities that may need them in the event of a disaster. We provide complete business continuity planning services as well as unique products that ensure that data and applications can be fully restored when there are problems.

Cloud Business Continuity - Data Backup and Recovery

SpartanTec, Inc. continuity service ensures that your business is always on the right track. In the event of a loss, data is immediately accessible and backed up. Reduce disruptions caused by faulty tape drives, disks or inconsistent backup management. Cloud Business Continuity secures backups and stores data over the Internet as well as locally. This provides disaster protection and fast restores. We can help you protect your data and keep your business running smoothly.

Data Backup Services include:

• Off-site data backups
• Local Data Backups
• Virtual Recovery Environments and Rapid Restores
• Automated Services
• Monitoring and Management
• Security and ease of deployment

Consulting in Disaster Planning

SpartanTec Inc. Data Recovery Services help you to protect your business data and minimize financial loss during outages. These are the steps to take when planning:

Evaluation and Consultation: SpartanTec can evaluate your company's system strengths and weaknesses, as well as potential threats and vulnerabilities, and help you identify areas of risk.

NexusTek will create a plan based on your evaluation.

Implementation and Testing: NexusTek will execute the plan and conduct ongoing validation and testing to ensure that your business continuity plans are able to adapt to changing company needs.

People often ask questions.

What is business continuity?

Business continuity plan. Disaster recovery is the process of restoring data, operating systems, files, software, and servers after a disaster. Business continuity, on the other hand, refers to how a business continues operations in the face of technological failure or outage.

https://www.spartantec.com/2021/08/13/effective-business-continuity-planning/

What's the difference between a business continuity and disaster recovery plan?

Business continuity is about keeping businesses operational in the face of a disaster. Disaster recovery, however, focuses more on recovering data access and IT infrastructure from a disaster. ... A disaster recovery plan helps organizations to recover from a disaster.

https://www.spartantec.com/services/business-continuity-planning/

What is a business continuity planner?

Create, maintain, and implement business continuity strategies and solutions. This includes risk assessments, business impacts analyses, strategy selection and documentation of business continuity.
https://www.spartantec.com/services/it-consulting/security/

Call now if you're interested in learning more about business continuity and how it can help your company.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

 

Large GoDaddy Data Breach Involves WordPress Customer Email Adresses

Are you a GoDaddy customer? Do you maintain a WordPress blog with the company? If so be advised that the company recently announced a data breach of their network. An as yet unidentified third party accessed GoDaddy's Managed WordPress hosting environment.

Based on the investigation to date the intrusion began on September 6, 2021. While taking advantage of a vulnerability the company was unaware of at the time the unknown cybersecurity attacker was able to gain access to a variety of information.

The information taken includes:

• The email addresses and customer numbers of more than 1 million Managed WordPress customers (both active and inactive)
• The original WordPress Administrative password that was set at the time of provisioning
• For active customers, the SFTP and database usernames and passwords
• And for some customers (exact number unknown at this time), the SSL private key

The company has retained the services of an independent third-party security firm to assist them with their investigation. That investigation is ongoing but the company has already reset the SFTP and database passwords for all impacted users. They are in the process of issuing and installing new certificates for customers who had their SSL private keys exposed.

The company is in the process of contacting all impacted users. If your email address was exposed, you will definitely want to keep a sharp eye out for phishing attacks targeting your email address.

As is the case any time an event like this occurs the company apologized and stressed that they take customer data security very seriously. No additional information is available at this time but bear in mind that the investigation is still ongoing.

It's unfortunate but not altogether unsurprising. A company as large as GoDaddy with millions of customers is an attractive target for almost any hacker. Stay vigilant out there. This won't be the last major breach we see this year.

Call SpartanTec, Inc. now if for more information about cybersecurity and our managed IT services.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Hackers Hit Wind Energy Provider With Ransomware

Vestas Wind Systems is one of the leaders in wind turbine manufacturing in North America with 40,000 MW currently installed and another 36,000 MW under service in both the US and Canada.

Recently the company published a data breach notification indicating that they had been the subject of a successful cyber attack which occurred on Friday, November 19th.

This forced them to shut down broad swaths of their network infrastructure to keep the attack from spreading. Although Vestas did not specify the exact nature of the attack based on their description it seems likely that the company fell victim to a ransomware attack.

Unfortunately this incident is almost certain to have serious downstream impacts. The company was already struggling with supply chain issues and the shutdown forced them to delay production. That is going to delay the completion of many of the projects Vestas has in the pipeline which will have further impacts as well. Although these are difficult to predict with any accuracy.

According to the latest information provided by the company both the issue itself and the investigation into it are ongoing and the company does not yet have a firm timeline for recovery. Vestas also confirmed that some of the company's data had been compromised and exfiltrated but did not provide any details as to the specifics of that information.

There have been a number of cyberattacks on critical infrastructure concerns as gangs of cybercriminals seek ever larger payouts. Given that the Vestas attack is very much in line with attacks earlier this year on Colonial Pipeline, Irelands Health Service Executive, and meat processing giant JBS.

If you do business with the company just be aware that their operations have been impacted and that the issue is ongoing so there are almost certain to be delays. Let us hope Vestas is able to resolve the matter quickly.

SpartanTec, Inc. now if you want more information about managed IT services and how they can help protect your information from cyberattacks.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Cybersecurity Mistake That Lets Cybercriminals Into Your Network

In the wake of unprecedented rates of digital crime, with the cost and frequency of data breaches constantly skyrocketing year after year, companies all over the world have been forced to scramble for solutions. There’s an arms race running behind the scenes of every piece of technology we use in business today, as cybersecurity companies shore up their clients’ defenses against increasingly sophisticated digital threats. Billions of dollars are now poured into batting away would-be intruders from the most precious assets on global networks: most of the money directed toward the software that keeps everything afloat, just out of reach of the bad guys. But even as each day brings a new technological apex for security solutions, data breaches continue. Despite the fact that the tools hackers use to make money are more or less the same as they were three years ago, nobody seems to question why companies are still being hacked at record levels. It’s easy to imagine a crack team of infamous hackers hammering away at a keyboard into the late hours of the night, feverishly computing the one piece of code that will break them into a system.

This may be the process behind the high-profile breaches you read about in the news each week, but in reality, most cybercrime takes much less effort. The average hack succeeds not because of overt vulnerabilities in the structure of business networks, but because of a mistake made by you or your employees. According to IBM’s X-Force Threat Intelligence Index, more than two-thirds of breaches arise from what they call “inadvertent insiders,” folks who accidentally left the network vulnerable from one action or another without even realizing it.

Most of the human error that becomes the root cause of catastrophe can be traced back to phishing. A criminal spends some time researching your organization, maybe learning a bit about an employee or two, and decides to masquerade as someone worthy of trust either within your team or from a company you contract with, or just a stock person offering something pretty much everybody wants. They mock up a somewhat convincing e-mail and send it off to 10 people within your business. Somebody clicks the included link without thinking, and there you go – you’ve got ransomware. If you haven’t backed up your data, you’re looking at a hefty fee to get everything back, if they even give it back at all.

In other cases, your team may actively duck around your previously implemented security measures or avoid the procedures you’ve put in place to keep the business safe. That can mean visiting unsavory websites, ignoring a vital security patch or another minor transgression. But when every mistake spells a potentially massive vulnerability, you can’t afford people who aren’t conducting business to the highest standards in cybersecurity Myrtle Beach.

Regardless of how it happens, most hacks occur because employees just don’t know better. Even in 2021, when cybercrime runs rampant and virtually everyone is constantly at risk on the Internet, most of us just aren’t well-versed in ways to protect ourselves, much less the companies we work for.

The good news is that this problem is pretty easy to prevent through education. To keep everyone abreast of the latest threats to their livelihood, it takes a thorough set of rules, guidelines and general savvy to steer them through the troubled waters of modern cyberspace.

Of course, this will take more than a 30-minute crash course in the break room one afternoon. It’ll take a concerted effort and dedicated resources. Luckily, we can help. With a trusted partner dedicated not only to keeping your organization protected from the latest digital threats, but to keeping your employees alert and ready to spot anything phishy, you drastically decrease the chances of your business becoming another statistic in the war on cybercrime. Work with us and secure the future of your company for the long haul.

Call SpartanTec, Inc. now if you need professional help in mitigating threats to your cybersecurity and expert training of your employees. We work with small and medium size companies in North and South Carolina.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Android Malware Named MasterFred Seeks User App Login Information

If you have an Android device be aware that there's a new strain of malware out there. Called MasterFred this new malware utilizes well-constructed fake login overlays in order to steal the login and credit card information for Twitter Instagram and Netflix users.

A sample of the code was submitted to VirusTotal in June of 2021 when the malware was first spotted in the wild.

Independent analyst Alberto Segura shared a second sample online a week ago with the note that the malware he sampled was used against Android users in Turkey and Poland.

Avast Threat Labs got their hands on the sample and discovered APIs provided by the built-in Android Accessibility Service were utilized to display the malicious overlays.

Avast Threat Lab had this to say about their research:

"By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter."

While not new or innovative it is a clever bit of code relying on elements native to the device under attack to help the malware accomplish its mission. That's not to say that MasterFred isn't innovative in other ways however. For instance it uses a dark web gateway called Onion.ws to deliver the login and credit card information it steals to its command and control server.

Note that briefly MasterFred was found on the Google Play store embedded in a legitimate app. That app was removed but given its presence there (however temporarily) it stands to reason that the hackers are also pushing their malware out to third party app vendor sites as well.

Stay vigilant. MasterFred certainly won't be the last threat we see this year.

Call SpartanTec, Inc. now for more details about cybersecurity and managed IT services.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Most Bait Phishing Attacks Target Gmail Accounts

A new report by Barracuda was recently published. It revealed that the vast majority of baiting email attacks conducted this year were done via G-mail accounts.

The firm surveyed 10,500 different organizations and found that more than a third (35 percent) of them received at least one bait attack email in September 2021 alone.

That's disturbing but perhaps it would be of benefit to back up a step. The term "Bait Attack" signifies a sub-class of phishing where hackers and scammers attempt to glean basic information about a particular person or organization. They then use that information for a more targeted attack in the future.

Bait Attacks and Email Security

Essentially it's a simple cyberattack where if it is successful it will lead to a more complex attack in the future. That would be an attack that's more likely to succeed given the earlier success.

Of significance is that these emails don't contain links that point to the outside world. They don't have attachments so there's nothing in the email that would raise any red flags. These messages sail right through even the most robust security systems because they're not harmful in any way. In fact sometimes they don't contain any text in the body at all.

The goal here is to illicit a response. So if there is text it will likely be simple, clear, and to the point. It could perhaps be even as simple as "Please confirm that this is indeed your email address."

If the recipient responds the sender learns a number of important details. These details include the fact that the email account is correct and active, that the recipient is at least somewhat likely to open unsolicited emails from unknown senders, and that the company's spam filter didn't block the email that was sent. From the perspective of a hacker that's a treasure trove of information.

As to why they have a preference for Gmail over other email providers that ultimately comes down to legitimacy. Google is a respected name. Hackers can leverage that respectability by using a Gmail account and often fly under the radar.

There's nothing specific to be done with this information beyond warning your employees to stay vigilant and resist the temptation to respond to unsolicited emails from unknown senders.

Call SpartanTec, Inc. now if you need more information on how you can protect your information from phishing and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston