New Dangerous Android Malware Is Infecting Millions

Researchers from Zimperium zLabs have detected a nasty, dangerous, global malware campaign that has managed to infect more than 10 million Android devices from around the world in more than 70 different countries.

As with most malware campaigns this one relies on social engineering to spread.

The first stage of the cyberthreat or infection process is that the hackers have to get their malicious apps past the gatekeepers of the Google Play Store and other third-party app vendors.

This part is purely a numbers game but the hackers behind Grifthorse are pretty good at it. Grifthorse code has been found in more than 200 apps on the Play Store alone.

Once the poisoned apps are in position the next goal is to trick users into subscribing to paid services without their knowledge. So far the campaign has managed to steal hundreds of millions of dollars from their victims. Even worse is that in many cases users are unwittingly signed up for recurring payments that can add up quickly unless the cyberattack victims are watching their accounts closely.

Zimperium's researchers had this to say about the malware strain:

"Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and the total amount stolen could be well into the hundreds of millions of Euros.

...one of their first victims, if they have not shut off the scam, has lost more than €200 at the time of writing. The cumulative loss of the victims adds up to a massive profit for the cybercriminal group," the researcher explained.

The numerical stats reveal that more than 10 million Android users fell victim to this campaign globally, suffering financial losses while the threat group grew wealthier and motivated with time."

Don't take the Grifthorse threat lightly and if you even suspect an infection monitor your accounts closely.

Call SpartanTec, Inc. now if you need help in protecting your company against malware and other cyberthreats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Used with permission from Article Aggregator

Zero Day Bug Found In MacOS

A new Zero Day vulnerability in macOS has been discovered. The flaw impacts all macOS versions up to the latest release Big Sur. The bug was found by Park Minchan an independent security researcher and is tied to the way that macOS processes inteloc files. The processing methodology allows an attacker to embed malicious commands which the system will execute without any warnings or prompts visible to the user of the targeted machine.

Interloc is short for "internet location files" and have the extension "*.interloc"

A recently published SSD Secure Disclosure advisory had this to say about the newly discovered flaw:

"A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands. These files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user."

In this particular instance Apple botched the fix quietly patching the issue without assigning it a CVE identification number.

Unfortunately the fix was only partial and at present the bug can still be exploited in some instances as described below:

"Newer versions of macOS (from Big Sur) have blocked the file:// prefix (in the com.apple.generic-internet-location) however they did a case matching causing File:// or fIle:// to bypass the check. We have notified Apple that FiLe:// (just mangling the value) doesn't appear to be blocked, but have not received any response from them since the report has been made. As far as we know, at the moment, the vulnerability has not been patched."

Park Minchan developed a proof of concept that demonstrates how the bug could be exploited but to date no cybersecurity threat actors have been discovered exploiting the flaw in the wild. It is just a matter of time however. A flaw like this represents a serious weakness in the security of the OS.

Be aware that the easiest way to exploit the bug is via malicious links embedded in emails so make sure your employees are aware of the risks.

Call SpartanTec, Inc. now and let our team help your company by coming up with strategies that will keep online threats at bay.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Recent Study Shows Alarming Insights On People And Passwords

A new study recently published by the digital identity firm Beyond Identity contains a number of surprises relating to passwords and password security. This is information that IT support professionals and small or medium-sized business owners should be aware of.

While it is not a rigorous and scientific study the results of the company's survey are beyond surprising.

Cyberseurity Here's a quick overview:

First fully one in ten people surveyed felt confident that they could guess a co-worker's password by browsing through their social media accounts. Second and nearly as surprising is the fact that just over half of those surveyed (50.1 percent) share at least some of their passwords with others with video streaming accounts leading the pack here.

Nearly as many people (44.9 percent) share passwords to their music streaming platforms. The thing that is somewhat disturbing about this is that more than one in four of those surveyed (25.7 percent) share their banking passwords.

A surprising percentage of people (22 percent) try at least occasionally to guess a co-worker's password. Nearly as many people (19.9 percent) try to guess their boss' password.

When these attempts are made 39.2 percent of the time the person attempting the guess uses personal information they know about the person. In addition 18.4 percent of the time the person attempting to guess will check the other person's social media pages and use the information there to inform their password guesses.

43.7 percent of these attempts are made to try and get into the target's email system while 32.6 percent are attempting to guess phone passwords.

We find these statistics to be as stunning as they are illuminating and they serve to highlight areas of weaknesses that likely exist in your own organization.

The good news is that there are a number of easy cybersecurity things you can do to better secure your passwords including the use of two-factor authentication and strong password generation apps,. You should absolutely take steps like these because as this report shows your passwords probably aren't nearly as secure as you imagine them to be.

Call SpartanTec, Inc. now if you need the help of IT support experts in dealing with online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Ransomware Attackers Look For Unpatched Systems To Exploit

Not long ago Microsoft patched a critical MSHTML remote code execution security flaw being tracked as CVE-2021-40444.

Beginning on August 18th of this year (2021) the company spotted hackers exploiting this flaw in the wild. So far there have been fewer than ten attacks made that exploit this flaw but it's inevitable that the number will increase.

So far all of the attacks that have been tracked exploiting this flaw have relied on maliciously crafted Word documents and all have resulted in the installation of Cobalt Strike Beacon loaders.

Beacons deployed on at least one of the networks that were attacks communicated with infrastructure connected with a number of cyber crime campaigns. Those include the ones that utilize human-operated ransomware.

Microsoft Notices A Spike in Ransomware Attacks

At least two of the other attacks tracked to date have delivered Trickbot and BazaLoader payloads. Microsoft observed a huge spike in exploitation attempts from multiple threat actors including some affiliated with ransomware-as-a-service operations.

Microsoft is continuing to monitor the situation but the bottom line is simply this: This flaw has been patched. Researchers connected with Bleeping Computer have independently verified that the exploit no longer works after applying the September 2021 security patch.

Hackers around the world are actively scanning for unpatched systems in order to exploit the vulnerability. If your system is vulnerable then your risk in this instance is extreme. The best course of action is to patch your way out of danger at your earliest opportunity.

If for any reason you are unable to apply the patch be aware that Microsoft has published a viable workaround that includes disabling ActiveX controls via Group Policy and preview in Windows Explorer.

Kudos to Microsoft for addressing the issue and for coming up with a workaround for those who are unable to patch their way to safety.

Call SpartanTec, Inc. now if you need help in protecting your business against ransomware and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Used with permission from Article Aggregator

Report Finds One Third Of Suspicious Emails Are Threats

Employee cybersecurity training is paying off according to a report recently released by IT security company F-Secure.

 

Researchers from F-Secure analyzed more than 200,000 emails that had been flagged as suspicious by employees working for organizations around the world. They discovered that more than one third of those emails could be classified as phishing.

 

Phishing is an extremely common technique hackers use to gain important information about specific individuals. In some cases they even gain access to a system that the hackers are targeting. For example hackers may employ phishing techniques to impersonate a vendor company that another company does business with. Perhaps they attach a poisoned Word or Excel document that appears to be an invoice.

 

If the recipient enables macros to view the document, it will install malware onto the recipient's computer. That will allow the hackers to spy on the user and attack other machines on the network. It's one of the most common tactics employed by hackers around the world with phishing attacks accounting for fully half of all infection attempts in 2020.

 

Even with a relatively low success rate there are so many phishing attacks made over the course of any given year that it adds up to a staggering number of successes. That is why hackers rely so heavily on the technique.

 

F-Secure's Director of Consulting had this to say about the recently published study:

 

"You often hear that people are security's weak link. That's very cynical and doesn't consider the benefits of using a company's workforce as a first line of defense. Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results."

 

Naude makes an excellent point. Kudos to the company for conducting the analysis and to all the employees who submitted suspicious emails for a closer look.

 

Call SpartanTec, Inc. now if you need help in protecting your accounts and network from phishing and other types of online attacks.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Used with permission from Article Aggregator

 

Hackers Behind REvil Ransomware Are Back Online

Not long after successfully attacking Kaseya the band of cyber criminals behind the REvil ransomware strain went dark. Their "Happy Blog" mysteriously went offline.

It is not known if the group went into hiding as a safety precaution after their attack drew worldwide condemnation. It could have been as a result of action by law enforcement agencies. The truth is not currently known.

Many credit Presidents Biden and Putin because the group went silent not long after the two leaders spoke. Biden pressed the Russian leader about ransomware attacks that originated from Russian soil.

Kaseya is a global IT support solutions company based in Ireland. The REvil attack impacted thousands of end users in more than a thousand small to medium-sized companies that Kaseya serves. Whatever drove the hacking group offline temporarily the pressure seems to have faded. The group has returned. Security researchers from both Emsisoft and Recorded Future have confirmed that most of the gang's infrastructure is back in operation.

Ransomware expert Allan Liska had this to say about the group:

"Things definitely got hot for them for a while, so they needed to let law enforcement cool down. The problem (for them) is, if this is really the same group, using the same infrastructure, they didn't really buy themselves any distance from law enforcement or researchers, which is going to put them right back in the crosshairs of literally every law enforcement group in the world (except Russia's).

I'll also add that I've checked all of the usual code repositories, like VirusTotal and Malware Bazaar, and I have not seen any new samples posted yet. So, if they have launched any new ransomware attacks, there haven't been many of them."

BlackFog's CEO Darren Williams added that he's not surprised that the group resurfaced. REvil is one of the most successful ransomware variants of 2021. With so much demand from hackers around the world it would have been virtually impossible for the group to remain hidden and offline. REvil is back and it is just a matter of time before REvil attacks begin anew.

Call SpartanTec, Inc. now if you want your data and network protected against ransomware and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Hackers Are Using Windows 11 Curiosity To Load Malware

Millions of people around the world are understandably curious about Windows 11. It's easy to understand why. A new OS offered by the company that makes the most widely OS used on the planet is a big deal.

Unfortunately, hackers are well aware of this and are currently using that curiosity as a means of of cyberattacks spreading malicious software to unsuspecting victims.

Cybersecurity researchers have found evidence suggesting that the notorious "FIN7" cyber gang is responsible for the latest campaign which started in late June of this year (2021). That coincided with Microsoft's early announcements about the release of Windows 11.

The current campaign seems to have concluded in late July. All expectations are that a new campaign will begin the next time Microsoft makes another major announcement about their new OS.

The hacking group used tried and true social engineering tactics creating a poisoned Word document filled with Windows 11 logos and imagery to pique a reader's curiosity and for data breaches. If this poisoned document is opened readers will get a message saying that the advanced features of the document cannot be accessed unless macros are enabled. Naturally if the reader opts to enable macros this is the mechanism by which the malware payload is delivered.

It's a vicious campaign designed to prey on people's natural curiosity about something that's almost certain to have a significant impact on them. Given that we can expect to see more of these types of campaigns as Microsoft moves closer to the Windows 11 launch date.

If you get an email (regardless of who it is from) and that message asks you to download something or enable macros, just say no. Few if any reputable companies require such things to view their content and these are almost always signs that someone is trying to scam or hack you.

Call SpartanTec, Inc. now and let our team of IT experts come up with the best cybersecurity strategy to protect your computers and network from online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence