Top 10 Brands That Phishing Attackers Use To Scam Users

Scammers delight in impersonating government agencies and well-known brands to lure email recipients into giving up their personal information. That information is then either exploited directly or sold to the highest bidder on the Dark Web.

Have you ever wondered which agencies, companies or brands are the most imitated by these attackers?

Whether you have or not it should come as no surprise that someone is tracking that.  Security firm Checkpoint is tracking it to be precise.

Quite often Microsoft tops the list but this year they've been dethroned by shipping company DHL. That may not be surprising given the realities of the pandemic and the rise in popularity of online shopping.

Here is the list of the top ten for this year from their report:

1. DHL (impersonated in 23 percent of all phishing attacks, globally)
2. Microsoft (20 percent)
3. WhatsApp (11 percent)
4. Google (10 percent)
5. LinkedIn (8 percent)
6. Amazon (4 percent)
7. FedEx (3 percent)
8. Roblox (3 percent)
9. Paypal (2 percent)
10. Apple (2 percent)

The specific lure used in each of these cases varies wildly.  For instance, when a scammer spoofs a shipping company the email is typically some variation of "we're trying to deliver a package to you but are having problems, press this button for more information."

While PayPal scams typically go the route of "Your account has been temporarily suspended.  Please click here to verify your information."

Microsoft and Google are commonly spoofed in various software giveaway schemes. Or in the case of Google some variation of "click here to claim your free Chromebook."

Now that you are armed with a list of the most often imitated brands you at least have a list of things to be on the lookout for.  The best defense is vigilance just like always.  If it sounds too good to be true it probably is and don't ever click on embedded links even if you think you know and trust the sender.

Call SpartanTec, Inc. now if you need help in protecting your business against cyberattacks.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New Malware Can Infect Linux, Mac, Or Windows Users

There's a new strain of malware called SysJoker to be mindful of. It's especially dangerous because it can target Windows, Mac or Linux systems.  That makes it an equal opportunity strain.

Researchers at Intezer are credited with discovering the malware in the wild in December of 2021 during an investigation of an attack on a Linux server.  The group was able to obtain samples of the virus for analysis and have concluded that SysJoker is a nasty piece of work indeed.

Written in C++, the malware strain is cunningly constructed to evade detection on all three Operating Systems.  In fact, it's so good at evading detection that none of the 57 antivirus programs the Intezer researchers tested were able to detect the presence of the malware.

SysJoker is harmless by itself but that is by design.  It is a first-stage dropper and its only job is to gain a foothold in a target network.

Once there it will sleep for two minutes before creating a new directory and then copy itself to that directory all while disguised as an Intel Graphics Common User Interface Service ("igfxCUIService.exe").

According to the Intezer report, this is what happens next:

"...SysJoker will gather information about the machine using Living off the Land (LOtL) commands. SysJoker uses different temporary text files to log the results of the commands," explains Intezer's report.

These text files are deleted immediately, stored in a JSON object and then encoded and written to a file named "microsoft_Windows.dll"."

When that is done, the malware creates persistence by adding a new registry key (HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun). Random sleep times are interposed between all functions leading to this point.

Finally, it will reach out to the actor-controlled command and control server using a hardcoded Google Drive link.  Once that connection has been established, the hackers can install whatever payload they wish onto the infected system.

None of the major AV programs can detect SysJoker at present. Given that it can infect Windows, Mac and Linux systems, this is one to keep a watchful eye out for.

Call SpartanTec, Inc. now if you need help in protecting your business against malware and other types of online threats. Our team of IT experts are always ready to assist you.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Some Basic Computer Security Tips To Help You Protect Yourself

Computer security is often viewed as too complicated and technical by many people. It is actually quite simple if you look closely at the important points. How can you safeguard yourself? Continue reading.

These are some computer security tips you should know

Allow automatic updates

Every software that you use today is subject to different security problems. These issues are continuously being discovered, regardless of whether you're using Internet Explorer, Google Chrome or Mozilla Firefox, Windows, Microsoft Office or Windows. Many operating systems and programs today have automatic updates that fill in these security gaps. To update software, you don't need to click or download anything. It will update itself automatically in the background, without you having to do anything. Some people may choose to disable this feature. You might not like Windows automatically restarting after installing an update or simply don't want it. It is important to ensure that automatic updates are enabled if you want to protect your computer.

Anti-Virus and anti-Malware software should be used

Anti-virus software claims to be the best every few years. Some experts claim that anti-virus software is obsolete and not necessary. It is important to remember that you still need anti-virus software, even if your computer use is cautious. Windows Defender is fine, but you can also use similar software. Ask SpartanTec which anti-virus solution is right for you.

Automate Passwords with Better Security

Everyone knows passwords are important. However, many people ignore them. Use different passwords for each account. Hackers are all around and you could give someone access to your accounts if you use the exact same passwords. You should also use long passwords. LastPass is a good password manager.

Never leave your phone or computer unattended

Although this is a simple warning, it deserves to be noted. You should never leave your smartphone or computer unattended, especially when you're in public. There is a high chance that your device will be stolen if you do. If it is stolen, the person who took it will have access your personal information.

Find out which links to click in emails

This is something you may have heard a lot about. Never open email from unknown sources. Emails that appear legitimate may contain malicious links. Phishing is the term used to describe this. Do not click on any links in email, especially those that point to sensitive sites such as your bank's website. Even if the link was sent by friends, make sure you carefully examine it before clicking.

Take care when downloading and running programs

Computer security in Myrtle Beach is important. Be careful about what programs you download and run. Only use trusted and well-respected programs or those recommended by respected websites.

SpartanTec Inc. can help you to ensure that your computer, phone and network are safe from all possible and current threats.

SpartanTec Inc.
Myrtle Beach, SC 29577
843-418-4792
https://www.spartantec.com/

Purple Fox Trojan Delivering Malware Via Popular Messaging App

A research team from Minerva Labs are working in conjunction with the MalwareHunterTeam.

They have recently been tracking a Trojan called Purple Fox and have published a warning about it.

The group behind the Trojan is now distributing their malicious code disguised as a Telegram installation file.

If you're not familiar with that name Telegram is one of several online messaging apps available on the web. The Trojan has been around since at least 2018 and the hackers who control it have tried a number of different ways to get their malicious code onto unsuspecting desktops.

The use of Telegram as a masking agent is new and the group is also now breaking their malware up into several small files. That makes it less likely to be detected and the researchers have been able to confirm it.  They found few AV engines capable of detecting a Purple Fox installation and it is worrisome indeed.

The team behind Purple Fox isn't resting on their achievements either.  They have been steadily adding features and functionality to their code. These new features include a new .net backdoor dubbed "Fox Socket" spotted by Trend Micro in October of last year (2021) and Guardicore Labs discovered a version of the code with wormlike capabilities which allowed the variant to spread with blinding speed.

In addition to that, the malware comes in both 32-bit and 64-bit variants so this one is not to be underestimated.  Purple Fox may wind up being one of the biggest threats on the landscape in 2022.

Of course, it's early days yet and we haven't seen what other nasty surprises that the hackers of the world have been cooking up over the holiday season, but the bottom line is that Purple Fox is one to watch.

Call SpartanTec, Inc. now for more information about effective cybersecurity measures for your business.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

FTC Enforcing That Businesses Patch Log4j Java Security Issue

By now you're almost certainly aware of the Log4j Java issue.

It's a serious and fixable flaw relating to java logging.

Recently the United States Federal Trade Commission (FTC) has issued a chilling warning to anyone who hasn't yet fixed the flaw and protected against the vulnerability.

The FTC's statement reads in part as follows:

"The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. 

Failure to identify and patch instances of this software may violate the FTC Act.

The Log4j vulnerability is part of a broader set of structural issues.  It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. 

These projects are often created and maintained by volunteers, who don't always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.

This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security."

The FTC has already made it clear that they're not playing around with this issue either.  Not long ago in 2019, they hit Equifax with a staggering $700 million fine because of customer data exposure.

The FTC clearly has the muscle to make this threat stick. So if you haven't already installed the remedy for Long4j, do it now before you lose track of it. Keep an ear to the ground for other similar issues.

Fines of the sort that the FTC is threatening are enough to rock any business back on its heels. So don't take any chances.  Stay vigilant out there.  It's going to be an interesting year.

Call SpartanTec, Inc. now if you need professional IT support in keeping your information safe against cybersecurity issues and online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New Data Breach Hits US Cellular Company

It's the dawning of a new year and the hackers of the world have been busy.  This time it's US Cellular caught in the crosshairs.

The company recently reported that their billing system was hacked and they sent breach notification letters to more than four hundred impacted individuals.

US Cellular is the fourth largest carrier in the United States.  Only 405 of the company's customers seem to have been affected which makes this attack quite small in terms of scope and scale.  That's small consolation if you're one of the unlucky US Cellular customers to have received a notification in the mail.

The company had this to say about the incident:

"On December 13, 2021, UScellular detected a data security incident in which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information.

Information in customer accounts include name, address, PIN code and cellular telephone number(s) as well as information about wireless services including service plan, usage and billing statements.

Sensitive personal information, such as Social Security number and credit card information, is masked within the CRM system. At this time, we have no indication that there has been unauthorized access to your UScellular online user account."

If you haven't received a notification in the mail from US Cellular then it's  most likely that your account record was not compromised. Out of an abundance of caution, you may want to reset your account password and be on the lookout for suspicious emails targeting you. Now you may be more likely to be on the receiving end of phishing emails for a time.

Kudos to US Cellular for their rapid response.  Sadly we'll probably be seeing a lot more of this kind of thing in the year ahead.

Call SpartanTec, Inc. now if you need professional help in protecting your data against hackers and cybersecurity threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

This New Malware Steals Passwords From Popular Browsers

A new threat has appeared on the horizon. Even if the name is not familiar to you this malware strain is bad news indeed.

Called RedLine it is an information-stealing malware that specifically targets popular web browsers including Opera, Microsoft's Edge browser, and Chrome.

Unfortunately, many people have come to rely on their trusty web browser to store and remember their passwords for them. RedLine takes advantage of this and the group behind the code has found a way to crack the browser open and grab the passwords stored within.

Even worse is that RedLine isn't just isolated to a single gang or group of cyber criminals.  Instead, it is being offered as a commodity on the Dark Web. That means anybody with about $200 USD can buy a copy and start harvesting the credentials of anyone they infect.

While it is true that passwords stored inside web browsers are encrypted, RedLine can programmatically decrypt those passwords if they are logged in as the same user which is very much the case here.  RedLine runs as the user who was infected which means that all of their passwords are open to the person controlling the malware.

Although it is highly convenient the bottom line is that it's dangerous to have all of your passwords stored inside your web browser.  If you insist on going that route, then your best bet by far is to enable two-factor authentication on every website you visit frequently that offers it. That is so at least if your passwords are compromised the hackers who gain access to the information still can't easily access your accounts.

Given how RedLine is being marketed on the Dark Web we can expect to see a surge in cyberattacks using the malware in the months ahead.  It's going to get a lot worse before it starts getting any better.

Call SpartanTec, Inc. now if you need the help of IT professionals in protecting your business against cybersecurity threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston