Tuesday, December 17, 2019

New Malware Can Spy On You In Scary Ways

There's a new strain of malware in the wild. It is targeting Android devices and disguised as an innocuous chat app.

Researchers at Trend Micro have discovered it in two different apps so far:  Chatrious and the Apex App.  Chatrious has since vanished from Google's Play Store, but at the time this piece was written, the Apex App is still available for download.

If you have either of these, you should delete them immediately.

In both strains unearthed so far, when a user downloads the app and launches it, the program will quietly connect to a command and control server. It will then begin rooting around in the device the app is installed on, collecting contact lists, text messages, call logs and any files stored locally on the device.

In addition to that, the malware can activate the device's microphone to create audio recordings to be sent to the command and control server, and it is capable of taking screenshots of anything displayed on the device.

The app has only been found on the Play Store at this point. However, an analysis of the code reveals that the person or group behind it has already built in hooks that would make it capable of attacking iOS and Windows-based machines. The researchers fear that this malware is in an early stage of development.  What they found in the code points to this being the leading edge of a much larger and more widespread attack.

In addition to its being a potentially devastating piece of malware, the researchers indicated that this code would be perfect for conducting highly advanced cyberespionage campaigns. That is, given that high ranking corporate and government employees have such a wealth of information on their phones and almost always keep them close at hand.  The ability to make recordings of things going on in the immediate vicinity of the infected device could lead to no end of trouble.

In any case, if you have either of the apps mentioned above installed on your phone, delete them immediately.  Trend Micro has promised further updates about this latest malware threat as they get them.

Amp up your cybersecurity measures with the help of SpartanTec, Inc. in Wilmington. Call us now and let our team develop the most suitable IT security strategy for your company.


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255


Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro

Monday, November 25, 2019

Cyber Security - Be Careful As You Travel This Week

Public Chargers Can Expose Your Device To Hacking And Malware

On paper, it seems like a lovely idea to use a public charger.

Airports, hotels, and other high traffic areas have begun to increasingly offer public USB power charging stations to give people a convenient means of recharging their favorite devices.

Unfortunately, things are not working out quite according to plan.

Naturally, hackers around the world have taken note, and regard such easily accessed terminals as juicy targets and low hanging fruit.  According to a security alert published by the Los Angeles District Attorney's office, many of these stations have been compromised, and using them could expose you to malware.  This type of attack even has its own name:  Juice Jacking.

In recent years, several proofs-of-concept have been created that demonstrate how these charging stations can be taken over by hackers and used to distribute malware to anyone foolish enough to plug into them.  Of these, the worst of the lot was proudly displayed at the 2013 Black Hat security conference. In that case, it was a malicious charger that could deploy malware on any iOS device.
Just a handful of years later, in 2016, Samy Kamkar raised the bar with an Arduino-based device he dubbed "KeySweeper." By all outward appearances, it was just a USB wall charger. However, it wirelessly and passively sniffed, decrypted, logged, and reported back all keystrokes from any Microsoft wireless keyboard in its vicinity.

While these two were the most prominent examples of the kinds of havoc hackers can cause on this front, there are many others.  To try and get a handle on the problem, the LA District Attorney's Office issued a security bulletin that recommended the following tips to all travelers:
  • Use AC power outlets only, not USB charging stations
  • Take AC and car chargers with you when traveling because you know and trust them
  • Consider buying a portable charger for emergency use
Good advice.  If you're a frequent traveler, these tips are well worth incorporating into your travel preparation plans.

SpartanTec, Inc. wishes all of our readers a happy and safe travel weekend. Share this post on social media with you friends so all of us can keep our data safe and private.

We provide Dark Web Monitoring report which we can run for your company during the holidays. Complete the form on this page https://www.spartantec.com/darkweb for the free service.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255



Tuesday, November 19, 2019

Racoon Stealer Malware Is New One To Watch For

There is a new form of malware that you and your staff need to be aware of. That's because it's gaining in popularity among cyber criminals around the world.  Known as 'Racoon Stealer,' it is noteworthy not for its complexity but rather, for its extreme ease of use.  Worse, the malware's designers have been marketing it aggressively both inside and out of the Dark Web, which is driving rampant adoption rates.

Racoon Stealer was first spotted in the wild in April of 2019.  It's a Trojan virus that's relatively simple in its construction, but quite adept at collecting password information and sending it back to whomever launched it.

The Senior Director of Threat Hunting at Cybereason, Assaf Dahan, had this to say about the emerging threat:

"Raccoon, like other information stealers, poses significant risks to individuals and organizations alike.  Any malware that is designed to steal passwords and personal information from browsers and mail clients could potentially inflict great damage to its victims.

The stolen data is being sold to the highest bidder in the underground community and can be used in many ways--from identity theft, financial theft or even as an entry vector to penetrate an organization and in order to carry out a larger attack."

In addition to the general hype created by the marketing campaign, the group behind Raccoon provides its criminal user base with more tools. These include an easy-to-use backend, hosting, and dedicated 'round the clock support, all for $200 a month.  The data that this little piece of code can obtain can easily generate high amounts of income for the hacker. That makes it a fantastic investment for the criminal underground, which explains the malware's explosive growth and spread.

In any case, be sure your IT staff is aware, and be on your guard.  It looks like Raccoon is here to stay.

Keep your passwords, personal and company information secure from all kinds of online threats. Call SpartanTec, Inc. in Wilmington and let our team help set up the most effective strategy to improve your cybersecurity. 



SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, November 11, 2019

Discord Users Be Careful Of Malware And Information Theft

Do you use the Discord chat service?

If so, be advised that malware developers have been using the service to not only host various types of malware, but also to use it as a command and control server.

In addition, they are abusing the chat client to force it to perform a variety of malicious behavior.
Unfortunately, this is not a new problem.  Anyone familiar with the chat service knows that it has a long history of being abused.  Although designed primarily as a chat service, Discord also allows its members to use a chat channel where other users can download them.

Users can even right click on a hosted file to get a sharable download link. This is, in practice, one of the ways that hackers are abusing the system.  Of significance, these sharable links work even for non-Discord users, which gives malicious actors a convenient place to stash harmful files to be spread far and wide via email campaigns.

Even more interesting is the fact that the uploader can delete the file inside Discord itself, but the URL can still be used to download it.  This means that although the chat service gives the outward appearance of deleting the file, it still exists on the server. That gives malware developers an incredibly convenient, completely anonymous method of hosting their files.

In addition to that, Discord contains a feature called 'Webhooks' that allow third-party applications or websites to send messages to a Discord channel.  When a user creases a Webhook, the server owner will be given a special URL that is used with the Discord API to send messages to a specified channel.  In this case though, if a user has been previously infected by a hacker's malware, this service can be used to exfil collected data directly to the attacker.

All this to say, if you use Discord, beware.  To say that the chat service has problems is an
understatement.

Call SpartanTec, Inc. in Wilmington and let our team set up layers of protection for your computers and networks. 


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Tuesday, October 29, 2019

RobbinHood Ransomware Another Reason To Back Up Your Systems


The creators of the dreaded 'Robbinhood' ransomware strain are putting their reputation to work for them.  The hackers have recently modified their ransom note in a couple of important ways.

First and foremost, they stress that there's no public decryption tool currently available to recover files encrypted by RobbinHood and that they are monitoring the situation to make sure that the company impacted by the malware does not contact law enforcement.  Any attempt to do so "will damage your files," the warning reads.

Those two recent additions are bad enough on their own, but the hackers took an additional step. They are now directing victims to a web search highlighting an incident that occurred in Greenville North Carolina and another that impacted servers in the city of Baltimore.

Robbinhood was used in both attacks, and while the ransoms demanded in both cases weren't excessive (less than $100,000 initially demanded), the aftershocks arising from those attacks wound up costing the city millions.  In fact, according to CBS Baltimore, the city "put more than $18 million into the attack."

Clearly, the recent changes to the ransom note used by the attackers is aimed at convincing those impacted by their malware to pay up and keep quiet.  How well that will ultimately work remains to be seen, but at this point, the hackers are correct.  There is no public decryption tool.

What they don't mention, of course, is the fact paying the ransom isn't the only way to recover encrypted files.  If your company is in the habit of making good, complete backups at regular intervals, then a ransomware attack doesn't have to be devastating.  With a proper, timely response, it could be little more than an inconvenience.  Naturally, the hackers don't want to draw attention to this, but it is something you and your IT staff should keep very much in mind.

Call SpartanTec Inc. in Wilmington now and let our team set up a business continuity strategy that's suitable for your business needs. We offer reliable data backup and computer hard drive backup services, which can help lessen the effects of ransomware attacks like RobbinHood on your business. 


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Sunday, October 20, 2019

Ransomware Sets Sights On Healthcare Organizations

A string of hospitals in both the US and Australia have come under attack by hackers in recent weeks. They have been targeted by ransomware attacks that have effectively shut a number of them down.  As of the time this article was written, the Northport Medical center, Fayette Medical Center, and DCH Regional Medical Center in Alabama have only limited access to their computing systems.

A spokesman for the hospitals had this to say about the attack:

"The three hospitals of the DCH Health System have experienced a ransomware attack.  A criminal is limiting our ability to use our computer systems in exchange for an as-yet-unknown payment. That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical center are closed to all but the most critical new patients.  Our staff is caring for the patients who are currently in the hospital and we have no plans to transfer current patients. Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records."

The situation is hardly better in Australia, where a total of seven hospitals were impacted.

A spokesman for the hospitals in Australia had this to say:

"The cyber incident, which was uncovered on Monday, has blocked access to several systems by the infiltration of ransomware, including financial management...Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection."

Like the American hospitals, the infected Australian hospitals have lost access to their patient records, booking and management systems and have fallen back to keeping manual records to maintain some level of functionality.

This is a serious, coordinated attack and is no doubt a harbinger of things to come.  Lives are very definitely at risk and unfortunately, as the hackers refine their approach, their attacks are only going to get more devastating.  Dark times.

Hackers are becoming more clever and strategic when it comes to infiltrating the devices and networks of their victims. Don't fall prey to them. Protect your devices and your personal or business information. Call SpartanTec, Inc. in Wilmington and let our IT consulting team help you.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, October 14, 2019

Browser Update Warnings May Actually Be Malicious Hackers

Researchers at FireEye have recently unearthed a particularly nasty new campaign that is both multi-faceted and dangerous. At the heart of the attack are hacked websites which display seemingly innocuous popup message informing the site visitor that their browser is out of date. It will helpfully provide a one-touch solution to the non-existen21t problem via a button that promises to download the latest version of the browser in question.

Naturally, it does no such thing.  Instead, it uses a series of JavaScripts to gather information about the target computer and send the details back to the command and control server.

The server then responds to the findings reported by the initial script by uploading the initial payload.  This varies based on the details gleaned, but generally includes some type of banking trojan malware and a backdoor such as Dridex, NetSupport Manager RAT, or similar.  If the initial scan reveals that the target computer is part of a corporate network, then an additional payload is also injected onto the target machine, but we'll get to that in a moment.

The first part of the payload will busily ferret out login credentials and other sensitive information, exfiltrating any files of value back to the command and control server.

Only when this operation has been completed and if the computer is part of a corporate network will the second stage we referenced earlier trigger, which is a strain of ransomware, normally BitPaymer or DoppelPaymer. The ransomware spreads through the network as far as it is able, encrypting files network wide.

These two ransomware strains are known for their hefty ransom demands, which often run into the hundreds of thousands, or even millions of dollars.

This multi-stage approach is dreadfully effective.  It not only allows the hackers to squeeze a wide range of sensitive data from infected systems, but then, locks them down hard and demands a hefty payment.  Be sure your staff is aware.  This one's about as dangerous as they come.

Hackers are becoming more clever these days. They have found several other ways to get into the computers of their victims. Fortunately, there are ways to keep your computer and network safe. Call SpartanTec, Inc. in Wilmington and let our team set up security protocols to keep your personal or business information safe and protected against various kinds of online threats. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Friday, October 11, 2019

The Importance Of Cybersecurity

Why did cybersecurity become so important all of a sudden? Before, it was just something that tech savvy people worry about. In the corporate world, it was a task that was left to the IT department. Other believed that as long as their firewalls, anti-virus software, and encryption tools were set up and working, they could simply hand over their IT security to professionals and  concentrate on running their business.

Now, you are most likely aware that cybersecurity is not something that you can ignore. Unless you totally conceal yourself from the world’s media, you should know that hacks as well as data breaches always affect firms of different sizes. Usually, these incidents are massive enough to make the news, which causes irreparable damage to the firms involved. 

What Has Changed?

Basically, we are living in a much more technically advanced world than a decade ago. In case you need more convincing, think about the fact that the iPad has just been around since 2010 and the iPhone came out a few years before that. Meanwhile, the broadband speeds increased five times over the last decade, which made it possible for individuals and businesses to do much more online.

One good example of the change that this has facilitated is the emergence of document sharing, email that is available on each device, as well as databases accessible from almost everywhere. As the years go by, enterprises have boosted their deployment of business critical applications in the cloud, given that Amazon’s Elastic Compute Cloud was only introduced in 2006.

Improve Your Cybersecurity

Given all these, you should now know the importance of cyber security. What can you do to stand up against this growing threat? Here are a few ideas you need to consider.

Stay Informed

It is no longer fair or realistic enough to expect your IT department to eradicate every IT security risk. Several contemporary cyber security threats come from social engineering, exploits to the browsers, user mistakes, as well as other things that the tech teams could only do so much to protect you from.
Cybersecurity is something that everybody needs to pay attention to, and a large number of incidents are because of people disregarding mainstream advice not to click on suspicious links and securing their passwords.

Do More Than Just Install Anti-Virus

Anti-virus software is an integral part of the IT security methods that you need to have. But relying on that alone is not enough to protect you from today’s online threats. Technical teams require several other tools, solutions, and resources, and a few of them are quite costly. But, they are less likely to be as expensive as the price of clearing up after an online breach.

Get Insured

The sector that offers cyber insurance has boomed over the years and it is now something that firms of all sizes need to consider. Cybersecurity insurance is not just about protecting against the financial risk. In case your company gets hit by a breach, there will be a lot of damage that needs to be contained, and you might need the help of a team of IT experts as well as damage limitation specialists that your insurer could provide.

Don't wait for a security breach to happen. Find yourself a reliable team of IT experts who can help you set up safety protocols to improve your cybersecurity. 



SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, October 7, 2019

DoorDash Leaks Personal Data Of Users And Drivers

Another week, another high-profile data breach.

This time, DoorDash confirmed on a recent blog post that data on nearly five million of its users had been accessed by an unauthorized (and at this point unknown) third party. According to information released by the company, the breach occurred on May the 4th, 2019.

The unknown parties accessed information on the company's drivers, merchants and customers who joined DoorDash on or before April 5th, 2018.

The data taken by the unknown attackers includes:  names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords.  The only silver lining in that is the last item. It will require significant effort on the part of the hackers to decrypt the passwords and make use of them.  Even so, with so much personal information, including physical addresses, the hackers have more than enough data to steal identities.

Part of the company's formal statement into the matter reads as follows:

"We deeply regret the frustration and inconvenience that this may cause you.  Every member of the DoorDash community is important to us and we want to assure you that we value your security and privacy."

While the response isn't a bad one, and the company didn't make any major missteps in the immediate aftermath of the breach, it's all starting to feel very canned at this point.  Most companies say the same thing, and yet, these kinds of events keep happening.

Sooner or later, the platitudes aren't going to be enough to assuage the very real concerns of consumers who are becoming increasingly fed up with seeing companies they trust lose control of their data.  Once a certain threshold has been reached, there's bound to be a backlash.  We're not there, but the frustration and anger are growing, and rightly so.

Call SpartanTec, Inc. in Wilmington now. We will help protect your business from potential online breach that would not only put your company information at risk but that of your clients' as well. Our IT experts will set in place the appropriate and effective online security measures to keep your company safe from online attacks.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, September 30, 2019

Intel Server Processors Are Vulnerable To Attack


Researchers at Vrije Universiteit, in Amsterdam have discovered a disturbing new side-channel attack. All Intel server-grade processors made since 2012 are vulnerable to what has been dubbed NetCAT.

That stands for Network Cache Attack and it exploits a weakness in Intel's Data Direct I/O (DDIO) feature.

DDIO is specific to Intel's server-grade processors and is enabled by default on the Intel Xeon E5, E7 and SP families from 2012 onwards.  The idea behind DDIO is that enhances system performance by sharing the CPU with network devices and peripherals.

Unfortunately, a flaw in DDIO's design gives hackers the ability to infer data in the CPU's last-level cache of a remote machine.  Researchers were able to demonstrate that an attacker controlling a machine on the network can use this method to infer confidential data from an SSH session. That is, without running any sort of malware on the target system, which naturally makes it notoriously difficult to detect.

The researchers had this to say about their discovery:

"...with NetCAT, we can leak the arrival time of the individual network packets from a SSH session using a remote side channel."

The researchers went onto explain that during an interactive SSH session, network packets are sent with each keystroke.  Via NetCAT, it is possible for an attacker to deduce what characters are typed inside an encrypted (SSH) session.

"For example, typing 's' right after 'a'" is faster than typing 'g' after 's.'  As a result, NetCAT can operate statistical analysis of the inter-arrival timings of packets in what is known as a keystroke timing attack to leak what you type in your private SSH session."

As disturbing as that sounds, it should be noted that this is an incredibly exotic form of attack that has yet to be seen anywhere in the wild.  The day is surely coming when we do see hackers making use of this, but for the moment, it serves more as a dire warning of things to come than anything else.

Instances like this are the very reason you need IT Managed services from SpartanTec, Inc. in Wilmington. We constantly monitor your network and are on top of the latest threats.  Call us today for a complete analysis of your system.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Tuesday, September 24, 2019

New Ransomware Called TFlower Hacks Into Company Networks

Over the last two years, ransomware attacks have become increasingly common against businesses of all shapes and sizes.

While the attack vector saw a dip in popularity last year, this year it has come roaring back to the fore with several new strains of ransomware being developed and enjoying widespread use by hackers around the world.

One of the most recent entrants into the ransomware family is a new strain called "TFlower", which made its first appearance in August of this year (2019).  Since that time, it has begun seeing increasingly widespread use, so if this is the first time you're hearing about it, know that it likely won't be the last.

TFlower is introduced into company networks when hackers take advantage of exposed Remote Desktop services.  Once the hackers have a toehold inside a company's network, they'll use that machine to connect to and infect as many other machines on the network as possible. Like many similar forms of malware, TFlower attempts to distract infected users while it's encrypting their files.  In this case, it will display a PowerShell Window that makes it appear that some harmless software is being deployed.

While it's encrypting a victim's files, it connects to its Command and Control Server to keep the software owners apprised of its activities. Then it attempts to clear the Shadow Volume Copies and attempt to disable the Windows 10 repair environment. This makes it difficult, if not impossible to recover files via conventional means.  Note that it also attempts to terminate the Outlook.exe process so its data files can be encrypted.

When the software has done as much damage as it can do, it will litter the infected computer with a file named "!_Notice_!.txt" which explains that the computer's files have been encrypted and in order to get them back, you'll need to contact the malware owners at the email address provided for additional details.

Be sure your IT staff is aware, and given how this one is spread, check the security of your Remote Desktop services.

Call SpartanTec Inc. in Wilmington and let our team of IT experts help in making sure that your business is protected against potentially damaging online threats. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Tuesday, September 17, 2019

Report Shows 118 Percent Increase In Ransomware Attacks In 2019

Ransomware roared onto the global stage in 2017. Companies and government agencies around the world felt the impact with widespread campaigns like NotPetya and WannaCry.

By 2018, the number of ransomware attacks had begun to fall off while hackers found new tools to attack with, shifting toward cryptojacking, credential theft, and trojan malware.

Granted, ransomware attacks didn't fade completely from the picture in 2018, but they were overshadowed by the emergence of new attack vectors.  Unfortunately, according to data collected by McAfee Labs, and published in their August 2019 Threat Report, Ransomware is back with a vengeance.

Christopher Beek, a lead scientist at McAfee had this to say about the report:

"After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach."

The dramatic increase in ransomware attacks is being driven primarily by three families of ransomware:  Ryuk, GrandCrab, and Dharma.

Ryuk is a scary bit of code that has been used to lock down entire large corporations and government agencies.  It was originally credited to North Korea, but subsequent research points to the malware as being the work of a highly sophisticated cybercrime syndicate, rather than the product of a nation-state.

GrandCrab is a relatively new arrival on the ransomware scene, first emerging in 2018.  Often described as one of the most aggressive families of ransomware, the original authors of the code have leased it out to other hackers around the world in exchange for a cut of the profits.

Dharma is the oldest family of the big three, first emerging on the scene in 2016.  Originally, it was an offshoot of another, even older ransomware family known as Crysis. However, since branching off, it has become a potent threat in its own right, and the hackers who control the code regularly release new updates and continue to enhance its capabilities.

All that to say, it's too soon to breathe a sigh of relief where ransomware is concerned.  It's back in 2019, and it's back with a vengeance.

Lower your risks of ransomeware attack by setting in place safety and security measures for your network and computers. Call SpartanTec, Inc. in Wilmington for effective IT services.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, September 9, 2019

Texas Government Gets Hit With Major Ransomware Attack


This year stands to shatter last year's record in terms of the number of successful hacks against businesses and government agencies. It seems that the hackers have a new favored tool:  The ransomware attack.

According to statistics gathered by Malwarebytes, attacks against government and business are up by a whopping 365 percent.

IBM's consumer statistics aren't much better, reporting a 116 percent increase in ransomware attacks targeting individuals.

Set against this backdrop, the fact that Texas local government offices have recently been paralyzed by a ransomware attack is unsurprising.  What is more surprising, however, is the scope, scale and highly coordinated nature of those attacks. In all, a total of 22 local government agencies were affected, which had the impact of stopping local services in towns across the state.

The incident is being managed by the Texas Department of Information Resources (TDIR). To date, they have not revealed the names of the local agencies that were impacted, nor been forthcoming with any other details other than the following.

"At this time, the evidence gathered indicates the attacks came from one single threat actor.  Investigations into the origins of this attack are ongoing; however, responses and recovery are the priority at this time."

Give yourself a moment to let that sink in.

A single threat actor coordinated a successful state-wide attack that brought down services in 22 different local agencies.  It's no secret that hackers around the world are learning from each other, creating "hacking best practices," and congregating into larger and more organized groups.

As they do so, they're able to tackle increasingly larger and more robust targets.  If these groups can impact a significant portion of a state like Texas today, what will they be capable of by next year?  This has all the earmarks of a trial run for an even larger attack, and that should unsettle everyone.

It is imperative in today's business climate that your protect your company's data and the data you store for your customers from outside attack. SpartanTec, Inc. can help you create a plan that prevents ransomware attacks and alerts you of potential threats. Call us today for a complete in-depth analysis of your network.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255





Monday, September 2, 2019

Choice Hotel Data Breach Affects up To 700,000 Customers

Recently, an independent researcher named Bob Diachenko worked collaboratively with Comparitech. They discovered an unsecured database containing nearly 700,000 hotel records belonging to Choice Hotels.  Unfortunately, although Diachenko reported his finding to the company, hackers had beaten him to the punch and had already downloaded the file. They are now demanding a ransom for its return.

An investigation into the matter is ongoing. A spokesman for Choice Hotels reported that the bulk of the file consisted of test information, including dummy payment card numbers, passwords and populated reservation fields.  They did confirm, however, the presence of some 700,000 genuine guest records and included names, addresses and phone numbers.

The hackers left a ransom note in the database, demanding 0.4 Bitcoin for the safe return of the data.  Based on recent prices, that amounts to about $4,000. Assuming the company decides to pay and assuming the hackers keep their word, that is a small price to pay given the number of compromised records.

Choice Hotels reported that the database was exposed when a third-party vendor accessed it as part of a proposal to provide a tool.  Due to the lapse in security, Choice Hotels has decided not to work with that vendor again.

Their announcement about the incident reads, in part, as follows:

"We are evaluating other vendor relationships and working to put additional controls in place to prevent any future occurrences of this nature... We are also establishing a Responsible Disclosure Program and we welcome Mr. Diachenko's assistance in helping us identify any gaps."
This lukewarm response to the incident has done little to ease the concerns of Choice Hotels' customers. To this point, no notifications have been sent out to customers whose data has been compromised.  If you stay at Choice Hotels when you travel, be mindful that you may be receiving targeted phishing emails and that your payment card information may have been compromised.

Don't wait for a data breach to happen before you realize the importance of information security. Call SpartanTec, Inc. in Wilmington for a thorough review of your network. Our team will help identify potential vulnerabilities and help set in place security measures to protect your network and your client's information. 


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Tuesday, August 27, 2019

BlueKeep Virus Continues To Be An Issue For Microsoft

Wormable bugs are an ongoing concern for Microsoft.  Recently, the company released a set of patches for two newly discovered 'BlueKeep-Like vulnerabilities" that impact a wide range of Windows Operating Systems.

These bugs plague the company's remote desktop services and permit malware to spread rapidly from one device to another.

Remote Desktop Services is an older technology that's been an integral part of the Microsoft Windows environment for decades.  It's a good idea and a widely used technology that allows Windows users to remotely access another computer over a network.  Unfortunately, flaws in the system allow malicious third parties to gain control over the system and spread malware via remote code execution.

The two most recently discovered bugs are being tracked as CVE-2019-1181 and CVE-2019-1182.  They were discovered by Microsoft during one of the company's routine security checks. Patches were released for both as part of the company's August Patch Tuesday.

As the company explained in a recent blog post related to the issues:

"These two vulnerabilities are also 'wormable,' meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction."

The operating systems vulnerable to the newly discovered bugs are:
  • Windows 7, Service Pack 1
  • Windows Server 2008 R2, Service Pack 1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 10, including server versions
At present, Microsoft has no statistics about how many machines in the Windows ecosystem are vulnerable to the two new bugs. The company has detected no third-party manipulations of the vulnerabilities to this point, but they recommend immediately applying the relevant patches in order to mitigate risk.

Unfortunately, recent reports have revealed that many businesses have been slow to respond to the threat that BlueKeep vulnerabilities represent.  If your company is among them, the time to act is now.

Call SpartanTec, Inc. if you want to make sure that your operating systems are secured from the most common online threats today. Let our team help you in keeping your network and business safe and secure from various types of risks and vulnerabilities.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, August 19, 2019

Update Your iPhone To Avoid Latest iMessage Security Vulnerability

If you own an iPhone, be aware that a new iMessage vulnerability has been recently found and patched by Apple. This was part of the iOS 12.4 update.

The flaw allowed hackers to access and read the contents of files stored on iOS devices remotely. They could access files the same way as the device owner with no sandbox, and with no user interaction needed.

The issue was discovered by Natalie Silvanovich, who is a security research with Google's Project Zero.  As a proof of concept, she created a demo that only works on devices running iOS 12 or later. She describes it as "a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious."

In describing the issue itself, Silvanovich had this to say:

"First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage).  Second, it allows an NSData object to be created with a length that is different than the length of its byte array.  This violates a very basic property that should always be true of NSData objects.  This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed."

As mentioned, this bug has already been patched, along with two other iMessage vulnerabilities that Silvanovich recently discovered. All of them were addressed in Apple's most recent (12.4) update. If you're not in the habit of installing security updates automatically, then you'll need to grab this one and install it manually at your earliest convenience.

Smart gadgets and devices are everywhere. Regardless of the brand, a prudent owner will find ways to make sure that all their smartphones, computers, laptops, and network in general is safe against potential vulnerabilities that could put their pertinent information at risk. Call SpartanTec, Inc. in Wilmington NC to make sure that efficient security measures are in place to protect your personal information, business, and clients from the many different online threats today. 


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Thursday, August 15, 2019

Security Issue Found In Multiple Devices Is Called ‘Urgent 11’

Let's take a little time to talk about the vast numbers of smart devices in use around the world. You probably have several in your home or office. Smart devices need operating systems, just like your phone and your PC. Of course, mobile device operating systems must be much smaller and more compact. After all, they don't really need to do a lot of computing, and they don't need a GUI, so the code tends to be on the lean side.

The odds are excellent that you've never even heard of most of the IoT's operating systems, nor the companies that make them. Take VxWorks by a company called Wind River, for example.  It's the most popular Real Time Operating System (RTOS), used in a wide range of smart devices today.  They don't get a lot of attention or oversight because almost nobody has heard of them.

That's beginning to change, however.  Recently, security researchers disclosed the details of the "Urgent 11", which are 11 vulnerabilities found in VxWorks that can be used by hackers to take control of a variety of devices. These devices range from medical systems to printers, industrial equipment, routers, and more.

The company has been in existence for 32 years. Yet, in that time, only 13 security flaws with a MITRE-assigned CVE have been found in the VxWorks RTOS, because again, nobody's paying attention.

The good news is that when someone finally started paying attention, Wind River responded quickly and resolved all eleven of the security flaws, issuing a patch to correct them.  There's just one rather significant catch, however.

The company is claiming that the vulnerabilities are not unique to Wind River software and that the IPnet stack (where the vulnerabilities were found) was acquired by the company back in 2006.  Prior to Wind River's acquisition of it, it was deployed in a wide range of other RTOS'.

All that to say, while Wind River is acting responsibly, there are an unknown number of other RTOS' out there that are vulnerable. The companies behind them may be doing little or nothing about it.  In many ways, the OS ecosystem of the IoT is still very much a black box, and that's troublesome.

As a company, are you doing your part in securing your smart devices and your network? Or are you left in the dark about their vulnerabilities? Let SpartanTec, Inc. Wilmington help you find out if your business is at risk. Call now and learn more about their complimentary, one-time scan with Dark Web ID™ Credential Monitoring.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, August 12, 2019

Facebook Is Making Changes To Privacy Following Huge Fine


We're talking about the result of a massive five billion dollar fine over violations surrounding the Cambridge Analytica scandal. While the staggering size of the fine made all the headlines, there's more to the company's agreement than just several billion dollars.

In addition to the fine itself, the company has also accepted an agreement.

It forces Facebook to implement a new privacy framework, and to be monitored and held accountable for decisions it makes about its users' privacy and information it collects on them.

The FTC Press release reads, in part, as follows:

"The order requires Facebook to restructure its approach to privacy from the corporate board-level down and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy and that those decisions are subject to meaningful oversight (for a period of not less than twenty years)."

Facebook also published a statement about their acceptance of the fine, but it offered little in the way of new information.  Digging a bit deeper, however, some of the details of the changes coming to Facebook include the following:
  • The formation of an independent privacy committee - The committee will be appointed by an independent nominating committee and be comprised of Facebook's board of directors. The FTC says this will help limit CEO Mark Zuckerberg's formerly unfettered control over decisions affecting user privacy.
  • The appointment of Compliance Officers - These people will report to the new privacy committee and will be tasked with monitoring the entire company's privacy program. The Compliance offers are not appointed by Facebook's CEO or any Facebook employee, and no Facebook employee (including the CEO) can remove those officers.  One of the responsibilities of the new Compliance Team will be to submit reports to the FTC.
  • More and better external oversight of Facebook - The FTC's ruling strengthens the role of independent third-party assessors who will conduct independent reviews of Facebook's privacy program at two-year intervals.
Will these steps be enough?  Only time will tell, but it's certainly a great start.  Kudos to the FTC for holding Facebook accountable and trying to be a force for change.

Businesses of all sizes are being held responsible for the safe keeping of their customers data. SpartanTec, Inc. in Wilmington NC is here to help your business implement a privacy policy for your business, install firewalls to protect your data and train your employees on safe practices. Call us today for an in-depth consultation.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site




Monday, July 29, 2019

Unsecured Database May Have Exposed Some Big Companies

An UpGuard research team recently discovered several unsecured Amazon S3 buckets belonging to the Israeli IT Services firm Attunity.

The company left the buckets unsecured, exposing more than a terabyte of sensitive information belong to a number of prominent companies including Ford, TD Bank and Netflix.
To provide a sense of scale, Attunity has more than 2,000 clients worldwide, including many on the Fortune 100 list.

Three different Amazon S3 databases were left open.  These were:
  • Attunity-it
  • Attunity-patch
  • Attunity-support
Upon discovery, the UpGuard research team contacted Attunity and by the next day, all three databases had been secured.  At this time, it's not known with complete certainty whether an unauthorized third party was able to download the databases. Early indications say they weren't, but if they did, they're now in possession of a treasure trove of information.

An UpGuard analysis of the three databases revealed that they contained:
  • A massive 750GB trove of email backups
  • A variety of Microsoft OneDrive account details
  • System passwords for a variety of network assets
  • Sales, marketing and contact information
  • Project specifications
  • Other similar data
Qlik is a larger company in the process of buying Attunity, and they released a statement that reads, in part, as follows:

"We are still in the process of conducting a thorough investigation into the issue and have engaged outside security firms to conduct independent security evaluations.  We take this matter seriously and are committed to concluding this investigation as soon as possible.  At this point in the investigation, indications are that the only external access to data was by the security firm that contacted us."

The UpGuard research team added the following:
"The risks to Attunity posed by exposed credentials, information and communications, then are risks to the security of the data they process.  While many of the files are years old, the bucket was still in use at the time detected and reported by UpGuard, with the most recent files having been modified within days of discovery."

Kudos to UpGuard for finding the issue and alerting Attunity, and to Qlik for their timely response.  Here's hoping the early indications hold, and hackers somehow missed the exposed databases.


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site

Monday, July 22, 2019

Large Percentage Of Mobile Apps Have Security Flaws

How many apps do you have on your phone?If you're like most people, you've likely got dozens or more. Considering how much storage is available on mobile devices these days, people tend to install apps and when they no longer want them, they don't bother to uninstall them. Whatever your number is, the statistics recently published by Positive Technologies in their report "Vulnerabilities and Threats in Mobile Applications 2019" will alarm you.

Here are a few of the key findings:
  • 35 percent of all mobile apps tested had vulnerabilities relating to the insecure transmission of sensitive data.
  • 35 percent had issues with the incorrect implementation of session expiration
  • 20 percent had problems relating to sensitive data being stored in the app source code and insufficient protection against cyber attacks using brute-force techniques
  • 29 percent of tested apps contained vulnerabilities relating to insecure inter-process communications, which are classed as high risk
Overall, high-risk vulnerabilities were found in 38 percent of tested iOS apps, and 43 percent of Android apps.  Even worse, 89 percent of the vulnerabilities that were discovered could be exploited via malware.  The hacker targeting the device would never even need to take physical control of the device.

Leigh-Anne Galloway (one of the people responsible for the report) said:

"Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information.  However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue. We recommend that users take a close look when applications request access to phone functions or data.  If you doubt that an application needs access to perform its job correctly, decline the request."

Wise words, and very good advice.  So back to the initial question, and with the statistics above in mind, how many apps do you have on your phone?

SpartanTec, Inc. of Wilmington is here to protect your company's data again cyber attacks regardless of the source. Call us today for a free analysis of your vulnerability.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site


Google Post

Sunday, June 23, 2019

New Malware Designed To Go After Linux Systems

Linux systems aren't targeted by hackers as often as Windows and iOS-based systems, but they're certainly not immune.

Recently, security researchers have discovered a new strain of malware developed by Chinese hackers, specifically for the purpose of targeting Linux-based systems. The new malware has been dubbed 'HiddenWasp'.

It bears a number of features in common with another malware strain. It is similar to the Linux version of Winnti, which has gained some notoriety and is a tool used commonly by Chinese hackers.  Whether this new strain was created by the same hackers who make use of Winnti, or a rival group looking to springboard off of Winnti's success is currently unknown.  In either case, HiddenWasp is hardly the first malware strain to borrow code from other sources.

As to its use, researchers have so far been unable to discover precisely how hackers are spreading their new creation around. They theorize that it is likely installed by the hackers themselves on systems that have already been compromised.

HiddenWasp's functionality isn't as robust as some other strains of malware, which indicates that it may still be in an early stage of development.  Even so, it's capable of uploading and downloading files, running executables and terminal commands, and more. So it's definitely not a threat that should be taken lightly.

The researchers had these details to add:

"We observed that the HiddenWasp files were uploaded to VirusTotal using a path containing the name of a Chinese-based forensics company known as Shen Zhou Wang Yun Information Technology Co., Ltd.  Furthermore, the malware implants seem to be hosted in servers from a physical server hosting company known as ThinkDream, located in Hong Kong."

Whether these details are meant to misdirect, or perhaps point to Chinese government involvement in the development of the strain is uncertain at this point. Either way, if you have Linux systems running on your network, be aware that there's a new threat to keep an eye out for.

Call SpartanTec, Inc. Wilmington if you need professional help in making sure that your network are always safe from various online threats.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site