Sunday, June 23, 2019

New Malware Designed To Go After Linux Systems

Linux systems aren't targeted by hackers as often as Windows and iOS-based systems, but they're certainly not immune.

Recently, security researchers have discovered a new strain of malware developed by Chinese hackers, specifically for the purpose of targeting Linux-based systems. The new malware has been dubbed 'HiddenWasp'.

It bears a number of features in common with another malware strain. It is similar to the Linux version of Winnti, which has gained some notoriety and is a tool used commonly by Chinese hackers.  Whether this new strain was created by the same hackers who make use of Winnti, or a rival group looking to springboard off of Winnti's success is currently unknown.  In either case, HiddenWasp is hardly the first malware strain to borrow code from other sources.

As to its use, researchers have so far been unable to discover precisely how hackers are spreading their new creation around. They theorize that it is likely installed by the hackers themselves on systems that have already been compromised.

HiddenWasp's functionality isn't as robust as some other strains of malware, which indicates that it may still be in an early stage of development.  Even so, it's capable of uploading and downloading files, running executables and terminal commands, and more. So it's definitely not a threat that should be taken lightly.

The researchers had these details to add:

"We observed that the HiddenWasp files were uploaded to VirusTotal using a path containing the name of a Chinese-based forensics company known as Shen Zhou Wang Yun Information Technology Co., Ltd.  Furthermore, the malware implants seem to be hosted in servers from a physical server hosting company known as ThinkDream, located in Hong Kong."

Whether these details are meant to misdirect, or perhaps point to Chinese government involvement in the development of the strain is uncertain at this point. Either way, if you have Linux systems running on your network, be aware that there's a new threat to keep an eye out for.

Call SpartanTec, Inc. Wilmington if you need professional help in making sure that your network are always safe from various online threats.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site

Wednesday, June 19, 2019

Fast Food Chain Hit By Malware And Data Breach


Do you have a Checkers or Rally's fast food location near you?  Is it your go-to fast food joint?  If so, be advised that they're the latest company to fall victim to a hacking attack.

The company recently discovered evidence of malware on its payment processing systems in a total of 102 of the company's stores, which amounts to about 15 percent of their total locations.

Checkers and Rally's official statement about the matter reads, in part, as follows:

"We are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders.  We encourage you to review your account statement and contact your financial institution or card issuer immediately if you identify an unauthorized charge on your card.  The payment card brands' policies provide that cardholders have zero liability for unauthorized charges that are reported in a timely manner."

Although the company only recently discovered the malware, it had been in place for quite some time. The earliest installation occurred in mid-2017 and the bulk of the infections occurred between early 2018 and 2019.  The company also notes that only customers who paid for meals using credit or debit cards at infected locations have been impacted.

The malware has been removed and as the company's statement indicates, the investigation is ongoing.  You can read the full details about the incident on the Checkers and Rally's website.  The main thing to do at this point is to monitor your credit or debit card statements closely if you used a card to pay for purchases at the fast food chain during the period of infection.

Stay vigilant.  This won't be the last successful hacking attack we hear about in 2019.  Unfortunately, it won't be long before we have another report of this kind to make.

Does your company have a plan in place to protect against malware attacks? Will you be the next company that has to apologize to you customers because their data has been compromised?  You don't have to be a victim. Contact SpartanTec, Inc. for a complete audit of your computer network and recommendations for staying safe.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site

Tuesday, June 4, 2019

New Ransomware Looks Like An Anti-Virus Installation

Dharma is a highly successful ransomware strain.

It recently has been made even more successful by a change in the way the hackers controlling it are deploying it.

The first part of their latest campaign remains unchanged.  They rely on well-crafted phishing emails to lure employees in.

The key difference, however, lies in the particulars of the newly crafted emails.

In a nutshell, the group has begun imploring email recipients to protect their systems by installing the latest antivirus software.  The emails include a helpful link to the antivirus, which of course doesn't point to antivirus software at all. Rather, it is the ransomware they're trying to deploy inside corporate networks.

Worst of all, the emails claim to be from Microsoft, one of the biggest, most recognizable and most trusted names in the industry. So, there's a good chance that at least one of your employees will take the bait. In a bid to be good, proactive employees, they will seek to install what they think is antivirus software.

Once they start the installation, the damage is done.  It will lock every file on the victim's system, demand ransom, and seek to spread itself to as many other systems inside your network as it can reach.

Raphael Centeno, a security researcher at Trend Micro had this to say about the new twist on the malware strain:

"As proven by the new samples of Dharma, many malicious actors are still trying to upgrade old threats and use new techniques.  Ransomware remains a costly and versatile threat."
As ever, the best way to guard against this type of threat starts with employee education.  Employees should not be in the habit of installing their own antivirus software in the first place, so a gentle reminder to that effect should go a long way toward limiting the threat, but it still pays to be very much on your guard.

Secure your email and your system with the help of an expert IT consultant from SpartanTec, Inc.


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site