Monday, November 25, 2019

Cyber Security - Be Careful As You Travel This Week

Public Chargers Can Expose Your Device To Hacking And Malware

On paper, it seems like a lovely idea to use a public charger.

Airports, hotels, and other high traffic areas have begun to increasingly offer public USB power charging stations to give people a convenient means of recharging their favorite devices.

Unfortunately, things are not working out quite according to plan.

Naturally, hackers around the world have taken note, and regard such easily accessed terminals as juicy targets and low hanging fruit.  According to a security alert published by the Los Angeles District Attorney's office, many of these stations have been compromised, and using them could expose you to malware.  This type of attack even has its own name:  Juice Jacking.

In recent years, several proofs-of-concept have been created that demonstrate how these charging stations can be taken over by hackers and used to distribute malware to anyone foolish enough to plug into them.  Of these, the worst of the lot was proudly displayed at the 2013 Black Hat security conference. In that case, it was a malicious charger that could deploy malware on any iOS device.
Just a handful of years later, in 2016, Samy Kamkar raised the bar with an Arduino-based device he dubbed "KeySweeper." By all outward appearances, it was just a USB wall charger. However, it wirelessly and passively sniffed, decrypted, logged, and reported back all keystrokes from any Microsoft wireless keyboard in its vicinity.

While these two were the most prominent examples of the kinds of havoc hackers can cause on this front, there are many others.  To try and get a handle on the problem, the LA District Attorney's Office issued a security bulletin that recommended the following tips to all travelers:
  • Use AC power outlets only, not USB charging stations
  • Take AC and car chargers with you when traveling because you know and trust them
  • Consider buying a portable charger for emergency use
Good advice.  If you're a frequent traveler, these tips are well worth incorporating into your travel preparation plans.

SpartanTec, Inc. wishes all of our readers a happy and safe travel weekend. Share this post on social media with you friends so all of us can keep our data safe and private.

We provide Dark Web Monitoring report which we can run for your company during the holidays. Complete the form on this page https://www.spartantec.com/darkweb for the free service.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255



Tuesday, November 19, 2019

Racoon Stealer Malware Is New One To Watch For

There is a new form of malware that you and your staff need to be aware of. That's because it's gaining in popularity among cyber criminals around the world.  Known as 'Racoon Stealer,' it is noteworthy not for its complexity but rather, for its extreme ease of use.  Worse, the malware's designers have been marketing it aggressively both inside and out of the Dark Web, which is driving rampant adoption rates.

Racoon Stealer was first spotted in the wild in April of 2019.  It's a Trojan virus that's relatively simple in its construction, but quite adept at collecting password information and sending it back to whomever launched it.

The Senior Director of Threat Hunting at Cybereason, Assaf Dahan, had this to say about the emerging threat:

"Raccoon, like other information stealers, poses significant risks to individuals and organizations alike.  Any malware that is designed to steal passwords and personal information from browsers and mail clients could potentially inflict great damage to its victims.

The stolen data is being sold to the highest bidder in the underground community and can be used in many ways--from identity theft, financial theft or even as an entry vector to penetrate an organization and in order to carry out a larger attack."

In addition to the general hype created by the marketing campaign, the group behind Raccoon provides its criminal user base with more tools. These include an easy-to-use backend, hosting, and dedicated 'round the clock support, all for $200 a month.  The data that this little piece of code can obtain can easily generate high amounts of income for the hacker. That makes it a fantastic investment for the criminal underground, which explains the malware's explosive growth and spread.

In any case, be sure your IT staff is aware, and be on your guard.  It looks like Raccoon is here to stay.

Keep your passwords, personal and company information secure from all kinds of online threats. Call SpartanTec, Inc. in Wilmington and let our team help set up the most effective strategy to improve your cybersecurity. 



SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, November 11, 2019

Discord Users Be Careful Of Malware And Information Theft

Do you use the Discord chat service?

If so, be advised that malware developers have been using the service to not only host various types of malware, but also to use it as a command and control server.

In addition, they are abusing the chat client to force it to perform a variety of malicious behavior.
Unfortunately, this is not a new problem.  Anyone familiar with the chat service knows that it has a long history of being abused.  Although designed primarily as a chat service, Discord also allows its members to use a chat channel where other users can download them.

Users can even right click on a hosted file to get a sharable download link. This is, in practice, one of the ways that hackers are abusing the system.  Of significance, these sharable links work even for non-Discord users, which gives malicious actors a convenient place to stash harmful files to be spread far and wide via email campaigns.

Even more interesting is the fact that the uploader can delete the file inside Discord itself, but the URL can still be used to download it.  This means that although the chat service gives the outward appearance of deleting the file, it still exists on the server. That gives malware developers an incredibly convenient, completely anonymous method of hosting their files.

In addition to that, Discord contains a feature called 'Webhooks' that allow third-party applications or websites to send messages to a Discord channel.  When a user creases a Webhook, the server owner will be given a special URL that is used with the Discord API to send messages to a specified channel.  In this case though, if a user has been previously infected by a hacker's malware, this service can be used to exfil collected data directly to the attacker.

All this to say, if you use Discord, beware.  To say that the chat service has problems is an
understatement.

Call SpartanTec, Inc. in Wilmington and let our team set up layers of protection for your computers and networks. 


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255