New Malware Designed To Go After Linux Systems

Linux systems aren't targeted by hackers as often as Windows and iOS-based systems, but they're certainly not immune.

Recently, security researchers have discovered a new strain of malware developed by Chinese hackers, specifically for the purpose of targeting Linux-based systems. The new malware has been dubbed 'HiddenWasp'.

It bears a number of features in common with another malware strain. It is similar to the Linux version of Winnti, which has gained some notoriety and is a tool used commonly by Chinese hackers.  Whether this new strain was created by the same hackers who make use of Winnti, or a rival group looking to springboard off of Winnti's success is currently unknown.  In either case, HiddenWasp is hardly the first malware strain to borrow code from other sources.

As to its use, researchers have so far been unable to discover precisely how hackers are spreading their new creation around. They theorize that it is likely installed by the hackers themselves on systems that have already been compromised.

HiddenWasp's functionality isn't as robust as some other strains of malware, which indicates that it may still be in an early stage of development.  Even so, it's capable of uploading and downloading files, running executables and terminal commands, and more. So it's definitely not a threat that should be taken lightly.

The researchers had these details to add:

"We observed that the HiddenWasp files were uploaded to VirusTotal using a path containing the name of a Chinese-based forensics company known as Shen Zhou Wang Yun Information Technology Co., Ltd.  Furthermore, the malware implants seem to be hosted in servers from a physical server hosting company known as ThinkDream, located in Hong Kong."

Whether these details are meant to misdirect, or perhaps point to Chinese government involvement in the development of the strain is uncertain at this point. Either way, if you have Linux systems running on your network, be aware that there's a new threat to keep an eye out for.

Call SpartanTec, Inc. Wilmington if you need professional help in making sure that your network are always safe from various online threats.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site

Fast Food Chain Hit By Malware And Data Breach

Do you have a Checkers or Rally's fast food location near you?  Is it your go-to fast food joint?  If so, be advised that they're the latest company to fall victim to a hacking attack.

The company recently discovered evidence of malware on its payment processing systems in a total of 102 of the company's stores, which amounts to about 15 percent of their total locations.

Checkers and Rally's official statement about the matter reads, in part, as follows:

"We are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders.  We encourage you to review your account statement and contact your financial institution or card issuer immediately if you identify an unauthorized charge on your card.  The payment card brands' policies provide that cardholders have zero liability for unauthorized charges that are reported in a timely manner."

Although the company only recently discovered the malware, it had been in place for quite some time. The earliest installation occurred in mid-2017 and the bulk of the infections occurred between early 2018 and 2019.  The company also notes that only customers who paid for meals using credit or debit cards at infected locations have been impacted.

The malware has been removed and as the company's statement indicates, the investigation is ongoing.  You can read the full details about the incident on the Checkers and Rally's website.  The main thing to do at this point is to monitor your credit or debit card statements closely if you used a card to pay for purchases at the fast food chain during the period of infection.

Stay vigilant.  This won't be the last successful hacking attack we hear about in 2019.  Unfortunately, it won't be long before we have another report of this kind to make.

Does your company have a plan in place to protect against malware attacks? Will you be the next company that has to apologize to you customers because their data has been compromised?  You don't have to be a victim. Contact SpartanTec, Inc. for a complete audit of your computer network and recommendations for staying safe.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site

New Ransomware Looks Like An Anti-Virus Installation

Dharma is a highly successful ransomware strain.

It recently has been made even more successful by a change in the way the hackers controlling it are deploying it.

The first part of their latest campaign remains unchanged.  They rely on well-crafted phishing emails to lure employees in.

The key difference, however, lies in the particulars of the newly crafted emails.

In a nutshell, the group has begun imploring email recipients to protect their systems by installing the latest antivirus software.  The emails include a helpful link to the antivirus, which of course doesn't point to antivirus software at all. Rather, it is the ransomware they're trying to deploy inside corporate networks.

Worst of all, the emails claim to be from Microsoft, one of the biggest, most recognizable and most trusted names in the industry. So, there's a good chance that at least one of your employees will take the bait. In a bid to be good, proactive employees, they will seek to install what they think is antivirus software.

Once they start the installation, the damage is done.  It will lock every file on the victim's system, demand ransom, and seek to spread itself to as many other systems inside your network as it can reach.

Raphael Centeno, a security researcher at Trend Micro had this to say about the new twist on the malware strain:

"As proven by the new samples of Dharma, many malicious actors are still trying to upgrade old threats and use new techniques.  Ransomware remains a costly and versatile threat."
As ever, the best way to guard against this type of threat starts with employee education.  Employees should not be in the habit of installing their own antivirus software in the first place, so a gentle reminder to that effect should go a long way toward limiting the threat, but it still pays to be very much on your guard.

Secure your email and your system with the help of an expert IT consultant from SpartanTec, Inc.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site

Scammers Now Use Google Ads To Steal Information

There's a new scam afoot that involves using Google Ads.

We're frankly surprised that it's working, but apparently, it's drawing some unsuspecting customers in. It appears to be an organized campaign.

The unknown scam artists are creating ads with phrases like:

• "Amazon.com - Best place to get dream products. Best deals - Best support - Best price."
• "Paypal.com - Discover how easy and safe it is to pay for goods and shop. Free Return Shipping.  180-day Refund Windows.  No funds needed."
• "Ebay.com - Find the best selling Cell Phone Cases, Covers and Skins. Get the best deals for cell phones and smartphones.  Dream Garage Spring Event..."

These ads contain phone numbers with an invitation given to ad viewers to call them.  Of course, the numbers displayed in the ads aren't the real support numbers for those companies. If a user should call one, he'll be greeted by someone claiming to work for the support department of the company displayed in the ad.

Early on in the conversation, the scammer will announce some type of problem with the user's account, and inform them that they can fix the issue, but to do so, they'll need a code found on the back of a Google Play Store gift card.

Why this doesn't raise an immediate red flag to users is a mystery. Apparently some users are handing over the information if they have a gift card, which the scammers promptly make use of. For Google's part, they are working to remove the ads but it's a bit like playing Whack-A-Mole.  For every one they identify and take down, a new one seems to appear.

In any case, the company did issue an official statement which reads as follows:

"We have strict policies that govern the kinds of ads we allow on our platform, and ads that conceal or misstate information about their business are prohibited on our platform.  When we find ads that violate our policies, we remove them." You also have the option to seek out IT consulting services to help you secure your company information and computer network.

Call SpartanTec, Inc. if you need reliable IT services to keep your network safe and secure from potential online breach.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantecwilmington.business.site

Password Policies Getting Update From Microsoft

Industry experts have been predicting the death of the humble password for decades.  To date, those predictions have amounted to nothing.

Passwords are still with us, and still serve as the cornerstone of security, even as other measures have arisen alongside them to help better secure your all-important data.

Even though passwords aren't gone, the security landscape is changing. Recently, Microsoft has announced another step down that path of change.  They're doing away with the notion of forced password changes.

The logic is hard to argue with.  The policy of forced password changes really doesn't offer all that much in the way of protection. It often creates as many headaches and problems as it solves, because users tend to make small, virtually meaningless and easy to predict changes to their passwords. Or, they often forget their new ones anyway.

While Microsoft is no longer forcing password changes at periodic intervals, they are leaving the option available for Enterprise users to establish their own forced password change thresholds if they choose to do so.  In tandem with the coming change, they're also recommending that security professionals perform a periodic review of passwords to ensure that the passwords in use aren't on the list of the UK National Cyber Security Centre's list of the 100,000 worst passwords.

One important thing to note is the fact that the company isn't making any changes to its requirements for minimum password length, complexity, or history. That is essential in terms of keeping users from simply recycling the same two or three passwords, switching endlessly back and forth between them.
It's also worth mentioning that these changes could benefit companies that are currently under audit. That is if the auditing agency is using Microsoft's security baseline as a guideline. That makes this seem like a small , but it is more significant than it may first appear.

Call SpartanTec, Inc. if you wish to know how to secure your online information.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro

Persistent Banking Trojan Virus Launches New Phishing Scam

The venerable banking Trojan known as Q-bot is back in the news, having recently been spotted in the wild as part of a sophisticated new phishing campaign designed to claim a new generation of victims.

Q-bot is one of the oldest banking Trojans still in use, and has a history that stretches back more than a decade.

In this most recent incarnation, the malware is being delivered via an email which appears to be a reply to an existing email chain.  The body of the email contains a poisoned link which, if clicked will install the malware in the background.

Once in place, it creates a backdoor to the compromised machine in question, allowing hackers access any time they like.  It also serves as a key logger and general spy. It can steal financial data, banking data, other logins, credentials, and of course, makes it possible for the hackers to install additional malware as they see fit.

The reason Q-bot is still enjoying use of stolen data is that it's very good at what it does, and the developers of the code have taken steps to keep it up to date.  This, combined with finding new and innovative ways of introducing the Trojan onto target systems has made it as close to a persistent threat as we've seen when it comes to malicious code.

The latest campaign appears to borrow from the success of a similar campaign launched last year involving a Trojan with comparable functionality called Emotet.

This serves as confirmation that different hacking groups around the world are learning from one another, comparing notes, and developing an increasingly robust set of best practices. All this makes it increasingly more difficult to effectively defend against such threats.  Stay vigilant and be sure to remind your employees never to open emails or click links inside emails, even if they appear to be from a trusted source.

SpartanTec, Inc. can provide training for your employees to ensure they are not inadvertently allowing this malware into your computer systems via their email practices. We are located in Wilmington and provide managed IT services including a free dark web scan and employee awareness training. Contact us today to ensure the safety of your data. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro

Issue With Internet Explorer Could Affect Most PC Users

Are you still surfing the web with Internet Explorer?  If so, you're not alone.  Four years after Microsoft announced Edge as its successor, the company's old browser still has a few stubborn holdouts who continue to use it for various reasons.

Unfortunately, security experts keep finding critical security flaws in the code that make it something of a ticking time bomb.

The most recent of these was unearthed by an independent researcher named John Page. He published a proof of concept that demonstrates a flaw in the way the old browser handles MHT files, which are used by Internet Explorer for archival purposes.

If any computer running Windows 7, Windows 10, or Windows Server 2012 encounters an MHT file, it will attempt to open it using Internet Explorer.  This fact represents a tremendous opportunity for a savvy hacker.  All he has to do is present a specially crafted MHT file containing malicious code to a user and use a bit of social engineering to open it.  Using history as a guide, convincing users to open files from untrusted sources is not especially difficult to do.

Even if you don't currently use Internet Explorer, your system is still very much at risk from this type of attack, because IE 11 still ships with every Windows-based PC, including the latest Windows 10 machines.  The only potential saving grace here is that on Windows 10 machines, Internet Explorer is not enabled by default and needs to go through a user-initiated setup process before it could be used.
The solution then, at least if you've got a Windows 10 machine, is simply to avoid enabling Internet Explorer or, even better, simply uninstall it from the Control Panel altogether.

Mr. Page reported the issue to Microsoft on March 27, and received the following reply:
"We determined that a fix for this issue will be considered in a future version of this product or service.  At this time, we will not be providing ongoing updates of the status of the fix for this issue and we have closed the case."

Unfortunately, that's a canned response that amounts to a dismissal. So for the foreseeable future, you should operate under the assumption that no help will be forthcoming from Microsoft on this issue.  Make sure your IT staff is aware.

SpartanTec, Inc. serves small to medium size business with outstanding IT support in both North and South Carolina. Call us today to ensure your data is safe.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro