Cyber Security - Be Careful As You Travel This Week

Public Chargers Can Expose Your Device To Hacking And Malware

On paper, it seems like a lovely idea to use a public charger.

Airports, hotels, and other high traffic areas have begun to increasingly offer public USB power charging stations to give people a convenient means of recharging their favorite devices.

Unfortunately, things are not working out quite according to plan.

Naturally, hackers around the world have taken note, and regard such easily accessed terminals as juicy targets and low hanging fruit.  According to a security alert published by the Los Angeles District Attorney's office, many of these stations have been compromised, and using them could expose you to malware.  This type of attack even has its own name:  Juice Jacking.

In recent years, several proofs-of-concept have been created that demonstrate how these charging stations can be taken over by hackers and used to distribute malware to anyone foolish enough to plug into them.  Of these, the worst of the lot was proudly displayed at the 2013 Black Hat security conference. In that case, it was a malicious charger that could deploy malware on any iOS device.
Just a handful of years later, in 2016, Samy Kamkar raised the bar with an Arduino-based device he dubbed "KeySweeper." By all outward appearances, it was just a USB wall charger. However, it wirelessly and passively sniffed, decrypted, logged, and reported back all keystrokes from any Microsoft wireless keyboard in its vicinity.

While these two were the most prominent examples of the kinds of havoc hackers can cause on this front, there are many others.  To try and get a handle on the problem, the LA District Attorney's Office issued a security bulletin that recommended the following tips to all travelers:

• Use AC power outlets only, not USB charging stations
• Take AC and car chargers with you when traveling because you know and trust them
• Consider buying a portable charger for emergency use

Good advice.  If you're a frequent traveler, these tips are well worth incorporating into your travel preparation plans.

SpartanTec, Inc. wishes all of our readers a happy and safe travel weekend. Share this post on social media with you friends so all of us can keep our data safe and private.

We provide Dark Web Monitoring report which we can run for your company during the holidays. Complete the form on this page https://www.spartantec.com/darkweb for the free service.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Racoon Stealer Malware Is New One To Watch For

There is a new form of malware that you and your staff need to be aware of. That's because it's gaining in popularity among cyber criminals around the world.  Known as 'Racoon Stealer,' it is noteworthy not for its complexity but rather, for its extreme ease of use.  Worse, the malware's designers have been marketing it aggressively both inside and out of the Dark Web, which is driving rampant adoption rates.

Racoon Stealer was first spotted in the wild in April of 2019.  It's a Trojan virus that's relatively simple in its construction, but quite adept at collecting password information and sending it back to whomever launched it.

The Senior Director of Threat Hunting at Cybereason, Assaf Dahan, had this to say about the emerging threat:

"Raccoon, like other information stealers, poses significant risks to individuals and organizations alike.  Any malware that is designed to steal passwords and personal information from browsers and mail clients could potentially inflict great damage to its victims.

The stolen data is being sold to the highest bidder in the underground community and can be used in many ways--from identity theft, financial theft or even as an entry vector to penetrate an organization and in order to carry out a larger attack."

In addition to the general hype created by the marketing campaign, the group behind Raccoon provides its criminal user base with more tools. These include an easy-to-use backend, hosting, and dedicated 'round the clock support, all for $200 a month.  The data that this little piece of code can obtain can easily generate high amounts of income for the hacker. That makes it a fantastic investment for the criminal underground, which explains the malware's explosive growth and spread.

In any case, be sure your IT staff is aware, and be on your guard.  It looks like Raccoon is here to stay.

Keep your passwords, personal and company information secure from all kinds of online threats. Call SpartanTec, Inc. in Wilmington and let our team help set up the most effective strategy to improve your cybersecurity. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Discord Users Be Careful Of Malware And Information Theft

Do you use the Discord chat service?

If so, be advised that malware developers have been using the service to not only host various types of malware, but also to use it as a command and control server.

In addition, they are abusing the chat client to force it to perform a variety of malicious behavior.
Unfortunately, this is not a new problem.  Anyone familiar with the chat service knows that it has a long history of being abused.  Although designed primarily as a chat service, Discord also allows its members to use a chat channel where other users can download them.

Users can even right click on a hosted file to get a sharable download link. This is, in practice, one of the ways that hackers are abusing the system.  Of significance, these sharable links work even for non-Discord users, which gives malicious actors a convenient place to stash harmful files to be spread far and wide via email campaigns.

Even more interesting is the fact that the uploader can delete the file inside Discord itself, but the URL can still be used to download it.  This means that although the chat service gives the outward appearance of deleting the file, it still exists on the server. That gives malware developers an incredibly convenient, completely anonymous method of hosting their files.

In addition to that, Discord contains a feature called 'Webhooks' that allow third-party applications or websites to send messages to a Discord channel.  When a user creases a Webhook, the server owner will be given a special URL that is used with the Discord API to send messages to a specified channel.  In this case though, if a user has been previously infected by a hacker's malware, this service can be used to exfil collected data directly to the attacker.

All this to say, if you use Discord, beware.  To say that the chat service has problems is an
understatement.

Call SpartanTec, Inc. in Wilmington and let our team set up layers of protection for your computers and networks. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

RobbinHood Ransomware Another Reason To Back Up Your Systems

The creators of the dreaded 'Robbinhood' ransomware strain are putting their reputation to work for them.  The hackers have recently modified their ransom note in a couple of important ways.

First and foremost, they stress that there's no public decryption tool currently available to recover files encrypted by RobbinHood and that they are monitoring the situation to make sure that the company impacted by the malware does not contact law enforcement.  Any attempt to do so "will damage your files," the warning reads.

Those two recent additions are bad enough on their own, but the hackers took an additional step. They are now directing victims to a web search highlighting an incident that occurred in Greenville North Carolina and another that impacted servers in the city of Baltimore.

Robbinhood was used in both attacks, and while the ransoms demanded in both cases weren't excessive (less than $100,000 initially demanded), the aftershocks arising from those attacks wound up costing the city millions.  In fact, according to CBS Baltimore, the city "put more than $18 million into the attack."

Clearly, the recent changes to the ransom note used by the attackers is aimed at convincing those impacted by their malware to pay up and keep quiet.  How well that will ultimately work remains to be seen, but at this point, the hackers are correct.  There is no public decryption tool.

What they don't mention, of course, is the fact paying the ransom isn't the only way to recover encrypted files.  If your company is in the habit of making good, complete backups at regular intervals, then a ransomware attack doesn't have to be devastating.  With a proper, timely response, it could be little more than an inconvenience.  Naturally, the hackers don't want to draw attention to this, but it is something you and your IT staff should keep very much in mind.

Call SpartanTec Inc. in Wilmington now and let our team set up a business continuity strategy that's suitable for your business needs. We offer reliable data backup and computer hard drive backup services, which can help lessen the effects of ransomware attacks like RobbinHood on your business. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Ransomware Sets Sights On Healthcare Organizations

A string of hospitals in both the US and Australia have come under attack by hackers in recent weeks. They have been targeted by ransomware attacks that have effectively shut a number of them down.  As of the time this article was written, the Northport Medical center, Fayette Medical Center, and DCH Regional Medical Center in Alabama have only limited access to their computing systems.

A spokesman for the hospitals had this to say about the attack:

"The three hospitals of the DCH Health System have experienced a ransomware attack.  A criminal is limiting our ability to use our computer systems in exchange for an as-yet-unknown payment. That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical center are closed to all but the most critical new patients.  Our staff is caring for the patients who are currently in the hospital and we have no plans to transfer current patients. Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records."

The situation is hardly better in Australia, where a total of seven hospitals were impacted.

A spokesman for the hospitals in Australia had this to say:

"The cyber incident, which was uncovered on Monday, has blocked access to several systems by the infiltration of ransomware, including financial management...Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection."

Like the American hospitals, the infected Australian hospitals have lost access to their patient records, booking and management systems and have fallen back to keeping manual records to maintain some level of functionality.

This is a serious, coordinated attack and is no doubt a harbinger of things to come.  Lives are very definitely at risk and unfortunately, as the hackers refine their approach, their attacks are only going to get more devastating.  Dark times.

Hackers are becoming more clever and strategic when it comes to infiltrating the devices and networks of their victims. Don't fall prey to them. Protect your devices and your personal or business information. Call SpartanTec, Inc. in Wilmington and let our IT consulting team help you.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

Browser Update Warnings May Actually Be Malicious Hackers

Researchers at FireEye have recently unearthed a particularly nasty new campaign that is both multi-faceted and dangerous. At the heart of the attack are hacked websites which display seemingly innocuous popup message informing the site visitor that their browser is out of date. It will helpfully provide a one-touch solution to the non-existen21t problem via a button that promises to download the latest version of the browser in question.

Naturally, it does no such thing.  Instead, it uses a series of JavaScripts to gather information about the target computer and send the details back to the command and control server.

The server then responds to the findings reported by the initial script by uploading the initial payload.  This varies based on the details gleaned, but generally includes some type of banking trojan malware and a backdoor such as Dridex, NetSupport Manager RAT, or similar.  If the initial scan reveals that the target computer is part of a corporate network, then an additional payload is also injected onto the target machine, but we'll get to that in a moment.

The first part of the payload will busily ferret out login credentials and other sensitive information, exfiltrating any files of value back to the command and control server.

Only when this operation has been completed and if the computer is part of a corporate network will the second stage we referenced earlier trigger, which is a strain of ransomware, normally BitPaymer or DoppelPaymer. The ransomware spreads through the network as far as it is able, encrypting files network wide.

These two ransomware strains are known for their hefty ransom demands, which often run into the hundreds of thousands, or even millions of dollars.

This multi-stage approach is dreadfully effective.  It not only allows the hackers to squeeze a wide range of sensitive data from infected systems, but then, locks them down hard and demands a hefty payment.  Be sure your staff is aware.  This one's about as dangerous as they come.

Hackers are becoming more clever these days. They have found several other ways to get into the computers of their victims. Fortunately, there are ways to keep your computer and network safe. Call SpartanTec, Inc. in Wilmington and let our team set up security protocols to keep your personal or business information safe and protected against various kinds of online threats. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/

The Importance Of Cybersecurity

Why did cybersecurity become so important all of a sudden? Before, it was just something that tech savvy people worry about. In the corporate world, it was a task that was left to the IT department. Other believed that as long as their firewalls, anti-virus software, and encryption tools were set up and working, they could simply hand over their IT security to professionals and  concentrate on running their business.

Now, you are most likely aware that cybersecurity is not something that you can ignore. Unless you totally conceal yourself from the world’s media, you should know that hacks as well as data breaches always affect firms of different sizes. Usually, these incidents are massive enough to make the news, which causes irreparable damage to the firms involved. 

What Has Changed?

Basically, we are living in a much more technically advanced world than a decade ago. In case you need more convincing, think about the fact that the iPad has just been around since 2010 and the iPhone came out a few years before that. Meanwhile, the broadband speeds increased five times over the last decade, which made it possible for individuals and businesses to do much more online.

One good example of the change that this has facilitated is the emergence of document sharing, email that is available on each device, as well as databases accessible from almost everywhere. As the years go by, enterprises have boosted their deployment of business critical applications in the cloud, given that Amazon’s Elastic Compute Cloud was only introduced in 2006.

Improve Your Cybersecurity

Given all these, you should now know the importance of cyber security. What can you do to stand up against this growing threat? Here are a few ideas you need to consider.

Stay Informed

It is no longer fair or realistic enough to expect your IT department to eradicate every IT security risk. Several contemporary cyber security threats come from social engineering, exploits to the browsers, user mistakes, as well as other things that the tech teams could only do so much to protect you from.

Cybersecurity is something that everybody needs to pay attention to, and a large number of incidents are because of people disregarding mainstream advice not to click on suspicious links and securing their passwords.

Do More Than Just Install Anti-Virus

Anti-virus software is an integral part of the IT security methods that you need to have. But relying on that alone is not enough to protect you from today’s online threats. Technical teams require several other tools, solutions, and resources, and a few of them are quite costly. But, they are less likely to be as expensive as the price of clearing up after an online breach.

Get Insured

The sector that offers cyber insurance has boomed over the years and it is now something that firms of all sizes need to consider. Cybersecurity insurance is not just about protecting against the financial risk. In case your company gets hit by a breach, there will be a lot of damage that needs to be contained, and you might need the help of a team of IT experts as well as damage limitation specialists that your insurer could provide.

Don't wait for a security breach to happen. Find yourself a reliable team of IT experts who can help you set up safety protocols to improve your cybersecurity. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

https://spartantec-wilmingtonnc.business.site/