The Microsoft Defender Advanced Threat Protection Research Team have released a warning to all Windows users informing them that a notorious malware has resurfaced and has begun to spread once again. This malware, named Astaroth (The Great Duke of Hell), steals user credentials without ever needing to install malicious software. What makes this malware so notorious is not just that it deploys keyloggers and monitors the clipboard, aiding in its ability to steal login credentials, instead it does all this without downloading any executable file onto the user’s machine. The attack begins when the user opens a link within a phishing email. The link, unbeknownst to the user, opens a shortcut file which launches a terminal command that downloads and runs JavaScript code. From there the JavaScript pulls and runs two DLL files which do the dirty work of keylogging the user’s information and uploading it to the remote attacker. It does this entire process without the user ever knowing it is going on, raising serious concerns for businesses and personal machines. To stop the Malware, Anti-Virus programs need closely monitor how WMIC command-line code, applying rules to such code when necessary. This includes regularly checking the age of the files being called and flagging or completely blocking newly created DLL files. However, Microsoft’s anti-virus, as well as other anti-virus programs, have been updated to watch for such occurrences. Nevertheless, it is crucial that you remain cautious when online. Malware like this, even though modern anti-virus has been updated to watch for these suspicious actions, is not full proof. You should never look at your anti-virus as being the first line of defense; that what you are! If you are worried that an email may be a phishing scam, the chances are that it is. Always verify with the sender before you click on any links or download any files, and you will ensure that your computer and data remains safe! If you are worried that your business may be vulnerable to cyber attacks, contact Hammett Technologies! We use only the latest cybersecurity technology to ensure that your data is always safe. To find out more about what we can do to assist your company, click here!
Is your PC slow to startup? This is a common issue for many users, and the fix is more straightforward than many imagine. When it comes to Windows, applications, for seemingly no reason, set themselves up to launch when your PC is booting. While there are specific programs that you would want to launch at startup, such as antivirus software, many programs that do launch at startup are not needed, and depending on the size of these programs, the speed at which your PC boots can be significantly affected. Microsoft is aware of this, however, and has offered a remedy for this issue for some time now. Windows offers the user the ability to customize what application launch at startup, allowing them to disable and enable which program will run when the computer is first started. To begin customizing your startup applications, you can either go through Task Manager or Settings. Task Manager will offer you a bit more information, but both offer the same end goal: making your PC boot faster. Using Windows Settings to Disable Startup Applications As I stated earlier, those of you that go through Windows Settings to customize your PC’s startup application will have a more basic experience but will ultimately achieve the same end goal: a quicker startup. In order to navigate to this menu, follow these steps: 1. Locate your Start Menu: This will be in the bottom left-hand corner of your screen 2. Locate settings “.” 3. Upon clicking the gear, you will be taken to the “Windows Settings” page. From there, locate and select “Apps.” 4. Locate and select “Startup.” If you have made it this far then take a second to accept the round of applause because you have successfully navigated to the correct page! All right, that’s enough celebrating. From here, you will be able to select which apps to wish to enable and disable at startup. You may notice that under the “On/Off Switch,” there is an “Impact Indicator.” This is a measurement of the approximate impact the application will have on the startup. When deciding what applications to disable first, look at the ones that have the most substantial impact on startup first because they yield the most significant performance increases if disabled. Using Task Manager to Disable Startup Applications If you are looking for a little more information regarding your system’s boot time and applications running at startup, using the Windows Task Manager is the best place to be! It allows you to quickly research applications you are unfamiliar with, making it easier to decide which apps can be disabled and which are better left alone. To get to the Task Manager, right-click on any empty space on the taskbar. In the popup menu, click on “Task Manager” (third from the bottom). * If your menu appears like this… …click on “More details.” The result should look something similar to this: Once you have the Task Manager, navigate to Startup, which should look something like this: From here you can see all the applications that launch when your computer starts. On the surface, Task Manage appears to be quite similar to Windows Settings. However, if you right-click on an application in Task Manager, you can gain further insight into what the application is. A right-click allows you to disable/enable an application, navigate to its file location, search online for the program for more information, and inspect the application’s properties. Adding a Boost to Startup Now that you know how to disable startup applications get to work! If your PC takes a long time to boot, the culprit may be a few application, with a high impact, launching when your computer first starts. However, make sure you research the application you are disabling before you do so. Some applications, like the “Sound Blaster Control Panel,” is an application I use for better audio control on my computer. For my convenience, I leave the application on, even though it has a moderate impact on startup! Make sure you understand what you are disabled before you do so, or your PC may encounter slight errors when booting. If you have any questions, do not hesitate to reach out to us!
As technology continues to progress, security on a global scale becomes a larger concern for all. For any country, one of the largest concerns is a cyber attack that could cripple the power of multiple cities. The United States, however, has begun to take steps to counteract this potentially catastrophic situation. After multiple, unsuccessful attacks on the US power grid, the United States government has begun to look at other, older, methods to secure the power grid. The United States has decided that, instead of using updated technology to secure the power grid, the use of older, analog, manual technology is the best way to secure the nation’s power. The United States hopes that, by using manual techniques, the threat of a larger-scale attack will diminish significantly. Furthermore, manual technology means that only direct, physical access will allow access to the power grid, potentially eliminating cyber attacks entirely. As technology continues to advance on a global scale, cyberattacks become more potential and more dangerous. It is interesting to see the United States, instead of contributing higher-tech to securing the power grid, is instead opting for older, retro-styled tactics of security. After all, the best security against a cyberattack is to eliminate the cyber aspect! Are you worried your business may be vulnerable to cyber-attacks? Contact Hammett Technologies today for a free assessment of your network! To find out more about what we can do to help your business grow, click here! (9/10/19) Update ZDNet has reported that the US power grid has just been struck by a cyber attack! Security researchers have discovered that the attack occurred due to an unpatched firewall, allowing hackers to use a DoS attack on the firewalls located in a power grid operator. You can read more about the incident on ZDNet!
Microsoft Teams is known for being a reliable chatting software that many businesses use for communicating and sharing documents within your company. We utilize Teams every day at Hammett Technologies and could not be happier with its overall ease of use, innovation, and productivity. However, recently, security researchers have discovered an exploit within the business chatting software from Microsoft. This exploit could potentially allow for malicious files to be downloaded and executed. How Can It Happen? Microsoft Teams utilizes the Squirrel project, which deals with installation and updating. Through the use of the “update” command, hackers can potentially upload and execute malicious files into Microsoft Teams. Along with this are other exploits, allowing for remote download and execution of malicious files. What Can I Do to Secure Teams? When it comes to computer viruses, the rule of thumb is always to make sure you and your team have strong passwords in place. This can deter unwanted guest from gaining access to your accounts and causing damage to your company. This rule applies here, as well. The only way malicious files can be uploaded Teams is through access, therefore, ensure that all members have strong passwords, ensure that permissions are set in place to ensure that those less trusted, or those with temporary access, are unable to upload or download documents. If you are unsure about the security of your Microsoft Teams environment, call Hammett Technologies! Our free assessment scans for issues like these and will bring security risks to your attention immediately. With us as your IT department, you can rest easy knowing your network, and online presence is secure! If you would like to find out more about what we can do for your company, click here!
A new malware strain has begun to attack IoT devices, wiping their firmware and rendering them useless. As of the writing of the article the malware has been live for a day and has already claimed a confirmed 2,000 victims in about 3 hours. Reports state that, Silex, the name of this malware, will continue to grow in scale and destructive nature. How Does Silex Work Reports state that Silex operates by destroying an IoT’s devices storage, removing the devices network config, dropping firewall rules, and ultimately ending by halting the device’s ability to operate. It does this by logging into the system using know default login credentials. In terms of destructive capabilities, this strain of malware is extremely threatening. If infected by the malware, the only option is to reinstall the device’s firmware, an operation many users will find to difficult to do. Experts believe this malware will lead to infected users throwing their devices away, thinking they were malfunctioning, rather than suspecting malware to be the case. For now, Silex appears to only be targeting Unix-like systems with default login credentials, but the malware also has a Bash shell version as well, meaning it could also be used to target systems running Unix like operating systems. This could spell disaster for Linux servers that have unsecured Telnet ports and poor admin or user credentials. At the time, the malware uses Iranian hosting services to operate, which has already been blacklisted by URLhaus. However, it is still recommended that you make sure your passwords are up to date and are anything but the default.
Across the United States, hackers have been targeted cities through the use of ransomware. Ransomware is a malicious attack on a computer system which completely locks the user out of their computer until a “ransom” is paid (usually in bitcoins). For those who think paying the ransom will be the easiest option should be aware that there is no guarantee that, upon payment, a decryption key will be provided. What makes ransomware especially threatening is the timer that not only counts down how many days left the user has before all files are deleted but also increases the price of decryption each passing day. Ransomware attacks should not be news to residents of Maryland. A similar attack has plagued Baltimore’s city government for a while, and the price of recovery has skyrocketed to $18 million. As of today, Lake City, Florida, another US city infected with ransomware, has decided to pay the ransom in order to regain access to their technology network. Despite Lake City’s technology department successfully disconnecting all infecting computers within a matter of minutes the virus was able to snake its way through the entire government’s network, with the police and fire departments being the exception. Lack City, Florida government officials have agreed to pay a ransom of $500,000. Upon payment, Lake City was granted a recovery key after paying the ransom, something other cities should take note of. Baltimore and Lake City are not the only two cities to have been plagued with the attack. Other cities such as Lynn, Massachusetts, Cartersville and Jackson County, Georgia have also been faced with this serious cyber-attack. These attacks, while expensive to fix, are a wakeup call to local governments. Ransomware is often targeted and successful on outdated systems, something each of the cities listed had. In order to combat these issues, and ensure they do not happen again, regular maintenance, updates, and patches are not only necessary but required. These attacks not only cripple the state government, but they also hurt the general public.
A new adware exploit has been discovered recently. Named “Cavallarin” after its founder, the exploit allows for the unwarranted download of various ads onto the users Mac device, all while being trusted by Apple’s macOS Gatekeeper. How the Cavallarin Exploit Works The exploit takes advantage of Mac’s Gatekeeper protection service, allowing for malicious apps to trick the Gatekeeper into thinking they are Apple-certified applications, granting them elevated access to the device. This is a serious concern that Apple has yet to address, even after Filippo Cavallarin approached them with the discovery. When the Gatekeeper is operating properly, it will prompt the user, informing them that the application they are attempting to install is not Apple-certified and could be hazardous. However, if the application takes advantage of the exploit, this prompt will never occur, and the device will become infected. How to Prevent Your Mac Device from Exploitation For now, the easiest method of prevention would be to only download applications that are 100% known to be Apple-certified. Even then, it is smart to remain vigilant regarding any application you are download, always airing on the side of caution. For now, with no comment from Apple regarding the exploit yet, it is hard to say when a patch will be created and pushed to users. If you are still worried about the potential exploitation of your device, Intego’s free VirusBarrier Scanner is able to check your system for apps using the exploit. These threats will appear as “OSX/Linker.”
Clearing your cache and history on your favorite browser can greatly improve performance while you browse the web! However, many popular browsers hide the function within the settings, making it sometimes difficult to find. Don’t panic, I am here to help! Below you will find in-depth individual guides on clearing history and cache for some of the most popular desktop browsers used today. Google Chrome Step 1: Click on the found in the upper right-hand corner of the browser window Step 2: Click on History Step 3: In the sub-menu, click on History Step 4: Locate Clear browsing data on the left-hand side of the browser window Step 5: Chrome will allow you to select a time range, as well as specify which data you wish you delete. 1. Time Range: Allows you to select the amount of browser history you will delete, ranging from 1 hour – All 2. Clear data: Once you have selected your time range, and have chosen what you would like to delete (Browsing history, Cookies and other site data, Cached images and files), click Clear data Mozilla Firefox Step 1: Click on the located in the upper right-hand corner of the browser window Step 2: Located and click on Options Step 3: Locate Privacy & Security on the left-hand side of the bowser window and select it Step 4: Scroll Down until you locate History and select Clear History… Step 5: Similar to Google Chrome, Firefox will allow you to select a time range, as well as specify which data you wish you delete. 1. Time Range: Allows you to select the amount of browser history you will delete, ranging from 1 hour – All 2. Clear data: Once you have selected your time range, and have chosen what you would like to delete (Browsing & Download History, Active Logins, Form & Search History, Cookies, and Cache), click Clear data Opera Step 1: Locate the in the upper left-hand corner of the browser window Step 2: Locate and select History Step 3: Locate and Select Clear browsing data in the sub-menu Step 4: Similar to the previous two browsers, Opera gives the user similar options when wanting to delete history, including: Time range, and options to delete browsing history, download history, news usage data, cookies and other site data, caches images and files 1. Time Range: Allows you to select the amount of browser history you will delete, ranging from 1 hour – All 2. Clear data: Once you have selected your time range, and have chosen what you would like to delete (Browsing & Download History, Active Logins, Form & Search History, Cookies, and Cache), click Clear data
If you use Mozilla Firefox it is imperative that you make sure your browser is on version 67.0.3 or ESR 60.7.1! The vulnerability was found by Google’s Project Zero security team, and they describe the vulnerability as: “A type confusion vulnerability [that] can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.” How to Update Firefox If you are unsure of how to check to make sure your Firefox browser is up to date, or how to update it, fear not! We have provided a step by step guide below that will allow you to easily navigate through the browser’s settings! Step 1 Click on the in the upper right-hand corner of the browser window. Step 2 Once the drop down menu is open, click on “options”. Step 3 Scroll down until you find “Firefox Updates”. 1. Make sure your browser is on the latest version! 2. If it is not click on “Check for updates” on the right-hand side of the browser window. 3. Make sure your you check off “Automatically install updates (recommended)” to ensure your browser always stays up to date and safe! If you are worried your business may be at risk, don’t hesitate! Call Hammett Technologies today and set up a free network assessment!
As technology continues to advance, so do those who aim to use it to exploit others. According to Accenture, when a business suffers a cybersecurity attack, an estimated $2.4 million is spent on recovery, and it takes an estimated 50 days to recover from the attack entirely. On a global scale, the average business can expect to spend on recovery is estimated to be as high as $3.86 million, with another attack within 24 hours with a 27.9% chance (via 2018 Ponemon Report). It is essential that businesses understand this threat, and that investing in preventative measures, such as automation, is important to maintaining a business’s security. What is a Data Breach? According to the 2018 Cost of a Data Breach Study, to classify an event as a “data breach” an individual’s medical record, financial record, and/or debit card information must be placed at risk. This type of information can become exposed due to malicious or criminal attack, system glitch, and even human error. How Does a Business Avoid Data Breaches? In order to prevent a data breach from occurring, a business must invest in a strong cybersecurity team. With the support of a robust cybersecurity team, a business has a better chance of staying ahead of malicious hackers. Furthermore, extensive pressure testing can also aid in prevention. Pressure testing a businesses network environment can reveal vulnerabilities, as well as aid in innovation, keeping your cybersecurity ahead of the attackers. However, one of the most important defenses a business can invest in is automation. What is Automation and How Can It Improve Cyber Defense? When it comes to cybersecurity, automation is your best defender. According to 2019 Study on the Cyber Resilient Organization, automation, in the cybersecurity field, refers to investing and enabling in cybersecurity technologies that assist or replace human intervention in the identification and containment of cyber exploits or breaches. Furthermore, for these technologies to function correctly and efficiently, artificial intelligence and machine learning, must be appropriately implemented. Automation creates a symbiotic relationship with businesses cyber resilience. It reduced the chances a business has of encountering a data breach, as well as the frequency of them occurring. Investing in automation allows for a business to feel more confident in its ability to track, prevent, and contain potential cybersecurity incident. However, while automation does remove humans from the identification and containment procedure, it does not mean that cybersecurity professionals are irrelevant. A business should keep a full staffed cybersecurity team to assist in training, as well as regular maintenance of the automation processes. Furthermore, a fully staffed cybersecurity team can develop a Computer Security Incident Response Plan (CSIRP), which significantly assists in detection and containment. Automation is a necessary part of a company this wished to keep their client’s information save and save money. According to the 2018 Cost of a Data Breach Study, on average, the losses of a company that has fully and effectively implemented automation to their cybersecurity defense, are $2.88 million, while a company that has decided to skip on automation suffers $4.43 million in losses. Automation is an essential tool for any business looking to improve its cybersecurity and cyber resilience. What Other Steps Should a Business Take to Continually Improve its Cyber Resilience? Automation is a crucial component to any businesses cybersecurity detail, but businesses cannot overlook other key personnel and details either. Security intelligence systems can save a company as much as $3.7 million. Companies that take full advantage of encryption and effectively use it can save as much as $1.4 million annually. Properly implementation of a firewall can prevent 2.5 million in losses yearly as well. Perhaps the most often overlooked factor is maintaining a sufficient budget for cybersecurity, which can save a company $2.8 million annually when appropriately maintained. As stated earlier, keeping a fully staffed cybersecurity team crucial to maintaining the network, leading to $2.1 million in savings for the company; however, no team is without its leader. Hiring a Chief Information Security Officer (CISO) can further improve security, as well as save a company $2 million yearly. Lastly, and an added measure as to what automation cannot accomplish is proper training and cybersecurity awareness meetings. Training and informing employees on cybersecurity not only helps to prevent human error, but it also saves a company $1.5 million every year. Automation is crucial, but implementing other cybersecurity personnel and details in equally important in maintaining a proper network. As technology continues to progress, the threats do as well. Therefore, it is up to businesses and cybersecurity teams to implement the proper tools necessary to defend against attacks that can wreak havoc and cause data breaches. At Hammett Technologies we understand the importance and can help evaluate and develop a plan to help train employees and prevent data breaches, ensuring your company’s data remains secure.