“Mass Logger,” a new keylogger on the market, has the potential to become extremely dangerous for businesses and individuals. Keyloggers are a type of malware, usually found within phishing campaigns, that store all information you type into your computer. These malicious programs can lead to many of your passwords becoming compromised. Why is This Key Logger so Dangerous? Mass Logger is different from other key loggers. The developer of Mass Logger is frequently updating this key logger to help it remain undetected through automated antivirus solutions. Furthermore, support from the developer allows other cybercriminals to assist with and make requests for the malware. Cofense Intelligence has already identified a phishing campaign hiding Mass Logger. Emails loaded with GuLoader, a popular malware delivery mechanism that downloads encrypted payloads hosted on legitimate file-sharing platforms is also being used to deliver Mass Logger. A New Kind of Keylogger Additions and features, such as the ability to spread itself through USB ports, set Mass Logger apart from other key loggers. Mass Logger is also able to search for specific file extensions and exfiltrate them. These “features,” and the key loggers continued support from its developer, could see Mass Logger being adopted by a large portion of cybercriminals. Defending Yourself from Mass Logger Defending yourself from malware is tiresome but a necessary task when online. Ensure that you are watching out for suspicious emails from unknown senders. Never open attachments from people you are unfamiliar with or do not know. Merely opening an infected attachment is all malicious programs need to begin infecting your system. Ensure that you trust the sites you are downloading programs from and that they are reputable. If you are worried about your company and want your employees to understand the importance of practicing cybersecurity daily, call Hammett Technologies. We are certified experts and will ensure your business runs at top speed without cutting corners on cybersecurity.
What should not come as much of a surprise to anyone, criminals are using COVID-19 as a jumping point for new scam call campaigns and phishing email attacks. These attacks have become so prevalent that the CDC has released a statement and some helpful tips on how to make sure your sensitive information stays safe. Phone Scams There are many apps and websites that allow people to disguise their phone number and identity. Phone scammers are using these apps and websites to make it appears as if their phone call is originating from within the CDC. Either through direct conversation or by leaving a voicemail, these scammers attempt to have you reveal sensitive information about yourself (credit card information, social security, etc.). These kinds of acts are considered “impersonation fraud” but are challenging to track down and pursue due to how they originate. To keep yourself safe, avoid picking up the phone when you do not recognize the number. If you do happen to pick up, do not reveal any sensitive information over the phone to someone you do not know, regardless of who they claim to be affiliated with. If you find yourself on the phone with someone to suspect to be a scammer, hang up on them immediately, block the number they called from, and report them to the Federal Communications Commission (FCC). Phishing Attacks Phishing emails are malicious emails created by cybercriminals in an attempt to steal your sensitive information. Phishing attacks have always been around, but with COVID-19, cybercriminals have a convincing means of scaring and persuading some people to either give out confidential information or access their machine by clicking malicious links. Phishing emails, similar to the scam phone calls, are disguising themselves as emails sent from the CDC. These emails contain attachments regarding infection-prevention measures. These attachments are usually embedded with viruses that can steal your information and track your online browsing. Protecting yourself from phishing attacks in simple but must be continuously practiced when online. Here are a few safety tips: Never open emails from someone you do not know Be careful when obtaining information regarding COVID-19 from third parties. Go directly to the government website for official updates and safety tips. If links are embedding within the email, hover over them before clicking on them to see where they will take you. If the email comes from someone you do not know, do not open attachments. Never provide sensitive information over email, to anyone. Staying Safe; Online and Offline Coronavirus has caused Americans many issues regarding work and general health safety. Unfortunately, people out there have sought to take advantage of this situation and cause more havoc. We hope that this information finds you and your data safe and well during these trying times. If you have any questions or concerns, give us a call! We are happy to assist!
Windows and Linux users are once again the targets of a new string of ransomware: Tycoon. First discovered in 2019, the new strain of ransomware was created to attack educational institutes and software industries. Once inside, Tycoon proceeds to encrypt file servers, demanding a ransom for decryption. What makes this ransomware different from its predecessors is its use of code to help disguise its presence on networks. Uncovering Tycoon Ransomware Discovered by researchers and security analysts at Blackberry and KPMG, Tycoon is quite unusual compared to other ransomware. Utilizing Java, Tycoon deploys using Java Runtime Environment (JRE) and compiles itself into a Java image file (Jimage) to hide its malicious payload. What Tycoon Does The ransomware infiltrates a network using unsecured internet-facing remote desktop protocol (RDP) servers. When the system is compromised, antivirus solutions are rendered useless due to Tycoon’s ability to elevate its privileges and disable them. Once executed, Tycoon ransomware encrypts all files connected with the network, adding filename extensions such as .redrum, .grinch, and .thanos. Like other ransomware, once all files are encrypted, users are prompted to pay a ransom (in the form of bitcoin) to obtain their data back safely. Staying Safe RDP is a common way for many malicious attack campaigns to infiltrate networks. Ports should only face outward towards the internet for extreme cases, and users accessing these ports should have strong, unique passwords. Regularly updating your system’s security is another good way to ensure your network remains safe. Regularly backing up your network and storing those backups offsite or off the network is another crucial step to take. Should the worst case scenario happen, a backup will save you time and money. Worried your network may be compromised or at risk to attackers? Wondering when the last time you backed up your network was? Hammett Technologies can take care of all your business’s technological needs without the headache. Give us a call and secure your data today!
When you get a bill in the mail, many of us think little of it and pay the amount due without reading too much into it. However, scammers do not only exist virtually, but they also claim victims in reality. Whenever you are asked to send money or pay something, you must read carefully, and if anything suspicious sticks out, you must use extreme caution. Consider calling the company that is listed on the letter or email to confirm the bill is legitimate and avoid being scammed. For example, take this fake I.R.S bill: Scammers will attempt to steal your money any way they can, but there are usually ways to tell the real letters from the fakes. Pay close attention to the wording used and if something causes concerns, call the company who issues you the mail immediately. It has been said that the I.R.S will never call or email to obtain money, but it will send letters. Until recently, this method has worked to avoid scammers for the most part. Obviously this has now changed, and scammers have begun sending fake correspondence demanding money from people. It is easy for I.R.S employees to spot the differences in the letters being sent, but for the average individual, it is not. Therefore, consider reading the I.R.S’s post about how to avoid scams! They outline several helpful tips that will help prevent you from becoming a victim!
After the death of Iran’s General Qassem Solelmani, the United States may end up dealing with some serious cyber-attacks. Since 1984, the United States has recognized Iran as a nation that supports terrorism and terrorist organizations, which has led to previous conflicts between the two nations. However, after the recent assassination of General Qassem Solelmani, the United States may face fierce retaliation. We have already seen government sites become hacked and defaced with Pro-Iran propaganda. Therefore, while we are unsure which shape their “revenge” will take, it is important that all US citizens prepare for all aspects, especially cyber. The Department of Homeland Security has issued the following statement urging US citizens to be cautious when browsing online over the next couple of weeks. Many of us are aware of the basics when it comes to browsing online safely, but it is important to review. Be cautious of suspicious emails It is better to be safe than sorry. Do not download any attachments, or click any links, from emails unless you are 100% certain the email originated from a trusted sender. Be aware of suspicious websites If a website seems off or is asking for your credentials where it has not before, close the browser and attempt to navigate to the proper website. Fraudulent banking websites are extremely common and usually appear due to simple typos. For businesses, make sure your cybersecurity team has your network locked down and protected against cyber-attacks. It is extremely important that one’s network is protected at all times. This is especially important if you are a business that transports customer confidential data or uses credit card transactions. If you are worried that your business’s network may be easily accessible by criminals, do not hesitate to reach out to Hammett Technologies. With over 20 years of IT and Cybersecurity experience we will help identify flaws that allow attackers to enter your network ensuring your network is protected. Our team will ensure your company’s and customer’s data is secure and encrypted, without interrupting the day to day processes. Contact us today and figure out why we are the #1 growing MSP in Maryland!
User’s of Facebook have had the contact information exposed after a major data breach occurred. For two weeks, Facebook left the user’s information unsecured on the web, leading to a massive data breach that security researchers believe has affected nearly 267 million Facebook users. Bob Diachenko, along with Comparitech, worked together to uncover the leaked database. Upon its discovery on a hacker forum, Diachenko informed the Internet Service Provider (ISP) managing the IP address of the server. However, user information such as phone numbers and names were left online, at the latest, until December 19th of this year. From what was found on the database, most of the users are from the United States, and it is believed that the information will be used for a mass phishing campaign vis SMS. Staying Safe If you receive an unsolicited text message, the best course of action is to not respond, even if the sender knows some information about you. If you want to minimize the risk of your information being exposed to the public, Facebook does allow users to opt-out via privacy settings. After logging into Facebook: Navigate to Settings Select Privacy Set all fields to “Only Me” or “Friends” Set “Do you want search engines outside of Facebook to link to your profile” to “No” While this will not protect against data breaches, but it will add some extra protection to your Facebook account, making it more difficult for criminals to gain access to your personal information. Although, the only way to be completely sure you are unaffected by Facebook data breaches is to completely delete your Facebook account. If you have any questions on concerns, please do not hesitate to reach out to us! We are experts in cybersecurity and understand how important it is to make sure that all personal and business-related information is secure. To learn more about what Hammett Technologies can do to support your business, visit the What We Do page!
On December 10th, 2019, Wawa’s information security team discovered malware on its payment processing server. By December 12, the data breach was contained, but they fear the damage has already been done. In the statement released by Wawa, the “malware has affected customer payment card information, potentially used at all Wawa locations, starting from March 4, 2019, till [its] containment.” Furthermore, Wawa has promised that “…you will not be responsible for any fraudulent charges on your payment cards related to this incident…” As of containment, an investigation has been launched and it has been discovered that, while the data breach has affected credit and debit card numbers, expirations dates, and cardholder names, it has not compromised debit card PIN numbers, credit card CVV2 numbers (the three to four numbers found on the back of the cards), other PIN numbers, and driver’s license information used to verify age-restricted purchases…” To find out the steps you should take to make sure your information stays secure, visit the statement Wawa made. There you will be able to find exact details as to the steps needed to be taken to make sure you are financially compensated or make sure your information stays safe. To learn more about what we can do to assist your company, visit our What We Do page!
With the holidays fast approaching, everyone is looking for a way to make a few extra dollars. However, some of us are doing it in a less than legal way, making the holidays tougher for others. Dexphot has been on a crime spree as of late, infecting upwards of 80,000 computers with cryptocurrency miners. The good news is that its crime spree, since 2018, has begun to decline. What is Dexphot? Considered to be unnecessarily complex for its task, Dexphot is a malware strain that uses your machine to mine for cryptocurrency. Its complexity lies within its ability to hide from security solutions. According to Microsoft, Dexphot uses “obfuscation, encryption and the use of randomized file names [to hide] the installation process.” As well as being designed to “fly under the radar”, through hijacking legitimate system processes, Dexphot was also designed to reinstall itself, should its location within the victim’s machine become compromised. How Dexphot Spreads Microsoft describes Dexphot as a second-stage payload – a type of malware that is dropped on systems already infected with other malware. The most common of these malware strains which assist Dexphot’s ability to spread was ICLoader, “a malware strain that’s usually side-installed as part of software bundles, without the user’s knowledge, or when users download and install cracked or pirated software,” says ZDnet.com. Once infected with ICLoader, Dexphot would then be remotely installed on the victim’s computer, further compromising the machine. Once inside, Dexphot would use legitimate Windows system processes to avoid detection from antivirus solutions. But that is not the only ace Dexphot has up its sleeve. Through a technique called polymorphism, Dexphot would be able to change used file names and URLs in regular intervals, making it extremely hard for traditional antivirus solutions to lock onto the virus. Another sneaky technique used by Dexphot was its ability to reinstall itself on the victim’s machine. Not only did this serve as a safeguard to avoid deletion, but it also means that the attackers could update the malware and have the updated version automatically installed on the victim’s machine, helping to further its ability to avoid detection. How to Stay Safe From Cryptocurrency Miners As unfortunate as it is, malware like Dexphot is more common then you may think. Cryptocurrency miners are a common malware cybercriminals install on machines so that they can generate revenue. These kinds of malware work in the background, generating revenue while you use your computer. Thankfully, there is hope when it comes to Dexphot. Microsoft, through their Microsoft Defender Advanced Threat Protection, is able to detect and stop viruses like Dexphot before they become an issue. As always, if you are worried about your company’s virus protection contact Hammett Technologies. We ensure all your technology needs are met. If you have any questions regarding anything above, please feel free to give us a call. We are happy to assist you, or your company, with all your cybersecurity needs! To learn more about what we can do to assist your company, visit our What We Do page!
Pitney Bowes, the e-commerce and tech-shipping company, has suffered a ransomware attack. On October 14th, the company disclosed that they were victims of a malware attack that resulted in the encryption of information systems and disabled customer access to some services. As of now, Pitney Bowes has confirmed that it is working with third-party security experts and consultants. However, the identity of these experts is still unknown. The company has also disclosed that, as of now, it does not appear that customer data or any other sensitive information had been accessed. While this is reassuring, it is important to air on the side of caution. Ransomware attacks are not known to be a form of heckling someone. Pitney Bowes has yet to disclose whether the attack was directed at a certain employee, or if it was transported to them through a third-party service provider. Furthermore, it is unknown if the company’s MSP was monitoring the security network before the attack occurred. We expect to learn more information and will keep you apprised of the situation as the story develops. What’s Next? If you believe you were affected by this attack, we recommend following the developments on Pitney Bowes’s Twitter as well as there webpage that is posting live updates of the situation as it develops. The company has stated that it plans on keeping its users as up-to-date on the situation as possible. It is important that you, as a business owner, trust your MSP to monitor your network and keep your customer’s and employee’s sensitive information out of the hands of criminals. Hammett Technologies has proven time and time again that we are able to handle ourselves in the event of a crisis and secure all sensitive information before it falls into the hands of thieves. To learn more about what we do, visit the What We Do page, or give us a call today!
Its no denying that Windows Defender has come a long way since its debut in 2006. When it was first revealed, Windows Defender was a laughable attempt at an antivirus solution, however, Microsoft, with the release of Windows 10, had started to show neglect for the free antivirus solution. After a while, Microsoft was able to create a competitive, free, antivirus solution for its customers. Although, what they didn’t consider was how often their updates affect other areas of their operating system. Shooting Themselves in the Foot While patching an error within Windows Defender, Microsoft unknowingly gave themselves another, equally worrisome problem to deal with. The update to Windows Defender on September 16th was to patch out a coding flaw that would send an error to users when a file system was scanned and needed repair. However, when the update was pushed out to users, it was discovered that both the quick scan and full scan options were broken. Most of the time, when running a full or quick scan on your machine, you can expect to wait anywhere between 15 minutes to 4 hours, depending on how much used space you have. However, users were reporting that, after the update, when running a quick or full scan on their machines, Windows Defender would scan only a small amount of their files before completing. However, if you still wish to run a scan on your machine, or need to run a scan, there is a workaround. By running a Custom Scan, you can specify which drive you wish Windows Defender to inspect, and the scan should run and complete normally. What You Need to Do Reported by numerous other sites, such as Forbes and BleepingComputer, Microsoft has already released a fix for the issue! So, while it can be said that they broke Windows Defender, they also fixed it within a day, showing they are capable of maintaining their antivirus solution. The update should automatically trigger for users, but to be sure, make certain you manually check for updates! Furthermore, it is important that those who are using Windows Defender as their antivirus solution do not adopt the policy of not updating their machines. Microsoft is usually upfront and honest about errors that occur with their operating system due to updates while following up that honesty with a quick response time to get a patch out to all users. It is important to remember that not updating your machine is usually worse than dealing with the occasional breakage that may occur. That said, waiting a day or two before updating, to make sure the update is clean of bugs and errors, is always a wise route to take!