Earlier this week, a massive Twitter hack occurred, involving famous individuals and high-profile politicians. These hacked accounts asked for bitcoins and offered to “double the amount” to “give back to the community.” Twitter, while conducting its investigation, has commented on the situation, stating that the hackers had specifically targeted employees who had access to internal systems and tools. Twitter is calling this attack a “coordinated social engineering attack.” Furthermore, Twitter has also stated that they are investigating other potential “malicious activities” that may have taken place during the attack. However, these have not done much to help calm down the victims of the hack. US Sen. Edward Markey commented on the situation and stated that this kind of attack is “extremely troubling.” “While this scheme appears financially motivated and, as a result, presents a threat to Twitter users, imagine if these bad actors had a different intent to use powerful voices to spread disinformation to interfere without elections potentially, disrupts the stock market, or upset our international relations.” Twitter has confirmed that the hackers while targeting 130 accounts, were only able to access a small portion of them. This “small portion” was then used to create cryptocurrency fraud, stated the FBI. The FBI went on to mention the importance of practice cybersecurity and becoming knowledgable in common internet scams and schemes. Bitcoin, while the cryptocurrency itself is not malicious, is often used by cybercriminals for transactions and scams. The Twitter hack furthers the point we try to make towards business. Cybersecurity is critical, and if a multibillion-dollar company (Twitter) can be breached, then so can your company. We understand that this truth can be scary, but it is a truth many companies refuse to face, and many companies do not want to face it. Many choose to cut corners to save many, leading to a poorly designed cybersecurity team and system. We urge you to think carefully about your company’s cybersecurity. Hammett Technologies offers cybersecurity support for companies of all sizes to ensure that your business stays out of the hands of criminals. We help install firewalls, set up Virtual Private Networks (VPNs), and much more for a fraction of the cost of other companies. At Hammett Technologies, we want to work with you, as partners, to ensure your company is as safe as possible. Wanna find out more about how Hammett Technologies can help your business? Find out how we can help your business stay safe!
“Mass Logger,” a new keylogger on the market, has the potential to become extremely dangerous for businesses and individuals. Keyloggers are a type of malware, usually found within phishing campaigns, that store all information you type into your computer. These malicious programs can lead to many of your passwords becoming compromised. Why is This Key Logger so Dangerous? Mass Logger is different from other key loggers. The developer of Mass Logger is frequently updating this key logger to help it remain undetected through automated antivirus solutions. Furthermore, support from the developer allows other cybercriminals to assist with and make requests for the malware. Cofense Intelligence has already identified a phishing campaign hiding Mass Logger. Emails loaded with GuLoader, a popular malware delivery mechanism that downloads encrypted payloads hosted on legitimate file-sharing platforms is also being used to deliver Mass Logger. A New Kind of Keylogger Additions and features, such as the ability to spread itself through USB ports, set Mass Logger apart from other key loggers. Mass Logger is also able to search for specific file extensions and exfiltrate them. These “features,” and the key loggers continued support from its developer, could see Mass Logger being adopted by a large portion of cybercriminals. Defending Yourself from Mass Logger Defending yourself from malware is tiresome but a necessary task when online. Ensure that you are watching out for suspicious emails from unknown senders. Never open attachments from people you are unfamiliar with or do not know. Merely opening an infected attachment is all malicious programs need to begin infecting your system. Ensure that you trust the sites you are downloading programs from and that they are reputable. If you are worried about your company and want your employees to understand the importance of practicing cybersecurity daily, call Hammett Technologies. We are certified experts and will ensure your business runs at top speed without cutting corners on cybersecurity.
Windows and Linux users are once again the targets of a new string of ransomware: Tycoon. First discovered in 2019, the new strain of ransomware was created to attack educational institutes and software industries. Once inside, Tycoon proceeds to encrypt file servers, demanding a ransom for decryption. What makes this ransomware different from its predecessors is its use of code to help disguise its presence on networks. Uncovering Tycoon Ransomware Discovered by researchers and security analysts at Blackberry and KPMG, Tycoon is quite unusual compared to other ransomware. Utilizing Java, Tycoon deploys using Java Runtime Environment (JRE) and compiles itself into a Java image file (Jimage) to hide its malicious payload. What Tycoon Does The ransomware infiltrates a network using unsecured internet-facing remote desktop protocol (RDP) servers. When the system is compromised, antivirus solutions are rendered useless due to Tycoon’s ability to elevate its privileges and disable them. Once executed, Tycoon ransomware encrypts all files connected with the network, adding filename extensions such as .redrum, .grinch, and .thanos. Like other ransomware, once all files are encrypted, users are prompted to pay a ransom (in the form of bitcoin) to obtain their data back safely. Staying Safe RDP is a common way for many malicious attack campaigns to infiltrate networks. Ports should only face outward towards the internet for extreme cases, and users accessing these ports should have strong, unique passwords. Regularly updating your system’s security is another good way to ensure your network remains safe. Regularly backing up your network and storing those backups offsite or off the network is another crucial step to take. Should the worst case scenario happen, a backup will save you time and money. Worried your network may be compromised or at risk to attackers? Wondering when the last time you backed up your network was? Hammett Technologies can take care of all your business’s technological needs without the headache. Give us a call and secure your data today!
After the death of Iran’s General Qassem Solelmani, the United States may end up dealing with some serious cyber-attacks. Since 1984, the United States has recognized Iran as a nation that supports terrorism and terrorist organizations, which has led to previous conflicts between the two nations. However, after the recent assassination of General Qassem Solelmani, the United States may face fierce retaliation. We have already seen government sites become hacked and defaced with Pro-Iran propaganda. Therefore, while we are unsure which shape their “revenge” will take, it is important that all US citizens prepare for all aspects, especially cyber. The Department of Homeland Security has issued the following statement urging US citizens to be cautious when browsing online over the next couple of weeks. Many of us are aware of the basics when it comes to browsing online safely, but it is important to review. Be cautious of suspicious emails It is better to be safe than sorry. Do not download any attachments, or click any links, from emails unless you are 100% certain the email originated from a trusted sender. Be aware of suspicious websites If a website seems off or is asking for your credentials where it has not before, close the browser and attempt to navigate to the proper website. Fraudulent banking websites are extremely common and usually appear due to simple typos. For businesses, make sure your cybersecurity team has your network locked down and protected against cyber-attacks. It is extremely important that one’s network is protected at all times. This is especially important if you are a business that transports customer confidential data or uses credit card transactions. If you are worried that your business’s network may be easily accessible by criminals, do not hesitate to reach out to Hammett Technologies. With over 20 years of IT and Cybersecurity experience we will help identify flaws that allow attackers to enter your network ensuring your network is protected. Our team will ensure your company’s and customer’s data is secure and encrypted, without interrupting the day to day processes. Contact us today and figure out why we are the #1 growing MSP in Maryland!
On December 10th, 2019, Wawa’s information security team discovered malware on its payment processing server. By December 12, the data breach was contained, but they fear the damage has already been done. In the statement released by Wawa, the “malware has affected customer payment card information, potentially used at all Wawa locations, starting from March 4, 2019, till [its] containment.” Furthermore, Wawa has promised that “…you will not be responsible for any fraudulent charges on your payment cards related to this incident…” As of containment, an investigation has been launched and it has been discovered that, while the data breach has affected credit and debit card numbers, expirations dates, and cardholder names, it has not compromised debit card PIN numbers, credit card CVV2 numbers (the three to four numbers found on the back of the cards), other PIN numbers, and driver’s license information used to verify age-restricted purchases…” To find out the steps you should take to make sure your information stays secure, visit the statement Wawa made. There you will be able to find exact details as to the steps needed to be taken to make sure you are financially compensated or make sure your information stays safe. To learn more about what we can do to assist your company, visit our What We Do page!
Pitney Bowes, the e-commerce and tech-shipping company, has suffered a ransomware attack. On October 14th, the company disclosed that they were victims of a malware attack that resulted in the encryption of information systems and disabled customer access to some services. As of now, Pitney Bowes has confirmed that it is working with third-party security experts and consultants. However, the identity of these experts is still unknown. The company has also disclosed that, as of now, it does not appear that customer data or any other sensitive information had been accessed. While this is reassuring, it is important to air on the side of caution. Ransomware attacks are not known to be a form of heckling someone. Pitney Bowes has yet to disclose whether the attack was directed at a certain employee, or if it was transported to them through a third-party service provider. Furthermore, it is unknown if the company’s MSP was monitoring the security network before the attack occurred. We expect to learn more information and will keep you apprised of the situation as the story develops. What’s Next? If you believe you were affected by this attack, we recommend following the developments on Pitney Bowes’s Twitter as well as there webpage that is posting live updates of the situation as it develops. The company has stated that it plans on keeping its users as up-to-date on the situation as possible. It is important that you, as a business owner, trust your MSP to monitor your network and keep your customer’s and employee’s sensitive information out of the hands of criminals. Hammett Technologies has proven time and time again that we are able to handle ourselves in the event of a crisis and secure all sensitive information before it falls into the hands of thieves. To learn more about what we do, visit the What We Do page, or give us a call today!
Its no denying that Windows Defender has come a long way since its debut in 2006. When it was first revealed, Windows Defender was a laughable attempt at an antivirus solution, however, Microsoft, with the release of Windows 10, had started to show neglect for the free antivirus solution. After a while, Microsoft was able to create a competitive, free, antivirus solution for its customers. Although, what they didn’t consider was how often their updates affect other areas of their operating system. Shooting Themselves in the Foot While patching an error within Windows Defender, Microsoft unknowingly gave themselves another, equally worrisome problem to deal with. The update to Windows Defender on September 16th was to patch out a coding flaw that would send an error to users when a file system was scanned and needed repair. However, when the update was pushed out to users, it was discovered that both the quick scan and full scan options were broken. Most of the time, when running a full or quick scan on your machine, you can expect to wait anywhere between 15 minutes to 4 hours, depending on how much used space you have. However, users were reporting that, after the update, when running a quick or full scan on their machines, Windows Defender would scan only a small amount of their files before completing. However, if you still wish to run a scan on your machine, or need to run a scan, there is a workaround. By running a Custom Scan, you can specify which drive you wish Windows Defender to inspect, and the scan should run and complete normally. What You Need to Do Reported by numerous other sites, such as Forbes and BleepingComputer, Microsoft has already released a fix for the issue! So, while it can be said that they broke Windows Defender, they also fixed it within a day, showing they are capable of maintaining their antivirus solution. The update should automatically trigger for users, but to be sure, make certain you manually check for updates! Furthermore, it is important that those who are using Windows Defender as their antivirus solution do not adopt the policy of not updating their machines. Microsoft is usually upfront and honest about errors that occur with their operating system due to updates while following up that honesty with a quick response time to get a patch out to all users. It is important to remember that not updating your machine is usually worse than dealing with the occasional breakage that may occur. That said, waiting a day or two before updating, to make sure the update is clean of bugs and errors, is always a wise route to take!
Across the United States, hackers have been targeted cities through the use of ransomware. Ransomware is a malicious attack on a computer system which completely locks the user out of their computer until a “ransom” is paid (usually in bitcoins). For those who think paying the ransom will be the easiest option should be aware that there is no guarantee that, upon payment, a decryption key will be provided. What makes ransomware especially threatening is the timer that not only counts down how many days left the user has before all files are deleted but also increases the price of decryption each passing day. Ransomware attacks should not be news to residents of Maryland. A similar attack has plagued Baltimore’s city government for a while, and the price of recovery has skyrocketed to $18 million. As of today, Lake City, Florida, another US city infected with ransomware, has decided to pay the ransom in order to regain access to their technology network. Despite Lake City’s technology department successfully disconnecting all infecting computers within a matter of minutes the virus was able to snake its way through the entire government’s network, with the police and fire departments being the exception. Lack City, Florida government officials have agreed to pay a ransom of $500,000. Upon payment, Lake City was granted a recovery key after paying the ransom, something other cities should take note of. Baltimore and Lake City are not the only two cities to have been plagued with the attack. Other cities such as Lynn, Massachusetts, Cartersville and Jackson County, Georgia have also been faced with this serious cyber-attack. These attacks, while expensive to fix, are a wakeup call to local governments. Ransomware is often targeted and successful on outdated systems, something each of the cities listed had. In order to combat these issues, and ensure they do not happen again, regular maintenance, updates, and patches are not only necessary but required. These attacks not only cripple the state government, but they also hurt the general public.
If you use Mozilla Firefox it is imperative that you make sure your browser is on version 67.0.3 or ESR 60.7.1! The vulnerability was found by Google’s Project Zero security team, and they describe the vulnerability as: “A type confusion vulnerability [that] can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.” How to Update Firefox If you are unsure of how to check to make sure your Firefox browser is up to date, or how to update it, fear not! We have provided a step by step guide below that will allow you to easily navigate through the browser’s settings! Step 1 Click on the in the upper right-hand corner of the browser window. Step 2 Once the drop down menu is open, click on “options”. Step 3 Scroll down until you find “Firefox Updates”. 1. Make sure your browser is on the latest version! 2. If it is not click on “Check for updates” on the right-hand side of the browser window. 3. Make sure your you check off “Automatically install updates (recommended)” to ensure your browser always stays up to date and safe! If you are worried your business may be at risk, don’t hesitate! Call Hammett Technologies today and set up a free network assessment!