2018 Malware Forecast

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

2018 Malware Forecast

The Malware Forecast for 2018 has been released!

 

As we all know, ransom-ware is all around and so far the problem doesn’t seem to be going away.  During 2017, the hackers worked hard to prefect their techniques and did so with vigor.  This led to large global Malware outbreaks such as WannaCry, NotPetya and the most recent, Bad Rabbit.

Windows users seem to be the ones most hit hard by these attacks but clearly the hackers are targeting other platforms….including your mobile devices.  If you can remember not too long ago, there was ransom-ware attacking Android apps via Google Play and other online sources.

A study done by SophosLabs over a six-month period gave us an eye opening view of those attacks but thankfully the study also gave the opportunity to learn how organizations can cope during this stressful situation.

For the longest time the number one ransom-ware leader was Cerber, however they have been surpassed by WannaCry.  After being unleashed in May of 2017, WannaCry accounted for 45.3% of all ransom-ware tracked by SophosLabs, Cerber had accounted for 44.2%.

Apparently the rapid expansion had been due to the worm-like characteristics that both WannaCry and NotPetya have.  They seem to be able to replicate and continually scan and attack computers.  Bad Rabbit ransom-ware had indeed showed those same similarities and we can expect it to only continue as these cyber-criminals continue to build upon the past ransom-ware attacks and what they have learnt.

Back in June of 2017, NotPetya was the one causing damage for a short amount of time.  Initially it had been released through a Ukrainian Accounting Software Package, which did help with limiting the geographic that was hit, but it was eventually able to spread via the EternalBlue exploit…..similarly how WannaCry infected systems.

Considering that NotPetya had climbed and fell so quickly, it was still able to hurt plenty of businesses.  The suspicion was that cyber-criminals were experimenting or their goal was not ransom-ware but a more destructive attack like a data wiper.

Cerber, which is sold as a ransom-ware kit on the Dark Web is another dangerous threat that you need to stay away from!  This company makes money by charging the cyber-criminals who use it a percentage of each ransom they are paid.  They continually refine and update this software in order to be a step ahead of the security software.  Cerber is known to be an effective hacker tool and is readily available to the cyber-criminals who want it.

As mentioned earlier, the rise on Android ransom-ware increases every month.  In September of 2017, study showed a 30.37% increase of malware.  Import note on this is that Android ransom-ware is mainly found in non-Google Play markets, which is why it is important to pay attention and be cautious as to what apps you are downloading.

From the numbers, it is estimated that 10 million Android apps will be affected, which is up from the 2016 number of 8.5 million.

There are some important defense measures that you can take in order to protect yourself from being a victim of ransom-ware:

        • Back-up regularly and keep your recent back-up off-site to avoid any other ways that these files can be lost, such as fires, flood, theft, etc.
        • Unsolicited attachments.  We can often receive emails with attachments, but if you are unsure as to who has sent you the email, do not open.  Hackers are just waiting to see if you will and once you do….the trouble begins.
        • Remember to Patch early and often.  Malware usually comes via email, but for those times when it doesn’t, it is usually because it is hiding in popular applications, such as Microsoft Office, your browser, Flash and others.  So long as you patch, you can eliminate the open holes for the hackers to exploit.
        • By blocking the unauthorized encryption of files,Sophos Intercept X, can stop ransom-ware attacks in its place.
        • If you receive an attachment via email, do not enable macros.  Malware wants you to turn macros on and that is something you should not do!

 

If you are an Android user, here are some ways you can stay safe:

        • Google Play.  Stay using Google Play, while it is not perfect, the company does put a lot of effort into the prevention of malware before it arrives or purging it if they do find it in the Play Store.
        • New apps, these should be avoided if no one knows anything about them or if they have a low reputation.
        • Again we say, patch early & often!  If you buy a new phone, check to see when the vendor will have the updates and ensure you patch as soon as you can.

 

To read more on this 2018 Malware Forecast click here.

Quick Tips

Make sure you are running the latest software.


Remember to Patch early and often.

by BlackBox Connections

Topic:  2018 Malware Forecast

Cyber-criminals and the Bitcoin Craze

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

Cyber-criminals and the Bitcoin Craze

With the popularity of Bitcoin over the past little while, it’s no wonder that Cyber-criminals are hoping on board!  Having jumped thousands of dollars in value, just over the past few weeks we are hearing more and more stories of how these hackers are exploiting this cryptocurrency.

Cyber-criminals are using various methods to take advantage of this craze.  Whether it is stealing usernames or passwords, or installing malware on users’ computers….they are figuring out ways to hijack your computer!

Stealing Information

Although some may think Bitcoin is fairly new, it has actually been around since 2009.  From that time however, hackers have been trying to figure just out how to target this currency.

One of the most popular ways these criminals are taking advantage of the Bitcoin craze is by using something called keyloggers.  These are programs that can see what you type on your keyboard.  They then use this to steal your login information when logging into your bitcoin wallet.  Typically victims accidentally download keyloggers from an infected email attachment, which then installs onto the victims computer.  From there they monitor any Bitcoin transactions that occur so they can steal your passwords.

In addition to this however, the malware is also able to mine bitcoin and other types of cryptocurrency using your computer.

Mining on your time

Technologies like browser-based miners come into play to help crypto miners access.  Basically site owners run a Javascript on a person’s computer whenever they visit a particular site.  This script will then use your computer’s CPU to mine for currencies such as Bitcoin or Monero.

This software or script is not designed to harm your computer as the script could also be used by publishers and webpage owners to generate revenue lost from ad blockers….but there are times when you are not being told it is running.

Not all Monero miners or sites will tell you that this script is running in the background, which can be annoying as it sucks up system resources and can significantly slow down your computer.  Monero miners are only supposed to run on your computer while you are actually visiting their site but there are times when it can generate a browser window that hides on your desktop and will continue to suck up your resources.

Results from an IT company noticed that they saw an increase of 10 times from September to October for mining tools being detected on their customer’s computers.    Adding the results from November, they have actually seen 33,000 detection’s per day!

Dragging you down

For the most part, these mining malware tools are not as damaging as ransomware which has the ability to lock down your computer till you either erase your hard drive or pay the ramsome, but they do come with their own concerns.

There are different miners out there that can either stay hidden in the background and use smaller amounts of your PC’s power or larger ones that push your computer to the max.  If this happens to you, your machine will slow to a crawl.  This can certainly hurt the bottom dollar if you are a large business running huge numbers of servers.  The extra power needed to run such operations while also feeding the miners can lead to a significant cost at the end of the day.

Beating back the bots

How do you fight these kinds of attacks?  As always, it results in the same need.  You NEED to ensure you are running the latest software updates and of course the latest security software.  Now if you are a Mac user, please don’t think your safe as there have been instances of malware detected on those too!

 

Quick Tips

Make sure you are running the latest software.


Ensure anti-virus software is turned on and employees are educated on security.

by BlackBox Connections

Topic:  Cyber-criminals and the Bitcoin craze

Canadians Pay out $5.7 Million to Ransomware over 12 months!

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

Canadians Pay out $5.7 Million to Ransomware over 12 months!

Results from the latest survey done by a data protection provider, have resulted in an eye opening number of 5.7 millions dollars that have been paid out in the last 12 months to ransomware, here in Canada.

The study surveyed over 200 providers of small and medium-sized businesses over a 12 month period which ended in Q2 2017.  If we consider that this is a representation of all small and mid-sized businesses, than that means roughly 4% were hit with ransomware during this time period.  Out of that percentage, it was also noted that 32% admitted to paying the ransom.

Now keep in mind, just because you pay the ransom, doesn’t always mean you will recover your data.  Out of the businesses that admitted to paying the ransom, only 13% actually received their data back.  Their hope was of course, to pay the ransom and get the key to decrypt their locked data… but in the end they ended up losing all their data, as well as their money.

Of the 200 providers surveyed, six or more of their clients faced attacks in the first half of 2017 alone, and roughly 31% of Canadian service providers noted that their customers faced multiple attacks in a single day!

Based on such a high number of attacks, it is safe to say that there may be 1 if not 2 things that the providers are doing wrong:  They may not be patching software enough and not educating their staff about being careful of clicking on attachments in their email.

Thankfully the ransom demands are not usually too large, but 43% of those surveyed had paid anywhere from $500 – $2,000 for their ransom.  There were only a few that paid closer to the $10,000 amount.  For the most part, paying wasn’t the biggest part of the payout, as businesses had to deal with downtime and of course issues if they did not receive their data back once payed.

Additional Facts:

  • After the attack, 13% of service providers noted that cleaning up was not easy.  Not only did the ransomware stay in their clients’ system but they struck again later on.
  • 33% mentioned that their customers’ back-up was encrypted as well.

 

These numbers suggest that customers did not separate back-up from production environments, and/or they didn’t realize that the back-up also needed to be scanned for possible infections.

Because Ransomware can also hit Dropbox (the biggest in this category), Office 365, Google G-Suite and AWS, it isn’t always safest to move to the cloud.

There is a large variety of ransomware strains out there but for this study, it was found that CryptoLocker, CryptoWall and Locky were the most common.  It was also found that 28% of the providers customers had NOT reported the incident to police, which makes it even more difficult to get proper numbers on ransomware here and all over the world.

The best defense against ransomware is a back-up and recovery process that is regularly tested.  It is also imperative to educate and remind staff of the importance of security when receiving and sending emails.  Ransomware infections are primarily sent though emails via phishing scams, so they should be aware and able to recognize these signs.

 

Quick Tips

Make sure you are running the latest software.


Ensure anti-virus software is turned on and employees are educated on security.

by BlackBox Connections

Topic:  Canadians pay out $5.7 Million in Ransomware

BlackBox Connections Newsletter – Privacy and Security

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

BlackBox Connections Newsletter – Privacy and Security

This month’s topic:

Privacy and Security

Do you know the difference between privacy and security? Understanding how these two concepts work together, and how they differ, is key to improving our overall defense. From policies and compliance regulations, to using common sense and staying alert, privacy and security have one common goal in mind: guaranteeing the confidentiality, integrity, and availability of sensitive data. Achieving that goal is a responsibility we all share!

In this month’s Security Newsletter, learn how privacy and security work together in the protection of information.

Read this Month’s Security Newsletter
by BlackBox Connections

Click the link below to access the Security Newsletter

BlackBox Connections December 2017 Newsletter.PDF

 

Quick Tips

There are three types of insider threats: accidental, negligent and malicious.

Read the security newsletter for 5 immediate steps to take if you fall victim to identity theft.

Important Note for Mac users

Apple has released a critical update for Mac users running the newest High Sierra operating system that addresses a major security vulnerability. View the below link for more information on how you can make sure your Mac is on the newest update.

https://www.theverge.com/2017/11/29/16715246/apple-releases-high-sierra-root-security-patch

Copyright © 2017 Security Tips, All rights reserved.

Phone Scam at Work

BlackBox Connections Logo

Location

Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

BlackBox Connections Logo Image

Call us Today

587 355 1566

Phone Scam at Work

Businesses are being victimized by phone scams.  Employees may get a phone call from someone pretending to be from the IT department or an IT company.  They may tell the employee that there is some issue requiring them to log into the employee’s computer to fix it.  They might ask for the employee’s network ID and password.

By tricking the employee they can now access the company’s computer network.

Watch the 1 minute Security Tip 
by BlackBox Connections
Topic:
 Phone Scams at Work

[embedyt] https://www.youtube.com/watch?v=KmC2n2R7Qn8[/embedyt]
Quick Tips

 

Never give out bank information, network user-ids or passwords.


Don’t allow anyone to access your computer unless you are positive you know who you are talking to.

by BlackBox Connections

Topic:  Phone Scams at Work