Remember to Patch early and often.
by BlackBox Connections
Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2
Mon – Fri
8:00 – 5:00
Support 24hrs
As we all know, ransom-ware is all around and so far the problem doesn’t seem to be going away. During 2017, the hackers worked hard to prefect their techniques and did so with vigor. This led to large global Malware outbreaks such as WannaCry, NotPetya and the most recent, Bad Rabbit.
Windows users seem to be the ones most hit hard by these attacks but clearly the hackers are targeting other platforms….including your mobile devices. If you can remember not too long ago, there was ransom-ware attacking Android apps via Google Play and other online sources.
A study done by SophosLabs over a six-month period gave us an eye opening view of those attacks but thankfully the study also gave the opportunity to learn how organizations can cope during this stressful situation.
For the longest time the number one ransom-ware leader was Cerber, however they have been surpassed by WannaCry. After being unleashed in May of 2017, WannaCry accounted for 45.3% of all ransom-ware tracked by SophosLabs, Cerber had accounted for 44.2%.
Apparently the rapid expansion had been due to the worm-like characteristics that both WannaCry and NotPetya have. They seem to be able to replicate and continually scan and attack computers. Bad Rabbit ransom-ware had indeed showed those same similarities and we can expect it to only continue as these cyber-criminals continue to build upon the past ransom-ware attacks and what they have learnt.
Back in June of 2017, NotPetya was the one causing damage for a short amount of time. Initially it had been released through a Ukrainian Accounting Software Package, which did help with limiting the geographic that was hit, but it was eventually able to spread via the EternalBlue exploit…..similarly how WannaCry infected systems.
Considering that NotPetya had climbed and fell so quickly, it was still able to hurt plenty of businesses. The suspicion was that cyber-criminals were experimenting or their goal was not ransom-ware but a more destructive attack like a data wiper.
Cerber, which is sold as a ransom-ware kit on the Dark Web is another dangerous threat that you need to stay away from! This company makes money by charging the cyber-criminals who use it a percentage of each ransom they are paid. They continually refine and update this software in order to be a step ahead of the security software. Cerber is known to be an effective hacker tool and is readily available to the cyber-criminals who want it.
As mentioned earlier, the rise on Android ransom-ware increases every month. In September of 2017, study showed a 30.37% increase of malware. Import note on this is that Android ransom-ware is mainly found in non-Google Play markets, which is why it is important to pay attention and be cautious as to what apps you are downloading.
From the numbers, it is estimated that 10 million Android apps will be affected, which is up from the 2016 number of 8.5 million.
There are some important defense measures that you can take in order to protect yourself from being a victim of ransom-ware:
If you are an Android user, here are some ways you can stay safe:
To read more on this 2018 Malware Forecast click here.
Make sure you are running the latest software.
Remember to Patch early and often.
by BlackBox Connections
Topic: 2018 Malware Forecast
Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2
Mon – Fri
8:00 – 5:00
Support 24hrs
With the popularity of Bitcoin over the past little while, it’s no wonder that Cyber-criminals are hoping on board! Having jumped thousands of dollars in value, just over the past few weeks we are hearing more and more stories of how these hackers are exploiting this cryptocurrency.
Cyber-criminals are using various methods to take advantage of this craze. Whether it is stealing usernames or passwords, or installing malware on users’ computers….they are figuring out ways to hijack your computer!
Stealing Information
Although some may think Bitcoin is fairly new, it has actually been around since 2009. From that time however, hackers have been trying to figure just out how to target this currency.
One of the most popular ways these criminals are taking advantage of the Bitcoin craze is by using something called keyloggers. These are programs that can see what you type on your keyboard. They then use this to steal your login information when logging into your bitcoin wallet. Typically victims accidentally download keyloggers from an infected email attachment, which then installs onto the victims computer. From there they monitor any Bitcoin transactions that occur so they can steal your passwords.
In addition to this however, the malware is also able to mine bitcoin and other types of cryptocurrency using your computer.
Mining on your time
Technologies like browser-based miners come into play to help crypto miners access. Basically site owners run a Javascript on a person’s computer whenever they visit a particular site. This script will then use your computer’s CPU to mine for currencies such as Bitcoin or Monero.
This software or script is not designed to harm your computer as the script could also be used by publishers and webpage owners to generate revenue lost from ad blockers….but there are times when you are not being told it is running.
Not all Monero miners or sites will tell you that this script is running in the background, which can be annoying as it sucks up system resources and can significantly slow down your computer. Monero miners are only supposed to run on your computer while you are actually visiting their site but there are times when it can generate a browser window that hides on your desktop and will continue to suck up your resources.
Results from an IT company noticed that they saw an increase of 10 times from September to October for mining tools being detected on their customer’s computers. Adding the results from November, they have actually seen 33,000 detection’s per day!
Dragging you down
For the most part, these mining malware tools are not as damaging as ransomware which has the ability to lock down your computer till you either erase your hard drive or pay the ramsome, but they do come with their own concerns.
There are different miners out there that can either stay hidden in the background and use smaller amounts of your PC’s power or larger ones that push your computer to the max. If this happens to you, your machine will slow to a crawl. This can certainly hurt the bottom dollar if you are a large business running huge numbers of servers. The extra power needed to run such operations while also feeding the miners can lead to a significant cost at the end of the day.
Beating back the bots
How do you fight these kinds of attacks? As always, it results in the same need. You NEED to ensure you are running the latest software updates and of course the latest security software. Now if you are a Mac user, please don’t think your safe as there have been instances of malware detected on those too!
Make sure you are running the latest software.
Ensure anti-virus software is turned on and employees are educated on security.
by BlackBox Connections
Topic: Cyber-criminals and the Bitcoin craze
Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2
Mon – Fri
8:00 – 5:00
Support 24hrs
Results from the latest survey done by a data protection provider, have resulted in an eye opening number of 5.7 millions dollars that have been paid out in the last 12 months to ransomware, here in Canada.
The study surveyed over 200 providers of small and medium-sized businesses over a 12 month period which ended in Q2 2017. If we consider that this is a representation of all small and mid-sized businesses, than that means roughly 4% were hit with ransomware during this time period. Out of that percentage, it was also noted that 32% admitted to paying the ransom.
Now keep in mind, just because you pay the ransom, doesn’t always mean you will recover your data. Out of the businesses that admitted to paying the ransom, only 13% actually received their data back. Their hope was of course, to pay the ransom and get the key to decrypt their locked data… but in the end they ended up losing all their data, as well as their money.
Of the 200 providers surveyed, six or more of their clients faced attacks in the first half of 2017 alone, and roughly 31% of Canadian service providers noted that their customers faced multiple attacks in a single day!
Based on such a high number of attacks, it is safe to say that there may be 1 if not 2 things that the providers are doing wrong: They may not be patching software enough and not educating their staff about being careful of clicking on attachments in their email.
Thankfully the ransom demands are not usually too large, but 43% of those surveyed had paid anywhere from $500 – $2,000 for their ransom. There were only a few that paid closer to the $10,000 amount. For the most part, paying wasn’t the biggest part of the payout, as businesses had to deal with downtime and of course issues if they did not receive their data back once payed.
Additional Facts:
These numbers suggest that customers did not separate back-up from production environments, and/or they didn’t realize that the back-up also needed to be scanned for possible infections.
Because Ransomware can also hit Dropbox (the biggest in this category), Office 365, Google G-Suite and AWS, it isn’t always safest to move to the cloud.
There is a large variety of ransomware strains out there but for this study, it was found that CryptoLocker, CryptoWall and Locky were the most common. It was also found that 28% of the providers customers had NOT reported the incident to police, which makes it even more difficult to get proper numbers on ransomware here and all over the world.
The best defense against ransomware is a back-up and recovery process that is regularly tested. It is also imperative to educate and remind staff of the importance of security when receiving and sending emails. Ransomware infections are primarily sent though emails via phishing scams, so they should be aware and able to recognize these signs.
Make sure you are running the latest software.
Ensure anti-virus software is turned on and employees are educated on security.
by BlackBox Connections
Topic: Canadians pay out $5.7 Million in Ransomware
Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2
Mon – Fri
8:00 – 5:00
Support 24hrs
Do you know the difference between privacy and security? Understanding how these two concepts work together, and how they differ, is key to improving our overall defense. From policies and compliance regulations, to using common sense and staying alert, privacy and security have one common goal in mind: guaranteeing the confidentiality, integrity, and availability of sensitive data. Achieving that goal is a responsibility we all share!
In this month’s Security Newsletter, learn how privacy and security work together in the protection of information.
Read this Month’s Security Newsletter
by BlackBox Connections
Click the link below to access the Security Newsletter
BlackBox Connections December 2017 Newsletter.PDF
There are three types of insider threats: accidental, negligent and malicious.
Read the security newsletter for 5 immediate steps to take if you fall victim to identity theft.
Apple has released a critical update for Mac users running the newest High Sierra operating system that addresses a major security vulnerability. View the below link for more information on how you can make sure your Mac is on the newest update.
https://www.theverge.com/2017/11/29/16715246/apple-releases-high-sierra-root-security-patch
Copyright © 2017 Security Tips, All rights reserved.
Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2
Mon – Fri
8:00 – 5:00
Support 24hrs
Businesses are being victimized by phone scams. Employees may get a phone call from someone pretending to be from the IT department or an IT company. They may tell the employee that there is some issue requiring them to log into the employee’s computer to fix it. They might ask for the employee’s network ID and password.
By tricking the employee they can now access the company’s computer network.
Watch the 1 minute Security Tip
by BlackBox Connections
Topic: Phone Scams at Work
Never give out bank information, network user-ids or passwords.
Don’t allow anyone to access your computer unless you are positive you know who you are talking to.
by BlackBox Connections
Topic: Phone Scams at Work