Chat with us, powered by LiveChat
Hackers Are Using NFT Excitement To Trick Users

Hackers Are Using NFT Excitement To Trick Users

Researchers from Fortinet are warning of a new threat to be on the lookout for. Right now, NFTs are all the rage.  Everyone is talking about them, and many are excited about them.  Hackers have been quick to take advantage of that fact, and the Fortinet researchers have stumbled across a poisoned spreadsheet that purports to contain information about NFTs. The spreadsheet actually quietly deploys a malware strain called BitRAT when opened. BitRAT is a particularly nasty strain of malware that first appeared for sale on the Dark Web back in late 2020.  It is notable because it can bypass User Account Control (UAC), which is a Windows feature designed to prevent unauthorized access to the OS. Once installed on a target system BitRAT can steal login credentials from browsers and other applications. It can log keystrokes and upload or download files which makes it more than capable of installing other forms of malware once the beachhead has been established. It’s too early to say yet whether NFTs are here to stay or if they’re just a flash in the blockchain pan.  Either way, if they are generating buzz and excitement around the world, hackers will continue to exploit that excitement. As the Fortinet researchers put it: “Be mindful that attackers often use attractive and trendy subjects as lures. As NFTs become increasingly popular, they will be used to entice victims into opening malicious files or clicking on malicious links.” The best thing you can do is to educate your employees and inform them of the threat.  Remind everyone you know that no matter how exciting the topic might...
Hackers Are Breaking Into Microsoft Teams And Dropping Malware

Hackers Are Breaking Into Microsoft Teams And Dropping Malware

Researchers at Avanan are a Check Point subsidiary. They have recently issued a warning that anyone who uses Microsoft Teams should be aware of. According to the latest statistics, more than 270 million people use Teams every single month. According to Avanan, hackers are breaking into Team chats and attaching malicious files to ongoing conversations.  By all outward appearances the attached files appear to be relevant to the conversations, but anyone unfortunate enough to click on the file will be infected. At this point, it’s not clear how the hackers are gaining access to Teams in the first place. The most likely possibilities include compromising a third-party vendor that a company does business with, phishing attacks, or stealing Microsoft 365 or email credentials. The disturbing thing about this recent spate of attacks is the fact that it requires absolutely no sophistication.  It’s about the simplest form of attack one could imagine and made possible in no small part by virtue of the fact that Microsoft Teams is almost universally trusted by those who use it. Very few people think anything of security once they’re entrenched in the Teams framework. The researchers at Avanan recommend the following to limit your risk and exposure: Encourage end-users to reach out to IT when seeing an unfamiliar file Implement protection that downloads all files in a sandbox and inspects them for malicious content Deploy robust, full-suite security that secures all lines of business communication, including Teams Make sure you recognize anyone leaving files in Teams chat Even if your employees follow all of those recommendations, it won’t provide bullet-proof protection, but it will...
Hackers Are Setting Their Sights On Linux Systems

Hackers Are Setting Their Sights On Linux Systems

For most of the history of the internet Linux has been able to stay below the radar of hackers around the world. While there have been some attacks that specifically targeted Linux users, they’ve managed to keep a low enough profile that it hasn’t been a major issue. According to a group of researchers from VMware, that appears to be changing. They warn that hackers are increasingly setting their sights on Linux-based systems. That’s a problem because to date, there has been no corresponding increase in efforts to detect and manage those threats. Even worse is that with a growing number of hybrid systems in use today, Linux is becoming much more commonly seen in the Enterprise environment. Given the disconnect between the growing threat level and the level of preparations being made to meet that threat, Linux-based systems may well be the new weakest link in your company’s network. If there’s a silver lining in the dire warning from the folk at VMware it lies in the fact that most of the attacks targeting Linux-based systems aren’t very sophisticated at this point.  That will change over time but in the here and now it shouldn’t take much to fend off the current generation of attacks. As the VMware team put it: “Focus on the basics. The fact is that most adversaries are not super advanced. They’re not looking for unique exploits, they’re looking for the general open vulnerabilities and misconfigurations. Focus on those before you start focusing on zero-day attacks and new vulnerabilities - make sure you’ve got the basics covered first.” It’s sound advice and easy to...
New Malware Is Using CSV Files To Infect Users

New Malware Is Using CSV Files To Infect Users

Researchers have spotted a new phishing campaign you should be aware of. What sets this one apart is that the hackers are using a lowly but specially crafted CSV file to infect machines. They are installing the BazarBackdoor malware. If you’re not familiar with the term CSV stands for “Comma Separated Values” and it’s a text file format that can be loaded into Excel. If you open the file in a text editor, you’ll simply see alphanumeric values separated by commas with the first line generally being the headers for the spreadsheet. Open the same file in Excel and it will separate the data into neat rows and columns. CSV files are popular because they make it relatively easy to export data from one application and import it into another. Since the files are text only most people consider them to be relatively harmless and are generally not all that cautious when opening them. Microsoft Excel supports a feature called Dynamic Data Exchange (DDE) which can be used to execute commands whose output is inputted into the open spreadsheet including CSV files. Hackers are always on the lookout for new angles to play and have naturally begun to abuse this feature. They execute commands that download malware on the devices of unsuspecting victims. BazarBackdoor is a stealthy malware strain created by the TrickBot group. It’s main purpose as the name suggests is to provide ongoing remote access to an internal device that can be used as a springboard for further lateral movement within a network. The current campaign is centered around emails that pretend to be “Payment Remittance Advice”...
Last Year Microsoft Blocked More Than 25 Billion Hacker Attacks

Last Year Microsoft Blocked More Than 25 Billion Hacker Attacks

Individual users often don’t have a good sense of the scope and scale of hacking attacks around the world.  The numbers may shock you. According to Microsoft, in 2021 the company blocked more than 25.6 billion brute force authentication attacks against Azure AD users. They also and intercepted a staggering 35.7 billion phishing emails with Microsoft Defender for Office 365. Vasu Jakkal is Microsoft’s Corporate Vice President for Security, Compliance, and Identity. Jakkal is both passionate and concerned about this subject.  The increase in the total number of attempts since the pandemic began has been breathtaking. Unfortunately, Jakkal says that so far only a minority of Azure AD and Microsoft 365 users seem interested in taking steps to bolster their own security. Based on statistics gathered by Microsoft, only 22 percent of Azure AD users have activated MFA (multi-factor authentication) protocols. MFA  would keep their accounts safer and make it significantly more difficult for hackers to force their way in. Here is how much more difficult it can be: Google combined forces with researchers at New York University and the University of California to study that very topic. They discovered that MFA implementation can block up to 100 percent of automated bot attacks, 99 percent of bulk phishing attacks, and up to 66 percent of targeted attacks. That is an impressive level of protection for something that’s so simple to implement and make use of! The two big takeaways here are: The total number of hacking attacks is increasing dramatically. Although automated tools are getting progressively better at preventing many of them, end users have an important role to...