Report Shows 118 Percent Increase In Ransomware Attacks In 2019

Report Shows 118 Percent Increase In Ransomware Attacks In 2019

Ransomware roared onto the global stage in 2017. Companies and government agencies around the world felt the impact with widespread campaigns like NotPetya and WannaCry. By 2018, the number of ransomware attacks had begun to fall off while hackers found new tools to attack with, shifting toward cryptojacking, credential theft, and trojan malware. Granted, ransomware attacks didn’t fade completely from the picture in 2018, but they were overshadowed by the emergence of new attack vectors.  Unfortunately, according to data collected by McAfee Labs, and published in their August 2019 Threat Report, Ransomware is back with a vengeance. Christopher Beek, a lead scientist at McAfee had this to say about the report: “After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach.” The dramatic increase in ransomware attacks is being driven primarily by three families of ransomware:  Ryuk, GrandCrab, and Dharma. Ryuk is a scary bit of code that has been used to lock down entire large corporations and government agencies.  It was originally credited to North Korea, but subsequent research points to the malware as being the work of a highly sophisticated cybercrime syndicate, rather than the product of a nation-state. GrandCrab is a relatively new arrival on the ransomware scene, first emerging in 2018.  Often described as one of the most aggressive families of ransomware, the original authors of the code have leased it out to other hackers around the world in exchange for a cut of the profits. Dharma is the oldest...
Popular PDF Creator App Found To Have Malware

Popular PDF Creator App Found To Have Malware

Do you use the PDF Creator App called CamScanner?  If you do, you’ve got plenty of company.  Since the app was first published in 2010, it has been downloaded more than a hundred million times. Unfortunately, Google recently pulled it from the Play store when they discovered that it began delivering malware to user devices. For much of the app’s life, its creators, Shanghai-based CC Intelligence, have relied on ads and in-app purchases to generate revenue from the app.  That shifted in recent months, and Kaspersky Lab discovered that recent versions of the app introduced a new library that contained a Trojan designed to deliver malware to Android devices. According to a spokesperson at Kaspersky, the “malicious code may show intrusive ads and sign users up for paid subscriptions.”  Granted, this isn’t as bad as it could be, because intrusive ads are more of an annoyance than a genuine threat. However, the issue of unwanted paid subscriptions is a bit more worrisome. Even so, based on their investigation into the matter, Kaspersky concluded that it was probable that this is simply a case of the developer accidentally using a malicious ad library.  It seems unlikely that they’d run the risk of ruining a reputation that’s been nearly a decade in the making. This conclusion is underscored by the fact that the developers have removed the offending library from the most recent build of their app. Unfortunately, this kind of thing is all too common.  There are a disturbing number of instances where legitimate apps have been found to be using poisoned libraries, so in that regard, CamScanner is as...
Microsoft Is Extending Windows 7 Support For Only Some Users

Microsoft Is Extending Windows 7 Support For Only Some Users

There’s some good news for Enterprise users who are still using Windows 7.  By now, almost everyone is aware that the company is bringing support for the aging operating system to a close. The original time frame for formally ending support and for ending the issuance of security updates was set for as soon as January 2020. Enterprise users, however, were given the option of paying for additional support for a limited window of time to give them a little longer to migrate away from Windows 7 and onto a more modern OS.  Unfortunately, that window is now rapidly closing too. Recently, Microsoft announced a limited-time promotion for EA (Enterprise Agreement) and EAS (Enterprise Subscription Agreement) customers which will give them an extra year of Windows 7 security updates for free. There is a catch, of course.  You have to have an active subscription to either Windows 10 E5, Microsoft 365 E5, or Microsoft 365 Security.  If you do, you can take advantage of the offer and milk a little more time and life out of your Windows 7 systems. That’s big news for any company of any size that’s struggling to migrate away from an old Legacy system that depends on Windows 7 to function properly. That is because the costs of continuing to receive Windows 7 security updates beyond the January 2020 deadline are per device and increase every year. In 2020, you’ll pay $25 per device, which will double to $50 per device in year two and $100 per device in year three.  If you’re using Windows 7 Pro, your costs are even higher:  $50 on...
Hackers Are Using Resumes To Deliver Malicious Software

Hackers Are Using Resumes To Deliver Malicious Software

Hackers have used poisoned documents to deliver malware payloads for years. Recently though, researchers at the security company Cofense have spotted a new twist to the ploy, aimed squarely at HR departments. The recently detected campaign uses fake resume attachments to deliver Quasar Remote Administration Tool. It is affectionately known as RAT to any unsuspecting Windows user who can be tricked into jumping through a few hoops. Here’s how it works: An email containing a document that appears to be a resume is sent to someone in a given company.  The document is password protected, but the password is politely included in the body of the email, and is usually something simple like ‘123.’ If the user enters the password, a popup box will appear, asking the user if he/she wants to enable macros. Up to this point, the attack is fairly standard, but here’s where it gets interesting: If the macros are allowed to run, they’ll display a series of images and a message announcing that content is loading.  What it’s actually doing is throwing out garbage code that’s designed to crash analysis and detection tools while RAT is installed quietly in the background. At that point, the system is compromised. RAT’s capabilities give the hackers the ability to open remote desktop connections, log keystrokes and steal passwords, record any webcams in use, download files, and capture screenshots of the infected machine. Worst of all, the first part of the infection process knocks out most detection programs. So, the hackers generally have a large window of time to take advantage of the newly created beach head. That can cause all...
Watch Out For Old Hacking Technique Offering Free Downloads

Watch Out For Old Hacking Technique Offering Free Downloads

An old hacking technique is getting new attention from hackers around the world, and it underscores the fact that people must exercise extreme caution when it comes to deciding who to trust and where to download files from. Hackers have long been in the business of spoofing legitimate sites; making exact replicas of popular websites offering a variety of free downloads. Of course, instead of getting genuinely useful code, you find yourself on the poisoned domain. Rather than the legitimate site, what you download will be malware of one type or another. The most recently discovered instance of this involves the Smart Game Booster site.  It’s a legitimate piece of code that helps to improve the performance of the games you play, and it has become popular enough that it’s caught the attention of at least one hacking group. That group cloned the site and pretends to offer the same product. In this case though, the malware the hackers deploy is one of the more insidious we’ve seen.  Unlike many malware attacks which latch onto a system with a persistent presence, this one runs only once and then deletes itself. Even more alarming is that it leaves no trace that it was ever there. When it runs, it scans the infected device for passwords, your browser history, any cryptocurrency wallets you may have, and a wide range of other critical files.  It collects these and sends all the data to its command and control server, and then self-destructs. With no outward sign, many users will be completely unaware that there’s a problem until they start seeing suspicious charges on...
Another IRS Phishing Campaign To Watch Out For

Another IRS Phishing Campaign To Watch Out For

The Internal Revenue Service recently issued a warning that all taxpayers should be aware of. The agency has received a growing number of reports concerning unsolicited email messages bearing the subject lines: Electronic Tax Return Reminder Automatic Income Tax Reminder These messages are not from the IRS, but rather, from spammers trying to steal your information. According to a spokesman for the IRS: “The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer’s refund, electronic return or tax account.  The emails contain a ‘temporary password’ or ‘one-time password’ to ‘access’ the files to submit the refund.  But when taxpayers try to access these, it turns out to be a malicious file. The IRS does not send emails about your tax refund or sensitive information.  This latest scheme is yet another reminder that tax scams are a year-round business for thieves.  We urge you to be on-guard at all times.” These are wise words, and a warning that absolutely should be heeded.  Unfortunately, this most recent scam utilizes dozens of different compromised websites to mimic IRS.gov, and this far flung network of sites makes it very difficult to shut down in its entirety. What’s most unfortunate about scams like these is that they seem to disproportionately impact the elderly. Many of the elderly have slowly begun adopting basic technologies like email, but don’t have the tech skills to spot scams when they appear in their inboxes. We all know at least a few people who fall into that category, so be sure to spread the word about this issue to anyone you know...