Tag Archive for: Delivering

Taking a unified approach to delivering WiFi connectivity and security

/in


Nowadays, teleworking or following a hybrid work model has become commonplace. The question we need to ask ourselves is, is our remote connection secure? The National Security Agency (NSA) in the United States has published a best practices info sheet for government workers and contractors working in areas related to national security and defense. The info sheet supplies advice on how to avoid cyber attacks due to a compromised or unsecured wireless connection.

The dangerous weakness of public WiFi

Public networks are always the weakest link in the chain and hackers know this. Hacking into a WiFi connection is very simple and doing so can give cyber criminals access, in the worst-case scenario, to corporate servers where they can inject malware. Moreover, a wireless connection breach is very expensive: TJ Maxx quantified the cost for a corporation of a single security breach at $1 billion.

Given the sensitive nature of the information handled by the NSA, the NSA provides a list of do’s and don’ts to follow for remote connections:

  • First, avoid, if possible, connecting to an unreliable WiFi network and, failing that, use a corporate access hotspot with a strong encrypted connection. But if there is no alternative, protect the connection as outlined below.
  • Use a trusted VPN connection that encrypts data transmission. The agency points out that public WiFi connections are not usually encrypted and, in some cases, do not even require an access password. Some hackers create malicious wireless networks as bait, which emulate existing ones and use them to access the connected device.
  • The NSA also recommends only connecting to websites that use the HTTPS protocol.
  • Finally, the agency recommends disabling Bluetooth in public places as there are too many risks involved.

In addition to the complexity of achieving a secure remote connection, there is the challenge of using many security solution providers, which is a huge obstacle to effective security service management. Currently, 96% of MSPs surveyed by Pulse and WatchGuard are consolidating vendors to IT products and services or planning to start the process in 2021/2022 to help this situation.

New WiFi 6 access points now in…

Source…

New Phishing Threat Emerges, Delivering Malware To Manufacturing Firms 08/13/2021

/in


Marketers should be on the lookout for a new attempt by spear phishing artists to hijack their sites. 

The Pakistan-based threat actor Aggah is allegedly using sites to deliver Warzone
Rat, a very dangerous form of malware, to manufacturing sites in Taiwan and South Korea, cyber security firm Anomali reports.  …

Source…

Hackers Set Up 100,000 Websites Delivering Malware Via Malicious PDFs

/in


Researchers have found thousands of malicious web pages existing online that constitute a serious malware campaign. As observed, the hackers have set up 100,000+ of such websites delivering malware to the target users via malicious PDFs.

100,000 Websites Delivering Malware Via PDFs

Security researchers from cybersecurity firm eSentire have recently shared details of a new malware campaign in the wild.

Specifically, they have found over 100,000 different websites hosting malicious PDFs for delivering malware to the users. These websites basically aim at enterprise customers as they host PDFs related to business activities, such as templates, questionnaires, invoices, or receipts. The malicious websites also use these terms as keywords to bag higher ranking on SERPs.

How The Attack Works

In brief, the attack begins when a user lands at one of the malicious websites while searching for such documents. Upon clicking on the download option to get the PDF, the site redirects the user to another malicious web page. The latter then delivers a malicious executable disguised as a document file (PDF or Word) to the user.

This executable installs a RAT, identified as SolarMarker to the target device, bundled with the legit Slim PDF reader app, possibly, to bluff the target user.

SolarMarker RAT isn’t a new malware. Rather it had appeared numerous times in earlier campaigns as well, yet, with different names, such as Jupyter, Yellow Cockatoo, and Polazert.

Once established on the target device, the malware can then execute a variety of activities. As the researchers described in their post,

Once the RAT is on the victim’s computer and activated, the threat actors can send commands and upload additional malware to the infected system, such as ransomware, a credential stealer, a banking trojan, or simply use the RAT as a foothold into the victim’s network.

Detailed technical analysis of the malware campaign is present in the researchers’ post.

In an earlier campaign, Jupyter behaved as an info-stealer as well as a backdoor that could download other malware too.

Source…

Feds Warn of TrickBot Spear-Phishing Attacks Delivering Malware Payload

/in


By Jessica Davis

– A joint federal alert warns that all entities should be on the alert for a newly observed spear-phishing campaign, leveraging malicious emails to deliver the TrickBot malware payload. Healthcare administrators should review the alert to view attack methods and indicators of compromise.

TrickBot is highly modular and is delivered through multiple stages, as its hackers leverage a full suite of tools to conduct a range of nefarious activities. Its hackers are highly sophisticated and continuously evolve the threat to further its impact.

The malware has been active since 2016, first as a banking trojan and now as a variant often paired with other malicious threats.

The alert comes on the heels of a recent report from Check Point that ranked TrickBot as the leading malware variant, since the global takedown of the Emotet botnet in January.

Despite the global takedown, hackers are continuing to leverage other high-ranking threats that have previously seen a high level of success, such as Trickbot. It’s the first time the TrickBot trojan has topped the malware index, and it rose from the third position in January.

READ MORE: TrickBot Spear-Phishing Campaign Deploys Malware for Remote Access

TrickBot was the fourth-most prevalent malware variant in 2020, affecting 8 percent of all global organizations. In fact, the threat was used in the massive ransomware attack against Universal Healthcare Services in the Fall of 2020.

The hackers used TrickBot to detect and harvest data from UHS’ systems prior to the ransomware deployment. All 400 sites were impacted by the incident, which lasted for more than three weeks and cost the health system about $67 million in lost revenue and recovery efforts.

“Criminals will continue using the existing threats and tools they have available, and Trickbot is popular because of its versatility and its track record of success in previous attacks,” researchers noted.  

“Even when a major threat is removed, there are many others that continue to pose a high risk on networks worldwide, so organizations must ensure they have…

Source…