Malware Targeting MS Word for Apple Mac OS Discovered in the Wild

| February 15, 2017

article image
Macros-based malware attacks targeting Windows machines running Microsoft Word have been proved to be a long-standing and routine threat to PCs. Now, security researchers have discovered attackers developing malicious macros for Word documents on Apple’s Mac platform. Macros exploitations have long been a staple with Microsoft office programs. Essentially, Macros automates specific tasks through a series of commands and actions. Coded and written in Microsoft’s VBA (Visual Basic for Applications), they are commonly abused my malware authors and cybercriminals for installing malware onto targeted computers. Security researchers are in agreement, recommending users not to enable Macros.

Spotlight

Zones, Inc

Zones, LLC, is a $2 billion global IT solutions provider committed to helping businesses complete their digital transformation. We do this by partnering with leading technology brands and focusing on four key Solution Environments: Workplace Modernization, Network Optimization, Data Center Transformation, and Security Fortification. As a certified Minority Business Enterprise based in Auburn, WA, with operations in more than 80 countries around the world, we’ve helped companies of all shapes and sizes successfully transition into the digital age. Visit www.zones.com or call (800) 408-9663 to learn more.The company also has a pool of 300 Clinical SAS consultants working with many Pharmaceutical , Medical Devices, CRO and Healthcare Companies.

OTHER ARTICLES

We Need to Improve Cybersecurity Standards in Space

Article | February 27, 2020

Last month, SpaceX became the operator of the world’s largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months. These new satellites have the potential to revolutionise many aspects of everyday life – from bringing internet access to remote corners of the globe to monitoring the environment and improving global navigation systems. Amid all the fanfare, a critical danger has flown under the radar: the lack of cybersecurity standards and regulations for commercial satellites, in the US and internationally. As a scholar who studies cyber conflict, I’m keenly aware that this, coupled with satellites’ complex supply chains and layers of stakeholders, leaves them highly vulnerable to cyberattacks.

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

Harnessing the power technology to protect us

Article | January 21, 2021

There is a saying, ‘you can fool all the people some of the time and some of the people all the time.’ Given the fact that there is no such thing as 100% security and human nature being trusting, this has been the backbone of many cyber security scams over the past 20 years. Cyber-criminals know that they will always fool some of the people, so have been modifying and reusing tried and tested methods to get us to open malware ridden email attachments and click malicious web links, despite years of security awareness training. If you search for historic security advice from pretty much any year since the internet became mainstream, you will find that most of it can be applied today. Use strong passwords, do not open attachments or click links from unknown sources. All really familiar advice. So, why are people still falling for modified versions of the same tricks and scams that have been running for over a decade or more? Then again, from the cyber-criminal’s perspective, if it isn’t broken, don’t fix it? Instead, they evolve, automate, collaborate and refine what works. Sound advice for any business! It is possible though to be in a position where you can no longer fool people, even some of the time, because it is no longer their decision to make anymore. This can be achieved by letting technology decide whether or not to trust something, sitting in between the user and the internet. Trust becomes key, and many security improvements can be achieved by limiting what is trusted, or more importantly, defining what not to trust or the criteria of what is deemed untrustworthy. This is nothing new, as we have been doing this for years as many systems will not trust anything that is classed as a program or executable, blocking access to exe or bat files. The list of files types that can act as a program in the Microsoft Windows operating system is quite extensive, if you don’t believe me try to memorize this list: app, arj, bas, bat, cgi, chm, cmd, com, cpl, dll, exe, hta, inf, ini, ins, iqy, jar, js, jse, lnk, mht, mhtm, mhtml, msh, msh1, msh2, msh1xml, msh2xml, msi, ocx, pcd, pif, pl, ps1, ps1xml, ps2, ps2xml, psc1, psc2, py, reg, scf, scr, sct, sh, shb, shs, url, vb, vbe, vbs, vbx, ws, wsc, wsf, and wsh. As you can see, it is beyond most people to remember, but easily blocked by technology. We can filter and authenticate email based on domain settings, reputation scores, blacklists, DMARC (Domain-based Message Authentication Reporting and Conformance) or the components of DMARC, the SPF and DKIM protocols. Email can also be filtered at the content level based on keywords in the subject and body text, the presence of tracking pixels, links, attachments, and inappropriate images that are ‘Not Safe For Work’ (NSFW) such as sexually explicit, offensive and extremist content. More advanced systems add attachment virtual sandboxing, or look at the file integrity of attachments, removing additional content that is not part of the core of the document. Others like ‘Linkscan’ technology look at the documents at the end of a link, which may be hiding behind shortened links or multiple hops, following any links in those documents to the ultimate destination of the link and scan for malware. Where we are let down though is in the area of compromised email accounts from people that we have a trust relationship and work with, like our suppliers. These emails easily pass through most email security and spam filters as they originate from a genuine legitimate email account (albeit one now also controlled by a cyber-criminal) and unless there is anything suspicious within the email in the form of a strange attachment or link, they go completely undetected as they are often on an allow list. This explains why Business Email Compromised (BEC) attacks are so incredibly successful, asking for payments for expected invoices to be made into a ‘new’ bank account, or urgent but plausible invoices that need to be paid ASAP. If the cyber-criminals do their homework and copy previous genuine invoice requests, and maybe add in context chat based on previous emails, there is nothing for most systems or people to pick up on. Only internal processes that flag up BACS payments, change of bank of details or alerts to verify or authenticate can help. Just remember to double-check the telephone number in the email signature before you call, in case you are just calling the criminal. Also, follow the process completely, even if the person you were just about to call has just conveniently sent you an SMS text message to confirm, as SMS can be spoofed. Not all compromised email attacks are asking for money though, many are after user credentials, and contain phishing links or links to legitimate online file sharing services, containing files that then link to malicious websites or phishing links to grant permission to open the file. To give you an idea of the lengths cyber-criminals go to, I’ve received emails from a compromised account, containing a legitimate OneDrive link, containing a PDF with a link to an Azure hosted website, that then reached out to a phishing site. In fact, many compromised attacks are not even on email, as social media is increasingly targeted as well as messaging services or even the humble SMS text message via SIM swap fraud or spoofed mobile numbers. As a high percentage of these are received on mobile devices, many of the standard security defences are not in place, compared to desktop computers and laptops. What is available though are password managers as well as two-factor authentication (2FA) and multi-factor authentication (MFA) solutions which will help protect against phishing links, regardless of the device you use, so long as you train everyone in what to look out for and how they can be abused. One area I believe makes even greater strides in protecting users from phishing and malicious links is to implement technology that defines what not to trust based on the age of a web domain and whether it has been seen before and classified. It really does not matter how good a clone a phishing website is for Office 365 or PayPal if you are blocked from visiting it, because the domain is only hours old or has never been seen before. The choice is taken out of your hands, you still clicked on the link, but now you are taken to a holding page that explains why you are not allowed to access that particular web domain. The system I use called Censornet, does not allow my users to visit any links where the domain is less than 24 hours old, but also blocks access to any domains or subdomains that have not been classified because no one within the global ecosystem has attempted to visit them yet. False positives are automatically classified within 24 hours, or can be released by internal IT admins, so the number of incidents rapidly drops over a short period of time. Many phishing or malicious links are created within hours of the emails being sent, so having an effective way of easily blocking them makes sense. There is also the trend for cyber-criminals to take over the website domain hosting cPanels of small businesses, often through phishing, adding new subdomains for phishing and exploit kits, rather than using spoofed domains. I’ve seen many phishing links over the years pointing to an established brand within the subdomain text of a small hotel. Either way, as these links and subdomains are by their very nature unclassified, the protection automatically covers this scenario too. Other technological solutions at the Domain Name System (DNS) level can also help block IP addresses and domains based on global threat intelligence. Some of these are even free for business use, like Quad9.net and because they are at the DNS level, can be applied to routers and other systems that cannot accept third party security solutions. On mobile devices both Quad9 and Cloudflare offer free apps which involve adding a Virtual Private Network (VPN) profile to your device. Users of public Wi-Fi can be made secure via a VPN, though it’s preferable to have a premium VPN solution on all your user’s mobile devices, as these can be centrally managed and can offer DNS protection as well. Further down the chain of events are solutions like privileged admin rights management and application allow lists. Here, malware is stopped once again because it is not on a trusted list, or allowed to have admin rights. There is also the added benefit that users do not need to know any admin account passwords, so as a result cannot be phished for something they do not know the answer to. Ideally, no users are working with full administrator rights in their everyday activities, as this introduces unnecessary security risks, but can often be overlooked due to work pressures and workarounds. Let’s not forget patch management is also key, because it doesn’t matter how good your security solutions are if they can be bypassed because of a gaping hole via an exploit or vulnerability in another piece of software, whether at the operating system or firmware level, or via an individual application. Sure, no system is perfect and remember there is no such thing as 100% security, which is where the Endpoint Detection and Response (EDR) solutions and Security Information and Event Management (SIEM) solutions come into play. These can help minimize the damage through rapid discovery and remediation, hopefully before the cyber-criminals fully achieve their goals. By harnessing the power of technology to protect us, layering solutions to cover the myriad of ways cyber-criminals constantly attempt to deceive us, we can be confident that emotional and psychological techniques and hooks will not affect technological decisions, as it is a binary choice, either yes or no. The more that we can filter out, makes it less likely that the cyber-criminals will still be able to fool some of the people all the time. This allows security awareness training to focus on threats that technology isn’t as good at stopping, like social engineering tricks and scams. The trick is to spend your budget wisely to cover all the bases and not leave any gaps, which is no easy feat in today’s rapidly changing world.

Read More

Is the CEH v11 Course Worthwhile to Pursue After Windows 11 Update?

Article | September 13, 2021

If you are finding it confusing to decide whether to pursue the CEH v11 course now after the Windows 11 update, then you have certainly landed on the right page. We are here to make things clear to you so that you can make your decision without any hassle. When it comes to Certified Ethical Hacking, it is considered to be one of the most popular testing certifications at present in the industry. It is highly popular because it assists many with complete know-how of the skills that are required for the purpose of white hat hacking. The certified professionals are able to anticipate any kind of cybercrime from before and respond to it proficiently to avert any kind of business damage. In the time of the pandemic, many business organizations have to move to digital platforms to reach their customers without lockdown troubles. This is the reason why investment in the domain of cybersecurity has also gained a wave. Businesses have realized what the value of having their infrastructure cyber resilient is. This shows why the opportunities for skilled experts in the cybersecurity domain are never going to end in the coming future, and pursuing the course of CEH v11 is a great move to follow. To make things more convincing, we are here to help you with the importance the course of Certified Ethical Hacking brings into play and how you must choose the right career path in the respective field. Let’s get started. Ethical Hacking: What It Is To The World? When it comes to ethical hacking, it is acknowledged as the procedure of networks, applications, or smart devices to assess any kind of vulnerabilities if available. This type of assessment assists in reacting quickly and taking the right measures to enhance the cybersecurity of the entire infrastructure. A certified ethical hacker is basically an expert who understands the different vulnerabilities in the system and gets them fixed without any delay. This is done by following the ethical approach so that there is no such problem repeated again in the future. What do You get To Learn From CEH v11 in 2021? With the CEH v11 course, you get to learn 24 exceptional challenges in 4 different levels that include 18 attacking vectors. You get to know about various emerging attackers that include targeted ransomware, File-less malware, API threats, and more. In this course, you also get a complete understanding of different from enumerating techniques that include Telnet, NFS, SMB, IPV6, FTP, and BGP. This course also covers Malware reverse engineering, so you get a complete understanding of Dynamic and static malware assessment. Cloud computing is another prime concept that you get covered in this course, where you learn about Docker, Container Technology, Serverless computing, Kubernetes, Cloud Hacking procedures. CEH v11 also covers a proper understanding of Hacking web applications that includes web shell concepts, Web API. Webhooks, Web API security, and hacking. You also get to learn more about WPA3 Encryption and cracking. It also covers operation technology, side-channel attacks, HMI-based attacks, and more. Why is CEH An Ideal Career Option? Ethical hacking is possessing five phases of different procedures with every single process, including different actions that block any kind of vulnerabilities. With CEH v11 certification, you get a complete understanding of all these phases. These phases are basically divided in the form of network assessment, testing, and various other risk analysis procedures. As the world of technology is growing significantly, so is the risk of cyber-crime. This is the reason why businesses are looking for ethical hacking specialists who can assist them remain protected from all the potential risks. As the dependency on data science is growing across all industries, it is important that we protect the information and digital assets in the best possible way. There is no doubt that hacking is a heinous act, and almost all businesses are aware of the risks associated with it. To get protected from these risks, organizations around the world are in search of professional, ethical hackers who ensure that there is no vulnerability outside their doors. This is why the opportunities in the domain of ethical hacking have increased in the last few years, and there is no reason why you can’t say that pursuing CEH v11 is an ideal career option. Posts Up For Grabs After CEH v11 Course Anyone who is interested in developing their career in ethical hacking, including the following: Security Officer Security Analyst/Administrator Systems Security Engineer Security Manager /Specialist Auditor Security Professional Risk Analyst Vulnerability Analyst Network Administrator System Administrators Network Engineer Job Roles You Might Need To Take Responsibility As Certified Ethical Hackers Security Analyst Manual Ethical hacker Vulnerability Assessment Analyst Cyber Defense Analyst Cybersecurity auditor IT security administrator System security administrator Senior Security Consultant Security audit Network Security Engineer Cybersecurity Analyst Network Engineer SOC Security Analyst Information Security Analyst Warning Analyst InfoSec Security Administrator Benefits of Taking Up CEH v11 Certification To make it even convincing for you, below mentioned are a few of the benefits you avail with CEH v11 certification. Take a look: You are certainly able to open a lot of career opportunities with the respective course. It lets you advance in your career significantly. You get to understand what hackers might do to harm your business, and accordingly, you can take precautions. You get your knowledge related to risks and vulnerabilities improved with the assistance of the respective course. You benefit from a lucrative package in terms of salary as a Certified Ethical Hacker. Lastly, you also get to learn different types of real hacking tools as well. Wrap Up This shows why you must not hesitate and pursue the CEH v11 course even after the latest Windows 11 update. It gives you an edge over the other candidates and lets you have a successful career ahead. Good Luck!

Read More

Spotlight

Zones, Inc

Zones, LLC, is a $2 billion global IT solutions provider committed to helping businesses complete their digital transformation. We do this by partnering with leading technology brands and focusing on four key Solution Environments: Workplace Modernization, Network Optimization, Data Center Transformation, and Security Fortification. As a certified Minority Business Enterprise based in Auburn, WA, with operations in more than 80 countries around the world, we’ve helped companies of all shapes and sizes successfully transition into the digital age. Visit www.zones.com or call (800) 408-9663 to learn more.The company also has a pool of 300 Clinical SAS consultants working with many Pharmaceutical , Medical Devices, CRO and Healthcare Companies.

Events