Monday, October 28, 2019

Browser Update Warnings May Actually Be Malicious Hackers

Researchers at FireEye have recently unearthed a particularly nasty new campaign that is both multi-faceted and dangerous.

At the heart of the attack are hacked websites which display seemingly innocuous popup message informing the site visitor that their browser is out of date.

It will helpfully provide a one-touch solution to the non-existent problem via a button that promises to download the latest version of the browser in question.

Naturally, it does no such thing.  Instead, it uses a series of JavaScripts to gather information about the target computer and send the details back to the command and control server.

The server then responds to the findings reported by the initial script by uploading the initial payload.  This varies based on the details gleaned, but generally includes some type of banking trojan malware and a backdoor such as Dridex, NetSupport Manager RAT, or similar.  If the initial scan reveals that the target computer is part of a corporate network, then an additional payload is also injected onto the target machine, but we'll get to that in a moment.

The first part of the payload will busily ferret out login credentials and other sensitive information, exfiltrating any files of value back to the command and control server.

Only when this operation has been completed and if the computer is part of a corporate network will the second stage we referenced earlier trigger, which is a strain of ransomware, normally BitPaymer or DoppelPaymer. The ransomware spreads through the network as far as it is able, encrypting files network wide.

These two ransomware strains are known for their hefty ransom demands, which often run into the hundreds of thousands, or even millions of dollars.

This multi-stage approach is dreadfully effective.  It not only allows the hackers to squeeze a wide range of sensitive data from infected systems, but then, locks them down hard and demands a hefty payment.  Be sure your staff is aware.  This one's about as dangerous as they come.

Nowadays, whether you own a startup or established company, you need to be cautious, aware, and proactive when it comes to online security. Let SpartanTec Inc. in Greenville help you secure your computers and networks against various types of online threats. 


SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914


Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer

Thursday, October 17, 2019

NASA Suffers Data Breach With Device Connected To Network

Not even NASA is immune to hacking.  Recently, the American space agency announced that they traced a breach back to April of 2018.

That was when a group described as an APT (Advanced, Persistent Threat) breached the Jet Propulsion Laboratory's network via a 'Raspberry-Pi' device that was improperly connected to the network.

The hackers made off with more than 500MB worth of data in 23 files. Two of the files contained sensitive information relating to international Traffic in Arms Regulations relating to the Mars Science Laboratory mission.

According to investigators, the reason the hackers were able to burrow so deeply into the agency's networks from a third-party device was that the agency did not have their network properly segmented.  Once the hackers gained access, they could go pretty much anywhere they wanted.

"We also found that security problem log tickets, created in the TISB when a potential or actual IT system security vulnerability is identified, were not resolved for extended periods of time - sometimes longer than 18 days."  The investigators from the OIG said.

Late last year, the US Department of Justice charged a pair of Chinese nationals for hacking cloud providers, the US Navy, and NASA.  The DOJ's filings identified the pair as part of one of the Chinese government's elite hacking corps known as APT10.

Given that, it is entirely possible that APT10 was behind the Raspberry Pi incident.  They certainly have the skills, means and motive. Especially given Chinese interest in US technology in general and their recent big push for space exploration.
Clearly, NASA has some work to do to shore up their security, and the hope is that now that these events have come to light, the agency will take decisive steps to do just that.  Good luck, NASA.

SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914


Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer

Tuesday, October 15, 2019

Google Adds Several New Password Features To Help Users

Google is taking additional steps to provide a safer and more secure environment for their massive user base.  Chrome is the most widely used browser in the world. In recent months, Google has made moves to provide better password security. Most recently, they released a Chrome Extension called Password Checkup that scans all of your stored login credentials to see if they've been found in data breaches. If they have been breached, it prompts you to change them.

As good and helpful as that is, the company has taken an additional step and has now integrated the Password Checkup tool directly into Google's Password Manager.

Here's how it works:
  • Open your Google Password Manager, which you can access via https://passwords.google.com.
  • When the page displays, you'll see a new link labelled "Check Passwords." Click that.
  • Google will then proceed to check your stored login credentials to see:
    • If any of your passwords have been exposed via a third-party data breach
    • If the password in question is being reused among multiple sites
    • Assess the relative strength of all of your stored passwords.
Once this check is complete, it will display the results in different categories that show you exactly which passwords are at risk, and why they were flagged.  From there, you'll be able to change any problematic passwords and re-run the check to give yourself a clean bill of health.

This is a fantastic move, but the company isn't stopping there.  Ultimately, the company plans to have Chrome automatically alert you when your saved passwords were discovered in a breach and allow you to act immediately to change them and keep your accounts safe.

When the plan is fully realized, Google's password security feature built into Chrome will rival the capabilities of many paid password management offerings, and that's a very good thing indeed.
Kudos to Google for raising the bar.

Online security is an integral part of any company these days. If Google is taking steps to help their users secure their passwords, you should also do you part. Call SpartanTec Inc. now if you want to know how to keep your personal or business information secure.

SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914


Tuesday, October 1, 2019

LastPass User Credentials May Have Been Exposed To Hackers


Do you use the password manager LastPass?  If so, you're certainly not alone.  In recent years it has seen its popularity surge and has grown to become the most popular app of its type on the web.

Unfortunately, last month, Tavis Ormandy (part of Google's Project Zero team) discovered a critical flaw in the app's design that allowed some user data to be compromised.

Having said that, there are a couple of important caveats:

First, the bug only appears for Chrome and Opera browser extensions.  Second, the only credentials revealed are the ones for the last site you visited, so this bug does not expose all the passwords that LastPass saves and manages for you.

Even so, it's a critical bug and the company moved swiftly to patch the issue.  If you download the latest build as soon as you finish reading this article, you won't have any issues.

It should also be noted that since Google found and reported the issue, and since LastPass moved so quickly to resolve it, there's no indication that this issue was exploited by hackers in the wild.  Even so, it doesn't pay to take chances, so if you're a LastPass user and it's been a while since you updated, the time to do so is now while it's still fresh in your mind.

The worst thing you could do would be to abandon the password gate because of a bug that has already been fixed.  Unfortunately, this isn't the first, and won't be the last issue of this type to impact LastPass and other password protection services.  Even though that's true, you're much more secure using them than not.  If you're not currently using LastPass or some other password manager, you should strongly consider doing so.  It's a simple way to take your online security to the next level

Keeping up with all the possible problems that arise with email and passwords it almost an impossibility for business owners/managers. SpartanTec Inc is here to help with training your employees on how to stay safe, creating internal standards for handling emails and monitoring your data to ensure it stays safe.

Don’t let online threats be the downfall of your business. Email & Spam Protection from SpartanTec, Inc. assures your email is working to benefit your company, and not leaving you vulnerable to security problems.

SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914



Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer