To get the most out of the site we strongly suggest creating an account with us. Be sure to check the box to indicate you want to get the newsletter. Below you’ll find an archive of the newsletters we’ve sent out in the past.
- Implement a security solution that utilizes application whitelisting technology
- Ensure all programs, including the operating systems, are patched timely
- Disable macros and unused remote access ports
- Complete cyber security training (this is offered free to all PC Matic customers)
Another Medical Facility Targeted By Cyber CriminalsThe University of Maryland Medical Systems (UMMS) suffered a malware attack over the weekend. According to officials, the cyber criminals executed the attack during the early hours of December 9, 2018. Within hours of the malware being installed on the network, employees identified the malicious activity and took systems offline. Fortunately, the quick response meant less than 1% of UMMS devices were infected. In addition to minimal device impact, operations were able to continue with minimal disturbance as well. The exact attack vector, or how the malware crept into the network, remains unclear. It is also unknown what type of malicious software infected the systems. UMMS officials have reported it was not ransomware, and there is no risk of a data breach due to this cyber attack. UMMS, law enforcement, and digital forensics teams are working together to gather as much information as possible. Hopefully, this will lead to answers for those questions that remain unclear.
Firefox Leaves Security Gap Open for Hackers...One of the top used browsers, Firefox, has left a security gap open which hackers and scammers continue to exploit. These cyber criminals are embedding an iframe into various malicious website's source code, which can be exploited on each browser (Chrome, Edge, or Firefox). However, it is how the browser reacts to it that is different.
iframe image provided by ZDNetDue to Firefox's security gap, this iframe will create an infinite loop of "authentication alerts" like what can be seen above. The only way for the user to escape these alerts is to kill the browser. To do so, they would need to end the browsing session within the Task Manager. However, if the user is running Chrome, the pop-up box opens at the tab level of the browser instead of the browser level. Meaning, users may close the tab without interrupting their entire browser session. In Edge, the delay between the iframe and the browser is long enough, so the user may close the tab and/or browser without experiencing the constant loop of the iframe pop-up. Although it remains unclear if/when Firefox will address the vulnerability -- their resolution method will likely replicate one of their competitors.
New Ransomware Attack Targets Chinese UsersA new ransomware variant has infected 100,000 Windows PCs in China by encryption the user's files, then demands 110 yuan ($16 USD) ransom. In addition to the encryption of files, the ransomware also includes an information-stealing component that obtained user credentials for several Chinese online services. Thus far, the attack has not gone global, as the hackers have limited their demographic in a few different ways. First, the hackers are distributing the malware through Chinese-themed apps. Second, they are only receiving ransom payments through a Chinese payment app, WeChat. Unless the ransomware creators used fake IDs to create their WeChat profiles, it is believed authorities will be able to track the cyber criminals down.
Lack of SophisticationLocal Chinese cyber security firms claim the ransomware can be decrypted without paying the ransom because the encryption key is hardcoded in the source code. Some of these cyber security firms have started working on free decrypting tools. It is their hope to release them to the public in the coming days.
But How?Do you know how to do this? The process isn’t too difficult, but it can be time consuming. Many legitimate websites like CoinBase, require an authentication process. You’ll need to register, and provide your banking information for the transfer of funds. Once the authentication process is complete, the transfer and conversion will take place. Again, this takes time. Another method would be to find your nearest bitcoin ATM. This not only allows for instant conversion, but everything remains anonymous as well. However, this comes with a significant price tag, with fees based on geographical areas. You’ll also need to determine which services are provided at the ATM, some offer only the option to buy crypto-currencies, while others allow you to also sell. If you’re like me, and your local bitcoin ATM only allows you to buy bitcoins, for the “small” fee of 12%, you will still need to find a way to send them to the hacker. Now I’m going to stop right there. Why? Because this sounds like a ridiculous amount of work, and you’re not even halfway there! If you pay the ransom demands, you have to wait for the encryption key -- assuming the cyber criminals even give it to you. Then it becomes your job to decrypt all of the files they locked. How about instead of all this, you focus on preventing the ransomware attack and keeping timely data backups.
To actively thwart ransomware, users are encouraged to do the following:
Crytpo-Currencies -- Are they worth the risk?Everything we do comes with risks. It is our job to determine if the rewards outweigh the risks. This is the same philosophy when it comes to digital currencies, like bitcoin or monero. However, the concept of a digital currency is rather new, therefore, our society is still experiencing the learning curve. Although there are benefits of the digital currency, which will be discussed in another blog post, first we want to discuss the risks. Why? Because if we only give the benefits, without listing the top risks, it could prematurely sway individuals into investing into bitcoins, or any other form of digital currencies.
Safeguarding RisksDigital currencies can be stored at various repositories, or through a digital wallet. Either way, it will need to be safeguarded. Therefore, you’re either trusting a repository to keep your digital funds secure, or you must take measures to ensure the security of your digital wallet.
Inconsistent PricingSimilar to the stock market, the price of bitcoin is based on supply and demand. Buyers want to buy low, while sellers want to sell high.
Not Backed by FDICThis is risky for a few different reasons. First, the price fluctuates, similar to the stock market -- so as the pricing valuation changes you could easily lose money. Also, if someone breaches your wallet, or the repository and steals your bitcoin, it is gone. You cannot legally go after the repository or wallet creator for lost funds.
One Typo Creates Major ProblemsBetter triple check that address! Once it’s sent, there’s no turning back. This is pretty self-explanatory. Simply put -- triple check the address you're sending the funds to!
Poor PC Hygiene May Lead to Significant LossIf you store your own digital currencies, how often do you back up your hard drive? Why does it matter? If your system crashes, your funds will be gone. Even some malware is designed to steal your wallet and your funds, therefore using a security solution that deploys an application whitelisting is highly recommended.
Hackers Exploit Crypto-Mining ToolsCrypto-mining tools are often legitimate, meaning they will run on a device without having issues. These software programs are what people use to mine digital currencies, which again, is completely legal if done on machines you own. However, hackers have found alternative ways to use crypto-mining software, beyond its original purpose. According to CNBC, the latest risk includes using the crypto-mining software to steal intellectual property, impersonate employees, and steal user credentials. Since these hackers are using a legitimate software program to execute the malicious activity, it is incredibly difficult to block these threats. However, businesses should never ignore crypto-mining tools running on their network. These software programs are robust and require a significant amount of resources to mine for digital coins. Even if it is a legitimate program -- companies, unless in the digital currency business, should remove mining software immediately.
Indian Call Centers Raided for Fake Virus ScamLast week, 16 fake virus scam call centers in Gurgaon and Noida, India were raided. This led to the arrest of 39 people for allegedly impersonating technical support representatives for companies like Microsoft, Apple, Dell and HP. In the raid, police officers found various pieces of evidence including call scripts, voice recordings, live chats and customer records. This is the second raid in the last two months. The first took place in October, after Microsoft filed complaints about customers falling for fake virus scams. The initial raid led to the arrest of 24 alleged scammers. After the second raid, there were still thousands of victims filing complaints with Microsoft regarding the tech support scam.
It's Progress, But...Not to sound dismal, as this is progress, but there is still a long way to go. Customers still need to be wary of these scams. Just because sixteen call centers were raided, doesn't mean the scam has been extinguished. If you're wondering whether or not a notification is legitimate, please remember Microsoft, or any other tech company will never include a phone number for them to be reached at. Therefore, if a phone number is included, it is often a scam. Also, if you're concerned about potentially being infected with a virus -- please contact your security solution provider. It is their job to protect your device. They will either confirm it's a scam or determine how the virus wormed past their protection. You are paying them after all -- use their resources!
Ransomware Damages Increase to $20B in Three YearsIf we look at cyber crime, as a business instead of the crime that it is, we may begin to understand it a bit better. This "business" is booming, and there's no end in sight. Why? Because society worldwide is making it profitable. Any business that is turning over a profit, will continue to run. Not only is cyber crime profitable, but the damages for ransomware alone are expected to reach $20 billion over the next three years.
What can society do to extinguish cyber crime?Stop making the "company" profitable. Instead, understand these are criminals you're making deals with. By paying the ransom you're not only putting yourself at risk for future attacks, but there is also no guarantee they will decrypt the files they've locked. As long as they're still making money, cyber criminals will stay in business. In addition to no longer paying the ransoms, users need to understand what their security solution covers and does not protect against. They should also understand if their current solution is using a blacklist model for malware prevention, or an application whitelisting technology. For businesses with cyber security insurance, it's imperative you also understand what the policy covers. Lastly, timely backup processes are critical.
The RecapTo stop cyber crime, we have to stop making it profitable. This means, no longer paying ransom demands, switching cyber security focus to emphasize prevention instead of reactive remediation, and ensuring timely system and file backups.
208 total views, 1 views today
About The Pit Crew
PC Pitstop's Pit Crew is committed to providing you with the information you need to keep your PC safe and running like new.