Cart

!

Blog

Category: Security Services

MICROSOFT HELPS FIXING DESKTOP FLAWS FOR WINDOWS 10

In response to escalating cyber threats, Microsoft has taken proactive steps by releasing new patches to address critical vulnerabilities in Windows 10.

These updates are particularly aimed at mitigating risks associated with wormable vulnerabilities, which have been a growing concern for users and the Microsoft Security Response Centre (MSRC).

The Nature of Previous Hacker Attacks

Attackers, exploiting these vulnerabilities, previously targeted unpatched Windows systems through the Remote Desktop Protocol (RDP). They sent specially crafted requests to the remote service of these systems.

Upon successful exploitation, they gained the ability to modify, view, or delete data and could even create new user accounts with full user or administrative rights.

Microsoft

Microsoft's Response to the New Patch

Acknowledging the severity of these issues, Microsoft has released a patch to counteract two significant flaws. Emphasizing the urgency, they stated, “Users are urged to patch” to enhance their device’s security.

By applying these patches, users can safeguard their devices from potential attacks, protecting their data from unauthorized access and exposure.

The Significance of This Patch

The release of this patch demonstrates Microsoft’s commitment to cybersecurity and its ongoing efforts to protect Windows 10 users from emerging threats.

It is an essential step in fortifying the security infrastructure of Windows 10 against sophisticated cyber-attacks.

Addressing Previous Vulnerabilities: The Case of BlueKeep

Three months ago, Microsoft addressed a flaw known as BlueKeep. This vulnerability posed a significant threat as it allowed threat actors to create malware that could spread across Windows devices running vulnerable RDS installations. The patching of BlueKeep was a critical move in preventing the widespread exploitation of Windows systems.

Bluekeep Attacks

Conclusion

Microsoft’s continuous efforts to release patches for Windows 10 are crucial in the battle against cyber threats. These updates not only enhance the security of individual systems but also contribute to the overall safety of the digital ecosystem.

Frequently Asked Question

Q1.What should Windows 10 users do in response to these patches?

Windows 10 users should immediately apply these patches to protect their systems from vulnerabilities.

Q2.How do these vulnerabilities affect users?

They allow attackers to access and modify data, create new accounts, and potentially take control of the system.

Q3.Are these patches a response to a specific threat?

Yes, they address specific wormable vulnerabilities that pose significant security risks.

Q4.What was the BlueKeep flaw?

BlueKeep was a vulnerability that allowed malware to propagate across Windows devices with vulnerable RDS installations.

Comodo Threat Research Lab uncovers new trick used by hackers to attack enterprises  

In the ever-evolving world of cybersecurity, staying one step ahead of cybercriminals is of paramount importance. This month, the Comodo Threat Research Lab made a significant discovery that has the potential to reshape how enterprises view their email security.

A New Wave of Phishing Attacks

A different type of phishing email attack targeting enterprises using SWIFT monetary messaging services was discovered this month by Comodo Threat Research Lab. For those unfamiliar, SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging forces are employed by approximately 11,00 banking, business clients, and safety organizations

However, what’s alarming is the new method cybercriminals are employing. They are now targeting enterprises by sending phishing emails and planting malware directly in their inboxes.

These emails come with attachments, and the attackers cunningly direct the recipient to open the add-on to retrieve information about the amount that has been transferred to their chosen account.

But here’s the catch: the add-on is not what it seems. Instead of providing transaction details, it contains malware (Trojan.JAVA.AdwindRAT), which, once opened, infiltrates the user’s system.

Malicious files to establish a connection with a domain in a covertly encrypted network.

The Malware's Capabilities

Comodo has issued a stern warning regarding this malware’s capabilities. Not only can it disable the Windows restore option and the User Account Control, but it also functions as a cyber spy. This allows attackers to monitor the system and access detailed information about the enterprise network and its endpoints.

Comodo has issued a stern warning regarding this malware’s capabilities. Not only can it disable the Windows restore option and the User Account Control, but it also functions as a cyber spy. This allows attackers to monitor the system and access detailed information about the enterprise network and its endpoints.

Once the attackers have this wealth of information, they can introduce additional malware into the system, aiming to steal some of the organization’s most confidential data.

Hackers are essentially hiding in plain sight

The Psychology Behind the Attack

Comodo posits an interesting theory behind the hackers’ choice of using SWIFT systems. It’s all about human psychology. The excitement and arousal associated with money, especially concerning bank account transactions, make individuals more susceptible. By leveraging this, hackers are essentially hiding in plain sight, counting on human emotions to drive their malicious agenda.

Protection Against Such Attacks

For those seeking to fortify their defenses against such sophisticated attacks, Ideastack offers a VPS server with comprehensive protection for all system servers. Ensuring your systems are equipped with the latest security measures is the first step in safeguarding your enterprise’s valuable data.

Conclusion

In the digital age, the threat landscape is constantly shifting. With hackers employing ever more sophisticated methods, enterprises must stay informed and proactive. Thanks to institutions like Comodo Threat Research Lab, we can gain insights into these threats and take the necessary precautions. Remember, in cybersecurity, knowledge is the best defense.

Frequently Asked Questions

Q1. What is the new phishing attack discovered by Comodo?

Comodo has discovered a phishing email attack targeting enterprises using SWIFT monetary messaging services. The attackers send emails with malicious attachments, misleading recipients into opening them, which then releases malware into their systems.

Q2. How does the Trojan. JAVA.AdwindRAT malware function?

Once inside a system, the malware can evolve, enter the registry, spawn processes, and even attempt to disable antivirus and anti-adware processes. It also drops malicious files to connect with a covertly encrypted domain.

Q3. How can enterprises protect themselves from such attacks?

Enterprises can consider solutions like Ideastack’s VPS server, which offers comprehensive protection for all system servers. Regular updates, employee training, and staying informed about the latest threats are also crucial.

Slingshot malware attacking router-connected devices since 2012 without detection 

In a digital age where most of our life revolves around internet connectivity, ensuring the security of our devices is paramount. Yet, amidst the plethora of malware threats lurking in the cyber world, one has managed to remain discreetly aggressive. Known as Slingshot, this malware has been attacking router-connected devices since 2012 without detection. And what’s more alarming? It’s been doing so right under our noses.

The Stealthy Operations of Slingshot

Recently, a team of vigilant researchers from Kaspersky Lab made a startling discovery. They exposed a malicious loader named Slingshot, which, unbeknownst to many, has been rigorously targeting users through routers for the past six years. One could say that this cyber threat was hiding in plain sight, and it took the acute observation of these researchers to bring its activities to light.

So, how did Slingshot manage to operate so covertly? The answer lies in its ingenious infection method.

Routers, by nature, download and operate numerous DLL (dynamic link library) files from devices. Malicious actors, exploiting this routine operation, cunningly inserted a malevolent DLL amidst a package of legitimate DLLs. This rogue DLL then interacts with connected devices, specifically targeting their memory.

Slingshot Malware: The Stealthy Operations of Slingshot

This vulnerability was particularly evident in routers manufactured by MikroTik. Customers using MikroTik routers would often utilize the WinBox Loader software for seamless connectivity. When activated, this software connects the device to an isolated server, setting the stage for the Slingshot malware’s downloading spree.

The Modules: Canada and GollumApp

Researchers have pinpointed two main components of Slingshot: Canada and GollumApp.

Canada is a kernel mode module granting the attacker unfettered control over the compromised computer. The module’s design is such that it can execute malicious code without causing the dreaded blue screen.

On the other hand, GollumApp functions in user mode and boasts an impressive arsenal of around 1500 user-code functions. Through this module, Slingshot becomes capable of harvesting screenshots, keyboard and network data, passwords, and even monitoring desktop activities.

Slingshot Malware: The Evasive Nature of Slingshot

The Evasive Nature of Slingshot

But what truly makes Slingshot a formidable opponent is its uncanny ability to evade detection. Slingshot’s designers have incorporated mechanisms that allow it to shut down its components when forensic research is sensed. Moreover, as highlighted by the researchers at Kaspersky, “Slingshot uses its encrypted file system on an unused part of a hard drive.” Such sophisticated features indicate that Slingshot isn’t the handiwork of amateurs; instead, it is a product of extensive resources, time, and effort.

Conclusion

The world of cybersecurity is in a constant state of flux. As professionals at Ideastack, we understand the critical need to stay ahead of threats like Slingshot. This particular malware’s intricate design and evasive maneuvers further underscore the ever-evolving nature of cyber threats. With malware becoming more sophisticated by the day, it’s a stark reminder of the importance of proactive cybersecurity measures.

Frequently Asked Questions

Q1. What is the Slingshot malware?

Slingshot is a sophisticated malware discovered by researchers from Kaspersky Lab, known for targeting router-connected devices since 2012 without being detected.

Q2. How does Slingshot infect devices?

Slingshot exploits the routine downloading of DLL files by routers, inserting malicious DLLs which then interact and compromise connected devices.

Q3. Why is Slingshot considered so dangerous?

Beyond its discreet operation, Slingshot can evade detection, shut down its components when forensic activities are detected, and use an encrypted file system on an unused hard drive part.

Petya/Petwrap ransomware

The evolving digital landscape has brought numerous benefits, from connecting distant corners of the globe to providing instant information access. However, it has also introduced us to challenges and threats, with ransomware being one of the most formidable. Among various ransomware families, Petya, also known as Petwrap, stands out for its unique mechanism and devastating impacts.

Affected Countries

The countries included in the list include the UK, Ukraine, India, The Netherlands, Spain, and Denmark.

Behavior

1. Infection Vector:

Typically, Petya spreads through malicious email attachments. Once the user downloads and executes the file, the infection begins.

2. Master Boot Record (MBR) Attack

Upon infection, Petya overwrites the MBR. This tactic is particularly malicious as it prevents the computer from loading its operating system.

3. Ransom Note Display

Instead of the usual OS loading screen, victims are greeted with a skull logo followed by a ransom note demanding payment in exchange for a decryption key.

Petya/Petwrap Ransomware: Master Boot Record

4. Encryption

Using the Salsa20 algorithm, Petya encrypts the master file table. This makes it nearly impossible for victims to access their files without the specific decryption key.

Actions to be taken

1. Block source E-mail address

[email protected]

2. Block domains

http://mischapuk6hyrn72.onion/

http://petya3jxfp2f7g3i.onion/

http://petya3jxfp2f7g3i.onion/

http://mischa5xyix2mrhd.onion/MZ2MMJ

http://mischapuk6hyrn72.onion/MZ2MMJ

http://petya3jxfp2f7g3i.onion/MZ2MMJ

http://petya3sen7dyko2n.onion/MZ2MMJ

http://benkow.cc/71b6a493388e7d0b40c83ce903bc6b04.bin COFFEINOFFICE.XYZ

3. Block IPs

95.141.115.108

185.165.29.78

84.200.16.242

111.90.139.247

4. Apply patches

Refer(in Russian): https://habrahabr.ru/post/331762/

Petya/Petwrap Ransomware: Encryption

5. Disable SMBv1

6. Update Anti-Virus hashes

a809a63bc5e31670ff117d838522dec433f74bee
bec678164cedea578a7aff4589018fa41551c27f
d5bf3f100e7dbcc434d7c58ebf64052329a60fc2
aba7aa41057c8a6b184ba5776c20f7e8fc97c657
0ff07caedad54c9b65e5873ac2d81b3126754aac
51eafbb626103765d3aedfd098b94d0e77de1196
078de2dc59ce59f503c63bd61f1ef8353dc7cf5f
7ca37b86f4acc702f108449c391dd2485b5ca18c
2bc182f04b935c7e358ed9c9e6df09ae6af47168
1b83c00143a1bb2bf16b46c01f36d53fb66f82b5
82920a2ad0138a2a8efc744ae5849c6dde6b435d
myguy.xls

BCA9D6.exe 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FB

Conclusion

Ransomware threats like Petya/Petwrap underscore the importance of robust cybersecurity measures in today’s interconnected world. As cybercriminals grow more sophisticated, awareness and preparedness become our most potent weapons. Stay informed, stay vigilant, and always prioritize the safety of your digital realms.

For more details visit Ideastack.

Frequently Asked Questions

1. Is it advisable to pay the ransom if infected by Petya/Petwrap?

Ransomware threats like Petya/Petwrap underscore the importance of robust cybersecurity measures in today’s interconnected world. As cybercriminals grow more sophisticated, awareness and preparedness become our most potent weapons. Stay informed, stay vigilant, and always prioritize the safety of your digital realms.

2. Can encrypted files be recovered without the decryption key?

It depends on the ransomware variant and the encryption strength. For some older versions of Petya, tools have been developed to decrypt files. However, it’s always best to consult with cybersecurity professionals in the event of an infection.

3. How did Petya/Petwrap become so widespread?

One of the reasons for Petya’s rapid dissemination was its use of the EternalBlue exploit, believed to have been developed by the U.S. National Security Agency (NSA). This exploit took advantage of a Windows vulnerability, allowing the ransomware to spread quickly.

Everything You Need To Know About Encryption

In today’s interconnected world, encryption serves as the cornerstone of digital security. Whether it’s about protecting your messages or safeguarding critical business data, encryption plays a pivotal role. This article will delve into the nuances of encryption, its types, and why it is indispensable for data security.

Why Is Encryption Crucial for Internet Usage

What is Encryption?

Encryption is the cryptographic technique that converts readable data, often referred to as “plaintext,” into a coded version known as “ciphertext.” Only those possessing the corresponding decryption key can revert this ciphertext into its original, readable format.

Why Is Encryption Crucial for Internet Usage?

As Internet users, we are continually sending and receiving data—passwords, credit card numbers, and other sensitive information. Encryption ensures that this data remains confidential and secure when transmitted between your browser and a server.

Applications in Organizations and Personal Devices

It’s not just websites and servers that benefit from encryption. Many organizations and individuals rely on it to protect sensitive data stored on various devices, including computers, servers, and mobile phones. This stored data could range from customer information to strategic business plans.

Symmetric Vs. Asymmetric Encryption

Two main types of encryption exist: symmetric and asymmetric. Symmetric encryption is generally quicker but necessitates the secure exchange of the encryption key between both parties. On the other hand, asymmetric encryption eliminates the need to exchange keys but is generally slower.

Benefits of Encryption

Encryption is not just about obscuring data. It offers numerous other benefits such as

Authentication

Confirms the origin of a message.

Integrity

Ensures the content hasn’t been altered during transmission.

Nonrepudiation

This makes it impossible for the sender to deny sending the message.

Symmetric Vs. Asymmetric Encryption

Conclusion

Encryption is the process of converting data into a coded form to ensure its security. It is crucial for internet usage and the protection of sensitive information. Encryption uses algorithms and keys to transform data into ciphertext and vice versa. There are two types: symmetric (faster but requires key exchange) and asymmetric (slower but eliminates key exchange). Encryption offers benefits like authentication, integrity, and nonrepudiation. For more information, visit Ideastack.

Frequently Asked Questions

Q1. What is the main purpose of encryption?

The primary purpose is to secure data by converting it into an unreadable format, decipherable only by someone with the appropriate decryption key.

Q2. How do symmetric and asymmetric encryption differ?

Symmetric encryption uses the same key for both encryption and decryption, while asymmetric uses different keys for each process.

Q3. How does encryption contribute to data integrity?

Through encryption, one can ensure that data remains unaltered during transmission, thus maintaining its integrity.