Tag: malware

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Government of Nunavut Slowly Recovers from Ransomware Attack

Government of Nunavut Slowly Recovers from Ransomware Attack

Information Security, News
Government of Nunavut Slowly Recovers from Ransomware Attack The Government of Nunavut in northern Canada is slowly recovering nearly two weeks after its computer systems were crippled by a ransomware attack. The ransomware attack on the Government of Nunavut showed that this type of cyber-attack isn’t going away and organizations need to be prepared in preventing and mitigating this attack. Last November 3, the Government of Nunavut disclosed that on November 2 of this year a “new and sophisticated type of ransomware” blocked government workers from accessing files on various servers and workstations. Ransomware is a type of malicious software (malware) that encrypts data, turning data into code and demands a ransom payment from victims in exchange for the decryption keys that would unlock the encrypted data. As a result…
Read More
Computers in a European Airport Found to be Infected with Crypto Mining Malware

Computers in a European Airport Found to be Infected with Crypto Mining Malware

Information Security, News
Computers in a European Airport Found to be Infected with Crypto Mining Malware Researchers at Cyberbit disclosed that they have discovered a crypto mining malware that infected 50% of the workstations in one of the international airports in Europe despite the fact that these workstations were equipped with industry standard antivirus. This latest cyber incident at one of the international airports in Europe shows that antivirus solution isn’t enough to shield organizations from malicious software (malware). Malicious Activities According to the researchers at Cyberbit, the malware was detected based on the suspicious use of the following: PAExec tool and Reflective DLL Loading. PAExec PAExec is a redistributable version of Microsoft’s PSExec that enables a user to launch Windows programs on remote Windows computers without the need of installing first the…
Read More
What Is Malware & How to Prevent or Mitigate Its Effects

What Is Malware & How to Prevent or Mitigate Its Effects

Information Security, IT Support
What Is Malware & How to Prevent or Mitigate Its Effects In today’s interconnected world, malware, short for malicious software, is wreaking havoc, affecting not just large organizations but also medium and small-sized organizations. What Is a Malware? Malware, which stands for malicious software, is a code – set of instructions which are executed by a computer – that’s designed to facilitate malicious activities such as gaining unauthorized access to a network, stealing data or damaging systems operation. A malware typically goes through the following process: First, the computer user authorizes, such as by clicking a malicious link or malicious attachment in an email, and/or is using a vulnerable software that allows the downloading and installation of the malicious code.  Second, once a computer is infected with malware, the malware…
Read More
Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows

Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows

Information Security, IT Support
Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows Microsoft is advising Windows users, including users of modern versions of Windows, to apply the recently released security update as this latest update fixes 2 wormable vulnerabilities. What Is Wormable Vulnerability? Wormable vulnerability refers to a security vulnerability in which future malicious software (malware) that exploits this vulnerability could spread from vulnerable computer to vulnerable computer without user interaction, specifically replicating itself in order to spread to other computers. CVE-2019-1181 and CVE-2019-1182are the 2 wormable vulnerabilities that Microsoft fixed in its latest update. Both security vulnerabilities CVE-2019-1181 and CVE-2019-1182 allow an attacker to send a specially crafted request to the target Windows systems via Remote Desktop Protocol (RDP) – a proprietary protocol developed by Microsoft, allowing a user to connect…
Read More
Compromised VoIP Phones: New Path to Intrusion

Compromised VoIP Phones: New Path to Intrusion

Security, VoIP
Compromised VoIP Phones: New Path to Intrusion Security researchers at Microsoft Threat Intelligence Center disclosed that they discovered an infrastructure of a known cyber adversary that used the popular office IoT Voice over Internet Protocol (VoIP) as a new path to gain initial access to corporate networks. Researchers at Microsoft Threat Intelligence Center (MSTIC)reported that in April this year, the threat group known as “STRONTIUM” compromised 3 popular office IoT devices, VOIP phone, office printer and video decoder, across multiple customer locations to gain initial access to corporate networks. The researchers found that the said IoT devices were either compromised because the latest security update hadn’t been applied or the default manufacturer’s login details hadn’t been changed. Once the threat group gained initial access to the corporate network via these…
Read More
Canadian Centre for Cyber Security Warns the Public Against Fileless Malware

Canadian Centre for Cyber Security Warns the Public Against Fileless Malware

Information Security, IT Support
Canadian Centre for Cyber Security Warns the Public Against Fileless Malware The Canadian Centre for Cyber Security recently released an advisory warning the public of the growing fileless malware campaigns affecting Microsoft Windows users. What Is Fileless Malware? A fileless malware is a malicious software that was first observed in the wild in the early 2000s. According to the Canadian Centre for Cyber Security, fileless malware “remains popular method of attack by cyber adversaries”. The Cyber Centre said fileless malware is a popular method of attack by malicious actors because of its “low observable characteristics”. Ordinary anti-virus or anti-malware solutions have difficulty detecting fileless malware as this type of malware takes advantage of legitimate software programs to cover-up its malicious activity. It’s also hard for ordinary anti-virus or anti-malware solutions…
Read More
50,000 MS-SQL and PHPMyAdmin Servers Infected with Cryptocurrency Mining Malware, Researchers Found

50,000 MS-SQL and PHPMyAdmin Servers Infected with Cryptocurrency Mining Malware, Researchers Found

Information Security, News, Servers
50,000 MS-SQL and PHPMyAdmin Servers Infected with Cryptocurrency Mining Malware, Researchers Found Researchers at Guardicore revealed that 50,000 Microsoft SQL and PHPMyAdmin servers from different parts of the world and belonging to companies in the healthcare, telecommunications, media and IT sectors had been compromised and infected with a cryptocurrency mining malware – malicious software that secretly uses someone else’s computer for cryptocurrency mining. Cryptocurrency mining performs a dual function: first, for approving transactions, and second, for releasing new cryptocurrency into circulation. In many countries, cryptocurrency mining isn’t illegal. In countries where cryptocurrency mining is allowed, cryptocurrency mining is only illegal when this is done without the explicit permission from the computer owner – an act known as cryptojacking. In 2017, during the unprecedented rise of cryptocurrency prices, especially the top…
Read More
How to Stop the Costliest & Destructive Malware Emotet

How to Stop the Costliest & Destructive Malware Emotet

Information Security
How to Stop the Costliest & Destructive Malware Emotet In the history of malicious software (malware) development, the malware called “Emotet” has emerged to be among the most costly and destructive. According to the United States Computer Emergency Readiness Team (US-CERT), Emotet costs the U.S. state, local, tribal, and territorial (SLTT) governments up to $1 million per incident to clean up. Emotet victims are, however, not limited to the U.S. territory alone as this malware targets everyone regardless of location and affecting both in the private and public sectors. What is Emotet? How It Works? Emotet is a malware that was first detected by Trend Microin June 2014. Emotet first appeared as a banking trojan – a malware that’s designed to steal critical information stored or processed through online banking…
Read More
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

Information Security, IT Support
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc In 2018, publicly known security vulnerabilities continued to be exploited by cyber criminals. One of these known security vulnerabilities is WannaCry, a malicious software (malware) thought to be “old news”, but still continues to hunt for its next victim. What Is WannaCry? WannaCry is known for infecting more than 300,000 computers in 150 countries in less than 24 hours on May 12, 2017. WannaCry attackers infiltrated these hundreds of thousands of computers by using EternalBlue – referring to both the software vulnerability in Microsoft's Windows operating system and the exploit believed to be developed by the U.S. National Security Agency (NSA). Just a few days before the May 16thWannaCry attack, that is, on April 14, 2017, the EternalBlue exploit…
Read More

Tag: malware

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Government of Nunavut Slowly Recovers from Ransomware Attack

Government of Nunavut Slowly Recovers from Ransomware Attack

Information Security, News
Government of Nunavut Slowly Recovers from Ransomware Attack The Government of Nunavut in northern Canada is slowly recovering nearly two weeks after its computer systems were crippled by a ransomware attack. The ransomware attack on the Government of Nunavut showed that this type of cyber-attack isn’t going away and organizations need to be prepared in preventing and mitigating this attack. Last November 3, the Government of Nunavut disclosed that on November 2 of this year a “new and sophisticated type of ransomware” blocked government workers from accessing files on various servers and workstations. Ransomware is a type of malicious software (malware) that encrypts data, turning data into code and demands a ransom payment from victims in exchange for the decryption keys that would unlock the encrypted data. As a result…
Read More
Computers in a European Airport Found to be Infected with Crypto Mining Malware

Computers in a European Airport Found to be Infected with Crypto Mining Malware

Information Security, News
Computers in a European Airport Found to be Infected with Crypto Mining Malware Researchers at Cyberbit disclosed that they have discovered a crypto mining malware that infected 50% of the workstations in one of the international airports in Europe despite the fact that these workstations were equipped with industry standard antivirus. This latest cyber incident at one of the international airports in Europe shows that antivirus solution isn’t enough to shield organizations from malicious software (malware). Malicious Activities According to the researchers at Cyberbit, the malware was detected based on the suspicious use of the following: PAExec tool and Reflective DLL Loading. PAExec PAExec is a redistributable version of Microsoft’s PSExec that enables a user to launch Windows programs on remote Windows computers without the need of installing first the…
Read More
What Is Malware & How to Prevent or Mitigate Its Effects

What Is Malware & How to Prevent or Mitigate Its Effects

Information Security, IT Support
What Is Malware & How to Prevent or Mitigate Its Effects In today’s interconnected world, malware, short for malicious software, is wreaking havoc, affecting not just large organizations but also medium and small-sized organizations. What Is a Malware? Malware, which stands for malicious software, is a code – set of instructions which are executed by a computer – that’s designed to facilitate malicious activities such as gaining unauthorized access to a network, stealing data or damaging systems operation. A malware typically goes through the following process: First, the computer user authorizes, such as by clicking a malicious link or malicious attachment in an email, and/or is using a vulnerable software that allows the downloading and installation of the malicious code.  Second, once a computer is infected with malware, the malware…
Read More
Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows

Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows

Information Security, IT Support
Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows Microsoft is advising Windows users, including users of modern versions of Windows, to apply the recently released security update as this latest update fixes 2 wormable vulnerabilities. What Is Wormable Vulnerability? Wormable vulnerability refers to a security vulnerability in which future malicious software (malware) that exploits this vulnerability could spread from vulnerable computer to vulnerable computer without user interaction, specifically replicating itself in order to spread to other computers. CVE-2019-1181 and CVE-2019-1182are the 2 wormable vulnerabilities that Microsoft fixed in its latest update. Both security vulnerabilities CVE-2019-1181 and CVE-2019-1182 allow an attacker to send a specially crafted request to the target Windows systems via Remote Desktop Protocol (RDP) – a proprietary protocol developed by Microsoft, allowing a user to connect…
Read More
Compromised VoIP Phones: New Path to Intrusion

Compromised VoIP Phones: New Path to Intrusion

Security, VoIP
Compromised VoIP Phones: New Path to Intrusion Security researchers at Microsoft Threat Intelligence Center disclosed that they discovered an infrastructure of a known cyber adversary that used the popular office IoT Voice over Internet Protocol (VoIP) as a new path to gain initial access to corporate networks. Researchers at Microsoft Threat Intelligence Center (MSTIC)reported that in April this year, the threat group known as “STRONTIUM” compromised 3 popular office IoT devices, VOIP phone, office printer and video decoder, across multiple customer locations to gain initial access to corporate networks. The researchers found that the said IoT devices were either compromised because the latest security update hadn’t been applied or the default manufacturer’s login details hadn’t been changed. Once the threat group gained initial access to the corporate network via these…
Read More
Canadian Centre for Cyber Security Warns the Public Against Fileless Malware

Canadian Centre for Cyber Security Warns the Public Against Fileless Malware

Information Security, IT Support
Canadian Centre for Cyber Security Warns the Public Against Fileless Malware The Canadian Centre for Cyber Security recently released an advisory warning the public of the growing fileless malware campaigns affecting Microsoft Windows users. What Is Fileless Malware? A fileless malware is a malicious software that was first observed in the wild in the early 2000s. According to the Canadian Centre for Cyber Security, fileless malware “remains popular method of attack by cyber adversaries”. The Cyber Centre said fileless malware is a popular method of attack by malicious actors because of its “low observable characteristics”. Ordinary anti-virus or anti-malware solutions have difficulty detecting fileless malware as this type of malware takes advantage of legitimate software programs to cover-up its malicious activity. It’s also hard for ordinary anti-virus or anti-malware solutions…
Read More
50,000 MS-SQL and PHPMyAdmin Servers Infected with Cryptocurrency Mining Malware, Researchers Found

50,000 MS-SQL and PHPMyAdmin Servers Infected with Cryptocurrency Mining Malware, Researchers Found

Information Security, News, Servers
50,000 MS-SQL and PHPMyAdmin Servers Infected with Cryptocurrency Mining Malware, Researchers Found Researchers at Guardicore revealed that 50,000 Microsoft SQL and PHPMyAdmin servers from different parts of the world and belonging to companies in the healthcare, telecommunications, media and IT sectors had been compromised and infected with a cryptocurrency mining malware – malicious software that secretly uses someone else’s computer for cryptocurrency mining. Cryptocurrency mining performs a dual function: first, for approving transactions, and second, for releasing new cryptocurrency into circulation. In many countries, cryptocurrency mining isn’t illegal. In countries where cryptocurrency mining is allowed, cryptocurrency mining is only illegal when this is done without the explicit permission from the computer owner – an act known as cryptojacking. In 2017, during the unprecedented rise of cryptocurrency prices, especially the top…
Read More
How to Stop the Costliest & Destructive Malware Emotet

How to Stop the Costliest & Destructive Malware Emotet

Information Security
How to Stop the Costliest & Destructive Malware Emotet In the history of malicious software (malware) development, the malware called “Emotet” has emerged to be among the most costly and destructive. According to the United States Computer Emergency Readiness Team (US-CERT), Emotet costs the U.S. state, local, tribal, and territorial (SLTT) governments up to $1 million per incident to clean up. Emotet victims are, however, not limited to the U.S. territory alone as this malware targets everyone regardless of location and affecting both in the private and public sectors. What is Emotet? How It Works? Emotet is a malware that was first detected by Trend Microin June 2014. Emotet first appeared as a banking trojan – a malware that’s designed to steal critical information stored or processed through online banking…
Read More
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

Information Security, IT Support
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc In 2018, publicly known security vulnerabilities continued to be exploited by cyber criminals. One of these known security vulnerabilities is WannaCry, a malicious software (malware) thought to be “old news”, but still continues to hunt for its next victim. What Is WannaCry? WannaCry is known for infecting more than 300,000 computers in 150 countries in less than 24 hours on May 12, 2017. WannaCry attackers infiltrated these hundreds of thousands of computers by using EternalBlue – referring to both the software vulnerability in Microsoft's Windows operating system and the exploit believed to be developed by the U.S. National Security Agency (NSA). Just a few days before the May 16thWannaCry attack, that is, on April 14, 2017, the EternalBlue exploit…
Read More