-1
archive,tag,tag-malware,tag-52,qode-social-login-1.1.3,qode-restaurant-1.1.1,stockholm-core-1.1,select-child-theme-ver-1.1,select-theme-ver-5.1.8,ajax_fade,page_not_loaded,wpb-js-composer js-comp-ver-6.0.5,vc_responsive
Title Image

malware Tag

  • Sort Blog:
  • All
  • Cloud Computing
  • Disaster Recovery Management
  • IT Security Services
  • Managed IT Services
  • Office 365
  • Our Blogs
  • Press Releases
  • Uncategorized
  • VOIP Services

New Ransomware Looks Like An Anti-Virus Installation

Dharma is a highly successful ransomware strain.

It recently has been made even more successful by a change in the way the hackers controlling it are deploying it.

The first part of their latest campaign remains unchanged. They rely on well-crafted phishing emails to lure employees in.

The key difference, however, lies in the particulars of the newly crafted emails.

In a nutshell, the group has begun imploring email recipients to protect their systems by installing the latest antivirus software. The emails include a helpful link to the antivirus, which of course doesn’t point to antivirus software at all. Rather, it is the ransomware they’re trying to deploy inside corporate networks.

Worst of all, the emails claim to be from Microsoft, one of the biggest, most recognizable and most trusted names in the industry. So, there’s a good chance that at least one of your employees will take the bait. In a bid to be good, proactive employees, they will seek to install what they think is antivirus software.

Once they start the installation, the damage is done. It will lock every file on the victim’s system, demand ransom, and seek to spread itself to as many other systems inside your network as it can reach.

Raphael Centeno, a security researcher at Trend Micro had this to say about the new twist on the malware strain:

“As proven by the new samples of Dharma, many malicious actors are still trying to upgrade old threats and use new techniques. Ransomware remains a costly and versatile threat.”

As ever, the best way to guard against this type of threat starts with employee education. Employees should not be in the habit of installing their own antivirus software in the first place, so a gentle reminder to that effect should go a long way toward limiting the threat, but it still pays to be very much on your guard.

The Cisco Vulnerability Requires Multiple Patches

Virtual private networks are vulnerable to an exploit that was recently brought to light. Cisco has announced that this exploit undermines its ASA, or Adaptive Security Appliance tool. If this issue isn’t patched immediately, you could find your organization vulnerable through remote code exploitation.

This VPN bug can leverage the ASA operating system to enable hackers to breach Cisco security devices. According to Cisco, this Secure Sockets Layer (SSL) can “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” This means that an attacker could hypothetically gain complete access to a system and control it – a prospect that any business should see the threat in, especially where their physical security is concerned. In fact, this vulnerability has been ranked as a 10 out of 10 on the Common Vulnerability Score System, making it one of the top vulnerabilities ranked.

Granted, this vulnerability only goes into effect if WebVPN has been enabled, but that doesn’t mean that you can overlook this threat. ZDNet provides the following list of affected devices:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

When it was first discovered, this bug had yet to be used “in the wild,” but Cisco was aware of some attempts to change that. This exploit targeted a bug from seven years ago, with a proof of concept demonstrating the use of the exploit – or at least trying to. The proof of concept only resulted in a system crash, but that doesn’t change the fact that this vulnerability can be exploited in other ways, too.

Unfortunately, this vulnerability has now been observed in use, and worse, Cisco’s first attempt to patch it didn’t see to all considerations. As it turned out, there were more attack vectors and features that were not yet identified, as so were not addressed by the patch.

However, Cisco has now released an updated patch, which you need to implement as soon as possible. Otherwise, you are opening up your business security to greater risk. It is always a better practice to attend to known vulnerabilities post haste, as the longer your business is vulnerable, the more likely it is that someone will take advantage of that.

Furthermore, it is also crucial that you stay cognizant of any and all vulnerabilities that are present in your mission-critical software and hardware solutions. This bug is not an isolated case. Others like it have been found before, and more will certainly pop up in the future. Hackers and cybercriminals are constantly working to overcome the security features that software developers implement. It is your responsibility to ensure that you protect your business by implementing security patches and updates promptly.

The technicians at Net Activity are here to assist you with that. We can help you ensure that your patches and updates are up-to-date, often without needing to take the time needed for an on-site visit and handling it all remotely. For more information, give us a call at 216-503-5150.

 

 

Special Year End Pricing !!

Microsoft Teams Rooms Systems For Small/Medium Meeting Room