Netizen Threat Brief: 27 June 2018 Edition

Threats:

Listed below is information regarding this week’s most critical threats and preventative measures to lessen the chances of a breach:

  1. MyloBot
  2. WannaCry Extortion Fraud
  3. Wavethrough
  4. Stay Safe on Public Wi-Fi
  5. ZeroFont

1. MyloBot

Overview

A new sophisticated malware dubbed MyloBot had been discovered with smart evasion, infection, and propagation techniques.

MyloBot behaviors include:

  • Process hollowing; A legitimate process that is supposed to run on a computer is used as a container, or a host rather, for malicious code. This technique helps hide the malware.
  • Reflective EXE; Loading executable files from memory into a host process.
  • Code injection; Invalid data processing allows malicious code to be “injected” into a vulnerable computer to change a program’s intended outcome.
  • Ransomware payload
  • Data theft
  • Anti-VM (Virtual Machine) capabilities
  • Anti-sandbox capabilities; A sandbox is a form of testing environment for untested code. MyloBot circumnavigates this.
  • Anti-debugging capabilities

A successful MyloBot infection allows attackers to gain full control of a victim’s machine. Full control would let the attacker add further damage, such as keyloggers (recording a user’s keyboard strokes), banking Trojans, and Distributed Denial of Services (DDoS) attacks. One last interesting ability of MyloBot, is that it actually seeks out and destroys any other malware on a system so that it could gain the most profit from the victim.

Recommendations

We recommend the following steps to help protect your organization from MyloBot:

  • Ensure a multi-layered approach and protection for your systems to prevent, detect and remove threats from the gateway to the endpoints.
  • Regularly back up your files. Practice the 3-2-1 system to minimize or mitigate data loss; the 3-2-1 system is when you have 3 copies of your data (1 production and 2 backup copies) on two different types of media with one off site copy for disaster recovery purposes.
  • Employ data categorization (organizing data correctly and efficiently) and network segmentation (the guest network of the organization should not be able to talk to the company internal network).

2. WannaCry Extortion Fraud

Overview

Extortion emails are sent by hackers to try and threaten or intimidate users into paying money (often in Bitcoin), lest they face the wrath of the WannaCry ransomware. The extortion emails that have been circulating are designed to cause panic and state that all of the victim’s devices have been infected with WannaCry; this is in fact a fraud and actually just a phishing attempt. This “your computer is infected, pay us” approach is a classic in the social engineering realm and has been used for years.

Recommendations

While understandably scary, do not panic. More often than not, if you are infected with ransomware, you wouldn’t even be able to access anything; let alone your email. A prompt would surface on startup claiming the computer encrypted. To be on the lookout for this fraud, we recommend:

  • Being skeptical of emails. Examine them closely, and do not click on any links or download attachments. If something does not seem right, it probably isn’t. Verify emails that pose as legitimate companies.
  • Develop and execute a plan for end-user awareness on recognizing phishing emails. Last week’s threat brief was a good example of a phishing attempt.
  • Perform routine updates and patches for antivirus solutions, software, applications, and operating systems as is best practice.

3. Wavethrough

Overview

A Google researcher has found a vulnerability in many modern browsers which could allow malicious websites to steal sensitive content from websites you are currently logged into on the same browser. By tricking the victim to play or view a malicious embedded media file, the browser is exploited into sending elements from other open tabs. These media elements could contain sensitive information or conversations that the victim may have open.

Recommendations

  • Ensure browsers and applications are continually updated to ensure the latest security patches are in place.
  • Be vigilant when browsing new or unknown websites, and refrain from playing and embedded media that you are suspicious of.
  • Practice good browsing techniques and limit the simultaneous browsing of business and leisure pages to avoid cross-script exploitation.

4. Stay Safe on Public WiFi

Overview

Public Wi-Fi has become so accessible that many of us eagerly search for it and connect to open hubs without thinking.  Many are travelling in the warmer months, and often use hotel or other hotspots to stay connected.

However, connecting to public Wi-Fi could leave you exposed to cybercriminals that might keep tabs on your financial transactions, email correspondences or anything else you do online.

One of the most common methods of attack involves hackers tricking you into thinking you’re connected to a valid network — such as one operated by a hotel or coffee shop. In reality, hackers named the false network to make it seem legit to unsuspecting victims, then monitor individuals’ activities.

You can stay safer while connected to a public network by doing a few simple things every time you connect.

Recommendations

Don’t Store the Network Login Credentials

Computers can handily remember passwords and usernames required for public Wi-Fi access if you consent to use that feature. However, it’s best to disable that capability — usually by un-checking the Remember This Network box when logging in. You may also need to go into your computer’s settings and manually delete networks to make it forget Wi-Fi connections when you’re not using them.

Otherwise, your computer or mobile device could log in to networks without your knowledge. That typically happens whenever you’re in range of a previously used Wi-Fi network.

Avoid Connecting Workplace Devices

Sometimes instead of taking things from your computer, hackers install stuff onto it. Malware is one of the software-related risks associated with unsecured devices people use for work. The best practice is not to connect your workplace equipment to public hotspots at all. Then, hackers can’t infiltrate it to either steal data or add corrupt applications.

Only Visit Extra-Secure Sites or Take Part in Casual Browsing

Get in the habit of only going to websites that include the “https” prefix or offer two-factor authentication. Then, if a hacker does enter your system as you use a public network, it’s harder for them to obtain useful details.

Consider only using public Wi-Fi when doing things not of interest to cybercriminals — for example, checking the weather forecast or reading the news headlines. Don’t check your bank account or participate in online shopping.

5. ZeroFont

Overview

In recent attacks, cyber criminals have been leveraging small font sizes to bypass Office365 spam protection in order to send malicious phishing emails to users and companies. By setting the font size to ‘0’ they can leverage making the email look normal to the victim but confuse spam filters into not being able to filter certain words and allow these malicious emails to come through.

Recommendations

  • Continue to be vigilant when opening emails, looking for spelling mistakes, or requests for sensitive information.
  • Consider setting your email client to display emails as plain text as this will help filter out specially crafted emails that look to deter spam filters.
  • Ensure users are continually educated on the dangers of phishing emails and what to look for when browsing their email.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s