Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

A New Age of Malware – Cryptocurrency Mining

by

By Leonard Kleinman – Forbes 

Cryptocurrencies continue to make headlines, and generally for all the wrong reasons. As cryptocurrency continues to fluctuate in value, we are seeing a plethora of new cryptocurrency malware emerging. This is reflective of the evolution of modern malware, with variants attacking computer systems globally, hijacking them to mine cryptocurrencies and capitalizing on the victim’s resources. Crypto-malware is literally making money.

It is no surprise that crypto-malware has been proliferating, as digital currencies provide a level of anonymity and are rather profitable. It is, however, probably the worst of all malware. This new age of crypto-jacking malware simply uses the end user’s device to mine cryptocurrency when they visit an infected site.

More websites are adopting cryptocurrency mining through visitors instead of running ads to fund their businesses. Recently, the popular torrent site The Pirate Bay ran a bitcoin-miner as an alternative to ads to generate funds for the business. This new income-generating scheme caused users’ central processing units (CPUs) and electricity usages to skyrocket while degrading the performance of their device. Coincidentally, advertising revenue is dropping significantly.

Mining 101

If you have not heard of bitcoin, then you must be living under a rock. Undoubtedly the most famous cryptocurrency, it is generated by “mining.” By mining, I mean a computationally intensive task that utilizes a lot of energy and processing power for verifying transactions. Successful miners are rewarded with a “coin,” which is added to a digital wallet — or, in the case of crypto jacking, to the digital wallet belonging to the hackers. For the first time, malware can directly “print money” for criminals.

On its own, a personal computer would not be powerful enough to profitably mine cryptocurrencies — the operative word being “profitably.” Mining done properly requires specialized rigs composed of specialized hardware and lots of electricity. Note that there are different cryptocurrency algorithms, some of which are more intense and require more computing power than others.

Have a question on how to protect you networks – Contact us.

AI – Could Be the Next Hole in your Security Posture

by

Over the Christmas holidays, the advertisements for Alexa, Google Home and similar were about ever other commercial on television.  I have to admit I don’t really see a need to ask a personal digital assistant  to turn on music, add something to a shopping list or tell me what the weather is like outside – but then again, I can see the attraction for some.

If you did receive a digital assistant or are thinking of getting one please read the following article:

AI in the Workplace: How Digital Assistants Impact Cybersecurity

Information Security – January 29, 2018 – 

Digital Assistants (sometimes seen as AIs) are becoming ubiquitous in living rooms and smartphones everywhere. Now, these devices are taking the leap to the business world. With Amazon’s announcement of the Alexa for Business Platform, AIs may soon be able to assist with everything from conference calls to office supply orders. All that utility may come at the cost of security, however, since these AI devices are vulnerable to potential hacking.

Digital Assistants Enter the Business World
Digital assistants have exploded in popularity over the last two years. Amazon’s Echo devices were the website’s number-one-selling product last year, and Google and Apple are eyeing increasing market shares as new developments for Google Home and Apple HomeKit close the AI gap.

Amazon has made recent moves to conquer the small business market and is the first in the burgeoning AI industry to attempt to do so. The Alexa for Business Platform brings additional functionality (Alexa’s “skills”) to offices everywhere. There are still some hurdles for the technology; lingering privacy concerns leave some businesses wondering whether the addition of a digital assistant will leave their company vulnerable to a security breach.

Digital Assistants and Security
Digital assistants like Alexa, Google Assistant, and Siri use voice recognition technology as their primary interface. This means they are always listening, even when they are not in use. For a hacker, this makes any digital assistant a potential listening device, a security flaw that was proven in a report released by British security researcher Mark Barnes. With access to the microphone, corporate espionage and identity theft are real concerns.

Privacy
Privacy is another major hurdle before digital assistants gain widespread adoption in the corporate world. Private data exchanges can use a protocol called end-to-end encryption, which restricts data access to just the sender and receiver.

Unfortunately, end-to-end encryption is not always the default, and many devices and programs don’t use it, leaving any collected data open to mining by third parties — Google’s Allo messaging app uses voice recognition technology without end-to-end encryption.

A team from Zhejiang University found another startling vulnerability for digital assistants using ultrasonic signals. Aptly named the DolphinAttack, the technique uses ultrasonic frequencies above the human hearing range to issue commands to nearby AIs. The attack effectively turns these devices into a backdoor, since a hacker can simply ask a device equipped with Alexa, Siri, or Google Assistant to visit a phishing website, call a phone number, or disable a web-connected security system.

Businesses are increasingly finding themselves the target for these types of attacks. In a process called “whale phishing”, hackers specifically target high-value individuals in corporate offices for phishing scams, identity theft, and more. Larger businesses are vulnerable since they offer hackers bigger targets for these types of breaches.

Protecting Your Business from Attack
The Better Business Bureau’s 2017 survey of cybersecurity issues among small businesses reports that one out of five companies has been the victim of a cyber-attack. Many of these attacks can be traced to lost personal data like passwords or an employee’s identity, raising concerns for digital assistants and their potential use as listening devices.

Beyond general statistics, it’s hard to identify the frequency of hacks specifically related to digital assistants, but the vulnerabilities are hard to ignore. Web-connected devices of all types can potentially be used as entry points into secure systems; a North American casino was the victim of data theft using a Wi-Fi connected fish tank. Barnes recommends not putting smart devices in spaces where compromising information could be overheard.

If the benefits of a digital assistant outweigh the potential drawbacks, you can take steps to minimize your risk of a security breach, both physically and digitally. The Better Business Bureau’s survey shows that cyber-attacks can even come from internal employees. Implementing a prevention plan and a response plan can offer the best protection for your business.

The Future of AIs and Cybersecurity
The rapid development of machine learning and voice-powered AIs points to a rapidly changing future. Chips developed by MIT hint at the development of digital assistants that no longer require a web connection to process AI-related tasks like voice recognition, potentially closing many of the security flaws these devices possess.

Whether these devices can overcome their security flaws and mainstream into the corporate world is unclear, but the rapid development of their underlying technologies indicates big changes on the horizon for offices everywhere. Some of the concerns about listening devices may also be exaggerated; as Barnes reminds readers in his article, almost all of us already have a smartphone mic in our pocket that we are okay with.

Check out the full article ->

 

 

Many businesses continue to leave their doors wide open to unsophisticated attackers, research shows

by

From Bitdefender – Flip Truta 

New research reveals that cyber-attacks by unsophisticated hackers this year have successfully exploited vulnerabilities that many of the world’s famed businesses were already aware of but did nothing to fix.

Despite upcoming laws that will charge them millions in penalties if found non-compliant, many businesses worldwide continue to neglect standard security procedures.

The latest evidence comes from the 20th annual EY Global Information Security Survey (GISS), which breaks some disconcerting news regarding the willingness of big businesses to beef up security.

While the surveyed companies weren’t named in the report, the research was conducted with the aid of “1,200 C-level leaders of the world’s largest and most recognized organizations.” Here’s what EY found:

Only 56% of those surveyed are changing or planning to change their strategies due to the increased impact of cyber threats. Even though most organizations are spending more on cybersecurity, only 12% expect an increase of more than 25% this year.

Potential damage from a cyber-attack isn’t always immediately obvious, yet 64% say an attack that “did not appear to have caused any harm” would not likely persuade the powers-that-be to spend more on cybersecurity.

Many, however, recognize that lack of adequate resource allocation can increase cybersecurity risks. As many as 20% of respondents admit they do not have enough of a grasp on current information security implications and vulnerabilities to decide what needs to be done.

Cybersecurity budgets are bigger in organizations that place dedicated security officers in key lines of business, as well as in companies that report on cybersecurity to the board audit committee at least twice a year.

However, while 50% report to the board regularly, only 24% say the go-to person with responsibility for cybersecurity sits on that board. Moreover, only 17% of respondents say boards have enough of a grasp on IT security matters to properly assess the effectiveness of preventive measures.

The report also reveals, perhaps most importantly, that common attacks described as “cyberattacks carried out by unsophisticated, individual attackers” have successfully exploited vulnerabilities that many of the surveyed organizations were aware of. According to EY analysts, this finding points to “a lack of rigor in implementing standard security procedures.”

Other findings include:

  • Malware and phishing are regarded as the most prolific threats in the past 12 months
  • Careless, unaware and/or malicious employees are seen as the most significant increasing vulnerability to organizations’ security
  • 75% rate the maturity of their vulnerability identification as “very low to moderate.”
  • 12% say they have no formal breach-detection program
  • 35% describe their data-protection policies as ad-hoc or non-existent
  • 38% either have no identity and access program or have not formally agreed on such a program.
  • 57% of respondents have an “informal” threat intelligence program or do not have one at all
  • just 12% of respondents can confidently say they can detect a sophisticated cyberattack targeting their organization

If you have questions or would like to discuss how to improve your security posture – contact us.

Chinese ‘Fireball’ Malware Infects 20% of Global Corporate Networks

by

From Dark Reading – June 1, 2017 – Kelly Sheridan

The Fireball malware has infected over 250 million computers and is capable of executing code on all of them, raising potential for large-scale damage.

 A new cybercrime operation with roots in China has infected 250 million computers and 20% of corporate networks around the world.

The Fireball malware, operated by Beijing-based digital marketing agency Rafotech, was discovered by researchers at security software firm Check Point. It acts as a browser-hijacker but could become a fully functioning malware downloader under attackers’ control.

“It’s not technically more advanced than other malware,” says Maya Horowitz, threat intelligence group manager at Check Point. “But it is able to pull any other malware to the infected devices, so it has a maliciousness.”

The browser-hijacking malware typically spreads via two types of bundling: with other Rafotech products, or with freeware distributed online. Horowitz says users who download freeware unknowingly also get the malware, which could be dropped at a later stage.

Fireball manipulates the browser to change users’ search engines and home pages into a Rafotech search engine, and redirects all search results to Google, Yahoo, and more. The fake search engines contain tracking pixels, which give Fireball the power to collect personal data.

The greatest hit rates were in India (10.1%) and Brazil (9.6%). While the US was on the low end at 2.2%, it still witnessed 5.5 million hits. Corporate network infections were also greatest in India (43%) and Brazil (38%); the US represented 10.7% of business networks affected.

“We don’t know how it got to so many devices worldwide,” says Horowitz, adding how Fireball may have spread in ways that haven’t been discovered.

The scope is significant. While Rafotech is currently using Fireball for data collection and monetary gain, the malware provides a backdoor that can be exploited for further attacks. Once installed on a victim’s machine, Fireball can also execute code on that device to steal information or drop more malware.

“It doesn’t take much to imagine a scenario in which Rafotech decides to harvest sensitive information from all its infected machines, and sell this data to threat groups or business rivals,” Check Point explains in its report. Banking and credit card data, medical files, patents, and business plans could be exposed.

Horowitz also notes the potential for an attack to the extent of last year’s DDoS incident caused by the Mirai botnet. While that risk remains theoretic for now, the potential is there.

“In [Fireball’s] case, each infected machine was its own, and someday all these machines could get the command to do something,” she says. “Any risk you can think of; any code can run on these machines.”

Check Point’s analysis indicates Rafotech’s distribution methods appear to be illegitimate and don’t follow criteria that would legalize their actions. The malware and fake search engine lack indicators connecting them to Rafotech, cannot be uninstalled by the average user, and hide their true nature.

Sniffing out FireBall

Here’s how to determine if you’ve been hit with Fireball: Open your Web browser and check if your homepage was set by you, if you can modify it, if you can recognize and modify the default search engine, and if you installed all your browser extensions.

If the answer is “no” to any of those, it’s a sign you may have been hit with the malicious adware.

Bot-driven online ad fraud has been a major problem for advertisers, which have struggled with billions of dollars in loss. There is good news here, though: loss is on the decline this year, despite an overall increase in digital ad spending.

Infocyte Uncovering a Major Hidden Risk of GDPR Legislation

by

By Robert MacMillan – Infocyte

All companies in Europe today are focused on GDPR compliance. The smart ones are approaching the preparation for future compliance in a methodical and phased way, beginning with an assessment of the current data protection measures in place and identifying gaps or other threats to data security.

The legislation is incredibly hostile to business, yet it is a natural evolution of our changing society and the required balance that is constantly negotiated between industry and technology and their impact on people’s lives. What is alarming about the GDPR legislation, as it is written, are the hidden risks that will threaten companies that believe themselves compliant, but may unwittingly be missing the bar for compliance.

The new law is focused on corporate actions required after the discovery of a breach, but fails to adequately define what constitutes a ‘reasonable’ period of time to discover a breach. Enterprises that are relying on defensive technologies alone – whether traditional defenses like endpoint protection and whitelisting or more modern defenses like EDR and SI (Security Intelligence) analysis tools – will face problems.

The Impact for EU Businesses

The GDPR legislation defines a time frame, specifically 72 hours, following the discovery of a breach, to notify affected parties and authorities. That much is clear and defined. However, the timeframe to detect the breach remains undefined.

What constitutes a ‘reasonable timeframe’ to discover a breach?  With a lack of clear guidelines in the GDPR, the courts will likely decide. The issue is already working its way through courts of competent jurisdiction in the USA. In early 2016 a massive malware hack of fast casual dining chain ‘Noodles & Company’ impacted hundreds of thousands of customers’ financial data, the problem exacerbated by the fact the malware persisted for months undetected.

In the autumn of 2016 American financial institutions filed a class-action lawsuit against ‘Noodles & Company’, in part claiming that the company should be held liable due to negligence because they ‘let’ malware persist undetected for four months.

Allowing Breaches to Persist Opens Up Liability

European companies working to comply with GDPR, and believing themselves to be compliant – run the eventual risk of being found effectively non-compliant, if they allow a breach to persist for weeks, months or even years.

The GDPR, in its opening clauses specifically states (GDPR page 17 paragraph 87): “It should be ascertained whether all appropriate technological protection and organizational measures have been implemented to establish immediately whether a personal data breach has taken place…”

This language implies that as technology changes, enterprises have an obligation to modernize their discovery capabilities. This further compounds the risks inherent in lengthy gaps between breaches and the discovery of the breaches.

Modernize Your Security Posture with Infocyte HUNT™

The breach detection gap – or dwell time – is defined as the period of time between first execution of malware and its discovery. Infocyte HUNT helps enterprises manage and mitigate their risk exposure, the solution enables organizations to define and manage this gap.
Stated another way – Enterprises using Infocyte HUNT are able to determine and enforce HOW LONG malware is allowed to persist undiscovered after it breaches existing defenses. That time frame may be one week, one day, 12 hours or any period of time that an enterprise decides is appropriate.

Infocyte HUNT uses dissolvable agents that validate that each endpoint in an organization is ‘clean’ and malware free. HUNT uses volatile memory analysis, memory un-mapping techniques and more to collect the required information from each endpoint. HUNT then analyses the gathered data and delivers clear, easy to read reports that even junior IT administrators can work with to address potential breaches.

HUNT effectively delivers a solution that equips enterprises with the skill set of a highly specialized Forensic Analyst, executing the work in a fraction of the time and cost that a dedicated specialist would require.

Learn how to harness the power of Infocyte HUNT and get ahead of GDPR specifications: Download Now. Interested in a demo? Contact us .