cyber threat Archives

Winsage

February 12, 2025

Russian military hackers deploy malicious Windows activators in Ukraine

The Sandworm group, a Russian military cyber-espionage entity, has intensified attacks on Windows users in Ukraine by distributing trojanized Microsoft Key Management Service (KMS) activators and counterfeit Windows updates since late 2023. Threat analysts at EclecticIQ have linked these activities to Sandworm through overlapping infrastructure and consistent tactics. The attackers use a BACKORDER loader to deploy DarkCrystal RAT (DcRAT) malware, with evidence of Russian military involvement indicated by debug symbols from a Russian-language build environment. Seven distinct malware distribution campaigns have been cataloged, with the latest incident on January 12, 2025, involving DcRAT during data exfiltration attacks. The counterfeit KMS tool installs a deceptive activation interface while secretly loading malware and disabling Windows Defender. The malware captures sensitive information, including keystrokes and saved credentials, and transmits it to the attackers' servers. Sandworm exploits the prevalence of pirated software in Ukraine, posing a significant threat to national security and critical infrastructure. The group has been active since at least 2009 and operates under Military Unit 74455 of the GRU, focusing on disruptive attacks against Ukraine.

Tech Optimizer

December 27, 2024

Data protection advancements expected to shape 2025 security

Andrew Eva, the Global CIO of Assured Data Protection, predicts that by 2025, there will be a seamless integration of backup systems with ransomware detection, antivirus technologies, and intrusion detection systems. He highlights a collaboration between Rubrik and Google to provide enterprise customers with insights into known exploits for better early detection of malicious codes. Disaster recovery systems will take on a more frontline role in cyber threat management, utilizing machine learning to identify potential viruses. Ransomware is expected to remain the top cyber threat, prompting organizations to prioritize disaster recovery and backup solutions. Concerns about data security in relation to artificial intelligence will lead organizations to seek assurances regarding data protection from managed service providers (MSPs). The criteria for cyber insurance are tightening, making MSPs essential for businesses to meet these requirements. There is also an anticipated surge in demand for Backup-as-a-Service (BaaS), especially in healthcare, driven by resource constraints and a shift towards operational expenditures.

AppWizard

December 4, 2024

US Warns Citizens to Use Encrypted Messaging Apps Amid Cyberattack on Telecom Giants

A significant cyber intrusion has targeted major US telecommunications firms, including AT&T and Verizon, linked to Chinese state-sponsored actors and identified by Microsoft as Salt Typhoon. The FBI and CISA have confirmed that the attack focused on leading telecom companies, infiltrating sensitive data such as phone metadata, live calls, and law enforcement surveillance systems. The breach is attributed to the Chinese government, aiming to gather intelligence on American political and governmental operations, but officials state it is not intended to interfere with the 2024 elections. Types of sensitive information stolen include call logs and metadata, intercepted live conversations, and access to law enforcement systems. In response, officials are encouraging the use of encrypted messaging applications like Signal, WhatsApp, and iMessage to protect personal communications. The breach raises concerns about the vulnerability of telecom systems governed by the Communications Assistance for Law Enforcement Act (CALEA), which may not fully encrypt messages. Despite the damage caused by the Salt Typhoon operation, the breach highlights the risks associated with cyber espionage from state-sponsored groups, emphasizing the need for robust encryption to safeguard personal information.

Tech Optimizer

December 3, 2024

AV-Comparatives Announces 2024 Phishing Test Results: Avast and McAfee Excel in Yearly Assessment

AV-Comparatives conducted an evaluation of phishing protection in 2024, examining 1,000 phishing URLs across four quarterly assessments. Avast and McAfee achieved detection rates of 95%, though McAfee had a higher incidence of false positives. The evaluation included various antivirus programs and web browsers, with Avast leading the final quarterly test with a 95% detection rate on 250 phishing URLs. Other notable performers included Bitdefender, Kaspersky, McAfee, and Trend Micro, with G Data and Kaspersky also scoring above 90%. Phishing remains a significant cyber threat, leading to potential financial losses and identity theft. AV-Comparatives is an independent testing laboratory recognized for its assessments of cybersecurity products.

Winsage

November 28, 2024

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a critical vulnerability, CVE-2024-9680, in Mozilla products exploited by the Russia-aligned group RomCom. This vulnerability, with a CVSS score of 9.8, affects various versions of Firefox, Thunderbird, and the Tor Browser, allowing code execution within the browser's restricted context. When combined with another Windows vulnerability, CVE-2024-49039, attackers can execute arbitrary code in the context of the logged-in user. The exploit can be triggered simply by visiting a malicious web page, enabling the installation of RomCom's backdoor without user interaction. RomCom has been linked to the exploitation of significant zero-day vulnerabilities, including the earlier use of CVE-2023-36884 via Microsoft Word in June 2023. The newly identified vulnerability was reported to Mozilla on October 8th, 2024, and patched the following day. The vulnerability is a use-after-free bug in Firefox's animation timeline. Further investigation revealed CVE-2024-49039, a privilege escalation bug in Windows, which Microsoft patched on November 12th, 2024. RomCom has targeted various sectors in 2024, including governmental entities in Ukraine, the pharmaceutical sector in the US, and the legal sector in Germany, among others. The compromise chain begins with a fake website that redirects victims to a server hosting the exploit. ESET identified multiple command-and-control servers used by RomCom, employing deceptive naming schemes to obscure their intentions. The exploit utilizes shellcode that executes arbitrary code by manipulating animation objects in Firefox. The vulnerability was patched by Mozilla within a day of its discovery. The RomCom backdoor is capable of executing commands and downloading additional modules onto the victim's machine. Indicators of compromise include specific JavaScript files and DLLs associated with the exploit.

Winsage

November 27, 2024

Microsoft Windows Hacking Warning—450 Million Users Must Now Act

A critical vulnerability in Windows, identified as CVE-2024-49039 with a CVSS score of 8.8, allows arbitrary code execution via a web page visit. It is compounded by another vulnerability, CVE-2024-9680, which has a CVSS score of 9.8 and affects browsers like Firefox and Thunderbird, enabling a sandbox escape through the Windows Task Scheduler. Both vulnerabilities have been addressed, but users must update their systems. RomCom, a cyber threat group linked to Russia, has been exploiting these vulnerabilities to install malicious software. Microsoft has extended Windows 10 support until October 2024, urging users to upgrade for long-term security. Mozilla released a fix for the browser vulnerability within 25 hours, while Microsoft has patched the Windows flaw. Regular updates are essential to protect against evolving cyber threats.

Tech Optimizer

November 8, 2024

New malware SteelFox targets Windows users through fake software activators

A new malware named "SteelFox" is targeting Windows users by using counterfeit software activators to infiltrate systems, leading to cryptocurrency mining and data theft. Since February 2023, it has spread rapidly, primarily through torrent sites and online forums, masquerading as legitimate software cracks for programs like AutoCAD and Foxit PDF Editor. Upon installation, it deploys a risky driver called WinRingO.sys, exploiting vulnerabilities CVE-2021-41285 and CVE-2020-14979, which allows attackers to gain full access to the infected computer. The malware uses XMRig for crypto mining, causing performance issues and increased utility bills, while also stealing sensitive data from over 13 web browsers. Countries with high infection rates include Mexico, Brazil, Russia, China, and India. Kaspersky has blocked over 11,000 attempted attacks, but the actual number of infections may be much higher. To protect against SteelFox, users are advised to download software only from verified sources, maintain updated antivirus software, avoid pirated software, and keep systems current with security patches.

Tech Optimizer

October 31, 2024

Best Antivirus Software for Small Businesses in 2024

Small businesses often face challenges in selecting antivirus software, as personal tools may lack robustness and enterprise solutions can be complex and costly. There are antivirus solutions specifically designed for smaller companies. Six top antivirus software options tailored for small businesses include: 1. Bitdefender: - Starting price: .99 for 5 devices for 1 year. - Covers: macOS, iOS, Android, Windows, Windows Server. - Features: Unlimited VPN traffic, account breach monitoring, risk management, AI-powered Scam Copilot, integrated password management. 2. Norton: - Starting price: .99 a year for 6 devices. - Covers: Windows, macOS, iOS, Android. - Features: 24/7 customer support, password management, cloud backup, secure browser. 3. Trend Micro: - Pricing: Contact for customized quote. - Covers: Windows, macOS, iOS, Android. - Features: Endpoint detection, attack surface risk management, AI-driven threat intelligence. 4. ESET: - Starting price: .99 for 5 devices for 1 year. - Covers: Windows, macOS, iOS, Android, Linux. - Features: Certain plans include password manager. 5. Avira: - Starting price: .99 for 5 devices for 1 year. - Covers: Windows, macOS, iOS, Android. - Features: Unlimited VPN traffic, device cleaner, blocks unwanted spam calls. 6. Microsoft Defender: - Starting price: .75 per user per month. - Covers: Windows, macOS, Linux, iOS, Android. - Features: Built into Windows, integrates with Microsoft tools, automatic disruption of ransomware attacks. When choosing antivirus software, small businesses should assess their specific needs and budget, consider bundled plans for better value, utilize free trials, and schedule demo calls with sales teams for clarification.

Tech Optimizer

October 22, 2024

Kaseya survey finds human behaviour a top cyber threat

Kaseya's 2024 Cybersecurity Survey Report highlights that 89% of IT professionals view human behavior as the primary threat to cybersecurity. Phishing scams impact 58% of businesses surveyed, while ransomware payouts have declined to 11% due to increased investments in backup and recovery technologies. Over 80% of respondents expect their IT security budgets to remain stable or grow, with planned investments in cloud security, automated penetration testing, and security awareness training. The survey indicates a rise in cyber insurance adoption, increasing from 27% to 61% in 2024. The sample primarily includes companies from North America, with a focus on those with annual revenues between USD million and USD million and employing 101 to 500 individuals.

Winsage

September 24, 2024

Windows 10 and Windows 11 users need to avoid CAPTCHA pop-ups as new malware

Windows 10 and Windows 11 users are facing a new cyber threat involving fraudulent CAPTCHA verification pop-ups that distribute malware. Security experts at McAfee have identified that cybercriminals are using counterfeit CAPTCHA interfaces to trick users into executing malicious PowerShell scripts. When users click on the "I'm not a robot" option in these fake pop-ups, it leads to the copying of a dangerous script to their clipboard, which they are misled into executing. This attack method can occur on both fake websites and through emails. McAfee notes that these attacks utilize multi-layered encryption, complicating detection. Users are advised to avoid unofficial websites, verify URLs in emails, limit clipboard-based scripts, and keep antivirus software updated to protect against this threat.