|The interests and cyber security needs of our customers are at the heart of everything we do. This is particularly important during these unprecedented and challenging times.
Millions of people the world over have made a sudden shift to working from home due to the current global circumstances. With our customers in mind we are developing material to help you stay safe and secure when you are online.
Protect those around you by staying connected, private and by sharing valid information.
Unfortunately, as you may be aware, cyber criminals are taking advantage of the anxieties and concerns around the coronavirus, Covid-19.
This has led to a flood of phishing mails that either attempt to steal log-in details belonging to remote workers or install malware on to a victim’s computer. Other infection methods are also being used such as websites that harbour malicious code and apps that are actually fronts for ransomware among other things.
To Protect yourself here are a few useful tips……
Lock or close your laptop when you’re taking a break, this will ensure that others in your home don’t accidently click on malware links or otherwise mess up your work.
With these tips in mind, please take an extra moment to review incoming emails, and the websites you visit to avoid becoming a victim of these attacks. Be extra careful around your online banking and financial investments and don’t be fooled by easy money. If it’s too good to be true, it usually is.
We express our gratitude to those of you who are working on the frontline to combat this virus and offer our sympathies and best wishes to those who have been impacted.
We’re in this together! Stay safe both online and offline! If you need any help with anything mentioned in this blog please get in touch.
With Kind Regards
The MPMIT Team, offering local IT support in byte sized chunks to Micro businesses and Sole Traders in the Ipswich, Bury St Edmunds, Stowmarket and the surrounding areas.
According to BullGuard, the quick answer to ‘how long does it take for a virus to infect a computer?’ depends on what the virus is and what it is programmed to do:
- Ransomware starts encrypting files within seconds of downloading onto your computer
- Some viruses can be timed to begin infecting your machine several days after being downloaded
- Other viruses can download in segments to try and avoid antivirus software. Only when the last piece downloads will its dubious deeds, commence
- A virus can also download via an email attachment, and it may start working immediately shutting down your computer
Viruses with consistent behaviour
Of course, not everything follows the same patterns and some types of viruses or malware are consistent in their behaviour, generally starting to act as soon as they download.
Examples of these are:
- Trojan horses don’t self-replicate, unlike traditional viruses. They act as a sneaky means for a hacker to gain access to someone’s computer to steal passwords and banking information. If you don’t run antivirus software, you might never know you are infected with a Trojan
- Spyware monitors a computer user’s activity, such as the websites they visit, without the user knowing anything about it
There’s always something new on the horizon
Computer viruses have been around for ages, and they’re continually evolving. Technological advances have not only helped create better security, but they’ve also helped virus creators develop newer strains using even more ingenious methods of infecting computers. It’s a continuous cat and mouse cycle.
It’s for that reason that it’s imperative you keep your systems protected. Of course, we’re not just talking PCs. You also have to consider laptops, tablets and your smartphone.
What is keylogging?
It is software that covertly tracks, or logs, the keys struck on your keyboard. Its purpose is to collect sensitive material such as account numbers, PIN codes, passwords etc.
Although there are legitimate uses for keylogging (e.g. parents monitoring children’s activities), they pose a serious threat. They enable cybercriminals to gain access to your sensitive information. This could lead to the loss of your money or identity.
It spreads in much the same way as other malicious programs – through opening an attachment received via email, social network, text etc., or through an infected website.
How was it discovered pre-installed on hundreds of HP laptop models?
It was security researcher Michael Myng who found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
According to the BBC, the “potential security vulnerability” is affecting more than 460 models of HP laptops. However, the release of a software patch will remove the keylogger.
He discovered it when inspecting Synaptics Touchpad software. Although disabled by default, an attacker with access to the computer can enable it to record what a user is typing.
How do I know if I’m at risk?
The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. You can find a full list of affected devices, dating back to 2012, by clicking here.
In a statement, the company said:
“HP uses Synaptics’ touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com.”
The BBC also reported that in May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.
A recent article in Trascendit caught our eye. It was about webcams, or more specifically about people watching you through yours.
It’s not a sophisticated hack, but it’s rather unnerving because they’re not doing it for financial gain; instead, they’re doing it for fun.
The people behind it are known as Script Kiddies (or skiddies). They don’t write any complicated software or code to get into your machine; they rely on you to do the damage for them.
They use a simple phishing scam that’s sent directly to your email that’s made to look like any other email from an organisation. But once you click a link the malicious software installs without you realising.
This type of malware isn’t designed to steal your passwords or card details, (at least, not at first) but to give the sender remote access to your machine. It’s called a Remote Access Tool, or just a RAT – and it’s exactly as unpleasant as it sounds.
Once installed, the Script Kiddie has complete control of your machine. They can flip your screen, open your disk drive, open websites, browse your private documents and pictures and log your keystrokes to steal your information. Or, if they prefer, just turn on your webcam and microphone and start watching.
The scariest part of this hack is that it’s almost impossible to know whether you’re a victim.
There are things you can do to make sure that you don’t end up on one of these sites:
- Learn how to identify phishing emails
- Don’t use torrents
- Install antivirus software, and do a full scan every month or so
- Get yourself awebcam cover – just in case.
Ransomware and the such like is not something Mac users have had to worry about too much. Seen as a ‘safer’ option than Windows machines, the Mac user has been happily using their devices, relatively trouble free, for quite some time.
But that’s changing.
According to Computerworld:
“A new file-encrypting ransomware program for Mac OS is being distributed through bit torrent websites, and users who fall victim to it won’t be able to recover their files – even if they pay. Crypto ransomware programs for Mac OS are rare. This is the second such threat found in the wild so far, and it’s a poorly designed one.”
The offending ransomware, dubbed OSX/Filecoder.E, was spotted by security firm ESET and was developed in Apple’s Swift programming language.
It works by pretending to be a cracking tool for commercial software such as Adobe Premiere Pro CC and Mircosoft Office for Mac. However, because of programming errors, and the lack of a developer certificate from Apple, it is often blocked by newer versions of Mac OS.
The biggest problem with this malware, according to Computerworld, is:
“It generates a single encryption key for all files and then stores the files in encrypted ZIP archives. However, the malware doesn’t appear to have any ability to communicate with an external server, so the encryption key is never sent to the attacker before being destroyed.”
Sadly, malware is never going to go away, and more and more cunning scams will be developed. The best advice we can offer is to remain vigilant and never click on or download anything that you’re unsure about.
We’re grateful to Computerworld and Spiceworks for this update so we can pass it on to you to help you and your data stay safe.
Microsoft is having a ‘bad day at the office’ at the moment.
At the beginning of February, it cancelled a regular monthly security update without explanation (it was to include fixes for several significant vulnerabilities). Plus, security researchers released information about how to exploit a weakness in some Microsoft server code.
Not a great start to the year.
To top it all, a recent article on the BBC website announced that Google had released details of a bug in Microsoft’s browsing program that allows attackers to build websites that make the software crash.
It stated that:
Google researcher Ivan Fratric, said the bug could, in some cases, allow attackers to hijack a victim’s browser.
The bug was found in November, but details are only now being released after the expiry of the 90-day deadline Google gave Microsoft to find a fix.
Microsoft has yet to say when it will produce a patch that removes the bug.
The problem is found in Internet Explorer 11 as well as the Edge browser and arises because of the way both programs handle instructions to format some parts of web pages.
In a statement, Microsoft did not comment directly on the bug and its significance but said it had a “customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible”.
It added it was involved in “an ongoing conversation with Google about extending their deadline since the disclosure could potentially put customers at risk”.
The good news is that at the moment there is no evidence that malicious attackers are exploiting the problem unearthed by Mr Fratric.
The bad news is that no fix has yet been released for this vulnerability.
If we hear anything new, we’ll update you.
Macs have long been thought of as safer, in malware terms, than Windows PCs.
However, it’s not all plain sailing.
A recent article in Digital Trends highlights a new form of malware that’s ‘targeting Macs and launching denial-of-service attacks on users by creating multiple email drafts that crash the computer.’
Simple but devious, it exploits vulnerabilities in the Safari browser and Mail app. Once it gets started, the malware creates countless email drafts, which uses up loads of memory causing the computer to freeze.
The article goes on to say:
The delivery method of the malware is a classic, too – a regular-looking email purporting to be from tech support. The security researchers found two email addresses that were responsible — firstname.lastname@example.org and email@example.com — and if these senders appear in your inbox, you should delete straight away without even opening. Consider placing blocks against these two email addresses in your settings. However it’s still not known if there are any other malicious email addresses in on the act.
But it’s not just coming in via email. Research has also shown that several compromised websites are also being used to deliver the malware. In particular:
If you are running the latest version of MacOS (10.12.2) you should be fine because Apple has patched the vulnerability.
As always, it pays to remain vigilant.
Source: Digital Trends
Botnets are everywhere, or at least that’s how it appears.
Barely a month goes by without news of yet another malware attack.
In this post, we want to look at one in particular – the Mirai malware.
This little blighter is causing mayhem at the moment. It is so effective and prevalent; this malicious program is infecting a number of internet-connected devices that come under the IoT (Internet of Things) umbrella.
Mirai’s goal is simple: to collect and control enough IoT devices to perform DDoS (Distributed Denial of Service) attacks.
The problem is, defeating the Mirai malware is proving difficult.
It forces infected devices to disclose default Wi-Fi passwords and Service Set Identifier (SSID) codes. This means cyber criminals could both re-infect routers and devices and use an infected device’s SSID for targeted cyber attacks.
It highlights how default passwords are enabling cybercriminals to infect and recruit connected devices for illicit, and disruptive, means.
Most recently, a modified version of Mirai managed to infect about 100,000 TalkTalk customers in the UK, and 900,000 Deutsche Telekom customers in Germany. A BBC report said that many of these infected devices might have given up their default passwords to the attacker. Much of the success of Mirai comes down to its publicly available source code, allowing any cyber criminal to create their version of the malware.
This is just another example of why it’s so important to change default passwords on routers and other IoT devices.
Cerber ransomware is the latest scam to watch out for.
This one is a spam campaign that uses fake credit card reports to trick unsuspecting users to infect themselves.
The email they send looks like this:
Yes, there are some tells that show you it’s probably not genuine, but imagine if it landed in your inbox on a particularly busy day – are you still convinced you’d pick on the signs?
The attack is executed by the user opening the Word document attachment and enabling macros. One step you can take to keep yourself safe, if feasible, is to make Office macros disabled by default.
If you can’t do that or worry that someone might enable them again, the best course of action you can take is to circulate the image above so everyone one in your organisation knows what to look out for.
According to Spiceworks, Cerber is currently doing the rounds so stay vigilant.
One of the biggest headaches you face is keeping your business data safe from prying eyes.
You might think that because you’re not one of the big global players no one would bother about hacking into your systems, but cyberattacks on small businesses are becoming more common.
Data is big business and your clients rely on you to take every possible precaution to keep their personal information safe, so you owe it to them to make sure you’re covered.
Chinks in Your Armour
If you’re reading this thinking, “this doesn’t apply to me, I’ve got it covered,” think again.
Did you know that 25% of tablets and 35% of smartphones used in businesses are not equipped with security software?
Can you in all honesty say you’ve got 100% coverage?
This gap is leaving businesses vulnerable to all sorts of infections and attacks because they can come from anywhere at any time:
- 39% come from accessing unsecured websites
- 23% from downloading programs from the internet
- 19% of malware comes via email
Those are some pretty scary statistics.
So what can you do to protect your business from such attacks?
Small Business Protection
You can protect your business without it costing the earth.
After scouring the marketplace, we recommend that our clients use Panda Security’s Small Business Protection.
It doesn’t cost the earth and offers lightweight, powerful antivirus protection for both new and older PCs. You can download it and enjoy complete protection without having to ask for technical assistance.
They’ve even produced this infographic to help illustrate the benefits of the product. We hope you find it useful.
For more information about the product, get in touch and we’ll tell you everything you need to know.