Skip to main content
Tag

IT security

|||||

BadRabbit: Newest Ransomware to Target Corporate Networks

By NewsNo Comments
[vc_single_image image=”13132″ img_size=”full”]

Updated 10/25/17 at 09:51am 

Ransomware Alert: BadRabbit is the New NotPetya

A new ransomware attack from the actors behind ExPetr/NotPetya has jumped into the spotlight. The outbreak began in Russia, infecting big Russian media outlets, but it has already spread. Several US and UK firms, with corporate entities in the Ukraine and Russia, have already been infected. An increase of US infections is expected. BadRabbit is currently running wild over Europe, thanks to its close ties to the source region.

The US computer emergency readiness team has released a statement and “discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored.”

Several security agencies are reporting that a false Adobe Flash Update is the infection method. Without utilizing exploits, the ‘drive-by’ attack tricks the victim into downloading the fake installer from a convincing website. The victim, assuming it is a legitimate Flash update, then manually launches the .exe file. From there, BadRabbit has a hold of the device and can spread to more devices on the connected network.

There are several recommended steps for stopping the spread of this new ransomware. The first step is to disable WMI Service to prevent the hopping of ransomware throughout your connected networks. It may be inconvenient, but especially if you have offices in the Ukraine or Russia, disabling that connection could be the key to preventing your entire company from being infected.

There is also now a ‘vaccine’ for BadRabbit. The security researcher Amit Serper posted his findings on Twitter.

[vc_single_image image=”13141″ img_size=”large” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://twitter.com/0xAmit/status/922911491694694401″]

The tweet reads: “I can confirm – Vaccination for #badrabbit: Create the following files c:windowsinfpub.dat && c:windowscscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated.“

With a software distribution solution, like Syxsense, you can easily deploy this file to every device you manage. Utilizing the simple deployment wizard, you can have a task running in seconds to protect your environment.

Another important step to protect yourself from ransomware is to have a rigorous patching strategy in place. Syxsense ensures the security of your content. We have both Microsoft updates and the industry’s leading library of third-party updates.

[vc_single_image image=”12545″ img_size=”180×180 px” alignment=”center”]

We obtain all our content directly from their source and don’t change the code. The update you deploy through our patch manager is the same one you would get directly from the vendor. The difference is we put logic around the update to ensure an accurate deployment.

Ransomware attacks have picked up in the last few months, and will only get more bold and pervasive. Protect your company and environments by implementing Syxsense.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
||

Hyatt Hack: Major Data Breach

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Hyatt Breach Affects 41 Hotels Worldwide

We would like to warn hotel guests of another credit card breach at Hyatt Group, the second since December 2015. On Thursday last week, 41 of its hotels spread across 13 countries confirmed unauthorized access to payment card information.

China had the worst breach with 18 hotels impacted, with three in North America. India, Japan and Saudi Arabia were also exposed.

Chuck Floyd, global president of operations for Hyatt Hotels Corporation, in an open letter to customers posted to its website “Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems.”

Hyatt suffered a similar breach affecting 250 hotels located in 50 countries back in 2015. In a prepared statement at the time Hyatt stated, “Hyatt has taken steps to strengthen the security of its systems, and customers can feel confident using payment cards at Hyatt hotels worldwide.”

[vc_single_image image=”12852″ img_size=”200×200 px” alignment=”center”]

Robert Brown, Director of Services for Verismic said, “It’s possible the steps taken by the Hyatt group back in December 2015 are still being deployed throughout the organization, especially if those systems are dispersed around the globe and not connected by a common network. When choosing your systems management toolset, you need to implement the solution which is secured using 2048bit certificates and two factor authentication but also works regardless of where the endpoints are located.

This is something built into the DNA of Syxsense, to operate securely as long as there is an internet connection. Using Syxsense, these endpoints could have been protected within a couple of weeks.”

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
||||

Russian Hacking Group Targets Hotel Guests

By NewsNo Comments
[vc_single_image image=”12919″ img_size=”large”]

Hackers Use NSA Tools in Hotels Across Europe

A group of Russian hackers best known for breaking into the Democratic National Committee have been using a leaked NSA espionage tool to target hotels across Europe in an attempt to spy on guests, according to new research published by cybersecurity firm, FireEye.

The hacker group known as APT28, or Fancy Bear, has targeted victims through connections to hacked hotel Wi-Fi networks.

APT28 infiltrated hotel networks via phishing emails that contained infected attachments and malicious Microsoft Word macros. Once they were in a hotel Wi-Fi network, they would then launch NSA hacking tool EternalBlue, which was leaked in 2017. This tool allowed them to spread control throughout the network, eventually reaching servers responsible for the corporate and guest Wi-Fi networks.

“It’s definitely a new technique” for the Fancy Bear hacker group, says Ben Read, who leads FireEye’s espionage research team. “It’s a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.”

Hotel Wi-Fi has become a major vehicle for advanced hackers to target people of interest who happen to be connected. In 2014, researchers at security firm Kaspersky Lab said a group it dubbed Dark Hotel had been infecting hotel networks for at least seven years.

In a separate report a year later, Kaspersky Lab researchers uncovered evidence suggesting a separate hacking group with ties to the creators of the Stuxnet worm infected hotel conference rooms in an attempt to monitor high-level diplomatic negotiations the US and five other nations held with Iran over its nuclear program.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

[vc_single_image image=”12927″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

What can you do to protect yourself?

For remote users, it’s important to be aware of the threats like having information and credentials passively collected when connecting to public, untrusted networks. Experts advise using your own wireless hotspot and avoid connecting to hotel Wi-Fi networks when possible.

Keeping all remote devices fully patched is also critical. APT28 is using the same exploit as WannaCry and NotPetya. Microsoft patched these weaknesses in March 2017 and tools like Syxsense, Windows Update or other patching solutions should be already protected by deploying MS17-010.

However, many organizations have older non-Microsoft supported operating systems still deployed – Windows Server 2003, Windows XP, Windows XP Embedded and Windows 8. Microsoft also took the unusual of releasing a patch for these unsupported operating systems.

We strongly recommend identifying all vulnerable operating systems and deploying this patch immediately.

[spacer height=”10px”][vc_single_image image=”11213″ img_size=”medium” alignment=”center”]

Many companies struggle to keep remote users completely up-to-date since they rely on manual patching or simply do not prioritize the process. However, patching is a necessity – even more so for machines that are not always on the network.

Syxsense allows you to keep all devices, including remote users, fully patched and protected. After months of global ransomware attacks and major security threats, it has never been more important to protect your IT environment.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]