The Emotet Trojan Malware Is Spreading Through Wifi

gigE — Thu, 13 Feb 2020 17:09:05 +0000

The Trojan malware strain known as Emotet has been in circulation ever since 2014. Early versions of the malware aimed to steal sensitive information or credentials after infecting victims’ computers.

Up until recently, it was believed that the only way that Emotet trojan could infect a computer was through malicious email links. However, it was recently discovered that it can now propagate itself through wifi networks.

It was discovered that once the Trojan malware had infected a PC, it can automatically spread through a connected wifi network by detecting and brute forcing the credentials to the network.

Once the malware gains access to the wifi network, it then infects other PCs connected to it, stealing personal information or installing further malware such as ransomware onto the systems.

Who is at risk?

When Emotet was first detected, cyberattackers were largely using it to target banking customers in Europe. Its scope has since expanded and now ranges from individuals, businesses, and governments.

What are best practices to keep yourself protected?

The Emotet malware uses brute force attacks to gain access to wifi networks. A brute force attack ‘guesses’ the correct credentials through rapid trial-and-error, relying on a repository of previously cracked and common passwords in order to cut down the time required. A recent brute force attack cost an unnamed Canadian company $1M . You can read more about that attack in our article here. In light of this, it is essential to ensure that your organization changes the default passwords on all its network devices. Leaving the credentials unchanged increases the likelihood that it can be breached by a cyberattacker using brute force.

The post The Emotet Trojan Malware Is Spreading Through Wifi first appeared on GIGE IT Solutions: IT Services Mississauga.

The post The Emotet Trojan Malware Is Spreading Through Wifi appeared first on GIGE IT Solutions: IT Services Mississauga.

Best Practices Against The New “Spectre” And “Meltdown” Cyberthreats

gigE — Tue, 29 May 2018 16:12:21 +0000

Best Practices Against The New “Spectre” And “Meltdown” Cyberthreats

The cybersecurity threats “Spectre” and “Meltdown” were first discovered January of this year as vulnerabilities that allowed attackers to gain access to sensitive information on computers using modern Intel, AMD, or ARM CPUs. While the name “Spectre” included Variants 1 and 2 of the vulnerability, “Meltdown” described Variant 3. Although these original threats have since been addressed by security updates, new versions dubbed Variant 3a and Variant 4 have been discovered on May 21^st 2018. Like the original threats, these new iterations allow attackers to access personal information stored on vulnerable systems.

CPU and Operating System (OS) developers are currently working on further security updates to address these new threats in the following weeks. However, here are some best practices that can help protect your computer while official updates are developed:

First, ensure that your computers are running the latest security updates developed against variants 1, 2, and 3. In particular, Intel has stated that updates which were developed to defend against Variant 1 web-browser exploitation are also effective in combatting Variant 4. However, it is also important to be vigilant for new security updates. The US Computer Emergency Readiness Team has stressed that the January/February Microsoft updates against “Spectre” and “Meltdown” still contained a vulnerability that could allow attackers to gain full control of a computer through editing kernel memory.

Second, constantly check for new microcode updates from your computer’s Operating System, Motherboard, or Server providers. Furthermore, after applying new security updates, the National Cybersecurity and Communications Integration Centre suggests reporting any abnormal behavior on your computer to the update developer, as effectiveness of updates can vary depending on users’ specific system configurations.

The “Meltdown” and “Spectre” Cybersecurity Threats

Originally revealed in January 2018, cybersecurity threats “Meltdown” and “Spectre” allowed attackers to destroy security measures and access CPU data on many computers containing CPUs from Intel, AMD, or ARM. Since its discovery, security updates combatting the vulnerabilities have been released by both CPU developers and OS providers such as Intel and Microsoft. However on May 21^st two new versions of the security threats were discovered by both Google Project Zero (GPZ) and Microsoft Security Response Centre (MSRC). Like the original vulnerabilities, these threats allowed hackers to access personal information on computers containing Intel, AMD, or ARM CPUs.

The first of these threats is officially known as “CVE-2018-3640”, “Variant 3a” or “Rogue System Register Read (RSRR)”. By exploiting this vulnerability, an individual can gain access to personal information by speculatively reading system parameters through side-channel analysis. The second threat has been named “CVE-2018-3639”, “Variant 4”, or “Speculative Store Bypass Disable (SSBD)”. This vulnerability allows for an individual to access old memory values in a CPU, allowing attackers to acquire sensitive information. This is possible because remnant data is stored within the CPU stack despite the processor constantly updating old information.

Intel, AMD, and ARM have all released statements outlining their strategies to combatting the new threat, and what consumers can do to protect themselves. Intel has reportedly distributed new beta security updates to various OS developers, who they state are working to develop production-versions to be released in the following weeks. Next, AMD suggests consulting OS providers specific to your system for steps to protect yourself against these new vulnerabilities. Finally, ARM has stated that the impact of these new threats is less widespread among their CPUs. Therefore, no further action against RSRR is required for Linux systems, and SSBD can be combatted by “disabling a hardware feature (memory disambiguation) at boot via an implementation-defined control register.” Finally, to address the threats on systems not running Linux, ARM suggests that “Memory disambiguation should be disabled at boot by setting the relevant control register bit”.

If you need more information on Meltdown and Spectre or keeping your servers up to date, contact us at +1 (888) 366-4443.

The post Best Practices Against The New “Spectre” And “Meltdown” Cyberthreats first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Best Practices Against The New “Spectre” And “Meltdown” Cyberthreats appeared first on GIGE IT Solutions: IT Services Mississauga.

toronto | GIGE IT Solutions: IT Services Mississauga

The Emotet Trojan Malware Is Spreading Through Wifi

Best Practices Against The New “Spectre” And “Meltdown” Cyberthreats

Best Practices Against The New “Spectre” And “Meltdown” Cyberthreats