PDF Version: Expert-Tips-for-Safe-Internet-Banking
Tag: Cyber Crime Page 1 of 2
As a form of cybercrime, “cryptojacking” includes the illegal use of victims’ equipment (personal computers, mobile phones, tablets, and even servers) to “mine” for bitcoin or other cryptocurrencies. A victim’s computer may be infected with cryptojacking software via phishing, code download from fraudulent websites, or other malicious techniques. Cryptojacking can also occur via code embedded in digital advertizements or web pages that are only activated when the victim visits a particular website.
Why should you be worried about hackers cryptojacking your devices?
A sluggish computer and a larger electricity bill are classic indicators of cryptojacking attacks on a personal laptop used at home. Targeted crypto mining on a massive scale might cause severe damage to a business. System failures and downtime impair sales and corporate productivity and transform expensive, high-performance servers into costly, low-performance servers. As computational resources are diverted from their intended use to suit the needs of cryptocurrency miners, operational costs inevitably increase. Furthermore, the presence of cryptocurrency mining software on the network is indicative of more serious cybersecurity concern.
How to tell if your devices have been Cryptojacked?
The objective of cryptojacking is to mine more cryptocurrency while going undetected for as long as possible. Cryptojacking malware is made to utilize as much power as it requires while remaining undetected. There are several indicators that cryptojacking malware has been installed on your computer. Some of these are:
- Slower working of devices
The efficiency of computing devices is lowered by cryptojacking. Be wary of gadgets that operate slowly, crash, or have particularly poor performance. You should also pay attention to decreased system performance. Batteries that deplete more quickly than they normally would are another sign.
- Increase in heat dissipation by the processor and CPU fan
If your computer gets too hot, which might be the result of a cryptojacking website or software, the fan will speed up to cool things down. A cryptojacking script may be present on a website or computer if the user notices that their device is overheating and the CPU fan is constantly operating at a greater speed.
- Heavy utilization of CPU or computational resources
If your CPU usage goes up when you visit a site with few or no media files, this could be a sign that cryptojacking scripts are running. You can test for cryptojacking by keeping an eye on how much the CPU is being used. You can use the Activity Monitor or Task Manager to check this.
- Quicker battery discharge
Due to an increase in CPU utilization and fan speed, the power consumption of devices and computing systems increases dramatically. This causes the battery to deplete faster. Therefore, if you observe that the device’s battery is draining quickly, this could be a symptom of cryptojacking
- Increased electricity costs due to cryptojacking
An increase in power consumption by the infected devices leads to higher electricity usage. An unexpected spike in electric power consumption can also be a possible indicator of devices being infected by cryptojacking malware
Centex Technologies provide cybersecurity and network security solutions to businesses. For more information, you can contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.
Clop ransomware is a member of the CryptoMix family known to infect Microsoft Windows operating systems. The Russian word ‘clop’ translates to “a bug” in English. The APT group known as TA505 uses ransomware widely as a final payload to target a system’s whole network, as opposed to a single machine. This virus functions by encrypting a file and appending the extension “.clop.” After successfully encrypting the file, the virus generates “ClopReadMe.txt” and places a copy in each folder. This file also includes the ransom note.
It was recently uncovered that the threat group had stolen 2 million credit card numbers via POS malware and threatened to demand a $20 million ransom from a German business as well.
How can individuals stay protected from Clop Ransomware?
- Be cautious when using computers. Lack of information and negligence are the fundamental reasons for computer virus infestations. So be careful when browsing the internet and downloading, installing, and upgrading software.
- Always open email attachments with caution. If the sender’s email address appears suspicious or unusual, do not open the attachment.
- Only use direct download links from authorized sources, as malicious programs are commonly distributed via third-party downloaders and installers. Updating software packages are required to keep installed software up to date and secure. The most secure method is to use tools or created features provided by the official developer.
- Using pirated software with software cracking tools is illegal and should never be done. You essentially steal intellectual property from software developers and do not pay them. Furthermore, because these tools are regularly used to transmit malware, the risk of malware infection is high.
- Blocking a C2 (Command and Control) connection in the middle of an infection chain can prevent malware from propagating. To accomplish such activities, use web filters. One of the most important tactics for preventing ransomware from infiltrating a machine or network is to deploy an effective endpoint security solution.
- If the machine has already been infected with the Clop ransomware, run a Windows antivirus tool to remove it. Install and run a reliable antivirus and antispyware software regularly; these capabilities can assist you in detecting and eliminating malware before it causes any harm. If Clop is already p in your system, we recommend running a scan with any NGAV (Next-Generation Antivirus) solution to eradicate the malware.
How can businesses stay protected from Clop Ransomware?
- Make a list of your resources and data, identify software/hardware that is legitimately necessary for business objectives, and audit incident and event logs.
- Manage software and hardware configurations. Allow admin rights and access only when necessary for an employee to accomplish his tasks. Keep a watch on the network’s services, protocols, and ports. Configure the security settings on routers and other network infrastructure devices. Make a software allow list that only allows legitimate and pre-approved programs to run.
- Conduct regular vulnerability assessments. Patch operating systems and software both physically and remotely. Install the most recent software and application versions to address zero-day vulnerabilities published by threat actors.
- Put measures in place for data recovery, backup, and asset protection. Set up MFA (Multifactor Authentication), ZTNA (Zero Trust Network Access), and PoLP (Principle of Least Privilege).
- Stop phishing emails through sandbox analysis. Install the most recent security updates on the system’s email, endpoint, web, and network layers. Also, implement sophisticated detection methods to identify early warning signals of an attack, such as the existence of suspicious tools on the system.
- Employees should be subjected to regular security training and review. Perform penetration testing and red-team drills.
Centex Technologies provides cyber security solutions for businesses. For more information about how to stay protected, contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.
A ransomware is a type of malware that encrypts user files on victim computer or network. The attacker then demands a ransom from the victim in exchange for the decryption key. CryptoWall is a family of such file-encrypting ransomware. It first appeared in early 2014 and has numerous variants including Cryptorbit, CryptoDefense, CryptoWall 2.0, and CryptoWall 3.0. The early variants used RSA public key for file encryption, however, the new versions use AES key for file encryption. The AES key is further encrypted using a public key. This makes it impossible to get the actual key needed to decrypt the files.
Mode Of Infection:
Traditionally, CryptoWall ransomware was distributed via exploit kits. But, now spam emails are also used to infect the victims. The spam email contains RAR attachment that includes a CHM file. When the victim opens the CHM file, it downloads ‘CryptoWall binary’ to the system and copies itself into the %temp% folder.
CHM file – Compiled HTML or CHM file is an interactive html file that is compressed inside a CHM container and may hold other files such as JavaScript, images, etc. inside it.
Execution:
- The Cryptowall binary downloaded on the system is compressed or encoded. Useless instructions and anti-emulation tricks are deliberately inserted in the coding to break AV engine protection.
- On execution, it launches a new instance of explorer.exe process.
- In the next step, the ransomware injects its unpacked CrytoWall binary and executes the injected code.
- The original process automatically exits itself after launching the injected explorer process.
- The files are encrypted and the ransomware deletes the volume shadow files using ‘vssadmin.exe’ tool. This makes sure that the encrypted files may not be recovered.
- The CryptoWall binary is copied to various locations such as %appdata%, %startup%, %rootdrive%, etc. The copies are added to the auto start key to help them stay persistent even after the infected system is rebooted.
- A new svchost.exe process is launched with user privilege and malicious binary code is injected into it.
- The ransomware connects to I2P proxies to find live command and control server.
- The server replies with unique encryption key generated specifically for the target system. The key starts the file encryption thread and drops ransom notes in all directories.
- Finally, it launches Internet Explorer to display ransom notes and the hollowed svchost process kills itself.
Protection:
- Keep antivirus up-to-date
- Back up the files
- Apply windows update regularly
- Avoid clicking random emails
- Disable remote desktop connections
- Block binaries running from %appdata% and %temp% paths
For more information on Cryptowall ransomware, contact Centex Technologies at (254) 213 – 4740.
Business security is one of the prime priorities for every business and as the number of cyber attacks is on a rise, the cyber security practices have become a necessity. Cyber criminals tend to find weak entry spots for targeting a business. Due to the nature of operations, inbound call centers act as an easy target for cyber criminals. The inbound call centers receive customer calls and acquire customer information to answer their queries. If hackers breech the inbound call system, they can get hold of consumer’s personal information.
Thus, businesses need to be vigilant and take proper steps to secure consumer information. Here are some tips to reduce cyber crime in inbound call centers:
- Regularly Audit The Environment: Audits are generally overlooked, but regularly auditing the network environment of the call center can help in detecting any intrusion at an early stage. Audits can also help businesses in detecting any vulnerability in the system. A simpler way is to automate the network audit using a remote monitoring and management system (RMM). Also, businesses should consider password audit for all the staff in the inbound call center. This helps in tracking the users with weak or outdated password.
- Strengthen The Authentication Process: Passwords alone may not be sufficient for proper authentication of users. So, inbound call centers should strengthen the system by incorporating multi-factor authentication. Also, it is important to backup the authentication data with either a knowledge based, possession based, or inherence based requirement such as having a physical key or smartphone for receiving one-time password.
- Boost Weak Security Through Automation: A great approach to ensure security of the systems is to automate the security process. A common example is to automate password generation such that the users themselves don’t know their passwords until the time of login. This eliminates the risk of knowingly or unknowingly leak of passwords by the users. This can be achieved by using software such as Password Management System or privileged Identity Management.
- Secure The Endpoints: Endpoints are highly vulnerable because cyber criminals attack these endpoints to create holes in the network security perimeter. Inbound call centers can use advanced endpoint detection solutions to improve system’s ability to defend itself.
For more information on tips to secure network in inbound call centers, contact Centex Technologies at (254) 213 – 4740.