BlackByte ransomware picks up where Conti and Sodinokibi left off

Exbyte is the latest tool developed by ransomware attackers to expedite data theft from victims.

Symantec’s Threat Hunter Team has discovered that at least one affiliate of the BlackByte ransomware (Ransom.Blackbyte) operation has begun using a custom data exfiltration tool during their attacks. The malware (Infostealer.Exbyte) is designed to expedite the theft of data from the victim’s network and upload it to an external server.

BlackByte is a ransomware-as-a-service operation that is run by a cyber-crime group Symantec calls Hecamede. The group sprang to public attention in February 2022 when the U.S. Federal Bureau of Investigation (FBI) issued an alert stating that BlackByte had been used to attack multiple entities in the U.S., including organizations in at least three critical infrastructure sectors. In recent months, BlackByte has become one of the most frequently used payloads in ransomware attacks.

Inside Exbyte

The Exbyte exfiltration tool is written in Go and designed to upload stolen files to the Mega.co.nz cloud storage service.

On execution, Exbyte performs a series of checks for indicators that it may be running in a sandboxed environment. This is intended to make it more difficult for security researchers to … Learn more: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackbyte-exbyte-ransomware

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running
optimally & that you have help when needed!  Includes Document Backups!

#ITservices
#TechSupport #ComputerHelp #CyberSecurity

Beyond ransomware: A look at other malware threats

There continues to be a lot of focus on ransomware and how it continues to infiltrate companies and institutions. But ignoring “good old-fashioned malware” – a catch-all term for a huge grab-bag of nasty stuff, including DDoS, credential swiping, bank account scraping, and more – can come at a price.

“With IT staffs being thin on company rosters and at MSPs, sometimes the resources get deployed to fend off ransomware or insider threats when there are still other threats that need to be monitored,” says Cecil Craig, a cybersecurity analyst in Phoenix.

Among those “other threats” are a variety of payloads. “And anecdotally, it seems like hackers are ramping up their efforts to breach systems using a variety of different techniques,” Craig says.

A round-up of recent headline-grabbing, non-ransomware malware incidents include:

Nullmixer: A new malware dropper that is infecting Windows devices with a dozen different malware families simultaneously through fake software cracks promoted on malicious sites in Google Search results. NullMixer acts as an infection funnel, using a single Windows executable to launch a dozen different malware families, leading to over two dozen infections running a single device.

“Malware like Nullmixer gives hackers a one-stop shop of sorts to deploy which can include password-stealing, and spyware,” Craig says. It can also drop trojans, backdoors, spyware, bankers, fake Windows system cleaners, clipboard hijackers, and cryptocurrency miners according to published reports.

Chaos: An IoT malware that is making the rounds and targeting certain verticals, including the financial services industry. Cybercriminals are using Google’s Go programming language to zero in on certain IoT devices.

According to ZDNet, Chaos exploits known but unpatched vulnerabilities in firewall devices to gain a foothold in a network. These include critical remote code execution flaws affecting Huawei’s HG532 wireless routers for homes and small businesses (CVE-2017-17215) and a newer flaw in Zyxel’s routers (CVE-2022-30525).

“And this just an illustration of the IoT ecosystem as a whole. It represents a real weak spot in so many systems. MSPs need to remain vigilant in protecting and securing IoT entry points,” Craig says.

Erbium: “A serious threat” is what one analyst calls this new malware.

Laptop Magazine describes Erbium as “a data and information-stealing tool that targets your passwords, credit cards, cookies, cryptocurrency wallets, and possibly more. Due to its rapid spread and availability, it could be adapted in the future to infect users in new ways.”

PowerPoint Malware: Bleeping Computer has reported that hackers thought to be working for Russia have started using PowerPoint as a means of distributing malware.

“Like the hackers hiding malware in the Microsoft logo, this is another example of hackers trading in on the good name of a brand. Most people trust Power Point and wouldn’t think of it as a vehicle for delivering malware and that is where hackers leverage their skills,” Craig says.

The malware distribution comes from the movement of the mouse in the Microsoft PowerPoint presentations to trigger a malicious PowerShell script.

Government Jobs: TechRadar reports that cybercriminals are preying on job seekers in the United States and New Zealand to distribute Cobalt Strike beacons, but also other viruses and malware as well. Per Tech Radar:

Researchers from Cisco Talos claim an unknown threat actor is sending out multiple phishing lures via email, assuming the identity of the US Office of Personnel Management (OPM), as well as the New Zealand Public Service Association (PSA).

The email invites the victim to download and run an attached Word document, claiming it holds more details about the job opportunity.

“While not everyone who is searching for a job is desperate, a job-seeker might be focused on other things and be more easily fooled by something they might not be at another time,” Craig says. He says MSPs need to be holistic in their security approach, cast a wide net, and be on the look-out for all vulnerabilities.

“You may have successfully fended off a ransomware attack, but other attacks can be just as devastating and if you aren’t looking for them all, you are undermining your own effectiveness,” Craig says.

Learn more: https://smartermsp.com/beyond-ransomware-a-look-at-other-malware-threats/

Contact us today: https://wehealcomputers.com; We ensure your systems are secure, running optimally & that you have help when needed! Includes Document Backups!
#ITservices #TechSupport #ComputerHelp #CyberSecurity

How to apply simple table formatting in Microsoft PowerPoint

In Microsoft PowerPoint, you don’t need to create a table style from scratch; instead, learn how to apply a style and tweak it to get quick, professional results.

Tables are common elements in Microsoft PowerPoint presentations, and the more succinct and clearer, the better. You can build tables from scratch or copy the table from another program and applying a built-in table style makes this route quick and easy. As a bonus, all PowerPoint table styles are based on Office themes so maintaining consistency is almost effortless.

In this tutorial, I’ll show you how to quickly style table data copied from a Microsoft Excel Table using built-in table styles in PowerPoint. The easiest way to get a clean simple design is to start with a PowerPoint table style and remove the formats you don’t want or add the ones you do. Starting with a ready-to-go style is faster than starting from scratch and offers opportunities to explore. Learn more: https://www.techrepublic.com/article/table-formatting-microsoft-powerpoint/

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running
optimally & that you have help when needed!  Includes Document Backups!
#ITservices #TechSupport #ComputerHelp #CyberSecurity

Phishing attack spoofs Zoom to steal Microsoft user credentials

Targeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox.

Phishing attacks work by impersonating a familiar or trusted brand, product or company, often with the goal of tricking recipients into divulging sensitive account credentials. That’s exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.

How the attack worked

Aimed at more than 21,000 users at a national healthcare company, the phishing email included a subject line of “For [name of recipient] on Today, 2022” with each user’s actual name listed as the recipient. Displaying the Zoom name and logo, the email itself claimed that the person had two messages waiting for their response. To read the alleged messages, the recipient had to click on a main button in the body of the message.

The main button would have taken users to a phony landing page spoofing a Microsoft login site. At the site, the victims were instructed to enter their Microsoft account password supposedly to verify their identity before they could access the messages. The landing page already populated the username field with the person’s actual email address to further lull them into a sense of security. Naturally, any Microsoft passwords entered at the page would then be captured by the attackers.

Sent from a valid domain, the initial phishing email evaded Microsoft Exchange email security controls as it was able to pass the usual email authentication checks, including DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication Reporting and Conformance. Learn more: https://assets.armorblox.com/f/52352/x/d893e1fdc6/armorblox-2022-email-security-threat-report.pdf

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running
optimally & that you have help when needed!  Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

How to use Microsoft Outlook’s Quick Steps to quickly respond to emails

If you respond the same way to lots of emails, use Microsoft Outlook’s Quick Steps feature to respond with a quick click.

If you’re on your organization’s email front line, you probably receive a lot of messages that go nowhere. For instance, you might receive frequent emails asking about employment opportunities. If your company isn’t hiring, answering each request manually can quickly become a nuisance for you.

Wouldn’t it be great if you could just click a button and have Outlook respond with a generic response and then delete the message?

In this tutorial, I’ll show you how to use the Outlook Quick Steps feature to send an automated reply and then delete the message you’re replying to. I’m using Microsoft 365 on a Windows 10 64-bit system, but you can use earlier versions down to Outlook 2013. Outlook Mail (online) doesn’t support Quick Steps.

What is a quick step in Outlook?

The Quick Steps feature lets you set up actions that Outlook executes when called. You can apply multiple actions to the same quick step. You can choose a template or … Learn more: https://www.techrepublic.com/article/use-microsoft-outlook-quick-steps-respond-emails/

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running optimally & that you have help when needed!  Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

How to work with long documents in Google Docs

Prudent use of styles, stars, @ file mentions and more make Google Docs and Drive a powerful tool for longer and larger writing projects.

Navigation techniques, writing time, and the need for related content and collaboration may all differ when you work with long Google Docs. With a file of a few hundred words, it takes little time to scroll from beginning to end. With a long Google Doc, however, scrolling may not be the best way to navigate.

Many short files are short term projects, started and completed within minutes, hours or days rather than the weeks, months or years that you might labor on a long Google Doc.

Often, short Google Docs are self-contained, with no need for other files, while some long Google Docs rely on folders full of relevant reference and source material. Additionally, you might want to collaborate with people for a particular portion of content for a long Google Doc, rather than sharing access to your main file as you might with a short Google Doc.

The sections below cover how to … Learn more: https://www.techrepublic.com/article/work-with-long-documents-google/

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running
optimally & that you have help when needed!  Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari.  An attacker could exploit one of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible.

Learn more: https://www.cisa.gov/uscert/ncas/current-activity/2022/08/18/apple-releases-security-updates-multiple-product 

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running
optimally & that you have help when needed!  Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

Phishing Emails Masquerading as HR Or IT Notifications Get the Most Clicks

TLDR: Research shows that phishing emails purporting to be from HR or IT get the most clicks. When in doubt, call the person or department to confirm if the email is legitimate.

The most probable links/files to be clicked on in phishing emails are those that appear to be from the HR or IT departments, according to KnowBe4, a security awareness training and a simulated phishing platform. The results came after the cybersecurity firm ran tests to identify the most common phishing email subjects.

KnowBe4 has published the new 2022 Phishing by Industry Benchmarking Report. The research aimed to determine an organization’s Phish-prone Percentage (PPP), which indicates how many of its workers are susceptible to phishing scams.

The cybersecurity awareness company tested employees to ascertain the likelihood of clicking a phishing link. The study revealed that emails from HR/IT are most likely to be clicked by employees, with half of those that were clicked on having HR-related subject lines such as vacation policy updates, dress code changes, and … Learn More: https://www.spiceworks.com/it-security/web-security/news/phishing-email-test/

Contact us today: https://wehealcomputers.com; We ensure your systems are secure, running optimally & that you have help when needed! Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

How cyber criminals are targeting Amazon Prime Day shoppers

Highlights:

* This year, during the first few days of July, Check Point Research (CPR) has already witnessed a 37% increase in daily Amazon-related phishing attacks compared to the daily average in June

* Last year during the month of Amazon Prime Day (June 2021) we witnessed an 86% increase in phishing emails relating to the occasion, and a 16% increase in phishing URLs compared to the previous month

*( During June 2022, there were almost 1,900 new domains related to the term “amazon” of which 9.5% were found to be risky – either malicious or suspicious

* CPR provides examples of malicious impersonations of Amazon Customer Service, as well as a log-in page for Amazon Japan

Kicking off on July 12th, the annual Amazon shopping extravaganza, as always, is promised to be bigger and better with more cash savings and offers on goods.

Online shoppers are already on the hunt for one-time offers or once-a-year deals and are closely monitoring the web for upcoming surprises.

Clearly tracking this trend, cybercriminals are also sharpening their own upcoming surprises and gearing up to exploit the excitement of shoppers. Of course, Amazon-related phishing occurs all year long, and the company is often in the top imitated brands yet there is always an increase in activity around Prime Day. CPR is closely monitoring for cyber threats related to the day, both in the weeks leading to it and during the event itself, and has already found alarming signs of malicious phishing campaigns and … Learn more: https://bit.ly/3nMKFEd

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running
optimally, and that you have help when needed!  Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

F5 Labs Investigates MaliBot

TLDR: Never install phone apps from SMS links or 3rd party sites, rather only from the official app stores.

While tracking the mobile banking trojan FluBot, F5 Labs recently discovered a new strain of Android malware which we have dubbed “MaliBot”. While its main targets are online banking customers in Spain and Italy, its ability to steal credentials, cookies, and bypass multi-factor authentication (MFA) codes, means that Android users all over the world must be vigilant. Some of MaliBot’s key characteristics include:

* MaliBot disguises itself as a cryptocurrency mining app named “Mining X” or “The CryptoApp”, and occasionally assumes some other guises, such as “MySocialSecurity” and “Chrome”

* MaliBot is focused on stealing financial information, credentials, crypto wallets, and personal data (PII), and also targets financial institutions in Italy and Spain

* Malibot is capable of stealing and bypassing multi-factor (2FA/MFA) codes

* It includes the ability to remotely control infected devices using a VNC server implementation

This article is a deep dive into the tactics and techniques this malware strain employs to steal personal data and evade detection. Learn more: https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot

Contact us today: https://wehealcomputers.com; We ensure your systems are secure, running optimally, and that you have help when needed! Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity