A New Threat That Will Leave Windows Users Helpless Soon

A new multipurpose attack tool, L0rdix, is currently on sale in Deep Web Forums that are hosted by hackers. L0rdix is written in .NET and designed to infect computers with Windows operating system. It aims to steal and mine while being in stealth mode.

Despite being a one-attack-tool, L0rdix is capable of many actions. It can be considered as a Swiss Army Knife for cyber criminals.

Multiply and conquer!

With its USB infecting module, L0rdix finds and marks all connected removable devices in the network. It changes each file and directory’s attributes to hidden and copies itself in their place with the same name and icon. Thus, it will infect other removable devices when the user double clicks on files.

Takes over the control

With its botnet functionality, L0rdix is able to open a specific URL in a browser, kill a specified process, execute cmd commands, upload files, download and execute an executable file in your computer. It can also execute DDOS attacks by sending large number of HTTP requests on a specific host by its HTTP traffic overloading feature.

Stealing and cryptocurrency mining

L0rdix is after your private data. It aims to collect all files, which match the list of extensions from the configurations data, from your desktop or its directories, cookies and saved login credentials from your browser like Chrome, Kometa, Orbitum, Comodo, Amigo, Torch and Opera.

Designed by Brgfx, can be found on https://www.freepik.com/free-vector/a-man-doing-cryptocoin-mining_2176008.htm

Designed by Brgfx

With its miner functionality, L0rdix can also take over your computer and use its resources for cryptocurrency mining without your consent.

Decision to make

After a targeted computer is infected, L0rdix collects information about your computer, such as version of the Operating System, CPU model, all installed antivirus solutions, device ID, user privileges. It encrypts the collected data along with a screenshot of the infected computer then sends to command and control server. According to this forwarded information, L0rdix updates its files and settings to decide whether to mine and steal or not.

Along with the functionalities above, the developers of L0rdix made it highly advanced so that it can differentiate the virtual environment from the real world. When it is in the virtual environment, L0rdix does not execute itself. Therefore, it cannot be analyzed by common malware analysis tools.

And more…

According to researchers, L0rdix consists of other unfinished modules and weak implementation details. This indicates that L0rdix is still under development and more sophisticated versions of it will cause troubles in the future.

New troubles of the cyber world

While we at Zemana are working to eliminate zero-day threats by implementing deep learning mechanisms into our products and applying new multi-layered defense systems, it is no surprise that cyber criminals are working to create new types of malware that are harder to be detected and cause more damage than before.

Designed by Zirconicusso, can be found on https://www.freepik.com/free-vector/thief-stealing-the-information-from-de-devices_939988.htm

Designed by Zirconicusso

Users: Weakest link in the cyber security chain

This is the reason why there is are no computers in the world that cannot be hacked. Everyday hackers find new weaknesses to exploit and most of these new weaknesses become exploitable because of the careless and negligent users.

Zemana Endpoint Security protects your corporate network with its multi-layered defense while restricts your users. Your IT department can create policies to block applications, malicious websites or other websites that contain certain keywords, removable devices such as USB, Bluetooth devices, CD Roms, disk drives, and more.

Your business will be more secure once the weakest link in the chain is handled. This is why Zemana Endpoint Security will come in handy in controlling careless and negligent users in your corporate business environment.

This is What You Should Avoid This Shopping Season

Holiday shopping season is finally here and many of us can’t wait to surprise our loved ones with new things. Some of us are looking forward to spoiling ourselves too. 😊 Black Friday, Thanksgiving, Christmas shopping – these are all around the corner.

New data shows that 91 percent of the people shopping this weekend will buy at least one thing online. Mobile shopping is expected to jump 32% and will represent nearly half of all ecommerce sales. However, keep in mind that the shopping season is open for cyber criminals as well.

 

Cyber Criminals Are Also Shopping

Unlike you, they are not looking for exclusive deals and discounts, they are shopping for something else:

  • Your passwords
  • Your credit card credentials
  • Account takeover

 

Tips To Help You Out

Here are some tips you should follow this holiday season:

  1. Don’t use the same password

You should avoid using the same username/password. For many, this is inconvenient and often annoying, but it will help you not become an easy victim of cybercrime. If you need help remembering your passwords, try utilizing a password manager. For sites where your data is more valuable, use stronger, more complex and unique passwords to ensure they can’t be reverse engineered by hackers.

  1. Don’t overshare

Don’t overshare personal information on your social media accounts. This means you should avoid sharing your birth date, hometown etc. because cyber criminals can use it to commit identity fraud or open a new account in your name. Also, don’t forget to make your profiles private jus for your close friends and family.

  1. Keep an eye on suspicious links

Never click on unknown or suspicious links in your email or on a website. These usually contain malware and can infect both your PC and your network. Phishing still makes up half of online frauds, so keep this in mind when you do your online shopping this Black Friday.

  1. Always read app permissions

Before downloading an app, make sure you have read the permission requested by the app. If you don’t, you are risking putting various pieces of malware on your device, that can record or steal your personal information.

  1. Don’t store your credit card credentials

Next time you are making an online purchase via an e-commerce provider, make sure you don’t store your credit card credentials and payment information in your account.

  1. Buy from known companies

One of the easiest ways to protect yourself online is to buy from reputable companies such as eBay, Target, Best Buy etc.

  1. Use your credit card

Don’t make online purchases with your bank debit card. Rather, do it with your credit card because credit cards are more sophisticated methods in preventing frauds.

  1. Always shop using a secure network

Don’t use public and open Wi-Fi connections to perform online purchases. Stick to the private ones that need a password. Keep in mind that web protocols such as HTTPS encrypt communications, but in some advanced attacks even those could fall to a man-in-the-middle attack. Always look for the HTTPS lock symbol in your browser address window when buying online.

  1. Watch out for fake deals

Cyber criminals know that you are out there looking for the best and cheapest offers. They will try to trick you by showing you ads that promise amazing deals and discounts. Don’t be fooled by this.

 

No Need To Worry Too Much

These warnings should not keep you from shopping online. You simply need to stay aware and follow the tips we shared with you. They will help you shop smarter and with confidence.

WannaCry: Still Threatening To Make You Cry

One and a half year later, WannaCry ransomware is still considered as one of the most serious threats in cyber world as well as the most widespread in the ransomware family. According to statistics, it has attacked 74,621 users worldwide.

Biggest Ransomware Epidemic in History

In May 2017, WannaCry caused one of the biggest ransomware epidemics in history and left devastating consequences. Its target were mostly businesses, factories and hospitals. WannaCry was unique because this was the first large ransomware attack targeted at the healthcare vertical and affected not only computers, but also many medical devices like MRI machines.

Unfortunately, latest data shows that it is still spreading uncontrollably.

WannaCry spreads via the use of the EternalBlue exploit, a leaked NSA hacking tool with worm-like capabilities.

Microsoft released a patch to protect systems from the exploit almost two months before WannaCry hit, but unfortunately, many organizations still hadn’t applied the update, leaving their network vulnerable.

Attackers know the power of EternalBlue, and still regularly deploy it to help spread trojans, cryptocurrency miners and other malware campaigns.

wannacryyyy

Created by Jemastock – Freepik.com

Continuing Threat

The ending is not near. EternalBlue is still threatening unpatched and unprotected systems.

Many security experts are now concerned that the original version of WannaCry might not be the most urgent threat. It is rather the ability of hackers to reengineer and refine the malicious piece of software.

Many firms are still struggling to act a year after WannaCry, with IT security employees saying that their companies are more exposed than it was a year ago. It seems that there was panic immediately after the WannaCry attack, but nothing has changed since.

According to one of the studies, 62% of UK companies responded immediately after the attack and 38% redefined the process for reacting to security incidents. However, many businesses are still struggling with basic systems management tasks, such as patching, which are critical to preventing future attacks.

Lack of Awareness

One of the most crucial factors in enabling ransomware or any other type of malware to spread is lack of awareness. Senior leadership teams fail to realize how exposed their companies are to cyber threats. They also often fail in educating their employees about the dangers of cyber threats and ways to protect themselves.

Another crucial factor is that companies still don’t have backups of their critical data.

Companies should not let their guard down. They need to plan ahead to tackle the newest threats, making it difficult for attackers to be successful at their job.

Antivirus and Antimalware Protection is a Must

Even though, the situation is serious there is no need to panic. You are safe with Zemana AntiMalware and Zemana AntiLogger. Both products are designed to protect you from all types of ransomware, including WannaCry.

Years of careful ransomware character investigation helped Zemana in developing the best possible anti-ransomware tool. For that, Zemana AntiMalware has been rated as the best ransomware protection for years by MRG Effitas.

In case you are not yet a user of Zemana products, just go here, download any of Zemana products and stay ransomware free. Get the proactive protection that will make your mind worry free.

Modern Day Assassination Tool: Spyware

What is Spyware?

As the name itself suggests, spyware is a malicious software used to spy on someone’s privacy. It can be used to capture data through screenshots or webcam captures. Another common way is through a technique called keylogging. This technique allows the malicious software to record every keystroke made by the user, which means it can steal your passwords, credentials or any other confidential information.

It is often used to record your phone calls as well or steal your phone contacts information. The use of spyware increased rapidly in 2017 by 30%. Modern day criminals are using this piece of malware as a tool in performing different attacks, including assassinations.

Hiding in the Background

Spyware is not easy to detect because it hides in the background. Many people don’t have a clue that someone is watching them or recording their data right at this moment. However, there are some indicators that can tell you if this threat is hidden somewhere on your device. You PC or mobile device could slow down or freeze from time to time, but this doesn’t have to happen necessarily.

Khashoggi Murder

Few days ago, US whistle-blower, Edward Snowden stated that Saudi Arabia used Israeli spyware to track and murder Saudi journalist Jamal Khashoggi.

Snowden claimed that Saudi used software that was designed by Israeli cyber intelligence company to track and target Khashoggi, which lead to his murder on 2 October inside the Saudi Consulate in Istanbul.

He believes that there is no way Saudi Arabia could have known Khashoggi’s plans and movements without using the technology developed by NSO Group Technologies. This company is known for developing the “Pegasus” software which can be used to remotely infect a target’s mobile phone and then relay back data accessed by the device.

It has already been revealed that Saudi Arabia used Pegasus software in October to eavesdrop on Khashoggi’s friend, a 27-year-old Saudi dissident Omar Abdulaziz, who was a prominent critic of the Saudi government on social media. The revelation was made by the Canadian research group Citizen Lab. They proved that the software had been used to hack Abdulaziz’ iPhone between June and August this year.

Snowden also reminded everyone that Israel is routinely at the top of the US’ classified threat list of hackers along with Russia and China.

Increased Usage of Spyware

In his speech, Snowden emphasized that Mexico used NSO Group’s most notorious software to target journalists. It is believed that the Mexican government started using the Pegasus software in 2011, which coincided with a dramatic increase in the assassinations of Mexican journalists.

In 2017, Mexico was rated as the second-deadliest country for journalists in the world just behind war-torn Syria due to the high number of murders.

The NSO Group responded directly to Snowden’s claims with assertions that it only sells Pegasus software to clients on the condition that it be exclusively used to investigate or prevent crime and terrorism.

A Killing Device or a Protection Tool?

Even though, NSO Group claims their software is used in preventive purposes, the evidence does not support this claim.

There are many organizations who do not use spyware because they believe these tools and practices cross a legal line. However, not everyone shares this viewpoint. Lobbyists are trying actively to prevent anti-spyware regulation.

Therefore, one question keeps rising. Do governments use this sophisticated software to target dissidents and members of the press rather than criminals or terrorists?

 

Modern Day Heists: Bank Hackings

On November 6th, Federal Investigation Agency (FIA) Cybercrimes Director Capt. Mohammad Shoaib reported that almost all the banks in Pakistan were hacked and suffered a major security breach.

The data breach was revealed when 10 banks blocked all international transactions on debit and credit cards. FIA did high level investigation when 100 cases of security breach was reported in the recent past.

According to investigations, the first case of the cyber attack on banks was reported by BankIslami on October 27th. BankIslami blocked all international transactions when they noticed unusual transactions that are worth around 20,000 USD.

In addition to the stolen cash, data of over 8,000 account holders was sold on the black market. A gang was arrested when its members used stolen data to withdraw money from the banks in the disguise of Pakistani Army personnel. FIA wrote to all banks to increase their security against the data breach.

Designed by Macrovector, can be found on https://www.freepik.com/free-vector/thief-and-robbery-horizontal-banners-set-with-stealing-cars-and-internet-theft_2873128.htm

Designed by Macrovector

Hackers vs. Robbers

With the implementation of online banking, the financial systems across the world are the best targets for cyber-attacks. The heists do not happen with guns anymore. Hackers can heist thousands of dollars without getting up from their seats.

When hackers find a weakness in the targeted banking system, they can infiltrate it from another computer from a random location. Since cyber heists are less risky for the hackers, banks must take all security precautions to prevent all kinds of data breach. In the end, banks will be held responsible if their security features are weak.

To Ensure Cyber Safety and Safe Online Transactions

The banks must protect all of end user devices, which connect to their IT infrastructure such as laptops and cellphones, from all kinds of malicious software. To achieve this objective an advanced corporate network protection software, is a must.

We at Zemana are aware that cyber threats are becoming a greater danger in the corporate world, so this is why we invested a lot of resources, time and energy into our business solution, Zemana Endpoint Security. This product offers full protection of your corporate network. You can learn more about it here.

All data stored on end user devices or a cloud must be encrypted. Thus, in an event of a data breach the stolen data cannot be used or the login credentials can be changed until the decryption process is completed.

As many banks use third-party services to give their customers better service, banks should be aware that if a third-party service has a weak cyber security system, it will also weaken banks’ security system.

In this case, the banks should take vendors’ cyber security systems into consideration before deploying their solutions. Banks should consider doing penetration tests to find vulnerabilities of their IT infrastructure.

A Leading Media Company, Media Prima Attacked by Ransomware

Ransomware Hits Again

It seems the situation is not getting any better because there are more and more major companies and networks reporting to have been victims of ransomware attacks.

The most recent one is Malaysia’s leading media company, Media Prima, a company that runs TV, radio channels, newspapers and digital media. In the past four days, its computer systems have been breached and infected with ransomware. The attackers are demanding 1 000 bitcoins, which is around US$6.45 million.

How Does Ransomware Work?

When a ransomware attacks occurs, it encrypts all your system and your files until you pay the ransom. You get instructions on the screen on how to do it. The payment is done in Bitcoin. Many pay he ransom in hopes of retreating their data.

However, usually there is a timer attached to the Ransomware lock that ticks down to when the files become lost forever. Yes, this happens too. Ransomware can start destroying all the keys required for decryption if you don’t pay the ransom by given deadline.

Aside from offsite backups, there are no alternatives available today to recover the files without paying the ransom – and once the keys are destroyed, the files are gone forever.

Latest News

Latest information show that this attack was most probably designed specially to target Media Prima. We don’t have the exact information on whether Media Prima’s data has been breached, and whether the media group would be suffering financial losses due to the ransomware attack.

Some sources claim that Media Prima’s office email has been affected but that the company has migrated the email to another system. For now, Media Prima is not considering paying the ransom.

Businesses: Ransomware’s New Target

Ransomware attacks are getting more agile, complex and widespread. They have increasingly started targeting businesses of all sizes in all sectors, rather than consumers.

One of the attackers’ most common and favorite ways to spread ransomware is by sending malicious emails to employees of the company. Once they open the email or sometimes even click on the link in the email, the ransomware starts automatically downloading in the background.

The ease with which it can be shared, and spread is precisely one of the reasons why ransomware is becoming more and more popular among cyber criminals. Attacks have been spread to mobile devices through the help of different banking Trojans.

We cannot emphasize and highlight enough the importance of individual companies educating their own employees on how to identify a ransomware attack before becoming a victim.

Luck is not something you should rely on when it comes to ransomware because it can happen to any company. The consequences can be potentially catastrophic, because such an attack could destroy business if offline backups haven’t been stored.

Ransomware Turning Into a Business

The ransomware distribution techniques are running like a business today. Developing, buying, selling, trading and distributing different ransomware variants enabled hackers to create micro-economies that turned into a global network. The main reason for this is the fact that hackers realized they can get huge sums of money this way.

This image was designed by Vectorpocket and can be found at https://www.freepik.com

Created by Vectorpocket – Freepik.com

Protect Yourself in Time

The most important thing to keep in mind is that you should not wait for ransomware to attack you or your business. Protect your corporate network as well as your home devices in time. Install a necessary antivirus solution and enhance your protection with an anti-malware solution, that will serve as an additional layer of your protection.

Together, they will detect any suspicious behavior on your devices and block it immediately, keeping your data safe from anyone who wants to invade your privacy and keeping you from becoming another victim.

How to Survive in Today’s Cyber World

According to Routine Activities Theory, which is one of the four major victimology theories, the crime occurs when a motivated offender and a suitable target are present while capable guardians are absent. These three elements must converge at the same time and in the same environment. This theory suggests that a motivated offender will act upon the suitable target when there is nobody that can prevent the crime from happening. Thus, we can say that a burglar can sneak into a house, where nobody is present, to steal valuable goods.

The Suitable Targets

If we apply this theory to the cyber world, the environment and the time limits are no longer an issue due the structure of the cyber world. So, regardless of the size or sector, all businesses are targets for cyber-attacks. Cyber-attacks occur when a motivated hacker detects a target that has no appropriate guardian or cyber security system in this case.

What Motives Hackers to Infiltrate…

There are many reasons behind a cyber-attack. From hackers’ point of view, they have many desires and motivations behind their actions. These can be categorized into three main sections for better understanding.

Designed by Freepik can be found at https://www.freepik.com/free-vector/young-anonymous-hacker-with-flat-design_2753362.htm

Designed by Freepik

Financial Gains

This is the most common reason that initiates a cyber-attack. The hackers usually want to earn money as easy as possible. Thus, they usually follow three main ways to achieve their objectives.

  1. Hackers infiltrate into your network or database to steal the information that you create and store to do business. This information could be related to your customers or products. This kind of data breach is usually unnoticed because hackers aim to steal the information periodically. Once the information is taken, they can either use the information for identity theft and fraud or they can sell it to other third parties for the same reason.
  1. Hackers can lock your computer or encrypt your files and demand a ransom to restore it back. Once they are in your computer, they execute a malicious software called ransomware that leads you to a stalemate. This malware informs you that your computer is locked, or that your files are encrypted, and you have only one way to recover them: paying the ransom they want. At this point, even if you pay the ransom, there is a chance that your files will stay locked forever or you can be targeted again with the same ransomware.
  1. Instead of selling the information, hackers can change the information within the company, so they can attack to perpetrate a direct fraud on a business. In this attack pattern, hackers usually aim to change the destination of a payment. They can send a fake email, which looks legitimate, on behalf of a supplier that advices about changed bank details. Once it is changed, the money goes to hacker’s account rather than the supplier’s account. 

Hacktivism

It means infiltrating into a system or a network to make a political or social point. Hacktivists can interrupt or stop their target’s normal activity with Denial of Service (DoS) attacks. Governments and political institutions are often targeted by DoS attacks. They can also look for information to damage their targets’ reputation. After the data breach, the information usually ends up on Wikileaks.

Challenge

Some hackers love to challenge themselves to prove themselves in their community, to have an adrenaline rush or both. They may not have criminal intentions. For example, white hat hackers hack into institutions’ network with an authorization to find out the weaknesses. However, inexperienced hackers may damage the system and create new weaknesses or back doors in the network for those who have criminal intentions while challenging themselves.

Hackers may have other motivations as well as getting revenge, gaining a commercial advantage or more complex ones…

Insider Attacks

While a motivated hacker can attack your business from the outside; insiders, such as employees and business partners, can also attack or assist the attacks that target your business. In fact, many cases of security breaches occur due to misuse of corporate IT systems by an insider. An insider can be motivated, careless or negligent.

Even if your business has a sufficient cyber security system, insiders often open your business up to cyber risks. An insider can:

  • open spam e-mails,
  • click on suspicious links,
  • share confidential information on social media,
  • install unauthorized software,
  • keep confidential information on portable device and leave it unattended,
  • use personal e-mail account for business,
  • download pictures, videos and audios,
  • use unsecured devices to access a company’s network…
Designed by Freepik can be found at https://www.freepik.com/free-vector/warning-pop-up-with-flat-design_2604665.htm

Designed by Freepik

The Capable Guardian

A business must be protected from both outside attacks and inside negligence. An antivirus or anti malware software can protect your business from outsiders but it won’t control insiders. Even if the software offers very solid protection, without required policies that controls the insiders, there will always be back doors for hackers. That’s why traditional anti-virus solutions do not work in the corporate network protection.

As an advanced corporate network protection software, Zemana Endpoint Security offers antimalware, anti-ransomware, anti-phishing and anti-keylogging protection. In addition to its real time multilayered defense and machine learning capabilities, Zemana Endpoint Security controls insiders and prevents negligence within the company. It restricts them via its content control mechanisms, such as URL and keyword filtering, application blocking and device management. Thus, Zemana Endpoint Security won’t let insiders open your business to cyber risks.