Tag Archive for Malware

| June 14, 2023
Comments Off on UEFI Malware: The Silent Threat to Your PC

UEFI Malware: The Silent Threat to Your PC

UEFI Malware: The Silent Threat to Your PCHackers have been compromising PCs with UEFI malware and your anti-virus software doesn’t know it. Cybersecurity firm Eclypsium has detected an ongoing campaign that targets motherboards manufactured by Taiwan based Gigabyte Technologies (2376). The attacks use a hidden backdoor installed by Gigabyte which is being exploited by attackers.

millions of Gigabyte motherboardsThe flaw impacts up to millions of Gigabyte motherboards. The flaw goes back to the AMD 400-series chipsets up to the latest Intel 700-series or AMD 600-series motherboards. Eclypsium found that every time a computer with an affected Gigabyte motherboard (PDF) restarts, its firmware silently runs an update program which downloads and launches another piece of software. While this is meant to keep your PC hardware up to date, Eclypsium says the hidden code implemented insecurely, it can use an HTTP connection, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program.

Because the updater program is triggered from the computer’s UEFI firmware, it loads before Windows loads, making it difficult to detect or remove. UEFI stands for Unified Extensible Firmware Interface, and it is the software that runs before the operating system starts. By running before the operating system, any planted malware can bypass security mechanisms such as Secure Boot and antivirus scans. UEFI malware can also persist across operating system reinstalls or hard drive replacements, making it difficult to detect and remove.

How to determine if your PC has UEFI malware

There are a few steps you can take to check for signs of infection:

  1. Use the command prompt to check the motherboard model. Open the Command Prompt from the Start Menu, and type in:
wmic baseboard get product,Manufacturer

Windows will return the manufacturer and Product.

Command prompt

2. If the command prompt freaks you out, you can use the Windows GUI to find you motherboard’s manufacturer. From the Start menu type “System Information” into the search bar and bring up the System Information app.

System information
The System Information page will display. BaseBoard Manufacturer is the motherboard manufacturer, and BaseBoard Product is the name of the motherboard.



3.If neither of these options work, you can try a 3rd party utility. HWInfo, and CPU-Z are popular 3rd party tools that can determine the manufacturer of your motherboard.

What to look for

Some UEFI malware may cause noticeable changes in your system performance, stability, or functionality. For example, you may experience frequent crashes, blue screens, boot errors, slow boot times, missing files, network issues, or unexpected pop-ups. These symptoms may also be caused by other factors, so they are not conclusive evidence of infection, but they can be indicators that something is wrong.

What to do if you have UEFI malware

If you suspect that your PC has UEFI malware, you should take immediate action to remove it and prevent further damage. The best way to do this is to reset or reflash the firmware using a trusted source from your device manufacturer. This will overwrite the malicious code and restore the original firmware. However, this process can be risky and complex, and it may require physical access to the device or special tools. You should carefully follow the instructions from your device manufacturer and back up your data before attempting this procedure.

How do I prevent UEFI malware?

The first step is to dig into you BIOS and set a BIOS password. This will help prevent any future changes without your knowledge. If getting into the BIOS makes you nervous, you can use software.

Some antivirus systems include a UEFI scanner. For example, Microsoft Defender ATP has a UEFI scanner that brings its protection capabilities to the firmware level. Another example is Kaspersky Anti-Virus for UEFI (KUEFI) Kaspersky says KUEFI provides effective protection from rootkits and bootkits and ensures safe OS loading.

These tools detect a threat, they will alert you and provide instructions on how to repair the firmware. However, not all antivirus programs have this feature, and some UEFI malware may evade detection by hiding or encrypting itself.

Gigabyte has released an update to close the hole.

rb-

UEFI malware can compromise your system security and privacy. To protect yourself from this type of attack, you should:

  1. Keep your firmware and operating system updated with the latest patches and security fixes.
  2. Use a reliable antivirus program that can scan and protect your firmware as well as your files.
  3. Avoid opening suspicious attachments or links from unknown sources.
  4. Be careful when downloading or installing software from untrusted websites.

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| March 7, 2023
Comments Off on Blockchain is Enabling Malware

Blockchain is Enabling Malware

Blockchain is Enabling MalwareBlockchain was going to save the world. Remember the hype? It was going to save the environment. Blockchain was going to change the world.  In a 2018 hype piece Wired listed “187 Things the Blockchain Is Supposed to Fix.” The first item on the 2018 Wired list of things blockchain was going to fix is “Bots with nefarious intent.” 

Nozomi networksWell, it is 2023 and Wired’s prediction is wrong. Cybersecurity firm Nozomi is reporting that blockchain is being used to enable malware. Bleeping Computer writes that the security researchers found the Glupteba malware botnet has been resurrected. Glupteba is a blockchain-enabled malware that has been targeting Windows devices worldwide since at least 2011.

Blockchain-enabled malware

The San Fransisco cybersecurity firm describes Glupteba as a blockchain-enabled, modular malware that infects Windows and IoT devices. The malware is distributed through malvertising on pay-per-install (PPI) networks and traffic distribution systems (TDS). It pushes the malware installer when the victim clicks on a weaponized link disguised as free software, videos, or movies. Once installed, the malware will mine for cryptocurrency, steal user credentials, and deploy proxies on compromised systems. The proxies are later sold as ‘residential proxies‘ to other cybercriminals.

Bitcoin wallet

Glupteba uses the Bitcoin blockchain to evade disruption. The zombies get updated lists of command and control servers to contact for commands to execute their malware activities from Bitcoin. The infested computers search the public Bitcoin blockchain for transactions related to wallet addresses owned by the attackers. From the Bitcoin wallet, the zombie clients can fetch an AES encrypted address C2 server address.

The malware uses the blockchain strategy to prevent takedowns, like the Google December 2021 disruption. Google was able to disrupt the blockchain-enabled botnet. The botnet was disrupted by gaining court orders to seize control of the botnet’s infrastructure and filing complaints against two Russian operators.

rb-

Because blockchain transactions cannot be erased (by design), it is much harder to take down C2 servers. Furthermore, without a Bitcoin private key, law enforcement cannot plant payloads onto the controller address to take over or shutdown a botnet. Ars has a deeper explanation here.

Please remember that the original reason for Bitcoin was that it would do away with the need for trust in people. The assumption appears to be that you can trust the technology – but not people. This malware proves that this is a faulty premise.

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| September 11, 2021
Comments Off on 10 Ways To Catch A COVID Phish

10 Ways To Catch A COVID Phish

10 Ways To Catch A COVID Phish

Cybercriminals, like to take advantage of fear. They are taking advantage of the ignorance-fueled COVID-19 Delta variant surge. Attackers are increasingly using business-looking COVID phish emails to do their dastardly deeds.

return to the office.More than half of employers are forcing a to return to the office. Employers are requiring the submission of paperwork such as COVID test results and proof of vaccination to keep your job. Hackers know that communication from employers about COVID can spark an emotional reaction and compel people to click. Researchers at Proofpoint found that business looking COVID phish attempts have increased by 33%.

Cybercriminals are taking advantage of these requirements. The demands for COVID paperwork give the attackers more ways to disguising their phishing attempts. Sherrod DeGrippo, Vice-President of Threat Research and Detection at Proofpoint, told The Washington Post. “That almost makes it easier for the bad actors because people are getting used to: ‘Upload your negative test here, go download this COVID form, fill it out.’” 

Fake O365 COVID phish attempts

Proofpoint logo

Proofpoint has detected fake Microsoft Office 365 phishing emails from cybercriminals posing as human resource departments. The attackers ask the recipients to submit proof of vaccination. The attacker’s goal is to steal your Microsoft 365 sign-in credentials. If you receive such an email, be sure to take the time to verify that it’s come directly from the organization you work for. One’s vaccination card contains useful information such as birthdates or full names, which hackers could target.

Proofpoint’s research has found emails telling employees they’ve lost their jobs due to COVID-19 are also on the rise. And what better way to do that than tell someone they’ve been fired? Mr. DeGrippo explains “It quite literally is clickbait. They need you to click on them, so in order to get the person to take the action, you’ve got to escalate their emotional state to one that has them emotional, instead of intellectual — thinking with the smart part of the brain.”

What if you suspect a phishing email

  1. Fake O365 COVID phish emailBreathe – If an email seems to make you particularly angry, worried, or curious – it’s best to pause for a moment before you click.
  2. Altered domain names are a giveaway. Did  “humanresources@widgit.com” suddenly become “HR@widgit.com” – verify these requests through a second channel —  get someone from HR on the phone before opening it.
  3. Be skeptical of emails from familiar people (like the CEO) who do not usually communicate directly with you. Don’t click on links or open attachments from those senders. Always get someone on the phone before opening it.
  4. Hover over the link to expose the associated web addresses in the “to” and “from” fields. Your company’s email is probably not gmail.com.
  5. Note grammatical errors in the text of the email; they’re usually a sure sign of fraud.
  6. Use different passwords for your work and personal email. That way, if one gets compromised, hackers can’t break into the other and use it to compromise more accounts. A good password manager tool should help.
  7. Don’t forward suspicious emails to co-workers.
  8. Report suspicious emails to the IT security department.
  9. Install and keep up-to-date anti-malware software on all your devices to scan web sessions and emails.
  10. Never donate to charities via links included in an email; instead, go directly to the charity website to donate.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| February 27, 2021
Comments Off on 5 Reasons to Never Unsubscribe from SPAM Email

5 Reasons to Never Unsubscribe from SPAM Email

5 Reasons to Never Unsubscribe from SPAM EmailWe all get unsolicited commercial emails, aka SPAM. Cisco’s Talos estimates that in January 2021 86% of emails sent were SPAM emails. That means that of the almost 145 billion emails sent 122 billion were SPAM email. The math works out to over 6 SPAM emails for each legit email. At best SPAM is annoying. At its worst, SPAM can be a threat to your PC and your personal information. SPAM email is a threat because 94% of malware is delivered by email, and one in every 3,000 email messages contains malware a payload.

SPAM email is big business

SPAMersSPAMers can make millions per year. TechRadar says an average full-time SPAMer makes around $7,000 a day – over $2.5 million a year. They can make this kind of money because email spam costs them very little to send. Most of the costs of SPAM is paid by the recipient and the carriers. The SPAMers do not have to pay for all the internet bandwidth tied up in the delivery of their spam emails. SPAMers send out millions of messages on behalf of online merchants who want to sell a product. SPAMers get paid for sending SPAM email messages, regardless of whether recipients buy any of the advertised products. They also re-sell their SPAM emails lists to other SPAMers. SPAMers can get up to $22,000 for a list of stolen email credentials. In some cases, these cybercriminals also get a percentage of the sale. For pharmaceuticals, the commission can be as high as 50%. A good example is “penis-related spam” which has a 5% click rate, meaning that 5% of the recipients actually open the spam mail and click on the link in the mail.

Why you get SPAM emails

There are a number of reasons why you get SPAM emails.
  1. victim of a data breachYou are the victim of a data breach. Any company you do business with could be vulnerable. Check haveibeenpwned to see if your account has been compromised – smaller breaches might not be listed.
  2. You posted your email address online. You put it on Facebook or other social media, on a website, or as a public comment. Once on the web, your email is considered fair game for SPAMers.
  3. At some time you opted in or neglected to opt out. When you signed up for something, buried somewhere was that little checkbox. You didn’t indicate you’d rather be left alone. The service for which you opted-in is either inundating you or they shared your email address with interested parties.

Never unsubscribe from a SPAM email

The “unsubscribe” button is a scamSo how do you stop SPAM from flooding your inbox? The first step is do not unsubscribe from SPAM. Ignore the convenient “unsubscribe” button at the bottom of the message from the Nigerian prince. The “unsubscribe” button is a scam. The cyber-criminals to get more info about you and increase the number of SPAM emails you receive.

1. When you unsubscribe, you confirm to the sender that your email address is valid and in active use. SPAMers now know the account is active and the volume of SPAM you receive will most likely go up. Now that you have validated your address, the SPAMer will sell it to his SPAMer friends. Now you will get SPAM from a completely new source.

A Federal Trade Commission study found that more than half the time, responding to a “remove me” option resulted in either no change or more spam emails.

2. In addition to giving away your email address, unsubscribing delivers lots of information about your email software. Emails contain meta-information that hackers can use to devise attacks.

3. When you respond to the SPAM email, SPAMers think you are interested in the subject matter—whether it’s getting money from a foreign prince, a penny stock tip, or a diet supplement.

4. If your response opens up a browser window, you’re giving away even more information about yourself. By opening a browser SPAMers learn information about your:

    • Geographic location,
    • Computer operating system,
    • Web browser.

Additionally, the SPAMer can give you a cookie. A cookie allows the attacker to track you across any other websites they own. They will be able to identify you personally.

install malware on your computer,5. Worst of all, if you visit a website owned by a spammer, you give them a chance to install malware on your computer, even if you don’t click anything. These attacks, known as drive-by downloads, can be tailored to use exploits the SPAMers knows you’re vulnerable to—thanks to the information you’ve shared about your operating system and browser.

How to stop SPAM email

Use SPAM filters – SPAM filters work by looking at the nitty-gritty technical details of the email. What it’s about. What it says. How it says it. How many other people are getting that same email message? If it looks like SPAM, then the email is placed in your SPAM or junk mail folder instead of your inbox. spam filtering machine learning algorithmsIf you’re using webmail, like Gmail, Outlook, or Yahoo!, then you have a pretty good SPAM filter already. Gmail claims their SPAM filtering machine learning algorithms are 99.9% accurate. You can improve the default SPAM filters. You need to train your SPAM filter. To train your SPAM filter – report SPAM every time that you find it in your inbox. Whether you use, Gmail Yahoo, Outlook or Thunderbird, you should take the time to learn and understand its SPAM filtering features. When you flag an email as SPAM, your email app will use this information to refine its spam filter. The SPAM email filter will automatically get better at detecting SPAM emails in the future. This could be either globally if enough other people say the same things about emails like that. Keep flagging SPAM emails and the number of SPAM emails in your inbox should decrease – perhaps dramatically – over time.

Stay safe out there!

Related article   Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized | Tags: , , , , , , ,
| January 26, 2021
Comments Off on Data Privacy Day 2021

Data Privacy Day 2021

Data Privacy Day 2021Data Privacy Day in the U.S. is January 28, 2021. It is an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection

Why is Data Privacy Day important?

In this era with the rapid advancement in technology, having relevant data is the key to the success of any organization.  Almost every organization is collecting and combining the data in order to put the right content, in front of the right person, at the right time, and on the right platform. 

Why is Data Privacy Day important?The data is collected from the users or customers who submit their personal information trusting the firm will keep the data private. Users provide their personal information to the companies with the trust of receiving a better service and with the trust that their data is private, safe, and secure. But when the goes into the wrong hands and data privacy fails, bad things can happen. Data breaches result in cyber-criminals misusing user information for scams and identity theft. That is why everyone needs to “Own Your Their Data Privacy.” Here are resources to help you “Own Your Data Privacy.”

Update your Privacy Settings

Your purchase history, IP address, location, etc., has value – just like money. (How else does Mark Zuckerberg make his $100 billons?) Make informed data privacy decisions about sharing your data with companies. Consider the amount of personal information you are giving up and weigh it against the benefits you may receive. Use these resources provided by the National CyberSecurity Alliance (NCSA) to update your privacy settings on popular devices and online services.

Keep tabs on your apps

Keep tabs on your appsMany apps ask for access to personal information, like geographic location, contacts list, or photo album, before you can use their services. Be wary of apps that require access to information that is not required or relevant for the services they are offering. Use these tips from the Data Detox Kit, to protect your data privacy. Keep your apps up to date. Delete unused apps on your devices.

Manager your passwords!

You don’t need to be overwhelmed by all your log-ins and passwords. Use a password manager to keep your data private and track your strong passwords. Add an extra layer of protection by activating Two-Factor Authentication (2FA) whenever it is available. With 2FA, even if a cybercriminal steals your password, they won’t be able to access your account.

Take action!

  • Make sure your computer is free from known viruses, spyware, and discover if your computer is vulnerable to cyber-attacks. Use these Free Security Check-Up resources from NCSA to protect your data privacy.
  • Check your online safety know-how with a privacy and security quiz. Get started with the National Privacy Test and Google Phishing Quiz. To measure how good you are at protecting your privacy.
  • Join the National Cyber Security Alliance – and LinkedIn on January 28, 9 a.m. for the signature video conference event Data Privacy in an Era of Change. It gathers data privacy experts from industry, government, academia, and non-profit for keynotes, panels, and discussions on current topics in data privacy – Register here.
  • Show your support for Data Privacy Day by using one of the International Association of Privacy Professionals’ official Data Privacy Day virtual backgrounds for video collaborations.

rb-

Data Privacy Day reminds us of the value of our data and the rights for data transparency. It is the day that tells us to re-evaluate and identify the flaws in how we have been collecting, sharing, and using the data. The day persuades us to find a way to patch the loopholes so that our valuable data do not get tampered with malicious malware, misused, or lost.

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries