Latest Trojan CoreBot Targets Online Banking Sites Malware: What Is It, How It Works, How It Can Affect Your Business

 A few months ago, you may have heard about DyreWolf phishing malware scam which specialized in targeting businesses and organizations (as opposed to attacking individuals)…And now CoreBot malware is one of the latest threats to cybersecurity.

The malware got its name from the developer who called the file “core.” The Trojan is delivered through a drop file that leaves as soon as CoreBot is executed on the target machine. The stealer then adds a code to the Windows Registry to stay alive.

 The malware can steal passwords, and the modular plugin allows the developer to easily add more functions. CoreBot currently can’t intercept data in real time, but it is a threat to email clients, wallets, FTP clients, private certificates and some desktop apps.

How It Works

 First, the malware gets a foothold on Internet Explorer, Firefox and Chrome so that it can monitor your browsing habits, grab forms you fill out and execute web injections. When it detects a relevant website, the form-grabber kicks in to steal your personal information.

 The web injections are then activated to display a phishing page that tricks you into supplying additional information. This is when the cybercriminals behind the scam are alerted and take charge of the session in real time by way of a Man-in-the-Middle (MitM) attack.

 You are kept busy with a “please wait” message while the hacker connects to your intended destination through a virtual network computing (VNC) module. Once in, the cybercrook initiates new transactions or hijacks the current transfer process to send the money to another account.

How It Can Affect Your Business

 So far the victims of CoreBot have been large financial institutions, so your business is probably not yet at risk. If you think you might be affected, contact a technology support specialist in the Bay Area to get started with your free network assessment started for a health-check of your network environment.

With the right strategic San Francisco IT support on your side, not only will you be able to address your existing concerns for your organization’s technological health, but also plan ahead to anticipate, avoid and mitigate any future disasters.

Business tech support firms monitoring botnets see about 60 CoreBot infections every day. Approximately one quarter of the infections occur in the United States, but the malware is also found in the United Kingdom, Russia, Japan, Egypt, Moldova, Taiwan, India and Vietnam.

 While data theft can pose a threat to the average end-user, cyber criminals targeting sensitive data and financial information know that the greatest damage can be done when they breach corporate systems.

With that in mind, malware attacks such as CoreBot are only the beginning as cybercriminals seek to gather the data needed to infiltrate organizations and steal valuable information!

Latest Malware Attack Replaces Users Chrome Browsers Entirely by Bunding with Legitimate Software Downloads 

Just last Friday, Malwarebytes announced the discovery of the eFast hijacking scam which boldly attacks by replacing users’ default Google Chrome browsers with eFast, which targets victims with the promise of “A web browser built for speed, simplicity and security”

Suddenly Flooded with Pop-Up Ads? Find yourself constantly redirected to unrelated websites? It might be time to check your Chrome browser …

That being said, the malware attack acts as a stowaway within other software downloads and once it has successfully piggy-backed on a user-generated installation. But what type of installation would this be?

Have you ever had a “security software” offer to install for free or gotten a pop-up “urgent notice” that your machine needed to be scanned ASAP?

Maybe you panicked, and went ahead and clicked “yes” instead of reaching out to your IT services provider to check that the programs were actually legitimate..

What about one of those “too good to be true” free software offers (freeware) which bundle (use bundling) with the original software you were seeking with another offer promising faster online browsing or an enhanced shipping experience? We all know those little check boxes can be tricky…

Forget Taking Over, eFast Eliminates Competition

As business IT advances and office technology users  become more savvy, the developers of eFast have made sure to impersonate the genuine Google Chrome browser, with an eye for attention to detail across both original Chrome icons and Chrome windows.

Instead of simply hijacking a browser, eFast specializes in erasing and completely replacing Google Chrome.

By leveraging strong user dependence on browsers and their associated functions, the developers of eFast made sure that escaping wouldn’t be easy.

As soon as eFast breaks in, it deletes all of your desktop shortcuts and taskbars to Google Chrome and replaces them with impostor links and shortcuts. From there, cybercriminals are enabled to hijack your file associations, track each of your keystrokes and and monitor each link that you visit.

Furthermore, irrelevant of which browser you start out using, eFast is set up to override program viewers for .jpg, .gif and .pdf as well as for protocols such as ftp, http, https and mailto. Basically, eFast and will force itself upon its unsuspecting users whenever they open files…And then the real fun begins as as the malware attack then injects an endless stream pop-us and ads into each of your searches…

While the unauthorized adware can generate profits for malware developers, users must also be aware that a malicious attack easily leaves your passwords, login credentials and banking information vulnerable to exploitation.

Since Google’s Chrome Team Has Been Hard At Work….

Clara Labs, the people responsible for eFast (as well as a variety of other malicious softwares such as Unico, Tortuga and BoBrowser) are now having to up their exploit strategy game with each new development.

As one critic (@SwiftOnSecurity) put it, cybercriminals and hackers are finding that, “it’s getting so hard to hijack… that malware literally has to replace it to effectively attack.”  

If You Suspect You’ve Been Hit By eFast, It’s Time to Get Help Today

Being hit by a malicious attack can feel overwhelming as your business suddenly needs technical triage, is forced to decipher just what information has been compromised, and then has to remediate on a tight timeline to avoid any aftershocks or additional impact. 

Getting the right IT support provider means having experts take over and stopping damages in their tracks. Instead of spinning your wheels, get your business on the road to recovery with a free onsite assessment today.

Is Your Organization at Risk? If You Run Your Business Without Strategic IT Security, the Answer is…

For many small business owners IT security planning  can seem like a luxury, but a lack of proactive security can actively hamper growth, even among the smallest of businesses.At its worst, not having the right defenses in place can sink your business operations as your entire enterprise is brought to a standstill by a malicious attack.

Many small- and medium-business owners know that IT security is something they should care about, but they have no idea how to manage it. One study by the National Cyber Security Alliance found that a whopping 59 percent of small business owners have no plan in place to prevent data breaches.

Even industries that revolve around preparing for the worst can be affected. IT help desk services can often be the first the line of defense for insurance companies, financial services firms, and healthcare providers in San Francisco, Oakland, or elsewhere throughout the greater Bay Area.

In fact, insurance companies are one example where a lack of network support services might have an outsized impact. Insurance companies regularly deal with highly sensitive data, including names, Social Security numbers, birthdays and addresses. Having the right IT support is essential.

What’s at Stake

The cost of data breaches can be enormous for small business owners. Research from Atlanta-based payment technology firm First Data shows that as many as 90 percent of data breaches can be traced back to small businesses, and the average cost of a breach to small businesses can be as high as $50,000 or more. 

Not only would the cost of a malicious cyber attack or data breach be devastating for most small businesses, but the these costs and don’t even begin to account for the cost associated with the loss of trust from your customers.

Working with the right IT support firm to address the security, continuity and disaster recovery needs of your business are all critical to successfully maintaining and protecting your organization.

What Companies Can Do

Experts say that, at the very least, small businesses can enact the following controls:

No one wants to think about a worst-case scenario, but threats to business data aren’t likely to go away any time soon. Unfortunately, employees are often at unwittingly at the center of them. Data from TrendMicro found that nearly 60 percent of employees surveyed “very frequently or frequently stored sensitive data on their laptops, smartphones, tablets, and other mobile devices.”

This may mean that more sophisticated IT support is needed to prevent a worst-case scenario in the era of Bring Your Own Device (BYOD). Rather than relying on stop-gap measures, an ounce of prevention may secure your business now and in the future.

If you are looking to get started in addressing your IT security concerns or looking to implement a strategic business technology plan for your organization, look no further and contact Bay Computing to get your complimentary onsite assessment started today. 

HIPAA’s Impact on Your Healthcare IT Operations

Data Security Measures

Electronic Health Records Solutions

Healthcare Providers Beware: Cybercriminals Targeting Covered Entitites (CE) with Malware and Data Breaches

The cyber crime landscape is rapidly growing more dangerous and complex for organizations of all sizes. Reports of security incidents are growing 66 percent each year, with the average cost of a data breach estimated at $3.5 million. 

While organizations in any industry are at risk of cyber crime from outside attacks or insider perpetration, many small and medium-sized businesses (SMB) lack the infrastructure to adequately plan and prepare defenses for common threats. One rapidly growing information security threat that repeatedly poses a threat is Cryptowall, a increasingly common form of ransomware.

What is Cryptowall?

Cryptowall, formerly known as Trojan.Cryptowall, is a “Trojan Horse” virus that encrypts files on an infected computer. To unlock the files and retrieve access to critical information, users are asked to pay a “ransom” of at least several hundred dollars via a text document message. The attackers commonly ask for the payment to be made in Bitcoins, and direct users to complete the payment online via a secure Tor browser. In many cases, the ransom demands can increase in amount if the fee isn’t paid quickly.

If you’re curious whether someone on your staff with above-average computer skills can unlock your files, the answer is unfortunately no. As soon as files are encrypted, much like a bank vault, they will then require a key to be unlocked… And that key is what must be purchased from the cybercriminals themselves.

The head of cyber security at the US FBI recently stated that he usually advises victims of Cryptowall and other forms of ransomware to “just pay the ransom.” The FBI has yet to find a definitive solution to Cryptowall because it’s a highly effective form of extorting money out of healthcare organizations, SMBs and other companies.

How Do I Prevent a Cryptowall Attack?

The single most important action companies of any size can take to prevent terrible repercussions from a ransomware attack is regular data backups. Keep in mind, Cryptowall will also lock up data on any mapped drives, including external hard drives. The only guaranteed way to keep your information safe is investing in a secure, comprehensive backup solution that won’t be affected by the virus. (Keep in mind that the intervals of regular, ongoing backups can also be crucial to minimizing data loss).

Ransomware viruses can enter a company through a number of means, including file-sharing, email and RDP ports. While training your employees on information security best practices can protect against phishing attacks or unsafe file downloads, the most important step you can take is to develop a comprehensive information security practice and policy. By partnering with a professional IT services firm, you can benefit from having easy access to a dedicated a team of experts who are committed to keeping your patients, providers and practice safe.

Conclusion

Cryptowall attacks can have a devastating impact on healthcare providers and covered entity organizations of any size.

By working stategically with a dedicated IT services team, you can get started implementing the right defensive strategies to help protect your patients, practice and sensitive data such as PHI. 

Get started on your data security roadmap with the healthcare information technology experts of San Francisco today with your free onsite technology assessment and rest easier knowing your patients’ data is protected from being held ransom by cybercriminals. 

How HIPAA Affects Office IT, the Business Operations of Healthcare Providers and Overall Patient Care

From its inception, the Health Insurance Portability and Accountability Act (HIPAA) has had many ramifications for healthcare providers, and when it comes to technology management and IT support, it’s easy to feel overwhelmed.

When HIPAA affects how and where your office utilizes its IT devices and systems, your business operation methods and the manner in which patients are cared for. This is a brief look at some of the ways HIPAA may modify the workings of your healthcare enterprise.

Protecting Your IT Devices

Your IT provider’s healthcare IT help desk service in the Bay Area can inform you about procedures such as data encryption and decryption, unique user identification and audit controls, all of which are required under HIPAA. But physically safeguarding workstations that have access to electronic protected health information (ePHI) is also a requirement.

Reception areas are one of the places where inadvertent disclosure of PHI may occur, and simple solutions such as privacy panels at right angles to the reception and scheduling counters, and asking queuing patients to stand away from the worktops, are all that may be needed.

Furthermore, when computer monitors are used in open-bay setups (such as dentists’ chairs), best practices require that care be taken to ensure that screens displaying patient information are not left facing other patients or passing foot traffic.

Who You Do Business With

HIPAA regulations not only cover your healthcare organization (known as a covered entity), but your Business Associates (BA). These are entities or individuals who you may release PHI to, including attorneys, accountants, cloud storage companies, web hosts, IT vendors, email encryption companies, consultants and healthcare clearing houses who deal with claims. As part of your path to harmony with HIPAA, you and your BAs are required to sign a Business Associate Agreement (BAA).

Navigating Office Administration While Caring for Patients

 Regular routines are also affected by HIPAA regulations. For example, what happens with standard appointment reminders?

The University of Texas Health Science Center states that as long as patients are aware of this routine and the reminders are generic in form, that is, don’t necessarily state the name of the practice or clinic, appointment prompts are allowed under HIPAA. The same applies to sign-in logs in reception areas: no confidential medical information should be listed.

Helping your office navigate HIPAA-related Healthcare IT solutions are one of the specialties of Bay Computing– So get in touch with the Bay Area team of experts today and schedule a free onsite assessment to get your strategic technology plan started!

As Cyberattacks Continue to Skyrocket, DYRE Malware Grew 125% in Q2 Alone.  Are You Prepared for the Latest?

Both consumers and organizations of all sizes are at increased risk for DYRE malware attacks in the months to come. TrendLabs reported a 125 percent increase in DYRE attacks in the second quarter of 2015, proving that criminal interest in stealing user credentials is growing.

Simultaneously, attacks against healthcare organizations have grown 600 percent, and these organizations are 74 percent more likely to be targeted by phishing emails than other industries.

 Despite the increased climate of threats, small and medium-sized businesses (SMBs) can take the right steps to protect their finances and their customers’ sensitive data against DYRE and other phishing attacks.

What Is DYRE Malware?

DYRE malware typically enters a business network through a phishing email, which is designed to look like an important communication from a bank, the IRS, or another business entity. An example shared by TrendLabs included a subject line pertaining to a tax levy and an important-looking attachment with body copy that indicated immediate action was necessary. When employees click the link in the body of the email or open the attachment, the malware gains access to the system.

What Are the Repercussions of a DYRE Attack?

DYRE works quickly once it gains entry and performs “man in the middle attacks.” According to TrendMicro, it may perform browser screenshots and steal personal certificates to obtain password credentials to protected information. DYRE also works to avoid detection by disabling information security measures organizations may already have put into place, including firewalls and anti-malware protections.

Among private consumers, DYRE attacks are typically focused on stealing banking credentials so cybercriminals can gain access to an individual’s money. In healthcare organizations, the focus is usually to obtain protected patient or customer information so identities can be resold at a profit or ransomed back to the victim.

How to Protect Yourself Against DYRE and Other Phishing Attacks

To prevent a DYRE attack, phishing awareness among your employees is critical. A full-featured anti-malware solution and password change policies can help organizations get started protecting against the “dire” effects of this unfortunate information security trend.

In order to stay safe, all individuals at your organization need to be aware of how to detect a potential email attack, and who to notify if an email ever appears suspect… And for many small and medium businesses and practices, identifying the right resource to reach out to for technical help may not always be clear.

Despite increased threats, information security for SMBs and healthcare organizations isn’t impossible. Working with an expert managed services provider with years of experience helping with strategic information security enables you to identify your organization’s primary vulnerabilities, establish much-needed policies, and perform ongoing training to allow you to avoid the costly cleanup and customer defection that follows a major cyberattack.

Information security (IS) should be a key priority at organizations of any size. Gartner reports the average company dedicates just five percent of its budget to protecting customer data.

The staggering costs of a cybercrime attack can be particularly devastating to small and mid-sized businesses (SMB). Gain insight into the state of cybercrime and what SMB need to know to protect themselves.

1. Attacks Are Increasing

The average business doesn’t feel prepared for the current IS climate. In fact, 56 percent doubt they would even be able to detect a sophisticated attack.

3. Vendors Are Ignored

Many SMBs fail to realize that vendor security issues can lead to risks. Perhaps more concerning, 33 percent are not sure if they have a security agreement in place with their vendors.

4. Your Employees Are a Risk

Data breaches can occur due to cybercriminals, but the vast majority of security incidents are caused by employees. In many cases, this is due to a lack of knowledge on security best practices.

5. Companies Are Spending More

Sixty-two percent of companies of all sizes are choosing to proactively protect themselves against risks by spending more of their IT budgets on security, which can include bringing on professional help by working with a professional IT services provider.

6. Attacks Are Very Expensive

The average security attack worldwide costs $3.5 million dollars, which can cover the costs associated with fines, fees, notifying customers, and related charges. Each lost or stolen customer identity comes to around $145.

7. Companies Aren’t Testing Enough

Forty-nine percent of companies fail to complete “fire drills” to determine just how effective their data recovery practices, encryption, and other components of information security really are.

8. Mobile Is Risky

The rising adoption of smartphones and tablets doesn’t mean it’s safe. Mobile device management and Mobile vulnerabilities are currently considered the single-biggest security risk, especially since employees may take these mobile devices off site or connect to unsecured wireless networks.

9. Policies Matter

Despite the importance of educating employees, only 76 percent of brands have password policies developed and company-wide procedures in place.

10. IT Is Concerned

Eighty percent of IT professionals believe their organizations need to be working harder to defend against cybercrime. In many cases, these professionals are limited by budget and company culture.

Taking steps to protect your customers’ data could be the best IT investment you make this year. In an era of increased cybercrime, employee education, security technologies, and increased vigilance aren’t just important. They’re necessary.

Get in touch with your local San Francisco Bay Area Managed Services Provider to get started on your strategic information security roadmap today!

Could Your Wearable Carry Viruses?

Recently, a type of vulnerability was discovered in Fitbits (a popular wearable device for fitness tracking) that could make them prey to hackers. Although Fitbit has stated that their devices are safe and that they will quickly fix the vulnerability issue, the news raises concerns about wearable technology in general. Some devices can be accessed without the user’s knowledge and infected with trojans and malware that can spread to personal computers and, from there, to business computers and networks.

Infecting a Fitbit via Bluetooth Is Possible

Hackers demonstrated that they could wirelessly upload malware onto a Fitbit via Bluetooth. Although the hacker needs to be near the targeted Fitbit in order to infect it, the Bluetooth connection can happen in a park, coffee shop, or any other public area. The entire process takes 10 seconds, and the user will not notice anything wrong with his or her Fitbit immediately. But once the user connects the infected wearable to a PC or laptop, the malware can spread to the computer and even the entire network.

How to Protect Your Devices From Malware

To prevent malware infection, it is important that all your personal and business devices be always protected from outside threats. Many devices, such as smartphones or PCs, allow you to secure their Bluetooth connection with a password to prevent unauthorized access. This way, you can make sure your Fitbit is only connecting with your phone. Finally, always exercise caution when plugging any device into your computer. Use an antivirus program to scan any connected device for viruses and malware. You’ll also need to ensure that your business network’s security is examined, tested and optimized by a managed services provider.

Although the Fitbit virus is merely hypothetical — it was only demonstrated one time at a conference, and no one has reported a Fitbit being infected — this story raises concerns about wearable technology in general. Wearables are still a developing technology, and hackers will probably be able to breech the devices and spread viruses to entire computer networks. To make sure your organization’s devices stay safe, partner with the right professional IT service firm and make sure your network is protected against both the current security threats as well as the vulnerabilities which malicious attacks will seek to exploit in the future.

Reach out to your Bay Area IT support team and get your network security road map started a with a free onsite network assessment today!

Stegoloader Malware Targeting Healthcare Providers Throughout California—Is Your Practice Safe?

There have been number of reports about how stegoloader malware is being used to target healthcare providers across North America, which is increasingly becoming a cause for concern for many practitioners.

Why? Stegoloader malware is the latest and most disastrous version of TROJ_GATAK, (the strain of trojans which use steganography to evade detection) and is sophisticated enough to conceal itself and often slips by undetected because of this ability.

Stegoloader Trojan Infection Count Per Industry

In order to avoid becoming an easy target many healtcare providers throughout the San Francisco Bay Area are choosing to partner up with seasoned IT support teams who have the security skills necessary to protect them against the latest generation of advanced malware.

Read on if you work in healthcare, deal with PHI, and want to learn more about how to keep your organization safe.

Just What Is Stegoloader Malware?

Stegoloader is advanced malware that utilizes digital steganography by hiding within a Portable Network Graphic (PNG) hosted on a valid website. Once this malware is accidentally accessed, it remains on the computer, lurking in the background, often evading detection.

It should be noted that the malware is so sophisticated that when it detects security or analysis tools running on the infected system, it will suspend its main program code, allowing it to stay hidden. Furthermore, it has been designed to ‘look’ for reverse engineering tools and terminate them, making it difficult for providers to regain control of their computer systems even when a security threat has been identified.

North American Healthcare Providers Targeted

A report carried out by Trend Micro found that North American healthcare providers were by far the greatest targets and experienced the heaviest impact as they became infected with the Stegoloader Trojan.

It increasingly appears that cyber criminals are becoming more interested in stealing healthcare information than even credit card information (PCI) since protected health (PHI) information has been fetching higher prices on the black market. This puts healthcare providers in a vulnerable position as their system security may have been breached without them even being aware of it.

Keeping Your Organization Safe

Stegoloader malware is impacting healthcare providers across North America. Up until they experienced a breach directly, many of these organizations remained complacent as business operations demanded full attention and the priority of planning IT security was set aside.

Don’t make the same mistake by assuming you have the adequate security measures in place. If you are concerned that your healthcare practice may have already been targeted, or want to prevent your system security from being infiltrated, get started with a free network assessment today.

Leverage the wealth of experience of our strategically-minded IT support services team, and implement the right technological solutions for your office to help prevent your organization from falling vicitm to a healthcare data security breach.