Connect with us

Featured

Hidden malware targets enterprises

Published

on

Research has revealed that banks, telecommunication companies and government organisations in Africa, the US, South America and Europe are among the top targets, with the GCMAN and Carbanak groups being the primary suspects. 

Kaspersky Lab experts have discovered a series of “invisible” targeted attacks that use only legitimate software: widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows – dropping no malware files onto the hard drive, but hiding in the memory. This combined approach helps to avoid detection by whitelisting technologies, and leaves forensic investigators with almost no artefacts or malware samples to work with. The attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot.

At the end of 2016, Kaspersky Lab experts were contacted by banks in CIS which had found the penetration-testing software, Meterpreter, now often used for malicious purposes, in the memory of their servers when it was not supposed to be there. Kaspersky Lab discovered that the Meterpreter code was combined with a number of legitimate PowerShell scripts and other utilities.

The combined tools had been adapted into malicious code that could hide in the memory, invisibly collecting the passwords of system administrators so that the attackers could remotely control the victim’s systems. The ultimate goal appears to have been access to financial processes.

Kaspersky Lab has since uncovered that these attacks are happening on a massive scale: hitting more than 140 enterprise networks in a range of business sectors, with most victims located in the USA, France, Ecuador, Kenya, the UK and Russia.

In total, infections have been registered in 40 countries. It is not known who is behind the attacks. The use of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible – or even whether it is a single group or several groups sharing the same tools.  Known groups that have the most similar approaches are GCMAN and Carbanak.

Such tools also make it harder to uncover the details of an attack. The normal process during incident response is for an investigator to follow the traces and samples left in the network by the attackers. And while data in a hard drive can remain available for a year after an event, artefacts hiding in the memory will be wiped on the first reboot of the computer. Fortunately, on this occasion, the experts got to them in time.

“The determination of attackers to hide their activity and make detection and incident response increasingly difficult explains the latest trend of anti-forensic techniques and memory-based malware. That is why memory forensics is becoming critical to the analysis of malware and its functions. In these particular incidents, the attackers used every conceivable anti-forensic technique; demonstrating how no malware files are needed for the successful exfiltration of data from a network, and how the use of legitimate and open source utilities makes attribution almost impossible,” said Sergey Golovanov, Principal Security Researcher at Kaspersky Lab.

The attackers are still active, so it is important to note that detection of such an attack is possible only in RAM, the network and registry – and that, in such instances, the use of Yara rules based on a scan of malicious files are of no use.

Details of the second part of the operation, showing how the attackers implemented unique tactics to withdraw money through ATMs will be presented by Sergey Golovanov and Igor Soumenkov at the Security Analyst Summit, to be held from 2 to 6 April, 2017.

Kaspersky Lab products successfully detect operations using the above tactics, techniques and procedures. Further information on this story and Yara rules for forensic analysis can be found in the blog on Securelist.com.

unnamed-3

Technical details, including Indicators of Compromise were also provided to customers of Kaspersky Intelligence Services.

 

Combatting attacks by groups like GCMAN or Carbanak requires a specific set of skills from the security specialist guarding the targeted organisation. During the Security Analysis Summit 2017, Kaspersky Lab’s top-notch specialists will be running exclusive security training sessions designed to help specialists detect sophisticated targeted attacks. Apply for training on “Hunting targeted attacks with Yara rules” here. Apply for training on Malware reverse engineering here.

Featured

AppDate: Prepare for space

In this week’s AppDate, SEAN BACHER highlights Space Nation Navigator, Hitman Sniper, Snake Mask, Memrise, WhatsApp Web, and Carrot Weather.

Published

on

Space Nation Navigator

Space Nation Navigator is a bit of a strange app. It is part game, part exercise and part educational. On the game side, users have to navigate the Mars Rover, put the International Space Station back into orbit or move their Martians to safety before a sand storm hits Mars. When it comes to exercise, Space Nation Navigator provides users with a range of exercises and Yoga videos to prepare them for space travel and working in an anti-gravity environment. The education aspect teaches users about the planets, and star constellations, and then offers quizzes on what has been taught.

Platform: Android and iOS

Cost: A free download.

Stockists: Visit the store linked to your device.

 

Memrise

Memrise takes a new approach to help people learn new languages. Instead of providing a user with random phrases and words to memorise, the app connects you with a person already fluent in the language you want to learn. In turn, the person you are speaking to wants to learn the language in which you are fluent. Once your profile is filled out and languages selected, it connects you with people around the world who are interested in your language, and then allows you to chat with them in real-time. Memrise also lets one learn new languages through games, chatbots and grammarbots that help with spelling, tenses and pronunciations.

Platform: Android and iOS

Cost: A free download.

Stockists: Visit the store linked to your device.

 

Hitman Sniper

Hitman Sniper is loosely based on the Agent 47 movie released a few years ago. The game offers players the ability to hone their shooting skills through a range of training courses and, once they think they are ready, they can start taking out the bad guys. Things start off easy enough, but they get more and more difficult as one progresses through the 150 missions on offer. One will also have to upgrade various gun components, like scopes, magazine capacities and silencers, to make the missions a little easier. Hitman Sniper lets users buy 16 to tackle each of the missions – either with real money or via the points accumulated by completing missions. Money and points can also be used to upgrade firearms.

Platform: Android and iOS

Cost: R7 – with a range of in-app purchases.

Stockists: Visit the store linked to your device.

 

Snake Mask

The iconic Snake game that was preinstalled on most older Nokia phones has had a complete make-over. It now uses Facebook’s AR technology, meaning that you have to navigate the snake around obstacles in your home or office, all the while collecting coins and stars that change the snake’s speed and length. Unfortunately, Snake Mask is only available on Nokia’s new range of smartphones. However, it should not take long before it slithers onto other devices.

 

Platform: New Nokia smartphones running Android.

Cost: Free to use through the Facebook app installed on the device.

Stockists: Available through the Facebook app.

 

WhatsApp Web

Although this is by no means a new app, it is an extremely useful one, and one that not many people know about. Tapping out WhatsApps on your phone is easy enough, but thanks to WhatsApp Web it can be even easier. Open the WhatApp Web page under WhatsApp and you will see a QR code. Scan this code through WhatsApp on your mobile and you will be shown a replica of what you would normally see on your phone. You can then type and reply to messages using your computer instead of having to stop everything and unlock your phone every time a message comes through. WhatsApp Web is great if you share your computer with other people as it automatically disconnects when the browser is closed. However WhatsApp also offers an app that when installed will stay connected to your phone unless you manually remove it.

 

Platform: Any up-to-date Internet browser

Cost: Free to use and install

Stockists: Visit www.WhatsApp.com

 

Carrot Weather

There are thousands of weather apps on the Internet these days and all of them do the same thing – inform you of the weather in your area. However, Carrot Weather has taken what is just another app and turned it into something fun. By fun, I mean sarcastic, rude and completely politically incorrect. A user starts off by selecting religious and political views. It then asks about personality, ranging from friendly to homicidal to overkill – which includes profanity. So, for instance, instead of waking up to to the standard partly cloudy forecast, Carrot Weather will display something like: “It’s only partly sunny, the sun is a total effing failure.” It also has a range of insults that it throws at you whenever you open the app – some of them downright insulting, so it is definitely not for those who are easily offended. The app’s user interface is very simple, displaying a week’s daily forecast and hourly forecasts for the day selected.

Platform: Android and iOS

Cost: Free to download but with adverts. The premium, advert free version costs R12 per month.

Stockists: Visit the store linked to your device.

* Sean Bacher is editor of Gadget.co.za. Follow him on Twitter on @SeanBacher

Continue Reading

Featured

SA Start-up reinvents PABX

For any South African business, the idea of setting up or changing a telephonic switchboard system is the stuff of nightmares. Dealing with expensive hardware and hearing things like QSIG and VOIP is not what you’d call exciting.But now there is an app.

Published

on

Enter BuzzBox (www.buzzboxcloud.co.za), a web-based telephone switchboard that is aimed at small and medium sized businesses wanting to take the hassle and cost out of the company switchboard. Whether you are a small one-man operation or a larger organisation with staff working remotely, BuzzBox is the best switchboard solution.

What sets BuzzBox apart from anything else on the market is its easy-to-use dashboard. It puts you in control of everything from picking your phone number to setting up voice prompts and managing your business-hours schedule.

BuzzBox was developed when the startup behind it, Jini-Guru, needed such a service for its own use across multiple continents. “When we started Jini-Guru we could not find a seamless online process that would allow us to set up a full web-based switchboard, so we decided to build one for ourselves,” says Mike Smits, Director at Jini-Guru.

He says a lot of startups today are tech savvy and know how to use apps and the services that go with it. “It’s the uberisation of services and its driving demand for instant service activation.”

BuzzBox works as an app on both iOS and Android but users wanting a desk phone option can choose from a variety of devices on offer or use their existing VOIP phones.

Setting up a BuzzBox account takes 5 minutes. During registration your FICA documents are uploaded [ID and proof or residence] and you get to pick your phone number before the account is created. Companies that want to keep an existing number can do so too.

The real magic happens when you log on to the BuzzBox Dashboard. The main screen displays a summary of statistics for your account while the left-hand menu provides you quick access to various configuration settings and reports.

Setting up new extensions or external numbers is done with a few clicks and you can even set up various departments which is a great way to route a call to various people in a department, like sales or support.

The intuitive user interface also makes it easy to set up hold-music and voice prompts. You can add voice prompts by recording them straight to your phone, just make sure you use a clear voice with quiet surroundings for the best customer experience.

One of the main features of BuzzBox is its call recording feature that allows an organisation to record calls for legislative purposes, such as a lawyer, or for customer service purposes such as support. Recordings are stored securely online, and you have the ability to download recordings for playback. Companies can opt-in for this service and it’s free to use. Recordings are stored online and are fully encrypted so only you can listen to, or download them. Storage costs R1 for every 1000 minutes of stored recordings.

Other features include call forwarding and scheduling. The latter allows you to set office hours for your organisation which will divert calls to an after-hours messaging service. You also have the option to enable routing to an employee who is on call after hours.

BuzzBox also has a reseller program for companies wanting to offer this as a switchboard solution to their existing customers.

The costs for this service is R89 p/m for the first phone number which includes your first extension for free. Thereafter you’ll pay R89p/m per extension. Calls between extensions are free but you pay per second for all outgoing phone calls. More info on pricing can be found here: https://buzzboxcloud.co.za/pricing/

BuzzBox is offering a Launch promotion where they are offering the first line and extension free for 12 months. Only pay for calls. Use promo code “feoifyaa” during sign-up to apply your discount.

Continue Reading

Trending

Copyright © 2018 World Wide Worx