Tag Archives: Malware

Banks, Globally, Attacked by Fileless Malware

Banks around the world are being infected with a new form of fileless malware. This type of malware is invisible, as it lies undetected within the memory of a bank’s network gathering passwords and administrative information. The malware then feeds this data back to the hackers, who use it to control the bank’s computer system remotely.

According to Kaspersky Lab, who discovered the new form of malware, there have been reports of this malware at 140 different enterprises in 40 different countries throughout the globe, including: banks, telecoms and government institutions. The United States being hit the hardest with 21 reported incidents.

“What is interesting here is that these attacks are ongoing globally against banks themselves,” said Kaspersky Lab expert Kurt Baumgartner to Ars Technica late last week. Baumgartner went on to explain, “the banks have not been adequately prepared in many cases to deal with this.”

Fileless malware attacks are becoming more common than anyone imagined, which is why cyber security has become such an important tool. Digital Forensic Firms, such as,  NightLion Security, offer malware detection and removal with 24/7 service. Vinny Troia, CEO of the St. Louis Digital Forensics Firm, commented that banks are being targeted because they do not have the proper security in place to protect them against this type of invisible malware distribution.

Kaspersky Lab is unsure who is behind the attack or if it is more than one group using the same tools. They plan on releasing their findings later today.

Whoever is behind these attacks is focusing on computers that run automatic teller machines and “pushing money out of the banks from within the banks,” explains Baumgartner. He goes on to say that many of these attacks varied in the way they were executed, which is why they think numerous groups could be involved.

Advertisements

Gmail Forbids JavaScript Attachments

As of February 13, Gmail is no longer allowing emails to be sent with a JavaScript attachment. Gmail restricts numerous file attachments for security purposes and now .js files have been added to the list.

“JavaScript files have been the main source of malware viruses within the past few years”, says NighLion Security CEO Vinny Troia. This is exactly why Google has begun forbidding .js attachments.

That being said, Gmail users should keep in mind that malware can be found within other file attachments that are not yet a part of Gmail’s restricted list. According to iTech Post, Malware is being reported to have switched from using JavaScript to SVG attachments and malicious LNK. The malware is being embedded into ZIP archives with malicious PowerShell scripts attached.

Per security experts, PowerShell is a scripting language in the Windows system used for automated administration tasks. These scripts have been used to download malware in the past, and some malware programs are written entirely in PowerShell.

Regardless of this malware switch, by blocking emails with JavaScript attachments Gmail is eliminating one of the main sources of malware transportation. Nonetheless, if you need to send a .js file for a legitimate purpose, you can do so using Google Drive, Google Cloud Storage or other types of storage solutions.

A good rule to live by is if you don’t know a file type or what it does, don’t open it.

Hacks on WordPress sites deliver malware to visitors

WordPress sites are experiencing a large increase in hacks that deliver malware and ransomware to first-time, unsuspecting users. It is not yet clear how this is happening but it is being looked into extensively. No one should be visiting WordPress sites with out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer. With these outdated systems, you can find your computers infected with the ransomware package, which puts a hold on your computer system until you pay a hefty ransom.

To disguise the attack furthermore, the code redirects users through a series of sites before delivering the malware. It is possible that hackers are regularly updating malware when old ones get flagged.

This shows that trustworthy sites can still expose you to malware and hacks. The best way to prevent hacks is to be up-to-date on security updates when they become available.

Business malware removal