US-CERT Alerts Powerful Emotet Banking Malware Attack on Government, Private and Public Sectors

Emotet Banking Malware

An alert for an advanced Emotet banking malware attack that focuses on stealing sensitive information from governments, public and private sectors has been recently issued by the US-Cert team.

Emotet and How it Spreads?

Emotet malware is an advanced, modular banking Trojan that mainly functions as a downloader or dropper of other banking Trojans. This expensive and destructive malware affects public and private sectors and state, local, tribal, and territorial (SLTT) governments.

Since 2017, Emotet banking malware has been spreading via malspam (emails containing malicious links or attachments) which uses branding familiar to the recipient. It has also been spread using the MS-ISAC name. Recent campaigns in July 2018 imitate PayPal receipts, shipping notifications, or “past-due” invoices from MS-ISAC. The very first malware infection occurs when the user clicks on or opens the infected PDF, malicious download link, or macro-enabled Microsoft Word document included in the malspam. After the download process, Emotet malware tries to propagate the local networks via incorporated spreader modules.

Emotet is one of the rapidly spreading banking Trojans and could cost almost $1 million to recover the affected networks; malware authors are constantly working to improve persistence. A recent malware campaign delivering Emotet banking malware through Microsoft Office document attachments with “Greeting Card” as the document name, hijacks the Windows API.

Emotet currently uses five known spreader modules:

  • WebBrowserPassView- a password recovery tool that captures passwords stored by major browsers.
  • Mail PassView – helps to disclose the account details and passwords for different email clients
  • Credential Enumerator – enumerates the network resources using Server Message Block (SMB) or attempts to brute force user accounts.
  • NetPass.exe – recovers all network passwords stored on a system for the currently logged-on user.
  • Outlook scraper – scrapes email addresses and names from the victim’s Outlook accounts using phishing emails.

Emotet Malware Infections Cause:

  1. Disruption to regular operations
  2. Potential harm to an organization’s reputation
  3. Financial losses incurred to restore files and systems
  4. Permanent or temporary loss of proprietary or sensitive information.

Protect Your Banking Information with Comodo Advanced Endpoint Protection (AEP)

Endpoint protection, or endpoint security, is a solution that protects and secures the endpoints from unknown malware or advanced persistent threats or zero-day exploits. Traditional antivirus software cannot be a standalone solution for eradicating the threats, and Comodo Advanced Endpoint Protection is designed to deliver complete security, guaranteeing data protection for all enterprises.

AEP thus delivers a focused security solution that helps secure servers, workstations, and devices that are connected to access the enterprise networks. Comodo Advanced Endpoint Protection prevents unknown malware from running on your endpoints with its unique Default Deny Platform™.

Emotet Malware

Comodo Advanced Endpoint Protection works in the following manner:

  • Advanced Endpoint Protection leverages the Default Deny Platform to block bad files and automatically contain unknown files in a virtual container, using intelligent Automatic Containment technology.
  • The Comodo VirusScope technology is used for analyzing unknown files for malicious actions and behavior.
  • Valkyrie provides a cloud-based accelerated verdict in just 45 seconds, based on dynamic, static, and also a human analyst interaction.
  • Malware files are removed, good files are allowed to run on the endpoint CPU and unknown files are contained in the lightweight virtual container on the endpoint and then examined in real time.
  • Advanced Endpoint Protection can be provisioned within just a minute. It uses negligible CPU resources and requires an endpoint footprint of only10 MB. The program provides complete security for both virtual and physical endpoints in both big and small enterprises.

Related Resources
Endpoint Security
Trojan Virus

Computer Security

Computer Security

Computers have become a necessity for businesses and organizations. With a multitude of communication going to and from the business network, business data gets exposed to outside world.

Protecting the computers and the data in it is an increasingly important consideration. Hackers are prying over the business network to conduct fraudulent activities gain access and steal sensitive information associated with businesses. With the threat landscape elevating to the next level, individuals and organizations are liable to protect their computers to stay away from such attacks with efficient computer security.

What is Computer Security?

Practicing good computer ethics is a prime key to keep your computer safe and have a good user experience as well.

Computer security involves the protection of software, data, and hardware and other components associated with the computer from threats or damage. There are methods, software, and techniques involved to enable system security, safeguard computing resources, enable data integrity, restrict access to authorized users, and retain data confidentiality. Antivirus, Firewall, and Internet security software are some of the efficient security systems available to entitle users with computer security.

How Does Computer Security Work?

From passwords to file encryption, computer security plays a vital role.

Set Strong Passwords – Its the first line of defence

Users are to be wary of threats and should start implementing the use of strong passwords as weak passwords would allow hackers to guess them easily and gain access to private user credentials and use them to get monetary benefits. Here is how cybersecurity knowledge plays the main role in protecting passwords.

  • Never document passwords in text files or spreadsheets
  • Avoid saving passwords in the browser
  • Avoid using personal information like spouse name, date of birth, child’s name
  • Use of complex passwords with a combination of letters (lower-case and upper-case)
  • Use unique-passwords and do not use the same password for different accounts
  • Deploy Two-factor authentication

What is Computer Security

Backing up data

The second most important key to cyber-security is backing up of data. This is done by saving a copy of your existing data on an external hard-disk so that if your device is stolen or compromised, your backup data would be a savior.

Protecting Wireless Network

All the wireless network associated with businesses and individuals should be protected with a strong password. This prevents hackers from accessing or hijacking the wireless business network. Make sure that the wireless network is encrypted.

What do Computer Security Specialists do?

Computer security managers are accountable for securing the computing resources and data of the company on a consistent basis. A security analyst should restrict access to specific users to gain confidential information.

Planning Security

Security experts analyze and plan the computer protection measures to protect the vital components of the IT infrastructure to counter the possible vulnerabilities and threats.

Securing the Infrastructure

The critical role of any security specialist is to secure the infrastructure of the corporate network. Even the most sought-after software can have the possibilities of retaining overlooked vulnerabilities that are detected only when there is an audit.

The security specialist is responsible to install a firewall to filter out the possible threats and an antivirus to scan, detect and remove any malware infection from the system.

Monitoring the Infrastructure

The prime role of any security specialist is to monitor the corporate IT infrastructure. They are accountable to have a check on what goes in and comes out of the network. They deploy automated security systems to monitor the activities of the system connected to the network.

A key component of infrastructure security is the monitoring infrastructure. Security analysts place to network and computer monitors at strategic points on the network and on critical servers. These monitors typically communicate with a central server, reporting all activity for later analysis. Security analysts use automated tools to scan the logs produced by the monitors and look for aberrations in the activity.

Some unknown facts about computer security

Companies are not really aware of the modes of attacks

With technology, attackers have evolved over the years to deploy sophisticated methods and impose attacks on their target networks. Companies are much confident about their progress in IT security, however, in reality, they are not aware of how they are being attacked.

2017 has seen the worst types of attacks of all times – Wanna cry and Petya Ransomware exposed confidential data through data breaches. Considering the same, organizations are at high risks all the time. The risks and threats are always accumulated and created so staying updated and having the correct forms of security measures and consistently monitoring on the new forms of threats would benefit companies to know where they are in terms of security.

Every company is hacked

When we hear about a company’s breach, our instant reflux would make us think that the company does not practice proper computer security. However, every company is at high risk and are likely to be attacked anytime.

Penetration testers experience ethical hacking to be very simple and they easily outplay the existing security system of a computer network. Hence it is a verdict that all the computers are not secured.
Related Resources
Endpoint Security
Trojan Virus

Endpoint Definition – From Comodo Enterprise Security Solutions

What Is Endpoint Definition

Endpoint protection or endpoint security are two words which receive a lot of attention from the security community. They have become crucial to IT-driven enterprises and is one of the most sought-after security products in the cybersecurity market. So what exactly is endpoint security? How does it protect enterprises? What are the advantages it offers? Here we try to answer all these questions.

What Is Endpoint Definition?

Endpoint means a point sitting on the edge. The point being referred to here are mobile devices like laptop, smartphone, tablets etc., and edge refers to the edge of the network. In other words, the mobile devices which can connect to a network from outside are known as endpoints. And since these mobile devices represent the last layer of the network (though located outside of the network, they are still part of it), they are termed as endpoints.

Therefore, simply put, any mobile device which has the access to connect to a network from the outside is known as an endpoint.

What Is Endpoint Security Definition?

Endpoints or mobile devices when they are given the capability to connect to a network pose considerable danger to it, just like an outsider poses danger to any community. Therefore the network needs to be protected against these endpoints. And the process of securing these endpoints is known as endpoint security.

Endpoint security centers around 2 crucial elements: i) securing the network against the endpoints and ii) securing the endpoints themselves so that these endpoints which have been given access to the network don’t unintentionally end up affecting the network security. For this reason, endpoint security usually follows a client-server architecture, where the server continuously monitors all the clients (installed in each and every endpoint which is to be managed) to ensure the network’s security as well as the security of the endpoints.

How Does Endpoint Security Differ From Antivirus?

Antivirus is a part of endpoint security which is basically a collection of several security products whereas antivirus is a single stand-alone product. In other words, endpoint security is security tool which covers many security aspects and has multiple levels to it which can be regulated as per the security requirements of the enterprise that implement them. Antivirus software is usually used for protecting home PC(s) and is not sufficient to protect enterprises.

Advantages Of Using Endpoint Security

  • Enables Mobile Workforce: Endpoint protection entered the security scene and gained popularity because it enabled the operation of mobile workforce securely from anywhere across the globe. This meant the employees were no longer required to be in the office premises to get the job done, they could be anywhere and yet connect with their enterprise network safely and securely.
  • Employees Can Stay Connected 24/7 In A Highly Secure Manner: Previously, when mobile devices connected with enterprise networks, there was a considerable danger associated with such outside connections. But with the introduction of endpoint security tools, this has reduced greatly and now enterprises can allow their employees to stay connected with the network 24/7 without worrying about any security compromise.
  • Offers Extra Security Layer Against Outsider & Insider Threats: Having endpoint security tool improves network security. Because it not only protects the network against the mobile endpoints but also improves the overall security posture of the network. Therefore it’s basically a win-win situation. Employees gain freedom and enterprises enhance their network security.

Endpoint Definition

Conclusion:

The explosion of mobile devices like laptops, smartphones, tablets etc., has made it impossible for enterprises to survive without offering a mobile workforce option to the employees. Moreover, the benefits of offering a mobile workforce are just too many to be ignored altogether. Therefore enterprises have little choice but to embrace the endpoint security technology if they are to prosper.
Related Resources
Endpoint Security
Trojan Virus

What is locky Ransomware?

What is a Malware Scanner

Locky is a type of ransomware. It was released in 2016 when security experts found that the malware authors deliver this ransomware through email asking for payment through an attached invoice of a malicious Microsoft Word document that runs infectious macros. The document when opened by the user would not be in a readable format and a dialog box opens with a phrase “Enable macro if data encoding is incorrect.” This is a simple social engineering technique to used as bait to trick the user and pass on the infection.

When the user enables the macros, the malware author runs a binary file which then installs the encryption trojan that locks all the files that have specific extensions. Later the filenames are changed to a combination of letters and numbers. Once the files are encrypted, the malware demands to download the tor browser and enter a specific website which is actually malicious. It also demands to pay a ransom to unlock the encrypted file.

Who is Locky targeting?

Locky is a very dangerous threat capable of infecting a variety of file formats that includes the files created by designers, developers, engineers and testers. Locky ransomware targets mainly small businesses.. The top countries hit by locky ransomware are Spain, Germany, USA, France, Italy, Great Britain, Czech Republic, Canada and Poland.

Where does Locky come from?

Malware authors pass on the infection through spam emails that comes along with malicious attachments that includes .doc,.xls or .zip files.. Security experts found evidences that the locky ransomware has been developed by the Hackers who developed Dridex. It’s also understood that the locky ransomware comes from Russia as it targets all the PCs around the globe except Russia.

How to detect Locky ransomware?

Locky infected emails looks genuine which makes it difficult for users to identify that the emails are malicious. If the email has a subject line that reads – “Upcoming Payment – 1 month notice.” or comes with a Microsoft Word document containing malicious macros.
If the ransomware runs and infects the files, then it is will be difficult to recover. The user will be notified to pay ransom to unlock the files.

How to remove locky ransomware?

During the process of starting your computer, press the F8 key on your keyboard continuously until the Windows Advanced Options menu pops out, Select Safe Mode with Command Prompt from the menu list and then press ENTER
As the Command Prompt mode loads, type “cd restore” and then press ENTER.
Following that type: rstrui.exe and press ENTER.
Click NEXT in the opened Window
Select the Restore Points and click NEXT (this is to restore your system even before the infiltration of locky ransomware on to the PC).
Then Click “YES” in the following opened Window
Once the PC is restored, Scan the system with an effective and recommended antivirus software and delete any remaining locky ransomware files.

what is Locky ransomware?

How to prevent Locky ransomware?

Ransomware trojans are developed to spread through phishing or spam emails. Below are ways to prevent locky ransomware:

  • Deploy an updated antivirus
  • Install an internet security suite that has email security system to eliminate spam and phishing emails
  • Avoid opening suspicious links and attachments from unauthorized sources.
  • Disable the macros from running default in Microsoft office.
  • Take a backup of vital files on external drives or over the cloud.
  • Ensure the operating system or any other third-party software associated with the system are patched and updated.

Why Comodo Advanced Endpoint Protection?

Comodo Advanced Endpoint Protection (AEP) is an ideal security solution that equips any business network with the right measure of security features. Case studies have proven that Comodo AEP completely denies targeted attacks and APTs (advanced persistent threats) which cannot be made possible by a single standalone antivirus. Endpoint protection solutions provide enterprises a centrally managed security solution to help secure workstations, endpoints- servers, etc.. which are connected to endpoints, and the endpoint devices. It is considered to be the best, as it integrates antivirus, anti-spyware, firewall, and application control that features HIPS (host intrusion prevention) techniques – all in one single console. It combines patch management, configuration capability, and vulnerability assessment to enable proactive protection of data files and disk encryption.
Related Resources
Endpoint Security
Trojan Virus

Kronos Banking Trojan Makes a Comeback

Kronos Banking Trojan

Kronos malware was initially discovered in 2014 and maintained a steady presence on the threat landscape for a few more years, before vanishing for a while. Recently, a variant of Kronos Banking Trojan targeted users in Germany, Japan, and Poland.

This infamous Kronos banking Trojan that has now returned all over again uses web injects and man-in-the-browser (MiTB) attacks to alter accessed web pages and steal users’ account information, credentials, and other such essential data. Besides having hidden VNC functionality, it can also log keystrokes.

Researchers identified three campaigns distributing a renewed version of this banking Trojan. These three campaigns have been targeting Germany, Japan, and Poland. A fourth campaign also seems to be in progress.

  • Campaign One: The first campaign to carry the latest Kronos samples took place on June 27. This campaign targeted German users with malicious documents attached to spam emails. The documents carried macros to download and execute the malware, and the SmokeLoader Trojan downloader was used in a few cases.
  • Campaign Two: The second campaign targeting Japan was observed on July 13 and involved a malvertising chain. Malicious ads directed users to a site where JavaScript injections redirected to the RIG exploit kit, which delivered SmokeLoader. This was followed by the downloader dropping Kronos onto the compromised machines.
  • Campaign Three: The campaign targeting Poland started on July 15 and involved fake invoice emails carrying malicious documents that tried to exploit CVE-2017-11882 (the Equation Editor vulnerability) to download and execute Kronos. The Kronos samples observed in all three campaigns were designed to use .onion domains for C&C purposes. Additionally, the researchers observed that web injects were employed in the Japanese and German campaigns, but none were seen in the attacks on Poland.
  • Campaign Four: A fourth campaign that commenced on July 20 appeared to be a work in progress. The Kronos samples were configured all over again to use the Tor network and a test web inject was spotted.

What You’ll Find in the New Variant of the Kronos Banking Trojan

Here are some details on the 2018 Kronos samples:

  • They’re available with an extensive code and string overlap with the older versions
  • They abuse the same Windows API hashing technique and hashes
  • They abuse the same string encryption technique
  • They feature the same C&C encryption mechanism and protocol
  • They leverage the same web inject format

The C&C panel file layout is very much like the older variants and a self-identifying string is also present in the malware. However, the major change is the use of .onion C&C URLs and the Tor network to anonymize communications.

There is some circumstantial evidence indicating that this latest variant of Kronos has been rebranded ‘Osiris’ (the Egyptian god of rebirth) and is being sold on underground markets.

This new malware variant is being advertised on underground forums as having capabilities that overlap with those observed in the new version of Kronos, and also having almost the same size (at 350 KB). The researchers further observed a file naming scheme in Kronos that appears to indicate a connection with Osiris.

Comodo Advanced Endpoint Protection Will Protect your Banking Information

Endpoint protection prevents targeted attacks and advanced persistent threats (APTs) which can’t be prevented by solely using antivirus solutions. Endpoint security solutions can provide enterprises with a complete spectrum of security solutions that can be centrally managed, and enables securing workstations, endpoints, servers, etc.

All the unknown files are quarantined by Comodo Advanced Endpoint Protection (AEP) in auto-containment, which is a virtual container in which suspicious files can be examined and executed instantly and safely. Comodo AEP operates from a Default Deny Platform in order to focus on complete enterprise visibility while the endpoints connected over the organization’s network are malware-free. Its console of IT and security management helps handle Linux, OSX, iOS, Windows, and Android devices linked to all the physical and virtual networks.

How Comodo Advanced Endpoint Protection Works:

  • AEP employs the Default Deny PlatformTM to block bad files and automatically contain unknown files in a virtual container, with the help of Intelligent Automatic Containment technology.
  • The Comodo VirusScope technology helps to examine unknown files at the endpoint, for malicious actions and behavior.
  • Valkyrie provides a cloud-based accelerated verdict within almost 45 seconds, based on dynamic, static, and human analyst interaction.
  • Malicious files are removed, good files are permitted to run on the endpoint CPU and unknown files are contained in the lightweight virtual container on the endpoint and examined in real-time.
  • Advanced Endpoint Protection can be provisioned within just a minute; it uses negligible CPU resources and needs an endpoint footprint of only about 10 MB. The program provides absolute security for both virtual and physical endpoints in both small and big enterprises.

Kronos Malware
Related Resources
Endpoint Security
Trojan Virus

What is antimalware?

anti-malware

Anti-malware is a type of software developed to scan, identify and eliminate malware, also known as malicious software, from an infected system or network.

Antimalware secures an individual system or an entire business network from malicious infections that can be caused by a variety of malware that includes viruses, computer worms, ransomware, rootkits, spyware, keylogger, etc. Antimalware can be deployed on individual PCs, a gateway server or even on a dedicated network appliance. An effective antimalware tool includes multiple facets like anti-spyware and phishing tools to ensure complete protection.

How does Anti-Malware work?

Definitions

Many antimalware-programs are designed to scan for malicious software in a computing device by using a set of archived malware signatures (blacklist). The anti-malware program compares the identified suspicious file to the blacklisted malware definition and if the functions are the same, it flags it as malware. This is one method that most traditional anti-malware programs follow. It is effective to identify known malware, however, the database has to be updated to ensure protection from the newest malware and threats.

Heuristics

Heuristics is another method that is implemented in most of the anti-malware software to identify threats, unlike the definition-based method. Heuristics detects if the suspicious file is malware by running through a process of behavioral analysis. For instance, if a file or program is coded to delete important and sensitive system files, the antimalware flags it as malware. However, the heuristic method fails as it may result in false positives or sometimes even the legitimate programs are flagged malware.

trojan attack

Need 100% protection against Anti-Malware?

Comodo Advanced Endpoint Protection (Comodo AEP), Get complete protection for every endpoint on your network.

→ Free Trial for 30 days

→ 7-Layers Enpoint Security Platform

→ Default Deny Security

→ Cloud-based Advanced Malware Analysis

Get Free Trial

Sandboxing

There is another method called sandboxing, that can identify if the file or program is malware. If the file or program is deemed suspicious, it is moved to an isolated environment called the sandbox which is a secure space, where the file is run and executed to conclude whether its malware. If the file shows malicious behavior, the antimalware software will eliminate it. this is done without affecting the user experience and the normal operations of the computer. Through this method, antimalware can protect the system from both known and unknown threats.

Removal

Anti-malware not only identifies malware, but it also removes the identified malware.

Benefits of Anti-malware

  • Real-time protection
  • Boot-time scan
  • Scanning of individual files
  • Protection of sensitive information
  • Restoration of corrupted data
  • Protection from spam and identity theft
  • Provides robust web protection
  • Provides quick scan of the removable device
  • Terminates unwanted ads and spam website
  • Improves the PC performance

Looking for Malware Virus Removal Help?

There are different types of malware that have been developed to attack and infect systems through different mechanisms. To get rid of malware – there should be an effective anti-malware program like Comodo Cybersecurity’s anti-malware program that:

  • instantly updates for the latest in anti-malware protection,
  • terminates or blocks every untrusted or suspicious process running on an endpoint with a single click
  • easily integrates with cloud scanners to provide real-time security verdicts for unknown programs

Apart from installing the best anti-malware software, it is also important to delete temporary files, stay disconnected to the internet and clean your PC, ensure that you have a strong password for all the logins and also check before you download or click on an attachment or link whether its genuine or authentic to deliver good endpoint protection, avoid system crashes and for better system performance.

What is antimalware
Related Resources
Endpoint Security
Trojan Virus