Fileless Malware Poses New Threat to Computer Users

With increased cyber threats, there is great awareness of malware that comes attached in files.  Individuals and businesses invest in security solutions to protect against malware. In fact, there are often company policies regarding opening attachments on emails; yet there is an increase in a type of threat (though not new), known as the fileless malware.

What is Fileless Malware?

A fileless malware attack is a type of threat that doesn’t involve executable files. Instead, these attacks include scripts that run on browsers, command prompts, Windows PowerShell, Windows Management Instrumentation, VBScripts, or Linux (Python, PERL).

In other words, fileless malware is a form of cyberattack carried out through software that already exists on your device, in your authorized protocols and in applications that you have allowed on your device.

As such, fileless malware is becoming a favorite of cybercriminals because they don’t have to look for ways to install malicious files in your device – they only need to take advantage of built-in tools.

Reported examples of fileless malware include PowerGhost, which has been used in crypto-mining and DDoS attacks.

How It Works

First, note that these attacks are termed fileless because they are not file-based; instead, they hide in computer memory.

The malware launches an attack in various ways. For instance, a malicious code is injected in an application already installed or a user clicks on a legitimate-looking link that loads a remote script.

Another scenario exists within a legitimate-looking website that a user visits; the attackers exploit vulnerabilities in the Flash plugin; and a malicious code runs in the browser memory of the user’s computer.

While file-based malware uses executable files, the fileless type hides in areas where it can’t easily be detected, such as the memory. It is then written directly to the RAM (and not the disk), where it carries out a series of events.

Once in your system, the malware piggybacks on legitimate scripts and executes malicious activities while the legitimate program runs. At this point, it performs malicious activities such as payload delivery, escalating admin privileges, and reconnaissance, among others.

Since it works in-memory (RAM), its operations end when you reboot your system. This makes it more challenging to trace attacks. The fileless malware also may work in cohorts with other attack vectors, such as ransomware.

Detection and prevention

Various security vendors claim to have products that can detect fileless threats, as well as protect endpoint systems.

Successful security solutions need to be able to put in place technologies that enable them to inspect different kinds of operating systems storage, as well as analyze in real-time the execution of patterns of processes in a system.

But even so, one thing is certain: traditional anti-malware software will not detect fileless malware because they are not file-based and they do not they leave footprints. Here are some tips that will help mitigate against fileless attacks:

  • Regularly update the software on your devices (especially Microsoft applications) to protect against attacks propagated through PowerShell.
  • Apply an integrated approach that addresses the entire full threat lifecycle. This is possible when you use a multilayered defense mechanism.  
  • Use security solutions that can detect malicious attacks against command prompt (CMD), PowerShell, and whitelisted application scripts.
  • Use anti-malware tools that include machine learning, as this will limit scripts from creating new polymorphic malware within your environment.
  • Practice behavior monitoring to help lookout for unusual patterns.
  • Use memory scanning to help detect patterns of known threats.
  • Be on the lookout for high CPU usage by legitimate processes and suspicious error messages that appear for no clear reason.
  • Disable PowerShell and Windows Management Instrumentation (WMI) if you are not utilizing them.
  • Avoid using macros that have no digital signatures or turn off macros if not being used.
  • Use endpoint detection and response tools.

Final Thoughts

The cyber threat landscape keeps evolving. Every day, there are more sophisticated threats as criminals keep advancing to take on countermeasures that have been implemented.

Invest in security solutions that mitigate varying classes of threats, especially machine learning technologies. This will help protect against the latest and emerging threats. Also, keep your Windows OS and other installed software up-to-date to reduce the chances of fileless malware attacks.

Despite taking the mentioned measures, it’s important to stay informed of the latest threats and take necessary precautions.

How IT Spending Will Change When Business Resumes

Most states are starting to relax stay-at-home restrictions. As such, businesses are developing plans for bringing employees back to work. Many businesses are already affected by the pandemic and their future looks grim. Specifically, we are going to look at the IT sector and examine what spending might look like in a post-lockdown economy.

Disruption

The COVID-19 pandemic has resulted in an unprecedented disruption in businesses. As a result, management has tried to reduce costs to survive or risk shutting down. IT departments have suffered the most with major budget cuts due to a reduction in revenue. As a result, non-urgent purchases have been eliminated; initiatives have been suspended; and employees have been terminated.

Of course, technology also has been playing a great role in supporting businesses during the pandemic, especially by enabling work at home and keeping in touch with clients. But there are expectations for major challenges when businesses get back to normal. For instance, the post-coronavirus business world expects travel restrictions, office distancing, business continuity, and pandemic regulations. As for onsite work in the office, challenges will include distributed collaboration, endpoint data protection, scalable administration, and secure access to corporate data.

It also appears that the impact will vary from industry to industry. Companies that depend on face-to-face contact are in danger of lost income and bankruptcy. At the same time, other businesses are thriving.

Consider digital marketing industries. With more businesses moving online, there will be a rise in the purchase of IT-related expenditures such as software. The entertainment sector has found solace in digital platforms, while there is an increase in the work-at-home trend.

The Future

Despite the uncertainties, some predictions can be made.

One thing that is certain is that the impact on IT spending will vary depending on the IT stack. While the infrastructure, branch networking, middleware, and enterprise apps might see a drop, areas such as communication/collaboration, cloud storage, security, and compliance will likely see an increase in spending as more people work remotely.

While the impact on the IT industry will definitely vary, we could see a lot of new innovations. Such innovations might include customer-facing and worker productivity apps. Some companies may increase spending on new innovations to help outperform their competition.

Another factor affecting IT spending is the size of a business. While big businesses may get back to normal after a few months, small businesses have to tread carefully. As such, IT spending for different-sized businesses will not be similar.

A decision to have employees continue working at home means that IT expenditures will take a different shape. While there will be less need for office equipment, there will be an increase in spending to enable offsite work.

There could also be more spending by businesses investing in continuity strategies such as more remote locations, new training in information and communications technology (ICT) and automation of processes.

This also will depend on business operations. Consider a business that had already migrated to the cloud before the COVID-19 pandemic. Such businesses did not suffer much disruption compared to those still using on-premise applications and proprietary data centers. Thus, IT spending for both types of businesses will vary in the future.

Lastly, businesses will want to invest in projects that are likely to provide a return on investment faster.

Conclusion

The disruption to businesses by the COVID-19 pandemic is like none previously encountered. One thing is certain: Things will not bounce back to the known normal. Rather, we should expect a new normal. And, as we have seen through the examination of certain IT expenditures, the success of each industry is dependent on various factors.

Heightened Hacking as Corona Pandemic Worsens; How to Avoid Being a Victim

Hacking as Corona Pandemic Worsens, Avoid Being a Victim ScamSince the escalation of COVID-19 cases, malicious activity from cybercriminals is also on the rise.

Hackers are taking advantage of the coronavirus fear to carry out attacks. This is done by creating websites that claim to have cures for the virus or by spreading emails that contain links to malware.

Consider this research by Check Point, where they found an increase in coronavirus domain name registration. Most of these scam websites allege to be selling vaccines against the virus.

At the beginning of this year, one of the reported cases was the Emotet malware that was used in a coronavirus-themed campaign in Japan. Phishing victims received an email purporting to report locations where the infection was spreading. Because the email appeared to be an official communication from the government, victims were likely to open it to find out more about the information. However, an attempt to open a .docx document will download the Emotet malware to the victim’s computer.

Apart from a .docx, the attachment could be a .pdf or an .mp4 claiming to have instructions on how to protect against the virus or other related updates.

The case in Japan is among the first attacks on the public domain that came with the rise of the COVID-19. Since then as the coronavirus continued to spread, more data breach cases have been reported. According to Malwarebytes Labs director Jerome Segura, there is an increase in campaigns that use the coronavirus situation to trick victims. Segura reports that in March alone, there was a 26 percent increase in online credit card skimming as people did online shopping from the safety of their homes.

Even the World Health Organization has not been spared, as they recently reported a fivefold increase in cyberattacks. The attacks have increased such that there was a joint alert sent out by the United States Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency, and the United Kingdom’s National Cyber Security Centre.

Unfortunately, the fact is it won’t get any better as more cybersecurity firms report an increase in attacks relating to the coronavirus outbreak. This is because attacks that are based on important events or occurrences such as the COVID-19 pandemic become effective as they leverage on the public’s need to know.

In matters of life and death, people tend to be less careful; and in an attempt to stay informed, they end up becoming victims of cybercriminals.

Apart from malware, there are fears that work-at-home directives also have led to an increase in data breaches. If you have a business, you probably have policies to help guard against cyberattacks. However, since the work-at-home situation was largely unplanned and employees are having to work from home, data can be easily leaked from the devices they use to connect to the office network.

It’s important to keep in mind that hackers love to take advantage of current events to trick their victims. Because of this, it’s expected that these attacks will increase in frequency – and this calls for users to be vigilant.

Although security systems might already be in place, none of them have the ability to deal with ever-increasing threats that have grown in sophistication. Email security remains one of the hardest challenges for employers. However, taking precautionary measures will help reduce the possibility of successful attacks.

Here are 10 ways to keep safe:

  1. Avoid clicking on promotional links in emails.
  2. Be careful when you receive emails with subject lines that include coronavirus or COVID-19 and have a call to action.
  3. Be careful when clicking on pages with special offers, especially pages claiming to sell or know about the cure for the coronavirus.
  4. Check domain names to verify their validity.
  5. Be careful about clicking on links found on SMS that claim to come from institutions such as your credit company or bank; such links could activate the malware.
  6. Make sure to use a virtual private network (VPN) – especially when working with sensitive data.
  7. If you have a business and your employees are using corporate devices, enable remote wipe in case devices to get compromised or lost.
  8. Limit the number of times you enter your credit card details online and confirm that the domain where you enter personal information is legitimate.
  9. Hackers will continue to adjust their tactics; therefore, use trusted resources such as the Centers for Disease Control and Prevention for information on the coronavirus.
  10. Use strong passwords.

New to Remote Working? Here are Some Tips for Staying Productive

Remote Working, Work From Home, RDP WorkThe COVID-19 pandemic has seen a rise in remote working. Even organizations that have always been against it have their employees working from home. With some areas experiencing complete lockdowns, this means you find yourself in an unfamiliar work environment.

Remote working means that you have to work outside a traditional office environment. Although some people already have experience working remotely, there are a good number of workers who might have a hard time getting anything done from home. This is particularly true for those  with a family that includes young children.

But with the current epidemic, many don’t have much choice other than to agree with the concept that work doesn’t have to be done in a specific place to be performed successfully. Your employer may have already set a work-at-home policy, but how do you ensure you are productive? Here are a few tips to help you retain your employment.

Create a Workspace

If you don’t already have a home office, then it’s time to be resourceful and create a workspace. Unfortunately, since this is unplanned, you might not have an ergonomically friendly work area. This means you could hurt yourself while working; for example, sitting too long in an uncomfortable position. But think outside the box and utilize what you have, such as using pillows to create a comfortable posture. Also, ensure you take frequent breaks.

Don’t forget to choose a space with minimal distractions.

Establish a Routine and Stick to It

The fact that you no longer have to wake up early to get to the office might tempt you to sleep more. It is important to have a work mindset. To achieve a sense of normalcy that you were used to in the office, you need to plan a schedule for your work hours and stick to it. Failure to create a work routine may find you wasting work hours.

Remember, if you live with family or friends, let them know your work hours and have them respect that.

Be Flexible

It’s important that you be flexible, especially if you have kids in the house. This makes it hard to work a 9 to 5 job. A lockdown means you probably do not have someone to come over and help with chores or childcare. The way out is to experiment with different plans. Try working late at night, early in the morning or when your children take a nap.

Use Time Management Apps

Your employer already set goals and roles for you. But achieving them while working at home is challenging. Use time management apps to track the amount spent working on tasks. Such apps, whether web or mobile-based, can help minimize distractions.

Avoid Social Media

There is so much information on the coronavirus pandemic and there is a need to stay updated. But this can turn out to be a distraction that causes you to miss out on work time. Set a time to check such updates and stick to it.

Informal Communication Groups

Apart from official online meetings or discussions, it’s good to keep in touch with colleagues. If your company did not set up such meetings, then you should. There are many communication tools available today that you can use. Keep in mind, isolation can lead to depression, especially if you live alone and are used to an active social life.

Work-Life Balance

Don’t spend all of your day working. Set daily tasks and stick with them. Set a time to exercise; it’s good for productivity and helps you avoid getting sore, which will generally affect your health. Log off from your work and do a different activity.

Use Secure Connections

Cybercriminals are now more likely to target remote workers. There are already reported cases of coronavirus ransomware and malware. This not only affects your work but can put your company at risk. Ensure that you use a secure wifi and virtual private network (VPN). Most importantly, don’t ignore your company’s security policies just because you are working from home.

Final Thoughts

There is a lot of debate surrounding remote working. Employers may see the benefit of remote working and adopt it more. Whether this will be the case, only time will tell. But we should brace for unexpected changes in the workplace when things finally get back to normal.

The most important thing right now is to keep in mind that your productivity will depend on your self-discipline, time-management skills, technology skills (to use new apps) and adaptability. 

6506148 B2 Patent: Nervous System Manipulation – Is it Real or Just Paranoia?

Imagine someone manipulating how you feel. Of course, no one wants that. But how about being manipulated unknowingly? This is exactly what is happening to your nervous system every time you switch on your TV or computer.

Well, at least according to the 6506148 B2 Patent.

The patent named “Nervous System Manipulation By Electromagnetic Fields From Monitors” was filed in 2001 and published in 2003. The patent was filed by one Hendricus G. Loss (perceived to be a fictitious person as no information about who he really is can be traced).

Is it Worth Any Attention?

We already know that the content displayed on TVs or even on the internet is created in such a way as to influence decisions, such as when making a purchase or standing behind certain beliefs.

The mind control subject has been a topic of discussion for a long time. Although initially considered a conspiracy theory, its reality has been observed in the content displayed by mainstream media.

But how about manipulation through the nervous system?

Science teaches us that the work of the nervous system is to carry messages throughout the body and control your senses. The nervous system, according to neuroscientists, is controlled by the brain.

Now, the brain is said to be a complex bioelectrical organ that produces electric fields.

That’s why it’s believed that you can rewire your brain through techniques such as listening to binaural beats. Scientists also claim to control brain functions with a technique that uses powerful electromagnetic radiation. This technique, known as Transcranial magnetic stimulation (TMS), can jam or excite particular brain circuits.

Think of how you are not allowed to use cell phones in some areas of a hospital or in an airplane (where some only allow use in airplane mode). This is so that the electromagnetic transmission of the phone does not interfere with critical electrical devices.

So if a brain is a bioelectrical organ, is there a possibility of manipulating it?

How it Happens, According to 6506148 B2 Patent

Here is a short excerpt from the patent abstract:

“Physiological effects have been observed in a human subject in response to stimulation of the skin with weak electromagnetic fields that are pulsed with certain frequencies near ½ Hz or 2.4 Hz, such as to excite a sensory resonance. Many computer monitors and TV tubes, when displaying pulsed images, emit pulsed electromagnetic fields of sufficient amplitudes to cause such excitation.

It is, therefore, possible to manipulate the nervous system of a subject by pulsing images displayed on a nearby computer monitor or TV set. For the latter, the image pulsing may be embedded in the program material, or it may be overlaid by modulating a video stream, either as an RF signal or as a video signal. The image displayed on a computer monitor may be pulsed effectively by a simple computer program. For certain monitors, pulsed electromagnetic fields capable of exciting sensory resonances in nearby subjects may be generated even as the displayed images are pulsed with subliminal intensity.”

The US Patent 6506148 B2 is a confirmation of the possibility to manipulate the nervous system. The patent includes 14 claims including how video can be used to manipulate the nervous system.

Is it just a conspiracy theory?

Well, it’s not easy to tell. But we can’t ignore the concerns raised in regards to electromagnetic fields (EMF). The EMF issue has raised so much concern that in May 2015, 190 scientists from 39 nations submitted an Appeal to the United Nations requesting the World Health Organization (WHO) adopt more EMF exposure protective guidelines.

Such concerns are an indication that the patent should not be ignored. It also goes to show that apart from your electronic devices recording, monitoring and watching everything you are doing, they can also influence living organisms’ feelings, perceptions, thoughts and behavior.

Switch off that Screen

Well, this is practically not possible. The dependence on these electronic devices is so high that we are practically immobilized if they were to be turned off. Electronics have become part of human attachment.

The age of the Internet of Things (IoT) doesn’t make it any better. Now that we are surrounded by electromagnetic emitting devices, the patent serves as an alert to the public of the possibility of what could happen if these technologies were used unethically.

Unfortunately, the technology is here to stay. The only option is to minimize the exposure from your EMF emitting devices. Therefore it’s not a bad idea to try something different: read a book, go hiking, take a walk or simply switch off that screen when you can.

How Businesses Benefit from Big Data Analytics

Previously we looked at the key technology trends in accounting to watch out for in 2020. Among the trends are big data and data analytics, which can have a great impact on businesses.

Business data has existed for a long time, whether in filing cabinets, ledgers or storage devices. But today businesses both large and small have to deal with huge collections of data every day. This has seen the rise of data analytics trends that include deep learning, machine learning and dark data.

Unfortunately, small and medium businesses (SMB) have to struggle with making a decision on implementing data analytics. This is largely because many SMB owners assume that data analytics is strictly for large organizations – especially because of the expectation that it’s expensive and complicated.

Luckily, reduced tech costs have made it possible for small and medium businesses to afford technologies that were previously only cost-effective for big organizations.

Is the Cost and Effort Worth It? 

Before the advent of big data analytics, customer data was collected using surveys or customer feedback forms. Analyzing such data is tedious, and it’s possible to miss out on important trends.

Also, imagine running marketing campaigns and having no way to track how effective the campaign was. If you do this in your business, you have no way to know who saw the ad or even the response.

Enter big data and analytics and the whole marketing landscape changes. With big data, a business has clear insights about customer behavior. This is possible because we now can track visitors to a website, the time a visitor spends on a given page, action taken such as making an order, the location the purchase came from and so many other details that help a business refine its marketing strategy.

Is it costly? You’d be surprised to know that you don’t need to purchase expensive software. You’ll find, for instance, that you can take advantage of data collected by the QuickBooks accounting software. And depending on your business needs, the software can be connected with low-cost platforms that enable more detailed analytics.

You also can get free platforms such as Google analytics to analyze website traffic and gain insight into consumer behavior. Whatever your company size, you can take advantage of big data insights to better understand your customers.

Here are some reasons why it’s worth it:

  • Analytics help to launch effective marketing campaigns that result in better ROI.
  • Analytics help to track the customers in their sales cycle.
  • It’s possible to track the outcome of business decisions, such as promotional strategies.
  • You get to know which suppliers or other business partners to work with.
  • Provides insights on customers who are likely to pay on time based on historical payment data.
  • Improves customer service. This is possible when customer conversations from different channels are analyzed.
  • It helps to improve the product or service offered by a business.  
  • Identifies trends and patterns. For instance, you can track frequently asked questions and then create a page to handle the common questions.
  • Helps create a strong bond with customers. By understanding customer interests, a business will then engage with their customers by creating personalized offers and campaigns.
  • On the tech side, big data is being used to detect and prevent fraud.  
  • Analytics identify problematic areas of a business, and this makes it easier to come up with a response quickly before the problem escalates.

Become Smarter

When used correctly, data analytics can help a business gain a competitive advantage over other businesses. At the same time, it will also boost your business conversions and revenue. But collecting just any piece of data can be overwhelming and even a waste of time. The secret is in collecting data that will help you reduce business costs and increase your revenue.

Key Technology Trends in Accounting to Watch Out For in 2020

Technology advances continue to reshape industries and businesses – and the accounting industry is no exception. So far, a lot of repetitive tasks are performed with the help of advanced hardware and software. Even for businesses that do not like change, many find themselves making adjustments due to a generation change in the workforce, marketing demands, regulations and client demand. In any case, technology offers strengths once a business adopts new solutions to the accounting processes.

The accounting industry has evolved so much that bookkeeping is no longer just about balancing books; professionals in this field are slowly transitioning into strategic business advisors.

Technological innovations offer inexpensive and efficient ways to run businesses and other aspects of life. Every now and then, there is news on emerging technologies.

Here are some tech trends that are expected to influence the accounting industry in the year 2020.

Cloud-Based Accounting

The internet has enabled the storage and processing of data from remote servers. Small- and medium-sized businesses can now leverage the power of the internet and access data and infrastructure without worrying about the cost of purchasing and maintaining hardware and software services on-site. The ease of accessing data anytime and anywhere helps businesses save valuable time. Such benefits will continue driving more businesses to adopting the use of cloud-based accounting systems.  

Automation

Automating repetitive tasks has helped eliminate manual data entry while saving production hours at the same time. Since technology continues to advance, the accounting industry will see more tasks become automated. This trend can be observed in the growing number of accounting software available for both small and large businesses. Artificial intelligence will also contribute to automation in the industry. This is already evident with the increased development and adoption of robotic process automation.

Social Media

In the early 2000s, social media platforms were mainly used to communicate with family and friends. Today, social media is making an impact in digital marketing. Social media platforms will continue influencing how businesses communicate with their clients.

Apart from reaching out to more clients, accounting firms can also find talent to hire from social media platforms such as LinkedIn.

Big Data and Data Analytics

With advanced data collection and processing, it’s now possible to have access to insights and predictive analysis. Although analytics is not entirely new in accounting, the availability of data analytics tools makes it more powerful. This is important for business owners as it helps to improve decision making as well as understand the overall status of a company with the click of a button.

Cryptocurrency

This digital currency has revolutionized the financial industry with millions of coins present in the market today, including Bitcoin, Ripple and Ethereum among others. This digital currency has taken root so much that it is now accepted as a means of payment. Cryptocurrency has been enabled by blockchain technology.

Blockchain

For businesses, blockchain technology helps maintain a unique history of all interactions with various parties, which is indisputable. Widely known accounting companies like Ernst Young and Price Waterhouse already have people working in distributed ledger laboratories. The blockchain technology will not only lower the cost of reconciling and maintaining ledgers, but it will also provide accuracy of ownership and asset history. 

Remote Working

Remote work settings are becoming common in most industries, and accounting leaders are also adapting this trend. With expectations of more advanced computerized accounting systems as well as cloud-based solutions, it will not be a surprise to have your accountant handling accounting tasks remotely.

In Conclusion

With technology largely affecting how businesses are run, it’s no longer enough for a business to stick to traditional accountancy practices.

As technology and accounting becomes more intertwined, it’s wise for businesses to stay ahead of the curve. The most important way to deal with it is to embrace the technology, learn about new technologies and most importantly, learn new skills. This will ensure that your business remains competitive as you are ready to meet customer demands for faster processes.