Subscribe to Our Blog: SUBSCRIBE
May 19, 2017 BY Tim Foley

The Next Cyberattack is Here. Learn What It Is, How It Works, and What To Do About It.

Another wave of cyberattacks loom on the horizon as WannaCry dies down. The newest threat targets victims using fully updated Google Chrome and Windows on the latest version of Google Chrome and steals login credentials. The Dataprise Cyber Security Operations team detected this attack and has put together the information below to spread awareness before any damage is done:

What did we discover? 
Currently, the attacker directs the victim to download the .scf file by using phishing scams, malvertising, and other scamming methods. At times the .SCF file can automatically begin to download without the user realizing it. If a user downloads this malicious .SCF file, the download can create an authenticated connection to a Remote malicious SMB host, controlled by the hacker. 

How does it work?
Once the user opens the folder containing that malicious file, the ransomware will automatically run to retrieve an icon. This can happen immediately after downloading. From there, the .SCF file tricks the automated authentication as it attempts to retrieve the icon image. This allows for the victim’s username and hashed password to be transferred, which leads to the attacker to use the credentials, authenticate the victim’s workstation, and gain full control of the workstation.

Will my Anti-Virus or Anti Malware detect this attack?
NO. To these programs, it appears to be a normal authentication. 

What can you do?

  • Block outbound SMB from the local network to the WAN via firewalls.
  • Disable automatic downloads in Google Chrome by going to Chrome's Settings, selecting "Show advanced settings," and then selecting the "Ask where to save each file before downloading" option.

Recommendations

  • Make sure all hardware and software is up-to-date, under warranty, and patched.
  • DO NOT click on any links, emails, or attachments that look suspicious. Contact your support team if you are unsure about the legitimacy of emails.
  •  Train your employees on cybersecurity protocol.

The most important action to take is to have a security team in place to detect cyber incidents in real time and respond immediately. The peace of mind and higher defenses against increasingly widespread cyberattacks like WannaCry and this upcoming attack are invaluable.

If you are interested in safeguarding your business, contact Dataprise Cyber to speak with one of our experts at 1-888-297-9818. 

More information regarding Dataprise Cyber Managed Security Services can be found here.

Check Out Our Latest Cybersecurity Blogs
AWARD: Dataprise Cyber Named Top 200 MSSP

AWARD: Dataprise Cyber Named Top 200 MSSP

Sep 23, 2019 BY Dataprise CYBER
Dataprise Cyber was named a Top 200 Managed Security Services Provider (MSSP) for 2019 by MSSP Alert. Read more.
The Perimeter is Dead, Long Live the Perimeter

The Perimeter is Dead, Long Live the Perimeter

Sep 11, 2019 BY Tim Foley
Controlling access between the public internet and your internal systems lends to strong cyber defense. Click here to improve your perimeter defenses.
Key Data Breach Investigations Report (DBIR) Takeaways

Key Data Breach Investigations Report (DBIR) Takeaways

May 31, 2019 BY Tim Foley
The 2019 Verizon Data Breach Investigations Report has both repeated and new key findings about the state of information security. Read the summary of our findings here.
Subscribe to Our Blog: SUBSCRIBE