Subscribe to Our Blog: SUBSCRIBE
May 19, 2017 BY Tim Foley

The Next Cyberattack is Here. Learn What It Is, How It Works, and What To Do About It.

Another wave of cyberattacks loom on the horizon as WannaCry dies down. The newest threat targets victims using fully updated Google Chrome and Windows on the latest version of Google Chrome and steals login credentials. The Dataprise Cyber Security Operations team detected this attack and has put together the information below to spread awareness before any damage is done:

What did we discover? 
Currently, the attacker directs the victim to download the .scf file by using phishing scams, malvertising, and other scamming methods. At times the .SCF file can automatically begin to download without the user realizing it. If a user downloads this malicious .SCF file, the download can create an authenticated connection to a Remote malicious SMB host, controlled by the hacker. 

How does it work?
Once the user opens the folder containing that malicious file, the ransomware will automatically run to retrieve an icon. This can happen immediately after downloading. From there, the .SCF file tricks the automated authentication as it attempts to retrieve the icon image. This allows for the victim’s username and hashed password to be transferred, which leads to the attacker to use the credentials, authenticate the victim’s workstation, and gain full control of the workstation.

Will my Anti-Virus or Anti Malware detect this attack?
NO. To these programs, it appears to be a normal authentication. 

What can you do?

  • Block outbound SMB from the local network to the WAN via firewalls.
  • Disable automatic downloads in Google Chrome by going to Chrome's Settings, selecting "Show advanced settings," and then selecting the "Ask where to save each file before downloading" option.

Recommendations

  • Make sure all hardware and software is up-to-date, under warranty, and patched.
  • DO NOT click on any links, emails, or attachments that look suspicious. Contact your support team if you are unsure about the legitimacy of emails.
  •  Train your employees on cybersecurity protocol.

The most important action to take is to have a security team in place to detect cyber incidents in real time and respond immediately. The peace of mind and higher defenses against increasingly widespread cyberattacks like WannaCry and this upcoming attack are invaluable.

If you are interested in safeguarding your business, contact Dataprise Cyber to speak with one of our experts at 1-888-297-9818. 

More information regarding Dataprise Cyber Managed Security Services can be found here.

Threats
Check Out Our Latest Cybersecurity Blogs
AWARD: Dataprise Cyber Named 2020 Top 250 MSSP

AWARD: Dataprise Cyber Named 2020 Top 250 MSSP
Sep 18, 2020 BY Dataprise CYBER
Dataprise Cyber was named a Top 250 Managed Security Services Provider (MSSP) for 2020 by MSSP Alert. Read more.
READ MORE >
Personal Cybersecurity in the Time of COVID-19

Personal Cybersecurity in the Time of COVID-19
Aug 18, 2020 BY Lydia Graslie
We explore some steps you can take to secure your home devices and discuss how we can help you better secure your environments.
READ MORE >
Dataprise CYBER Named MSP Partner of the Year by Arctic Wolf

Dataprise CYBER Named MSP Partner of the Year by Arctic Wolf
Jun 08, 2020 BY Dataprise CYBER
Dataprise Cyber has been named Arctic Wolf’s Managed Service Provider (MSP) Partner of the Year. Read More.
READ MORE >
Subscribe to Our Blog: SUBSCRIBE
Dataprise Cyber logo
Contact Us
Privacy Policy | Legal
© Dataprise All Rights Reserved. All other marks are the properties of their respective owners.