Hackers Targeting Small Businesses with Weak Cyber Security

This week, the Alert Logic ActiveIntelligence team highlights how Hackers Target Small Businesses with Weak Cyber Security and how a New Petya-Based Ransomware Emerges.

Breach

Hackers Target Small Businesses with Weak Cyber Security

It’s not just large companies such as Yahoo and Target that are vulnerable to cyber attacks. Small businesses, which are often more cash-strapped than large corporations, are increasingly being targeted by hackers.

The chances of a small business being invaded — of having computers, smartphones, tablets and even bank accounts hacked because of poor cybersecurity — are rapidly growing. And some of the very things small businesses are encouraged to do to make themselves more visible, like having blogs, can also make them more vulnerable.

References: Why Small-Business Owners Are Easy Prey for Hackers | Hackers Increasingly Set their Sights on Small Businesses | Small businesses at risk of hacker invasion

 

Mitigation Strategies:

Malware

New Petya-Based Ransomware Emerges

PetrWrap, a variant of a Petya-based ransomware, was used in targeted attacks. It overwrites MBR to lock users out of the infected machines. The Petya ransomware causes a blue screen of death (BSoD) by overwriting the MBR with malicious code that encrypts the drive’s master file table (MFT). When the victim tries to reboot the PC, it will impossible to load the OS, even in Safe Mode. Users turning on the computer are displayed a flashing red and white screen with a skull-and-crossbones instead.

The bad news for the victims is that currently there isn’t a recovery tool to decrypt the MFT of hard disk volumes infected by Petya. The experts noticed anyway that because this specific ransomware doesn’t encrypt the file contents, it is possible to reconstruct the file from hard disk raw data by using specific recovery tools.

References: Petya-Based PetrWrap Ransomware Emerges | PetrWrap, a Petya-based Ransomware, was Used in Targeted Attacks | PetrWrap Ransomware Is a Petya Offspring Used in Targeted Attacks

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Log management could detect any suspicious user account activity
  • Netflow traffic may also reveal large data transfers and potential data leakage. Netflow traffic may also reveal outbound connections to countries you may not do business in, which may be an indicator of malicious activity

This Week's Suspicious IP Addresses

61.177.172.37 61.177.172.19
166.111.77.32 188.118.2.26
81.183.56.217 46.109.168.179

*IP addresses provided by Recorded Future.