Security Advisory: Malicious Attacks using COVID 19 are becoming more widespread

Security Advisory: Malicious Attacks using COVID 19 are becoming more widespread

Due to recent events, many of us have had to do significant life changes be it personal or work related. This has affected many of us globally and even created a trend that many are using to their advantage, such as people making profit off shipping masks to other countries. So, it comes to no surprise that many cyber criminals are also using this to their advantage. According to Trend Micro, there has been a surge of malicious attacks being detected that have been using the COVID 19 as a lure to infect unsuspecting users.

From the duration of January 1, 2020 – March 27, 2020, Trend Micro’s Smart Protection Network blocked more than 300,000 threats using the COVID 19. They found that 65% of the attacks were in the form of spam emails while other 35% were malware related or malicious URLs. Around 56% of malicious URLs are phishing attacks, so making sure your workforce is properly educated on how to spot these attacks is crucial in keeping your company safe. Around 80,000 files used in spam that had the keyword COVID were mostly Trojan files, the others were in different malware families, only a handful were ransomware related.

Defending your Workforce from COVID related threats

Below are a few tips in which your workforce can follow to help minimize the risk of falling for COVID related scams:

Use a company device for remote work if possible

If possible, use company issued devices. Personal devices may not have as much security controls then company owned devices. Do not use company devices for anything unrelated to work.

Prepare a backup solution at home

Preparing a backup with what you have on hand (USBs, external hard drives, etc.) is better than not preparing in case anything goes wrong.

Be wary of online scams

Unfortunately, there will be people using this crisis to scam or make money of people who are currently on high alert. Let us remember to always be vigilant and look out for suspicious emails or URLs, especially if they are unverified and currently using COVID in their filename or URL.

For those who wish to add more security to their current mobile workforce, Trend Micro’s Smart Protection suite and Worry-Free Business Security can help you detect and block these malicious threats.

As an added layer of defense, Trend Micro™ Email Security thwarts spam and other email attacks. The protection it provides is constantly updated, ensuring that the system is safeguarded from both old and new attacks involving spam, BEC, and ransomware.


To learn more about how to better protect your workforce with Trend Micro solutions, you can send an email to marketing@www.ctlink.com.ph and we would be happy to answer your inquiries!

Five tips from Microsoft Detection and Response Team to minimize Advanced Persistent Threats

Five tips from Microsoft Detection and Response Team to minimize Advanced Persistent Threats

Microsoft’s Detection and Response Team (DART), in an effort to encourage the use of better security practices, is planning on sharing its experiences wit customers to let others know the methods of hackers.  One particular customer story just shows how some organizations are still lax when it comes to security as they had 6 different groups hacking their network in the same time period.

In the first report that they gave, there was details of an advanced persistent threat (APT) that was able to steal administrator credentials to steal sensitive data.  This attack persisted for 243 days, this was when DART was called in to help the customer.

One thing to note, this attack could have been prevented if a multi-factor authentication (MFA) was in place.  Microsoft says that almost 99.9% of compromised accounts do not use MFA, and only 11% of enterprise accounts use MFA.

When DART was in the process of removing the attacker on the system, that was when it discovered the other 5 intruders within the network.  The attackers were not coordinating the attack together, the main attacker used a password-spraying attack to get the credentials of the Office 365 admin.  They then searched the mailboxes for confidential emails that contained intellectual property in certain markets.

The company tried its best to resolve the attack in the first month, but then needed to call in an incident-response vendor to help.  It proved to become a lengthy investigation and after 7 months, Microsoft’s DART was called to help with the investigation.  They were able to eject the threat on the day they were assigned the task.

Below are a few Microsoft recommended ways in which to avoid the risk of APT attacks:

  • Enabling MFA
  • Removing legacy authentication
  • Giving enough training to first responders
  • Logging events properly with a security, information and event management product
  • Recognizing attackers use legitimate administrative and security tools to probe targets

To learn more about how you can keep your systems safe from APT attacks or other major attacks like ransomware, you can contact us at 8893 9515 or email us at sales@www.ctlink.com.ph and we would be happy to help you!

Ransomware attack causes a US Telemarketing Company to shutdown before the Holidays

Ransomware attack causes a US Telemarketing Company to shutdown before the Holidays

Last year before the holidays, an Arkansas-based telemarketing firm was hit by ransomware.  Their employees at the time didn’t even know they were hit by it, however they felt the repercussions of the attack.  More than 300 employees were sent back to their homes and told that it would be best to try looking for another job as a worst-case scenario if they are unable to recover their data.

The attack that happened on October 2019, forced the CEO of the company to send a letter informing their employees of the situation.

“Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the ‘key’ just to get our systems back up and running,” wrote Sandra Franecke, the company’s CEO, in the letter sent to employees.

With the initial recovery plan failing, it was estimated to only take 1 week, management decided to suspend operations while the process is ongoing.  However, many of the 300 employees are doubtful that the company will be able to survive this situation.

This situation is not as uncommon as you would think it is.  In the last few years, many other companies have decided that a ransomware attack was too costly for them to recover and ended up shutting operations down.  One example would be a Medical practice in Michigan opting to end their operations 1 year earlier than planned rather then deal with the fallout of a ransomware infection.

Situations like this could have been avoided given that they were able to:

  1. Have proper security measures implemented to detect and isolate suspicious files
  2. Had their data recovery plan regularly tested or had on implemented in the first place.

If you would like to learn how we at CT Link Systems, Inc. can help you company better secure your IT environment or even ensure that you have a good BCDR plan in place, Contact us at 8935 9515 and we would be happy to help you!

PlunderVolt: A new Vulnerability found in Intel Processors

PlunderVolt: A new Vulnerability found in Intel Processors

Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs.

It was reported by three academics from three different universities across Europe that a new attack was re that affects the integrity of data stored in the highly-secured area of Intel CPUs called the Intel SGX.  The attack exploits an interface which is in charge of controlling the voltage regulation of the Intel processor, this interface is something that many gamers will recognize as it is the same one that is used to overclock their CPUs.  The attack is aptly named, Plundervolt.

How it works

Plundervolt only targets Intel Software Guard eXtensions (SGX). The Intel SGX, for those unfamiliar with it, is a powerful security feature that is found on all modern Intel CPUs that keeps very sensitive data for applications to ensure that other applications are unable to access it.

By using the CPU’s energy management interface, it is able cause some changes in the SGX data just by altering the electrical voltage and frequency of the SGX memory cells. This causes bugs and faults appear within the data and operations which SGX handles.  Meaning, instead of destroying, Plundervolt sabotages output to weaken the encryption of SGX and even cause errors within apps that might have not been there before to exploit and steal data.

However, unlike other attacks, Plundervolt cannot be exploited remotely like luring users into a website and then being able to execute the attack.  Plundervolt needs to run from an app of an infected hosts with root or admin privileges.  So getting a successful attack may be harder compared to other attacks but once they are able to get in your system, they will be able to exploit your system much faster than most other attacks.

What Intel CPUs are infected and where can we get a fix?

According to Intel, the following CPU series are vulnerable to Plundervolt attacks:

Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors

Intel® Xeon® Processor E3 v5 & v6

Intel® Xeon® Processor E-2100 & E-2200 families

Plundervolt is nothing that end-users should worry about. It’s an attack vector that is of little interest for malware authors since it’s hard to automate at scale. It is, however, an attack vector that could be weaponized in targeted attacks, against specially selected targets. If Plundervolt is a serious threat depends on each user’s threat matrix.

For those who are looking for the update to fix this vulnerability, you may refer to the microcode and BIOS update here.

For any inquiries with regards to this vulnerability or any other security questions, you may call us at 8893-9515 and we would be happy to help you!

A Closer look at Processor Vulnerabilities

A Closer look at Processor Vulnerabilities

The past few years has been rough on processor security, this especially for Intel as one of the biggest processor vulnerabilities Meltdown and Spectre was for nearly all their modern CPUs.  Although patches came out almost immediately to solve these issues, this was just the start to the security vulnerabilities as other attacks such as MDS (Microarchitectural Data Sampling) have been popping up.  So why are these vulnerabilities and security flaws only now coming to light?  These issues actually are quite complex and would need a further understanding of the advances of CPU technology such as the following below:

  • L1/L2/L3 caches
  • Speculative execution
  • Pipelines and buffers
  • Hyper-Threading

If you are unfamiliar with the above technologies, they basically function as ways to help improve the speed of the CPU.  In theory, without these components, we could have a much more secure processor at the cost of performance.  Vendors are caught in a predicament of wanting to increase performance but also have to consider the security implications of newer technology.  This shows in the patches for recent vulnerability fixes which brought performance down of the CPU by 5-30%.  The latter number can be alarming but does not usually affect home users as the 30% is more frequent for servers.

Although vendors are still working on improving their security to prevent future vulnerabilities from happening, there are still ways to make sure that your data is protected like adding an additional layer of security.  With the help of 3rd party security vendors such as Trend Micro can help with products such as Deep Security through virtual patching.

To get a more in depth understanding of the processor vulnerabilities, you can refer to this article here.  To learn more about Trend Miro Deep Security, you can visit our page here or contact us directly at 893-9515 and we will be more than happy to answer your inquiries!

Security Vulnerabilities: A Closer look at a Cyber Criminal’s Window to your System

Security Vulnerabilities: A Closer look at a Cyber Criminal’s Window to your System

You may be hearing more and more these days of new security vulnerabilities being discovered in the news and may be wondering what exactly it may imply?  Simply, a vulnerability represents the ideal opportunity for cyber criminals to infiltrate your system to compromise your data or to perform data theft.

According to current data now, we can see that these vulnerabilities will be popping up more often as 2017 had a record-breaking year for reported exploitable vulnerabilities, with almost 20,000 security flaws reported over the year.   For the year 2018, the data is still being tallied however, a report from RiskBased Security has already noted that more than 10,000 vulnerabilities have been reported in which 3,000 potential flaws which enterprises have failed to patch.

To better understand vulnerabilities, our friends from Trend Micro has segregated them into types in which to classify them:

Traditional vulnerability – is a programming error or other type of software issue that hackers can use to sidestep password protection or security measures and gain unauthorized access to legitimate systems. These are the most rampant types of security vulnerabilities.

Zero-days – are brand new software issues that have only just been identified and have not yet been patched by vendors.  As Trend Micro explained, “that’s because the vendor essentially has zero days to fix the issue or has chosen not to fix it.”

Undisclosed vulnerability – these are flaws that have been identified and reported, but are not yet disclosed to public users, giving vendors time to patch the issue.

So, what can you do to help address these vulnerabilities?

To help keep your enterprise safe from these vulnerabilities, Trend Micro suggests that you pay attention to current security research so that you can apply the necessary findings to help keep your business safe.  Another would be to make sure that you keep yourself up to date with updates and patches.  However, with the number of vendors and patches, it can sometimes be too much for your IT to patch immediately due to the volume.  Trend suggests the following patching prioritization scheme to help ease the load of your IT team:

  • The severity of the patched issue. Microsoft and other vendors will rate vulnerabilities according to how critical they are to overall risk. More critical patches should be applied as soon as possible, whereas less critical updates can represent a lower priority.
  • Vulnerabilities impacting your enterprise’s particular key software. Similarly, updates for software systems that are used on a daily basis within the enterprise and provide essential functionality should be prioritized over other updates. A patch for a software that is only intermittently used, or only impacts a small number of users in a single department of the company, for instance, can be put on the back burner.
  • Those currently being exploited. It’s important to prioritize patches for vulnerabilities that hackers are currently using to mount attacks.

To learn more, you may visit the original Trend Micro article here, visit our product page here, or you can also contact us directly at 893-9515 and we will be happy to answer your inquiries!