Our goal at Integrated Technology Systems is to keep you informed of the latest threats to your cybersecurity. Below is this week's update.

Enemybot Malware may go beyond DDOS Attacks

EnemyBot is a botnet that you might not have heard of unless you are an IT Security Professional. This botnet, which has code borrowed from many sources, is somewhat similar to the Frankenstein of malware threats.

Although it's not very original, it is dangerous. As new vulnerabilities are discovered in content management systems and IoT devices, Android phones, web servers, and other areas, hackers behind this code are constantly adding to their arsenal.

Researchers at Securonix are currently tracking the botnet, which was first detected in action in March. Newer code samples were obtained in April and researchers discovered that EnemyBot already had the ability to exploit flaws in over a dozen processor architectures.

The botnet does not do much and mainly relies upon DDoS attacks (distributed Denial of Service) attacks. The latest version has the ability to scan new targets and infect them.

Enemybot is a real threat. It proves that you don't need to be innovative or think outside the box to create serious malware. This one is a warning sign that the developers behind it are still getting used to it.

New Phishing Attacks Use Email HTML Attachments

HTML attachments may seem old-fashioned as an attack method. However, Kaspersky Lab statistics show that this type of attack is still being used in 2022. In fact, hackers are using it quite often according to the data. In the first four months (2022), Kaspersky Lab detected over two million emails with this type of attack targeting their customers.

Researchers aren't sure what caused the March spike, but they do know that it returned to normal levels in the months following.

In 2019, HTML attachments were a popular attack vector. However, it seems to have fallen out of favor. Security researchers concluded that the attack vector was in decline based upon current trends.

The past four months have proved that HTML attachments are no longer in fashion.

You should remember that JavaScript can be run by simply opening one of these files. That may lead to the target system being hijacked using a malware scheme that would allow it to bypass antivirus software entirely.

This is not something that employees are taught in email safety training.

The best proactive defense against any kind of phishing attack is to always treat all incoming emails from unknown senders with skepticism. Attachments should be treated with even greater suspicion if they are included in an email.

Android Malware Grabbing Login Credentials

You may be familiar with the ERMAC Android trojan if you are involved in IT security.

If you are new to the idea, the hackers responsible for the code have just released ERMAC version 2. This represents a major upgrade from versions in the past.

ERMAC's primary aim is to obtain login credentials and send them to the person who controls the code. The stolen passwords are used by the attacker to gain control of the target's bank accounts or cryptocurrency wallets, and then commit fraud. Sometimes, it is simple theft.

Access to ERMAC requires a Dark Web subscription. You could get the 1.0 version of this malware for only $3,000 USD monthly. The latest version is available for subscription at $5,5000 USD monthly. It is expensive, yes, but it is worth it for those who have used it and are willing to pay.

First discovered during a Bolt Food fake application targeting the Polish market. Bolt Food is an authentic food delivery company in Europe. The hackers made a fake website that looked exactly like the real thing, and then tricked people into downloading what they believed was a food delivery app.

It was, however, nothing like that. Instead of convenient food service the victims received ERMAC 2.0, along with a bunch of headaches.

Bolt Food was not the first app the malicious code impersonated. According to recent research, ERMAC 2.0 currently impersonates nearly 500 popular Android apps.

However, in all cases the campaigns have relied on users agreeing to download apps from what they believe is a legitimate third party vendor site. It's a dangerous and potentially deadly strain of malware that can be avoided by simply sticking to apps from the Google Play Store. It's becoming more dangerous.

Are you secure? If you are no sure, call Integrated Technology Systems and speak with our IT Team. You will b glad you did.

For more great tips, follow us on Facebook.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017