Cybercriminals Are Posing as Job Applicants to Spread Ransomware

If your business is hiring, you should be aware of a new phishing attack in which cybercriminals are posing as job applicants. Falling victim to this attack may leave your business infected with the GoldenEye ransomware. This phishing campaign was initiated in Germany, but security experts expect it will go global.

How the Attack Works

Hackers like to target HR staff members because they often open emails and attachments sent by strangers. In the GoldenEye attack, cybercriminals are sending phishing emails that have the word "application" in the subject line to HR departments. The emails include two attachments: a PDF file and a Microsoft Excel spreadsheet.

The PDF file, which does not contain any malicious code, is a cover letter. Its purpose is to reassure HR staff members that they are dealing with a real job applicant. To make the cover letter seem more legitimate, the hackers even include a person's photo. The cover letter tells the HR staff members to see the attached Excel file, which supposedly includes a resume, references, and an aptitude profile.

If the HR staff members open the Excel spreadsheet, a visual element indicates that the information is loading. An accompanying message tells them to "please use the editing options to display the aptitude profile". This is meant to trick the HR staff into clicking the "Enable Content" option, which will appear if Excel is left at its default setting of "Disable all macros with notification". A Word macro is a small program that lets you execute complex procedures with a single command or keyboard stroke. In this case, the macro's commands instruct the computer to download the GoldenEye ransomware from a remote server and install it.

Once installed, GoldenEye first encrypts the victim's files. Afterward, it displays a ransom note that asks for 1.3 bitcoins to decrypt the files. But the ransomware does not stop there. It restarts the computer and encrypts the hard disk's master file table (MFT), which cripples the computer. The victim then receives a second ransom note that asks for an additional 1.3 bitcoins to decrypt the MFT. GoldenEye uses different algorithms and keys to encrypt the files and MFT, so victims need to pay both ransoms if they have not backed up their files and applications.

What You Can Do to Protect Your Business

The most important way to protect your business from the GoldenEye ransomware is to regularly back up your files and applications. Having backups on hand means you won't have to pay any ransom. However, it won't prevent a GoldenEye infection. For this reason, you might consider taking the following precautions:

  • Let the HR staff know about the dangers of enabling Excel macros. Assuming that the default macro setting has not been changed, the only way to unleash GoldenEye is if the HR staff (or someone else involved in the hiring process) opens the attached Excel file and allows the macro to run. Thus, warning the HR staff about the dangers of enabling macros is a good idea.
  • Educate the HR staff about phishing emails. Taking the time to educate HR staff about the GoldenEye phishing email as well as how to spot other phishing emails will help reduce the likeliness of them falling victim to an attack.
  • Use anti-malware software. While anti-malware software might not catch this macro-based attack (the macro contains download commands rather than the actual ransomware), it is still important to use anti-malware software. It can detect the malicious code that does make it onto a computer.

Take Action Now as Waiting Could Be Costly

If you do not regularly back up your business's files and applications, now is a good time to get a process in place. Not doing so might mean you have to pay multiple ransoms if one of your computers becomes infected with GoldenEye — and paying the ransoms does not guarantee you will get the keys needed to decrypt your files and applications. If you need help in developing and implementing a backup strategy, contact us.


How to Use Microsoft's New Privacy Dashboard

Microsoft automatically collects data about the people using its products and services, often storing that data in the cloud. To make it easier for users to see what information is being collected and stored about them, Microsoft has launched a new, web-based privacy dashboard. If you have a Microsoft account and use any of the company's products or services, consider checking it out.

Besides letting you view the data, the privacy dashboard gives you the option of removing it from the cloud. The dashboard also lets you know how to stop your data from being collected in the future.

To access the privacy dashboard, you need to go to the Stay in control of your privacy web page and sign in with your Microsoft account information. From the dashboard, you can view the following types of data and remove them from the cloud if desired:

  • Cortana data: Cortana is a personal digital assistant found in Windows 10 computers, Windows 10 Mobile and Windows Phone 8.1 smartphones, and a few other devices. To provide personalized recommendations, Cortana collects and stores information about you from various sources, including your emails, text messages, calendar entries, and contacts.
  • Browsing history: Cortana gathers and stores your browsing history in Microsoft Edge to help answer your questions and provide personalized suggestions. This information is separate from the browsing data that Edge stores on your device. Clearing the browsing history through the privacy dashboard will remove your browsing history from the cloud but not from your device.
  • Search history: When you use the Bing search engine while logged in to your Microsoft account, the company stores your search history in the cloud.
  • Location data: Microsoft stores the last known location of your Windows 10 and Windows 8.1 devices in the cloud. It also stores location data from Bing and health-related GPS-based activities.
  • Health data: If you subscribe to Microsoft Health or HealthVault, your activity and fitness data (e.g., daily steps taken, heart rate) is stored in the cloud. Plus, any medical records you put into the HealthVault are stored there.

The privacy dashboard also has links to resources that discuss how to manage the privacy settings for other Microsoft products and services, such as Office and Skype. In addition, it includes links to the pages on which you can manage your third-party advertising and Microsoft marketing preferences. Microsoft plans to add more functionality and data categories to the dashboard in the future.


6 Reasons Why Remote Monitoring Should Be a Part of Your IT Management Strategy

If your company is like most businesses, your computer systems play an important role in your daily operations. To make sure those systems are secure and operating at peak efficiency, PowerOne's remote monitoring service will watch over them, gather information and even remediate any issues or problems.

Here are six reasons why you should use a remote monitoring service to keep an eye on your computer systems:

1. Your Business Can Avoid Downtime

When your computer systems go down, you lose time and money, so having as little unplanned downtime as possible is ideal. With remote monitoring, you can set alerts that trigger when a problem starts to develop. This early notification means issues can be resolved before they develop into a crisis that causes downtime.

2. Every Device Is Monitored and Supported

Almost any device can be monitored remotely, including servers, routers, firewalls, and laptop and desktop computers. In addition, updates and other changes can be implemented without you or your employees needing to take any action.

3. Problems Can Be Addressed Immediately

With remote monitoring, your computer systems are watched around the clock. This 24x7 service means that solving tech troubles does not have to wait until the morning.

4. Security Measures Are Monitored

Cybercriminals like to target small and midsize businesses because they are often unprepared for attacks. A remote monitoring service can keep an eye on the security measures you have in place so that you know they are working properly. Plus, if you are attacked, you will know immediately rather than finding out days or weeks later. Early detection often limits the damage and reduces the level of effort needed to restore the affected systems.

5. You Can Handle Problems from Any Location

Thanks to remote monitoring, it does not matter where you, your computer systems, or your employees are. When an issue arises, you will be contacted to find out how you want it handled, and those instructions will be carried out. This means that you do not even need to leave the comfort of your own home to take care of a problem. This aspect of remote monitoring is especially appealing to businesses with facilities in distant or rural locations.

6. Your Computer Systems' Health Is Tracked

Remote monitoring collects data about your computer systems over time. When viewing this data in monthly or quarterly reports, long-term trends can be identified before they reach levels that would trigger an alert.