Connect with us

Cyber Security

Password protected archives help malware evade detection

Avatar

Published

on

Comodo Dome ShieldReading Time: 4 minutes

If you need to deliver or store confidential documents over the Internet, then placing them inside a password-protected, self-extracting ‘archive’ is one of the best ways to keep out prying eyes. Many users will be familiar with archives in the form of ‘zip’ files and programs like WinZip (there are others like 7-Zip and WinRar which perform a similar function). An archive allows you save multiple documents inside a single file and to compress the overall file size. Importantly, if you password-protect this archive, you will also encrypt its contents. This means it will be unreadable by any 3rd party that intercepts it. The archive can only be opened by the intended recipients – people to whom you have supplied the correct password. Choose a good password and it’ll be years, if ever, before anyone unauthorized can decrypt your files.

It might come as a surprise, but malware authors use this precise security technique for the same reasons. Like you, they don’t want their files to read by any 3rd party apart from the intended recipient. In this case, the 3rd party is a static Antivirus scanner on an email gateway, public hosting or users machine. The intended recipient is the victim of a malware scam.

Although malware inside a password protected archive cannot be detected by the AV scanner, this doesn’t guarantee it will be successful. Encryption only grants the malware safe passage through the Internet and (they hope) onto the victim’s machine. Once the malware starts to run, the real-time virus-detection provided by most popular security software will neutralize the threat. Of course, this relies on the end-user actually having an AV installed – and this is the strategy of the malware author.

There will always be a percentage of home and business users that do not have real-time anti-virus running. They don’t expect every instance of their malware to score a hit, but by distributing it in such massive volumes, they also know that it will be successful in a significant number of cases.

We recently spotted malware using this exact approach:

Looks like the author expressed himself in the file properties:

Malware Removal

A simple Google search for “MrFreeCrypt” returns Russian language results for a “New generation of cryptors”:

CryptService!!! Новое поколение крипторов. Online 24/7 fud 0/44.
гарантия от 24 часов. ICQ: 6*******7 jabber: mrfreecrypt@j****r.ru
----
CryptService!!! New generation of cryptors. Online 24/7 detection 0/44.
guarantee of 24 hours. ICQ: 6*******7 jabber: mrfreecrypt@j****r.ru

We can’t state for sure it’s the same person, but it seems a pretty large coincidence.

The file itself is a ‘7-zip’ self-extracting archive with two files inside:

 Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------
2012-10-21 10:54:14 ....A 107 95 stub.vbs
2012-10-24 16:15:24 ....A 113359 61353 sfx.exe
------------------- ----- ------------ ------------ ------------------ 113466 61448 2 files, 0 folders

“stub.vbs” is a simple Visual Basic Script which runs “sfx.exe” with the following command line parameter:

Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "sfx.exe -pfdhtu578h4j45nh49856856hyg"

“sfx.exe” is another self-extracting archive with only one executable inside – the actual malware component:

 Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------
2012-10-25 00:15:16 ....A 20480 11712 input.exe
------------------- ----- ------------ ------------ ------------------ 20480 11712 1 files, 0 folders

Rather than ‘7-zip’, “sfx.exe” is inside a different type of archive known as a ‘RAR’ file. The RAR file is also password protected and encrypted. The interesting part here is that the RAR accepts the decryption password as a command line parameter “-p”. The “stub.vbs” script provides the password in this way. The chain looks so far looks like this:

[7-zip SFX] → stub.vbs → password → [RAR+password SFX] → malware

As mentioned earlier, this does not mean the malware removal process will ultimately be successful. As soon as the file is executed on the local file system, it becomes subject to detection by real-time Antivirus scanners. However, it works fine against static scanners on cloud storage services, user initiated ‘on-demand’ scans or the static scanners on email gateways. This becomes a bit more alarming when you consider this means it will avoid detection by major mail providers like Yahoo, Google, Hotmail and others. Because of this, users must take care to help protect themselves. First and foremost, install an anti-virus program from a reputable vendor. Secondly, don’t just open attachments on a mail you weren’t expecting, on mails from people you don’t know or on mails that look suspicious or spam-like.

The actual malware component is “FBI” ransom-ware.

It installs itself as an auto-run application via the following registry value:

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] "GoogleChrome"="C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\input.exe"

It protects itself from removal by disabling “Safe Mode” and “Safe Mode with Networking” by deleting the following registry keys:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal*
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork*

It then blocks user input and displays a fake, ‘lock screen’ which tries to extort money from the victim. The screen informs the victim that their computer has been locked by the FBI for suspected misuse and they must pay a fine within 48 hours to unlock it.

Internet Security

____________________________________________________________________________________________________________

Related Resources:

Free Virus Scan

Antivirus Software

Best Antivirus

Malware Removal Tools

Antivirus for PC

Best Antivirus Software

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/malware/malware-detection-by-antivirus-scanners/

Cyber Security

Business Enablement By Way Of The BISO

Avatar

Published

on

Become a Member today!

PLEASE ENTER YOUR EMAIL TO JOIN FOR FREE

We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

Source: https://www.cshub.com/executive-decisions/articles/business-enablement-by-way-of-the-biso

Continue Reading

Big Data

Top 10 Big Data trends of 2020

Avatar

Published

on

Top 10 Big Data trends of 2020

By Priya Dialani

During the last few decades, Big Data has become an insightful idea in all the significant technical terms. Additionally, the accessibility of wireless connections and different advances have facilitated the analysis of large data sets. Organizations and huge companies are picking up strength consistently by improving their data analytics and platforms.

2019 was a major year over the big data landscape. In the wake of beginning the year with the Cloudera and Hortonworks merger, we’ve seen huge upticks in Big Data use across the world, with organizations running to embrace the significance of data operations and orchestration to their business success. The big data industry is presently worth $189 Billion, an expansion of $20 Billion more than 2018, and is set to proceed with its rapid growth and reach $247 Billion by 2022.

It’s the ideal opportunity for us to look at Big Data trends for 2020.

Chief Data Officers (CDOs) will be the Center of Attraction

The positions of Data Scientists and Chief Data Officers (CDOs) are modestly new, anyway, the prerequisite for these experts on the work is currently high. As the volume of data continues developing, the requirement for data professionals additionally arrives at a specific limit of business requirements.

CDO is a C-level authority at risk for data availability, integrity, and security in a company. As more businessmen comprehend the noteworthiness of this job, enlisting a CDO is transforming into the norm. The prerequisite for these experts will stay to be in big data trends for quite a long time.

Investment in Big Data Analytics

Analytics gives an upper hand to organizations. Gartner is foreseeing that organizations that aren’t putting intensely in analytics by the end of 2020 may not be ready to go in 2021. (It is expected that private ventures, for example, self-employed handymen, gardeners, and many artists, are excluded from this forecast.)

The real-time speech analytics market has seen its previously sustained adoption cycle beginning in 2019. The idea of customer journey analytics is anticipated to grow consistently, with the objective of improving enterprise productivity and the client experience. Real-time speech analytics and customer journey analytics will increase its popularity in 2020.

Multi-cloud and Hybrid are Setting Deep Roots

As cloud-based advances keep on developing, organizations are progressively liable to want a spot in the cloud. Notwithstanding, the process of moving your data integration and preparation from an on-premises solution to the cloud is more confounded and tedious than most care to concede. Additionally, to relocate huge amounts of existing data, organizations should match up to their data sources and platforms for a little while to months before the shift is complete.

In 2020, we hope to see later adopters arrive at a conclusion of having multi-cloud deployment, bringing the hybrid and multi-cloud philosophy to the front line of data ecosystem strategies.

Actionable Data will Grow

Another development concerning big data trends 2020 recognized to be actionable data for faster processing. This data indicates the missing connection between business prepositions and big data. As it was referred before, big data in itself is futile without assessment since it is unreasonably stunning, multi-organized, and voluminous. As opposed to big data patterns, ordinarily relying upon Hadoop and NoSQL databases to look at data in the clump mode, speedy data mulls over planning continuous streams.

Because of this data stream handling, data can be separated immediately, within a brief period in only a single millisecond. This conveys more value to companies that can make business decisions and start processes all the more immediately when data is cleaned up.

Continuous Intelligence

Continuous Intelligence is a framework that has integrated real-time analytics with business operations. It measures recorded and current data to give decision-making automation or decision-making support. Continuous intelligence uses several technologies such as optimization, business rule management, event stream processing, augmented analytics, and machine learning. It suggests activities dependent on both historical and real-time data.

Gartner predicts more than 50% of new business systems will utilize continuous intelligence by 2022. This move has begun, and numerous companies will fuse continuous intelligence during 2020 to pick up or keep up a serious edge.

Machine Learning will Continue to be in Focus

Being a significant innovation in big data trends 2020, machine learning (ML) is another development expected to affect our future fundamentally. ML is a rapidly developing advancement that used to expand regular activities and business processes

ML projects have gotten the most investments in 2019, stood out from all other AI systems joined. Automated ML tools help in making pieces of knowledge that would be difficult to separate by various methods, even by expert analysts. This big data innovation stack gives faster results and lifts both general productivity and response times.

Abandon Hadoop for Spark and Databricks

Since showing up in the market, Hadoop has been criticized by numerous individuals in the network for its multifaceted nature. Spark and managed Spark solutions like Databricks are the “new and glossy” player and have accordingly been picking up a foothold as data science workers consider them to be as an answer to all that they disdain about Hadoop.

However, running a Spark or Databricks work in data science sandbox and then promoting it into full production will keep on facing challenges. Data engineers will keep on requiring more fit and finish for Spark with regards to enterprise-class data operations and orchestration. Most importantly there are a ton of options to consider between the two platforms, and companies will benefit themselves from that decision for favored abilities and economic worth.

In-Memory Computing

In-memory computing has the additional advantage of helping business clients (counting banks, retailers, and utilities) to identify patterns rapidly and break down huge amounts of data without any problem. The dropping of costs for memory is a major factor in the growing enthusiasm for in-memory computing innovation.

In-memory innovation is utilized to perform complex data analyses in real time. It permits its clients to work with huge data sets with a lot more prominent agility. In 2020, in-memory computing will pick up fame because of the decreases in expenses of memory.

IoT and Big Data

There are such enormous numbers of advancements that expect to change the current business situations in 2020. It is hard to be aware of all that, however, IoT and digital gadgets are required to get a balance in big data trends 2020.

The function of IoT in healthcare can be seen today, likewise, the innovation joining with gig data is pushing companies to get better outcomes. It is expected that 42% of companies that have IoT solutions in progress or IoT creation in progress are expecting to use digitized portables within the following three years.

Digital Transformation Will Be a Key Component

Digital transformation goes together with the Internet of Things (IoT), artificial intelligence (AI), machine learning and big data. With IoT connected devices expected to arrive at a stunning 75 billion devices in 2025 from 26.7 billion presently, it’s easy to see where that big data is originating from. Digital transformation as IoT, IaaS, AI and machine learning is taking care of big data and pushing it to regions inconceivable in mankind’s history.

Source: https://www.fintechnews.org/top-10-big-data-trends-of-2020/

Continue Reading

Cyber Security

Feedzai grows +44% in the first half of the fiscal year and strengthens its C-suite

Avatar

Published

on

Feedzai grows +44% in the first half of the fiscal year and strengthens its C-suite
  • H1 growth above target amid the COVID-19 pandemic and market uncertainty. Multiple multi-year enterprise contracts negotiated during the lockdown

  • New Chief Financial Officer and Chief Marketing Officer join the company

  • 26% of the revenue invested in R&D and 10 patents filed in H1 2020

Feedzai, the world’s leading risk management platform, announced today that its Q2 2020 has been one of the most successful ever from a new business generated perspective. The company has experienced a +44% growth in new Annual Recurring Revenue (ARR) in H1 2020 when compared to H1 2019. A very successful renewal cycle and new large-enterprise deals closed in the US, EMEA, APAC, and LATAM, made the first half of the year a success.

Feedzai currently protects companies with more than 800 million customers in 190 countries. With more than 154M US individual and business taxpayers, almost half of the UK and Canada’s population, and 60% of global music streaming subscriptions being monitored and protected by Feedzai, the company has shown over the years that its mission-critical technology is preferred by the largest and most innovative companies in the world.

Since the beginning of the pandemic, Feedzai has seen an increase in financial crime, particularly mule accounts, phishing attacks, employer fraud, and a big spike in fraudulent activity related to online commerce in which people had to significantly rely on during the lockdown.

“Fraudsters thrive on periods of confusion and chaos, and this pandemic represents fertile breeding ground. While many bank capital investments are on hold amidst the economic uncertainty, we are seeing that solutions like Feedzai’s, which reduce fraud losses, decrease operational expense, and improve customer experience through more efficient detection routines are actually seeing increased prioritization for funding, given the increased urgency to protect digital channel transactions in a customer-friendly manner,” says Julie Convoy, Research Director at Aite.

“Feedzai had one of its best quarters ever amid the pandemic, while many industries, unfortunately, showed signs of deterioration. This simultaneously shows that our technology is mission-critical, and our business is crisis resilient,” said Nuno Sebastiao, Co-founder, and CEO of Feedzai. “I’m confident that our next phase of growth will benefit from market conditions in which digital transformation will play a larger than ever role, and from a set of strategic decisions we’ve made in the last 9 months.”

As part of the growth, Feedzai has achieved several important milestones, including:

Business Performance – Feedzai reports a +44% growth in H1 2020 compared to the same period in 2019. The company has also seen Q2 2020 growth above target amid the COVID-19 pandemic, which led to one of its best quarters ever from a new Annual Recurring Revenue (ARR).

C-suite Strengthening – the company has defined a combination of strategic hires and internal promotions to prepare the organization for the next level of growth

  • Amaury Dauge, Chief Financial Officer – joins Feedzai after several C-level roles at Qontigo and previous experience as the CFO of Euronext, the 6th largest stock exchange in the world

  • Varun Kohli, Chief Marketing Officer – a seasoned Silicon Valley executive, who has been part of multiple multi-billion dollar exits (8 out of 9 companies he worked at either went IPO or were acquired)

  • Richard Harris, EVP of Global Sales – a veteran in both the finance and technology industries, steps in to spearhead the global sales operation after 5 very successful years at Feedzai where he led international operations. Prior to that, Harris held leadership positions at Visa, Experian, and American Express

  • Pedro Barata, SVP of Product – after 10 years at Feedzai – hired as one of the first employees of the company – Barata becomes the new product leader after successfully building from scratch the entire Customer Success operation

  • Cristina Perez, Head of Legal – joins Feedzai after 20 years spearheading legal, public policy, and regulatory affairs at Vodafone Portugal

Geographic Expansion and Strategic Deals – Feedzai has closed deals during H1 in all of the regions it is currently operating in – US, EMEA, APAC, and LATAM – and was able to negotiate multi-year contracts with some of the largest and most innovative companies in the world (e.g. one of the biggest payments processors in the world, one of the top 3 banks in Brazil, one of the big four banks in Australia, the largest national card processor in Europe, and several others).

Cutting-Edge technology – Feedzai continues to pave the way with the most advanced, and promising machine learning techniques built to better protect customers and businesses all over the world. The company also keeps protecting its growing Intellectual Property portfolio with 6 new patents filed in the first half of the year around Deep Learning, Model Fairness Optimization, Active Learning, Transaction Graph Representations, and more. Feedzai will also invest around 26% of its revenue in R&D by the end of 2020, while the average investment made by successful SaaS companies sits at 23%.

Source: https://www.fintechnews.org/feedzai-grows-44-in-the-first-half-of-the-fiscal-year-and-strengthens-its-c-suite/

Continue Reading
AI18 mins ago

Beyond Limits and The Carnrite Group Create Alliance to Drive AI Innovation in Oil & Gas, Utilities, Power and Industrial Sectors.

Energy2 hours ago

Ball Corporation and Kroenke Sports & Entertainment Announce Global Partnership to Advance Sustainability in Sports and Entertainment Through Aluminum Beverage Packaging, Improved Recycling Programs and Consumer Education

Energy2 hours ago

St. James Gold Announces Private Placement

Energy2 hours ago

Worldwide Water and Wastewater Treatment Equipment Industry to 2027 – Featuring SUEZ, Ecolab & DuPont Among Others

Energy2 hours ago

Automotive Refinish Coatings Market Size Worth USD 11.69 Billion by 2027 | CAGR of 3.7%: Emergen Research

AR/VR2 hours ago

Captain Toonhead vs the Punks from Outer Space Unleashes FPS Tower Defense in 2021

Energy5 hours ago

Dorian LPG Ltd Provides Update for the Second Quarter 2021 and Announces Second Quarter 2021 Earnings and Conference Call Date

Energy5 hours ago

SK Innovation Declares Ambition to ‘Lead the Efforts for Battery Safety, Charging Speed and Driving Range’ at InterBattery 2020

Energy5 hours ago

Canada Nickel Makes Third New Discovery at Crawford Nickel-Cobalt Sulphide Project

Energy5 hours ago

AEP Reports Strong Third-Quarter 2020 Earnings

Blockchain8 hours ago

Eyeing EU Banks, Hex Trust Teams With SIA on Crypto Custody

Blockchain8 hours ago

Collider Labs Raises $1M to Invest in Blockchain Startups

Blockchain10 hours ago

Voyager Agrees to Buy LGO Markets and Merge 2 Firms’ Tokens

Cyber Security16 hours ago

Business Enablement By Way Of The BISO

Ecommerce16 hours ago

The Top eCommerce Companies in October, According to eCommerce…

Ecommerce16 hours ago

Footwear Manufacturer Otabo Steps Up Digital Strategy with Centric…

Ecommerce16 hours ago

Cloud Sales Veterans Release Essential Read for B2B Salespeople

Ecommerce16 hours ago

LaserShip Announces Its Time Of Need Philanthropic Program

Esports18 hours ago

cogu joins MIBR as manager and coach

Energy18 hours ago

Strategic Resources Files Mustavaara Technical Report

Energy18 hours ago

Ur-Energy Announces Extension of State Bond Loan and Provides Update

Energy18 hours ago

Pettit Marine Paint Develops the Most Effective Anti-fouling Paint to Hit the Market in Many Years – ODYSSEY® TRITON

Energy18 hours ago

Core Lab Reports Third Quarter 2020 Results From Continuing Operations:

Blockchain19 hours ago

Pelosi, Kudlow Signal Market-Moving US Stimulus May Wait Till After Election: Report

Energy19 hours ago

A Difference-Making Disinfectant

Blockchain19 hours ago

Market Wrap: PayPal Powers Bitcoin Past $12.8K as Ether Dominance Drops

Automotive19 hours ago

How Car Tires Are Manufactured

Medical Devices20 hours ago

5 Real World Applications of the Doppler Effect

Big Data20 hours ago

Join Hands with Instagram’s New Algorithm to Boost Your Business’s User Engagement

Blockchain20 hours ago

What the History of Headphones Says About the Internet’s Future

Blockchain21 hours ago

Villanova University to Send Private Ethereum Blockchain Into Space to Test Inter-Satellite Communication

Blockchain21 hours ago

Baby Steps or Handcuffs? Crypto Pros Assess PayPal’s Bitcoin Play

Energy22 hours ago

BioMicrobics Acclaimed by Frost & Sullivan for Its Continuous Innovation-led Growth in the Water and Wastewater Treatment Market

Blockchain22 hours ago

Crypto Options Exchange Deribit to Require ID Verification for All Users by Year End: Report

Energy22 hours ago

SME Education Foundation Seeks Industry Involvement for Unadilla Valley High School Initiative to Create STEM Opportunities for Students

Energy22 hours ago

Verisem Acquires State-of-the-Art Vegetable Seed Processing Facility, Further Enhancing Capabilities

Energy22 hours ago

Global Synthetic and Bio Based Polypropylene Market 2020-2026 Growing Demand in the Automotive Industries

AR/VR23 hours ago

AI-Driven Dynamic Filmmaking is the Future

Energy23 hours ago

Growing Concerns around Global Warming Are Set to Drive Hypercar Market Forward: TMR

AR/VR1 day ago

Angry Birds VR and Acron: Attack of the Squirrels Gear up for Halloween

Trending