LACyber: Cyber Security Blog

As a continuation of our series of the top malware from the Center for Internet Security, we’re breaking down the top five malware of October 2018. By understanding who the malware targets, how it spreads and what you can do to ensure your data is secure and protected, you will be proactive in protecting your data.

Below are the top five malware from October 2018:

5: Cerber:

What is Cerber?

Cerber encrypts the files of infected users and demands money in exchange for giving access to their files back.

One of the most active malwares around currently: anyone can unleash it, for around 40 percent of the profits.

It works even if you are not connected to the internet, so you can’t stop it by unplugging your PC.

How is it spread?

Email with an infected Microsoft Office document attached.

The malware then encrypts files with algorithms and renames them with a random file extension.

Who does it target?

Anyone and Everyone can be affected!

 *except users in certain countries: Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine or Uzbekistan*

At least for now!

4: NanoCore

What is NanoCore?

NanoCore is a modular trojan that can be modified to include additional plugins, expanding its functionality and performance based on the user's needs and experience level.

Who does NanoCore Target?

NanoCore's ease of use and ability to customize features makes it a popular option for novices and skilled hackers alike. This makes it a popular malware that is spreading worldwide.

Method of Infection?

It spreads mainly through malicious emails

It can open a backdoor that allows the hacker to access the webcam and microphone, view the desktop, create internet message windows and offers other options.

3: ZeuS:

What is ZeuS?

ZeuS Virus, also known as ZeuS Trojan malware, is a form of malicious software that targets Microsoft Windows.

It uses two main methods of infection:

Spam messages

Drive-by downloads

Who does ZeuS Target?

ZeuS is often used to steal financial data! Banks are being targeted through specific email campaigns especially in Canada and The United States.

However, it is starting to be seen targeting individuals as well as businesses alike!

2: Kovter

What is Kovter?

Kovter is a trojan malware aimed at performing ad fraud and is hard to detect and remove, as it uses file-less infection methods.

Method of infection?

Mail attachments as a Macro in a Word document file.

Self-downloading file that is stored in the system to gain persistence.

Who does Kovter Target?

The earliest reports of the malware viewed it as a police ransomware.  It would remain in the system waiting for the right opportunity- most often when the user downloaded illegal files.

It has since evolved into click fraud malware, now even a file-less malware in some cases.

1: Emotet

What is Emotet?

Emotet is an advanced, modular banking Trojan that primarily functions as a downloader of other banking Trojans.

Method of Infection?

Currently, Emotet uses five known spreader modules:

NetPass.exe, Web Browser Pass View, Mail Pass View, Outlook scraper, and a credential enumerator.

Emotet sends an email containing either a malicious link that leads to a downloader document or that has a malicious document attached.

The anti-analysis module performs multiple checks to make sure it is not being run on a malware research machine, then it loads the main component

Who does Emotet target?

Originally, Emotet spread banking Trojans, and was focused on targeting banking customers in Germany.

However, Swiss banking customers became another target and Emotet evolved into more modular malware.

The new version of Emotet has separate modules for everything from it’s loader to malicious spam.

What makes Emotet SO dangerous?

It can lead to…

• Temporary or permanent loss of sensitive or proprietary information,
• Disruption to regular operation,
• Financial losses incurred to restore systems and files, and
• Potential harm to an organization’s reputation.

Malwares can be serious threats to your future and the future of your business.

So, what can YOU do to protect yourself?

1. Enable your internet pop-up blocker: Pop-ups and ads are the most widely used tactic by cybercriminals with the intention to spread malicious programs. Avoid clicking uncertain sites, software offers, and pop-ups in general.
2. Keep your System Updated: To avoid infections, you should always keep your system updated through automatic windows updates.
3. Enforce Cyber-Security precautions with a Third-party: Take the time to enforce precaution with a third-party contractor to mitigate the risk of a breach. At LACyber we offer a comprehensive approach to securing your information from precaution to maintenance and even reactional practices if necessary!
4. Regular Backup: Regular and periodical backups is crucial to help you to keep your data safe in case the system is infected by any kind of virus, malware, or any other infection.
5. Always have an Anti-Virus: Precaution is always better then Reaction.

LACyber is a division of Lincoln Archives providing comprehensive Data Breach Defense Services. Lincoln Archives and LACyber are proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.