BlackRock Trojan: Aggressive Viral Menace For Android Device Users

BlackRock Trojan: Aggressive Viral Menace For Android Device Users

A new attack on android applications known as the BlackRock trojan has already targeted over 300 applications on the android operating system, including banking, social media, and dating applications. Any application with payment features, which is most nowadays, has been targeted and users credit card information has been compromised. How does this all work though, and what implications will it have for the future of the android operating system?

The Mechanics of BlackRock

The essential approach that BlackRock takes to get access to your information is it sends out a false Google Update and requests accessibility privileges. After it is granted these privileges it develops its own autonomy and no longer needs further interaction from the user to operate, it does this through granting itself further permissions afterwards. 

Some abilities BlackRock has, are traditional of trojan attacks, and some are quite problematic. It can collect device information, it can perform overlay attacks, but even more concerning, it can prevent antivirus software and even prevent uninstalling, leading to a longer lifespan than most hacks and more damage being done to your device and more of your information being compromised.

The Network and History of BlackRock Malware

Information from the site ThreatFabric has concluded that BlackRock is based on banking malware known as Xerxes, which itself is a version of Lokibot malware, discovered in 2019. Lokibot is part of an underground network of rented malware which circulated in 2016 and 2017. What really caused it to be a ubiquitous problem is when the source code got leaked. 

Android tried to get out in front of the older malware by pushing their newer devices which, with their new hardware, had a natural adaptation curve for implementing the attacks on the new systems. This, unfortunately, didn’t last long. In 2018, MysteryBot dropped, which was an update on the Xerxes system to work with new Android systems. 

The ancestral history of BlackRock is inundated with Lokibot variants. Parasite was a brief problem, although after disappearing from the malware space, Xeres was the direct parent of BlackRock, with the former appearing in 2019 and now, here in 2020, we have BlackRock.

Top Apps That Have Been Threatened

Numerous applications have suffered the injection and compromise of BlackRock, but the most notable are:

  • Gmail
  • Google Play
  • Netflix
  • Wells Fargo
  • Twitter
  • Instagram
  • Facebook

Many others have been targeted as well, leading to an entire suite of applications being at risk. Millions of users could have been affected and had their financial and contact information now in the hands of hackers, which could be numerous themselves seeing as the above mentioned malware network is vast and diverse.

Implications for Android

Android, being a more open operating system, runs the risk of more of these said attacks if they don’t take a new approach to how they monitor their application base. Two futures exist for android after this latest breach.

One, they stay with the same approach they have now and hope that they can rely on a numbers game, praying that the majority of their apps stay solid with their own individual protection protocols, and hoping the majority of their users stay safe.

The other is they radically change how they monitor their operating system, implementing much more rigorous analysis of their potential apps and making the approval process contain much more scrutiny in their security requirements. 

Either way the future for android will remain risky if they simply ignore the growing underground network of malware. They desperately need to engage in research of this growing corner of the hacking world if they have any hope of maintaining a safe and secure user base.

Get more news, tips and tricks at our blog here.

Business Owners 12x More Likely to Be a Cyber Security Target Here’s What You Can Do About It

cyber security target

As a business owner or operator, it is up to you to protect yourself and your employees from cyber attacks. Unfortunately, many small business owners either underestimate the damage a cyber attack can cause or fail to take the proper steps to protect themselves. Below is a look at some reasons why business owners are more likely to be a cyber security target and some steps you can take to reduce your risk.

Why are Business Owners More Susceptible to Cyber Attacks?

A recent study by Verizon highlights how vulnerable business owners are to cyber security attacks. When compared to other employees, business owners and senior executives are a dozen times more apt to become a victim of a cyber security attack. Small businesses were especially likely to be targeted, accounting for 43% of cyber attacks and data breaches. Here are a few reasons why business owners and executives are more at risk:

They are incredibly busy

Business owners and top executives are usually preoccupied with the day to day activities of running a business. They are so busy focusing on customer issues, troubleshooting, and promoting their business that they do not have time to think about cybersecurity. 

They often know little about protecting themselves

In addition to having little time to think about IT threats, business owners typically know very little about cybersecurity. They have no idea about the most common threats or what measures they can take to protect themselves.

They think they are immune to attacks

Small business owners, in particular, are especially likely to think that they will never become a target of a cyber attack. They often assume that hackers will target larger, more profitable companies, and therefore focus little on prevention.

They underestimate the damage an attack can cause

With the average cost of a cyber attack now exceeding $1 million, a cyber attack can spell financial doom for a business – especially a small one. Between lost productivity, service disruptions, and a poor customer experience, cyber attacks can cause lasting damage to a business.

What are some simple steps you can take to help prevent attacks?

The path to preventing cyber attacks begins with knowledge and training. By having a keen understanding of your risks, you will be motivated to increase your focus on cybersecurity. Here are a few simple steps you can take to protect yourself from cyber attacks:

  • Make cybersecurity a top priority at your business
  • Incorporate cybersecurity details into your training initiatives
  • Ensure data is kept in a safe, secure location
  • Implement security surveying and testing procedures
  • Closely manage your internet firewall protection

What is the single best way to protect yourself from cyber attacks?

As outlined above, there are many reasons why business owners are at an increased risk of cyber attacks and data breaches. And while there are some measures you can take to help prevent these problems, the single best way to protect yourself and your business is to seek the services of an experienced IT partner. An accomplished IT partner will work with you to educate you and your team about the most common threats. More importantly, they will arm you with a strategic plan to protect you from those threats.

As New York’s premier provider of IT services, AE Technology Group is your solution to preventing cyber security attacks. We invite you to contact us to discover why business owners across NYC and Long Island trust us to protect their identity and their companies. For 20 years, we have delivered five-star IT support and management to businesses of all sizes. We look forward to giving you and your business the cyber security protection you deserve!

Prevent Cyber Attacks With This Essential Guide

The Essential Guide to Preventing Cyber Attacks

From data theft to compromising the core integrity of your company’s sensitive information, cyber attacks can strike anytime, anywhere. Malware and ransomware present a significant liability. Small businesses are especially vulnerable as these entities are often seen as an easy target. 43% of cyber attacks are aimed at small businesses and most close up shop within a year following a data compromise. Don’t leave your company’s future in the hands of hackers. Take control with AE Technology Group’s Essential Guide to Preventing Cyber Attacks.

Identify The Weakest Link

Conduct a detailed audit of your business systems and protocols. Establish what security measures are in place and what areas need to be fortified. A quick vulnerabilities check is essential in determining a course of preemptive action. Does your company train employees to be technologically compliant? Are uniform password standards and other security measures in place? Is software updated to ensure new, evolving threats are actively being mitigated?

Filling the gaps in your security wall is the best way to start defending against cyber crime.

Build Your Defense

Invest in robust antivirus and anti-malware software. No matter the scale of your business, the most valuable asset is your data. Building a strong cyber defense is the best way to secure systems information. Arm your network with a strong firewall and establish a routine for updating software and applications — or set systems to automatically update so your security never lapses.

Train Your Team

People are the greatest asset when it comes to preventing cyber attacks. Make sure your staff is equipped to play an active role in cyber security. 

Hosting biannual technology training courses provides a comprehensive environment for employees to learn about technology compliance. From phishing schemes to password protection, the digital world is constantly updating and rapidly evolving to meet the needs of today’s professionals. Keep your crew up to date as well with dedicated in house support, IT management, and one-on-one training opportunities.

Compliance is Key

Provide uniform corporate standards for data security. This includes password regulations and controlling user access through individual employee accounts. A good rule of thumb when it comes to password security is to utilize a combination of letters, numbers, and special characters. Sentence passwords are typically the most secure. Set passwords to expire every 6 months so that routine updates are required by all users.

Monitor any unauthorized activity to detect threats early on. This will allow management to minimize the impact of any malware that slips through the cracks. It’s also a good idea to manage employee credentials by limiting higher level data access. Assign user profiles with authority to install and download new software, as well as make administrative changes to critical systems information. Limiting access is a good way to reduce the risk of a cyber attack.

Along the same lines of protocol, consider compartmentalizing the network. Separate departments by access level so that each department only has access to the resources they need. This will make it easier for your managers and staff to focus on one aspect of the development environment without worrying about compliance outside of their organization.

Secure your company’s Wi-Fi network and ensure the network is always hidden to avoid any unwanted guests stealing your internet — or worse, your data.

Have a Back Up Plan

Even the most stringent of companies can be subject to a data breach. Keep your critical information secure by backing up your network through cloud storage options and external hard drives. Be sure to back up data on a weekly basis so your information is always up to date. This can dramatically minimize profit loss when it comes to recovering from a cyber attack.

When all else fails, the tech experts at AE have our New York business owners covered with comprehensive disaster recovery solutionsContact us today to learn more about securing your company’s future.

State of Email Security for 2019

State of Email Security for 2019

Email has been an irreplaceable blessing and a cruel curse to the cybersecurity of business over the years. Email connects the employees as well as the rest of the world. However, because email connects employees to the rest of the world, email has also come to be the largest vulnerability of any organization. In fact, recent studies report that 94% of companies will experience an email-related malicious attack. 

These attacks are generally phishing attacks such as emails requesting money transfers and fraud based attacks such as impersonation of third party vendors. Email is the easiest point of contact for other users, external or internal, to interact with employees and attempt malicious attacks. Reasons for improving email security are endless and companies are looking for solutions to remedy potential vulnerabilities in their systems.

Vulnerabilities are Increasing

The amount of email-based attacks towards a company has consistently seen a rise in recent years. As the world moves further and further along with the use of the internet and emails, this trend isn’t likely to see any change. IT departments are finding it increasingly difficult to protect the company and increase email security. In fact, 61% of businesses believe that they will likely or inevitably suffer an email-borne attack. 

Companies are continuing to promote email safety protocols and educate employees on the proper usage of email. Through these efforts, they hope to minimize security risks and improve vulnerability management. However, while these efforts to increase employee ability to spot cyber attacks have increased, only 25% of companies are providing training to actively increase email security. This training is commonly in the form of group sessions or informative videos. Some companies even go as far as having one on one sessions with employees to ensure that they understand the risk involved in email and that they keep the company safe while using it.

Effects of Attacks on Businesses

Many of these email-borne attacks have had direct effects on the functioning and profits of the organization. Specifically for email-based impersonation attacks, organizations have reported that:

  • 13% lost their position in the market
  • 26% loss of reputation
  • 27% had to cut back on employee numbers
  • 28% lost customers
  • 29% experienced direct financial loss
  • 39% experienced data loss

While 25% reported that they experienced no loss because of an impersonation email attack, this doesn’t mean that they didn’t suffer losses from some other form of attack. The chances are high that they did. 

More to Email Security Than Just Outside Threats

There’s more to email security than simply malicious user attacks. There are also human errors involved. 31% of C-suite level(CFO, CEO, CTO) employees have reported to had sent sensitive data to the wrong person. If this information is incorrectly sent to a fellow employee, the situation may not be so bad. However, if the wrong information is sent outside of the company, there is a chance that the information can be used to harm the company. Roughly 40% of employees at a given organization believes that the CEO undervalues the impact of email security.

C-suite level members of an organization are also the target of most cybercriminals. As C-suite level members often hold valuable information and have authorization to much of the company, cybercriminals highly target these individuals because they can profit the most from them. C-suite level employees, just as much as normal level employees, need to become better educated on email security.

Email security should be one of the many integrated security strategies seriously enforced to protect the company. For more information regarding the state of email security, contact AE Technology Group. We are well-versed in protecting the networks of companies and offer solutions that can prevent cyber disasters and increase vulnerability management including email security.

Take Charge of Security With Two-Factor Authentication

Take Charge of Security With Two-Factor Authentication
2 Factor Authentication

As attacks by hackers become all too common, it is increasingly important to ensure that accounts and passwords are protected. Two-factor authentication (2FA) provides an extra level of protection to accounts and is an important security option that all companies should consider. If you have questions or would like to learn more, AE Technology Group would be happy to help.

What is Two-Factor Authentication?

Two-factor authentication provides a method for ensuring that accounts are safe, even if a password is hacked or stolen. In addition to use of a password, 2FA requires that the account holder provide an additional piece of data or information to confirm the account. While there are many options for the second authentication factor, three common choices are:

  • A piece of information unique to the user, such as a password or PIN;
  • A physical object owned by the user, such as a smartphone or token; or
  • A biometric indicator, most commonly fingerprints verified by a fingerprint reader.

When an account needs to be verified, the system will first require that the user enter their password and then request their second form of authentication. For example, after a password is entered, the system may generate a phone call to the user’s smartphone.

What Are the Benefits of 2FA?

The most obvious benefit to 2FA is security. In the password/smartphone example used above, a hacker would only gain access to the account if they knew the account password and had access to the associated smartphone. 2FA also allows for increased flexibility for workers. Without having to worry about the safety of their devices, they can work remotely and in more locations – allowing them to maximize their time and productivity.

How Do I Implement 2FA?

AE Technology Group is perfectly poised to help your business implement 2FA.

Contact us today to get help improving safety and security for your business and employees.