Experts say US cybersecurity implementation plan could face challenges. Democrat and Republican lawmakers scrutinize US intelligence surveillance practices. A Maryland county recovers after a cyberattack.

Remcos Everywhere! Attacking From a Weaponized Zip File

[[{“value”:”

Cybersecurity circles are abuzz with the latest campaign involving the notorious Remote Control System (RAT), Remcos.

This sophisticated malware has been making headlines for its widespread and targeted attacks, particularly in Eastern Europe.

The recent surge in activities has seen Romania, Moldova, and neighboring countries falling victim to a cleverly disguised threat, masquerading as a benign communication from a Romanian industrial equipment supplier.

The Ingenious Social Engineering Scheme

The attackers have adopted a cunning approach to infiltrate companies’ defenses, leveraging social engineering tactics that exploit human psychology.

Companies in the targeted region have been receiving emails with “Comandă nouă” (New Order), seemingly originating from a legitimate supplier specializing in machine tools.

Document

Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data

If you want to test all these features now with completely free access to the sandbox:

Analyze malware in ANY.RUN for free

These emails contain a ZIP archive named “Noua lista de comenzi.zip” (New Order List.zip). Upon opening, it reveals a malicious executable file masquerading as a command list, “Noua lista de comenzi.exe” (New Order List.exe).

This file, once executed, unleashes the Remcos RAT onto the unsuspecting victim’s system.

The Perils of Remcos RAT

The deployment of Remcos RAT is not to be taken lightly. This malware grants attackers remote access to compromised systems, paving the way for many nefarious activities, as reported by Broadcom.

The implications for affected companies are dire, encompassing data theft, system compromise, operational disruption, espionage, and significant reputational damage.

Furthermore, the legal and compliance ramifications can not be overstated, potentially leading to severe financial penalties and loss of business.

Symantec’s Shield Against Remcos

In the face of this escalating threat, Symantec has stepped up to offer robust protection against Remcos RAT. Symantec’s email security products have comprehensive coverage designed to thwart email-based attacks.

The company’s adaptive, file-based, machine learning-based, and network-based defenses are meticulously engineered to detect and neutralize threats like Remcos.

Symantec uses key identifiers to protect against this RAT, including ACM.Ps-RgPst!g1, Trojan.Gen.MBT, Trojan.Gen.NPE, and Heur.AdvML.B!100, along with monitoring for lousy reputation application activity.

The emergence of Remcos RAT in a weaponized ZIP file, exploiting social engineering tactics, underscores the evolving landscape of cyber threats.

Companies, particularly those in the targeted regions, must remain vigilant and adopt a proactive stance toward cybersecurity.

Leveraging advanced security solutions like those offered by Symantec, alongside fostering a culture of security awareness among employees, can significantly mitigate the risk posed by such sophisticated attacks.

The battle against cyber threats like Remcos RAT is ongoing and requires a concerted effort from organizations, cybersecurity vendors, and individuals.

By staying informed and prepared, we can collectively thwart cyber adversaries’ ambitions and safeguard our digital domains.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter

The post Remcos Everywhere! Attacking From a Weaponized Zip File appeared first on Cyber Security News.

“}]]   Read More 

Cyber Security News 

Why less is more: 10 steps to secure customer data

In an advisory aimed at the protection of customers’ personal data, the Australian Cyber Security Centre (ACSC) has emphasized that businesses should only collect personal data from customers that they need in order to operate effectively.

While that may seem like kicking in an open door, it’s really not. It’s relatively easy to decide which personal data you need to have for a new customer. It’s a bit harder to stop there. Many small business use pre-formatted questionnaires that ask for information they don’t actually need for day to day operations, and it’s hard to keep track of data they no longer need.

The advisory, titled Securing Customer Personal Data for Small and Medium Businesses, is written for small and medium businesses, but many larger corporations could benefit from it as well. The guide was written because data breaches against Australian businesses and their customers are increasing in complexity, scale, and impact.

It outlines a few steps businesses can take to organize, minimize, and control the personal data they collect, in order to contain the impact of a data breach. With the growing tendency to do business online, businesses have a responsibility to keep the personal data they collect safe.

The ACSC recommends implementing 10 steps to secure customer personal data:

Create a register of personal data. Keep an inventory of the types of data you have collected and where they are stored. For example, a register of databases and data assets.

Limit the personal data you collect. Do not collect data “just in case.” You don’t have to worry about what you don’t have stored.

Delete unused personal data. Probably the hardest step, it takes policies stipulating how long customers’ personal data should be stored before it is deleted.

Consolidate personal data repositories. Consolidating customers’ personal data into centralized locations or databases allows businesses to focus on key data repositories and apply enhanced security practices.

Control access to personal data. Employees should only have access to customers’ personal data that they need in order to do their job.

Encrypt personal data. Full disk encryption should be applied to devices that access or store customers’ personal data, such as servers, mobile phones and laptops. Customers’ personal data should be protected by encryption when communicated between different devices over the internet. Additionally, businesses may choose to implement file-based encryption to add an extra layer of protection in the event that systems are compromised as part of a cyberattack.

Backup personal data. Backups are an essential measure to ensure an organization can recover important business data in case of damage, loss or destruction. Backups are also critical in protecting customers’ personal data from common incidents such as ransomware attacks or physical damage to devices.

Log and monitor access to personal data. Implementing logging and monitoring practices can assist businesses in detecting unauthorized access to customers’ personal data.

Implement secure Bring Your Own Device (BYOD) practices. Businesses that employ BYOD policies need to have appropriate protections in place to ensure that this is done securely and does not increase the risk of data breaches. It’s important to have a clear policy and rules to enforce it.

Report data breaches involving personal data. Make sure you are aware of the existing local reporting obligations in case you are the victim of a data breach involving customers’ personal data.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

   Read More 

Malwarebytes