Ransomware that can infect Mac computers, PowerPoint malware without macro scripts, and hackers that are hiding espionage malware in famous social media accounts — these are some of the new threats facing your data this week. What else is on the technological horizon? Find out in the stories below.
PowerPoint file downloads malware without macros
Be careful about opening your next email—it could contain an infected PowerPoint file.
Security researchers have found an infected PowerPoint file that’s circulating in mailboxes, according to Bleeping Computer. Once the file opened, all a victim needs to do is hover over a link to become infected — without activating macros.
The email comes with a subject of: "RE:Purchase orders" or "Fwd:Confirmation." The PowerPoint file is named "order&prsn.ppsx", "order.ppsx", or "invoice.ppsx."
Once the user hovers over the URL, the code invokes PowerShell in order to execute malicious code. However, if using Office with the Protected View feature enabled, the attack can be stopped.
“Office Protected View is enabled by default and protects against the technique described in the report. Both Windows Defender and Microsoft 365 Advanced Threat Protection also detect and remove the malware. We encourage users to practice good computing habits online, and exercise caution when enabling content or clicking on links to web pages,” Microsoft said in a statement.
Sometimes, however, these security features just aren’t enough, making backup vital to data protection and disaster recovery planning.
Hackers using Britney Spears’ Instagram account to hide espionage malware
Hackers are getting creative when it comes to hiding malware, and one Russian hacking group is using Britney Spears’s Instagram account, according to Ars Technica.
Researchers at Eset found a backdoor used to post comments on Britney Spears’s Instagram account to “locate the control server that sends instructions and offloads stolen data to and from infected computers.”
The group behind this espionage malware is Turla. The malware deployed by this group is difficult to detect because the servers controlled by the attackers’ malware is never directly referenced in the code or comments section.
Turla has also been known to infiltrate Windows systems used by embassies and European governments. They have also been seen using satellite-based internet connections to hide their work. Other attacks include those on military computers Linux backdoor malware campaigns against government IT systems.
This latest attack was discovered by researchers who noticed a Firefox browser extension pretending to be a security feature. This allowed third parties access and control infected computers.
If data can be stolen from government systems, it can be stolen from your machines as well — that’s why data protection needs to become an even greater priority.
Walmart blockchain trial reportedly a success
In a presentation at an annual investor event, Walmart announced preliminary blockchain trial results, Coin Desk reports. Walmart began this trial with IBM and Tsinghua University of Beijing last year to track the flow of pork throughout the supply chain in China.
Reports claim that Walmart wants to expand this blockchain trial to track unmanned delivery vehicles after the initial trial produced “very encouraging” results.
"This is just the start of our blockchain exploration. We plan to continue to test the technology, by including more data attributes, for example. And we will continue to test how we can use it to improve food traceability and transparency by collaborating with others throughout the supply chain. This means farmers and suppliers and other retailers,” the company said.
During this trial, blockchain was able to shorten the tracking of goods to mere minutes instead of days. It also made the responses to tainted food more effective and efficient.
The use of blockchain could continue to increase efficiency, traceability, and transparency the more it’s used in the supply chain, and Walmart will continue to expand its uses.
Ransomware-as-a-service is now targeting Macs
A new discovery is leaving Mac users worried.
For the first time ever, ransomware-as-a-service (Raas) has been seen creating a package to target Mac OS, according to ZDNet. The ransomware is called MacRansom and it’s sold on the dark web. Ransomware-as-a-service schemes have been very popular lately, but have only targeted Windows machines up until now.
The creators of this ransomware claim it’s “the most sophisticated Mac ransomware ever.”
This RaaS package comes equipped with a trigger time that allows criminals to delay the encryption of victim files. It encrypts a maximum of 128 files, prompting researchers to think that this specific variant is actually less sophisticated than other ransomware targeting Mac computers.
"People generally assume when they are using Macs they are relatively safe from malware. This has been a generally true statement, but this belief is becoming less and less true by the day," according to researchers at MacSpy.
Mac computers are becoming increasingly unsafe as cyberthreats continue to evolve. Ensure your data is safe by performing routine backups.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.
