Email address spoofing

Have you ever received an email from an address you trust but it contains a virus or links to phishing websites? Email spoofing (a nice name for forging) is fairly easy to do and many cyber criminals do it in order to trick you into giving away valuable information or even worse. By spoofing a trusted email account (it could even be one used by your company) the chances that you click on one of the links or open up the attachment are higher than if the email came from someone you didn't know.

So how do you protect yourself against email spoofing? The first step is to never trust any email that comes in. Always treat emails with suspicion, and if you are unsure about an email from a trusted source then phone the sender. Avoid clicking links in emails, only open attachments from people you trust (verify that they sent the email with them if need be) and always have a good up-to-date antivirus on your computer. Vigilance is the best defence when combating cyber criminals.

Criminals using your servers to make money

If you thought Ransomware was the worst thing to happen to your servers think again. Your server can now be hijacked and used as part of a botnet to mine cryptocurrencies. This horror story scenario is exactly what is happening with the Smominru botnet which has infected more than half a million servers around the world. These hijacked servers have been used to mine the cryptocurrency Monero and since the botnet first appeared in May 2017 it is estimated that the botnet has mined 8,900 monero tokens. At current exchange rates Monero is valued at $323.55, which brings the total amount of money made to $2.8 million (R32.7 million).

The botnet used an exploit developed for the US National Security Agency called EternalBlue. The exploit which affects Windows machines was leaked last year. This is not the first time EternalBlue has been used to compromise systems. In May 2017 it was used in conjunction with another exploited (also from the NSA) called DoublePulsar to spread the WannaCry ransomware which infection the UK NHS systems. So far attempts to bring down the botnet have failed due to its resilience, and due to the anonymous nature of the Monero blockchain it is impossible to see who the money is going to.

Servers are the ideal target for such attacks because they are always on and are far more powerful than the average home computer. The downside for the owners of these servers is the increased power consumption and heat generated, this can have the further negative impact of reducing the lifespan of the components inside the server.

So what can you do to protect yourself or reduce the impact if you do get infected? Well the first step is to always have an up-to-date antivirus. IT Windows recommends ESET Endpoint Antivirus for all our business clients (ESET Endpoint Security for the road warriors); and one of the various ESET server products to protect servers. It is also important to ensure that Windows machines are kept up-to-date with the latest patches, especially zero-day patches, since the vulnerability exploited was patched last year. Our technicians check our clients' servers on a regular basis to ensure that they are running well. Such routine checks ensure that we can spot when a server is not behaving properly and then investigate the cause.