Kyle Smith – McAfee Blogs https://www.mcafee.com/blogs Securing Tomorrow. Today. Mon, 11 May 2020 18:31:06 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.1 https://www.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Kyle Smith – McAfee Blogs https://www.mcafee.com/blogs 32 32 Leveraging McAfee Endpoint Security to Protect Against Emotet and Other Malware https://www.mcafee.com/blogs/enterprise/leveraging-mcafee-endpoint-security-to-protect-against-emotet-and-other-malware/ https://www.mcafee.com/blogs/enterprise/leveraging-mcafee-endpoint-security-to-protect-against-emotet-and-other-malware/#respond Thu, 13 Jun 2019 16:00:40 +0000 https://securingtomorrow.mcafee.com/?p=95532

Customers often ask us how to implement the suggestions provided in our blogs and threat advisories to better protect their environments. The goal of this blog is to do just that. By showing you how to better use our products, you’ll be able to protect against Emotet and other malware. Emotet is a Trojan downloader […]

The post Leveraging McAfee Endpoint Security to Protect Against Emotet and Other Malware appeared first on McAfee Blogs.

]]>

Customers often ask us how to implement the suggestions provided in our blogs and threat advisories to better protect their environments. The goal of this blog is to do just that.

By showing you how to better use our products, you’ll be able to protect against Emotet and other malware. Emotet is a Trojan downloader spread by malicious spam campaigns using JavaScript, VBScript, and Microsoft Office macro functions. It downloads additional malware and persists on the machine as a service. Emotet has been observed to download ransomware, mass-mailing worms, W32/Pinkslipbot, W32/Expiro, W32/Dridex, and banking Trojans.

NOTE: Always test changes prior to implementing them in your environment.

1. DATs and product updates

One of the most common issues seen while in Support was an outdated DAT.

2. Make sure you have at least one scheduled product update task in McAfee ePO to run daily.

3. On-Access Scan (OAS) configuration for McAfee Endpoint Security and McAfee VirusScan Enterprise

Ensure that On-Access Scan (OAS) is enabled and set to scan on read and write and that entire drives aren’t excluded from being scanned. McAfee Endpoint Security and McAfee VirusScan Enterprise allow you to configure different scan settings based on the process. You can enable “Configure different settings for High-Risk and Low-Risk processes” to improve performance and reduce the need for file/folder exclusions. See KB88205 for more information.

Be sure that Artemis/GTI is enabled and that the first scanner action is “Clean” and the second action is “Delete”.

NOTE: Setting Artemis/GTI to High or Very High should be done gradually and with testing to reduce the risk of false positives. See KB53735 for more information.

4. On-Demand Scan (ODS)

A weekly On-Demand Scan (ODS) is suggested to ensure that your systems don’t have malware or PUPs. Do not run an ODS during peak business hours, as users may complain about system performance.

5. Access Protection (AP)

While the default Access Protection (AP) rules provide decent coverage, both McAfee Endpoint Security and McAfee VirusScan Enterprise allow for the creation of user-defined rules to prevent infection and the spread of worms or viruses. Below are some pre-created ones that should be tested and enabled in your environment to provide additional protection.

Pre-Defined Rule:

  • Disabling Registry Editor and Task Manager — Certain malware may attempt to disable the Task Manager to prevent the user from terminating the malicious process. Enable this AP rule to prevent the Task Manager from being disabled.

6. Access Protection (AP) rules for virus and worm outbreaks

These rules should only be enabled during a virus outbreak and for workstations only. Implementing the last two shown below may cause issues with file servers running McAfee VirusScan Enterprise or McAfee Endpoint Security. Always test these rules before you enable them:

  • Remotely Creating Autorun Files
  • Remotely Creating or Modifying Files or Folders
  • Remotely Accessing Local Files or Folders

NOTE: Only create a separate AP policy for workstations if you wish to continue using the AP rules below. Remotely creating files between workstations is unusual behavior.

7. User-defined AP file/folder patch locations

The user-defined rule below is one common location for malware.

8. Microsoft Office malware

Most threats come through email and are often downloaders for other malware. The AP rule below is intended to prevent Microsoft Office applications from executing PowerShell. You can include CScript.exe and WScript.exe as well.

9. McAfee Endpoint Security firewall

Almost all organizations have a firewall at the perimeter level. Some may opt to disable the built-in firewall on workstations and servers. The McAfee Endpoint Security Firewall is more comprehensive than the Windows firewall and can be used to prevent communication to malicious IPs and domains.

10. Blocking malicious traffic with the firewall

Blocking malicious network traffic prevents new variants from being downloaded and can minimize the impact on the environment. Environments that don’t block malicious traffic as one of the first steps often take longer to clean up.

The post Leveraging McAfee Endpoint Security to Protect Against Emotet and Other Malware appeared first on McAfee Blogs.

]]>
https://www.mcafee.com/blogs/enterprise/leveraging-mcafee-endpoint-security-to-protect-against-emotet-and-other-malware/feed/ 0
New Wave of Browser Hijackers and How to Protect Your Environment https://www.mcafee.com/blogs/enterprise/new-wave-of-browser-hijackers-and-how-to-protect-your-environment/ https://www.mcafee.com/blogs/enterprise/new-wave-of-browser-hijackers-and-how-to-protect-your-environment/#respond Tue, 23 Oct 2018 17:50:50 +0000 https://securingtomorrow.mcafee.com/?p=92145 We recently received customer submissions related to a phishing campaign that was redirecting users to a browser hijacker. It became clear, after analysis, that these cases were related to a technical support scam in which the attacker uses scare tactics—such as displaying fake error messages and phone numbers—to trick the user into thinking they are […]

The post New Wave of Browser Hijackers and How to Protect Your Environment appeared first on McAfee Blogs.

]]>
We recently received customer submissions related to a phishing campaign that was redirecting users to a browser hijacker. It became clear, after analysis, that these cases were related to a technical support scam in which the attacker uses scare tactics—such as displaying fake error messages and phone numbers—to trick the user into thinking they are infected with malware and paying for unnecessary technical support. This has special relevance for both consumer and corporate users since businesses rely heavily on emails. Phishing emails are one major contributor to security breaches.

As shown in the picture below, the user receives an email asking them to click on a box to display a message. When the user clicks the message, they are redirected to a URL prompting for user credentials.

The malicious URL is revealed by hovering over the message box, as shown in the screenshot below. These URLs tend to be available for a short time and are frequently changed in the phishing email.

The user may be redirected to a website like the one displayed below. Users may be tricked into providing their credentials.

This behavior resembles ransomware, since the user is unable to exit the browser as it enters full-screen mode. The user may also hear audio, which has also been observed with some ransomware variants. If you are unable to close the tab or the browser, open the task manager using Ctrl + Alt + Delete, locate the browser, and then terminate the process.

The screenshot below illustrates another example with some slight changes.

All domains involved in this campaign were purchased from Namecheap. The email accounts used to propagate this phishing attack are legitimate accounts that were compromised. Email hashes cannot be provided since they contain customer information.

How does McAfee protect users from technical support scam threats?

The malicious HTML embedded in the email has DAT coverage as “Phish-EmailFraud.icu” and it is included in current DATs. Users can also use a combination of other McAfee products to protect their environment and their employees. Some of the products available are McAfee SiteAdvisor and McAfee Security for Microsoft Exchange.

McAfee SiteAdvisor

By using McAfee SiteAdvisor, the user collects the malicious URLs and adds them to the blocked sites list. This prevents other users from mistakenly providing their credentials if they receive the phishing email.

This can be achieved by accessing the Block and Allow List Policy in McAfee ePolicy Orchestrator (McAfee ePO) and adding the URL as illustrated below.

McAfee Endpoint Security 10.5 product guide:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26799/en_US/ens_1050_help_0-00_en-us.pdf

McAfee Security for Microsoft Exchange

McAfee Security for Microsoft Exchange can be used to block the sender’s email address and prevent the phishing email from being sent to additional employees. This variant was taking advantage of a local user account to send the phishing emails. By using McAfee Security for Microsoft Exchange, users can blacklist their email addresses so they are not sent malicious emails.

McAfee Security for Microsoft Exchange 8.6.0 product guide:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27213/en_US/msme_860_pg_en-us.pdf

What else can you do?

Any suspicious URLs can also be checked on the TrustedSource site. This will help determine if McAfee is aware of the URL and already providing coverage as illustrated below.

The URLs associated with this phishing attack have been classified as high risk in TrustedSource and McAfee SiteAdvisor.

How do I submit a malicious URL to McAfee?

Send an email to sites@mcafee.com and they will gladly work with you.

 

For more information on phishing attacks, please visit the following links:

Knowledge Center article: How to recognize and protect yourself from phishing

Blog: How to Spot Phishing Lures

Blog: Don’t get hooked – phishing email advice for your employees

The post New Wave of Browser Hijackers and How to Protect Your Environment appeared first on McAfee Blogs.

]]>
https://www.mcafee.com/blogs/enterprise/new-wave-of-browser-hijackers-and-how-to-protect-your-environment/feed/ 0
Smarter Clicks: 5 Tips to Help Your Family Avoid Risky Cyber Search Traps https://www.mcafee.com/blogs/consumer/family-safety/smarter-clicks-5-tips-to-help-your-family-avoid-risky-cyber-search-traps/ https://www.mcafee.com/blogs/consumer/family-safety/smarter-clicks-5-tips-to-help-your-family-avoid-risky-cyber-search-traps/#respond Sat, 13 Oct 2018 14:00:57 +0000 https://securingtomorrow.mcafee.com/?p=91978 Searching the internet has become as much a part of daily life as pouring that first cup of coffee each morning. We rely on it, we expect it to deliver, and often, we do it without much thought. McAfee’s annual Most Dangerous Celebrity list gives us a chance to hit pause on our habits and […]

The post Smarter Clicks: 5 Tips to Help Your Family Avoid Risky Cyber Search Traps appeared first on McAfee Blogs.

]]>
smart search habitsSearching the internet has become as much a part of daily life as pouring that first cup of coffee each morning. We rely on it, we expect it to deliver, and often, we do it without much thought. McAfee’s annual Most Dangerous Celebrity list gives us a chance to hit pause on our habits and think about smart search habits.

MDC: Ruby Rose

This year, it’s “Orange is the New Black” and “Batwoman” actress Ruby Rose, who gets to don the digital crown of Most Dangerous Celebrity. That means cyber crooks and hackers are on to the public’s love of Ruby Rose and are exploiting those innocent searches for news, photos, and videos on this top actor. Other top dangerous searches include the list on the right graphic. (Sitcom and television actors — Kristin Cavallari, Debra Messing, Kourtney Kardashian — surprisingly outranked musicians this year by the way, so the click trend is weighted toward TV fans; if you are one, beware)!

This MDC reveal, coupled with October’s National Cyber Security Awareness Month (NCSAM) is a perfect time to sit down with your family and discuss safe clicking practices.

Smart Clicking

  1. smart search habitsBeware of third party movie/music downloads. Some kids (and adults) search the internet for bootleg movies and music to download. Talk to your kids about this unsafe (and illegal) practice and the consequences of doing this. The safest thing to do? Advise your kids to wait for the official release instead of visiting a third-party website that could contain malware. This also applies to MP3 music searches. If you search the phrase “free MP3” results would include some risky websites, so be aware of this cyber trap and search carefully. If a site looks suspect, keep moving. Teach kids that very few things that are legitimate are also free online.
  2. Update ASAP to stay safe! When you get a notification to update your phone, tablet, or PC, do it right away to make sure you have the latest, most secure version — which includes security updates and bug fixes — of your software. Updating timely is a critical way to block hackers and stop malware.smart search habits
  3. Examine links. We aren’t about to stop searching right? So, the solution is to search smarter.Like it or not, we’ve got to become security pros to some degree. Teach your family members to slow down and examine sites in order to spot sketchy third-party links. Look for flaws. Refuse to click on that third-party link that could get you in trouble — it’s simply not worth it!
  4. Protect devices. We are going to search; not much can stop that. So, search with an extra layer of security protection such as McAfee Total Protection. This comprehensive security solution keeps your family devices protected against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor which can stop your kids from going to malicious websites.
  5. Think about parental control software. Kids are big fans of whomever and whatever is on trend and love to search, scroll, and consume information on celebrities. Helping kids balance online time with daily responsibilities and relationships can take up a big chunk of our time as parents. Consider setting limits on screen time and use software that filters inappropriate content and protects against malicious sites.

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post Smarter Clicks: 5 Tips to Help Your Family Avoid Risky Cyber Search Traps appeared first on McAfee Blogs.

]]>
https://www.mcafee.com/blogs/consumer/family-safety/smarter-clicks-5-tips-to-help-your-family-avoid-risky-cyber-search-traps/feed/ 0