1 min read

Hackers Are Using NFT Excitement to Trick Users

Researchers from Fortinet are warning of a new threat to be on the lookout for.

Right now, NFTs are all the rage.  Everyone is talking about them, and many are excited about them.  Hackers have been quick to take advantage of that fact, and the Fortinet researchers have stumbled across a poisoned spreadsheet that purports to contain information about NFTs.

The spreadsheet actually quietly deploys a malware strain called BitRAT when opened.

BitRAT is a particularly nasty strain of malware that first appeared for sale on the Dark Web back in late 2020.  It is notable because it can bypass User Account Control (UAC), which is a Windows feature designed to prevent unauthorized access to the OS.

Once installed on a target system BitRAT can steal login credentials from browsers and other applications. It can log keystrokes and upload or download files which makes it more than capable of installing other forms of malware once the beachhead has been established.

It’s too early to say yet whether NFTs are here to stay or if they’re just a flash in the blockchain pan.  Either way, if they are generating buzz and excitement around the world, hackers will continue to exploit that excitement.

As the Fortinet researchers put it:

“Be mindful that attackers often use attractive and trendy subjects as lures. As NFTs become increasingly popular, they will be used to entice victims into opening malicious files or clicking on malicious links.”

The best thing you can do is to educate your employees and inform them of the threat.  Remind everyone you know that no matter how exciting the topic might be, it’s never a good idea to open files from untrusted sources or click on links embedded in emails.  If you need to go to a website open a new browser tab and manually type in the URL.  Better safe than sorry.

Used with permission from Article Aggregator

The Cybersecurity Tools Are Fine. The Strategy Is What's Missing

The Cybersecurity Tools Are Fine. The Strategy Is What's Missing

TL;DR: Most businesses that experience a serious cyber incident had security tools in place when it happened. The problem isn't the firewall or the...

Read the full blog
What Your Law Firm's Ethical Obligations Actually Require from Your IT Infrastructure

What Your Law Firm's Ethical Obligations Actually Require from Your IT Infrastructure

TL;DR: Law firms holding privileged client data aren't just security targets; they're ethical custodians with documented obligations under ABA Model...

Read the full blog
Your Law Firm's IT Partner Is Either an Asset or a Liability. Which One Do You Have?

Your Law Firm's IT Partner Is Either an Asset or a Liability. Which One Do You Have?

TL;DR: Most law firms don't have an IT problem; they have an IT partner problem. A generalist provider can keep the lights on, but supporting legal...

Read the full blog

1 min read

Google Soon Informing Users About What Data Apps Collect

A small but important change is coming to your Android apps. Soon you’ll notice a new Data Safety section on the Google Play Store which will provide...

Read the full blog

1 min read

Microsoft Teams Gets Optimizations To Use Less Resources

Do you use Microsoft Teams and do you have an older PC that struggles with Teams video meetings? If so there’s good news. Microsoft has recently...

Read the full blog

1 min read

Why Your Business Should Use a Password Manager

To the average person, it’s too easy to forget a password and leave themselves vulnerable to account lockout, which can end up being a real hassle....

Read the full blog