SignFlow engineers terminate menacing Bitcoin virus

Featured

pic for SignFlow bitcoin blogA dangerous Bitcoin-mining virus has been detected and disabled by two of our IT experts.

A potentially devastating Bitcoin-mining virus has been stopped in its tracks, thanks to the vigilance and quick actions of SignFlow (a PBSA brand) engineers William Vermaak and Morne Wilken.

Vermaak and Wilken detected malicious activity on one of their customer’s servers last week, immediately analysed the source of the virus and un-infected the server.

According to Vermaak, the virus had gone undetected by all available virus packages. “We submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.”

Founded in 1992, ESET is a Slovakia-based IT security company that offers anti-virus and firewall products such as ESET NOD32. The security company named the virus winlog.VBS – VBS/TrojanDownloader.Agent.QE trojan winlog.bat – BAT/CoinMiner.UG Trojan.

By the time of detection, the virus had already infected 0.04% of Windows computers in South Africa, while Russia was hardest hit, with 0.5% of all Windows computers infected. Windows is currently the most popular end-user operating system in the world.

Essentially a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim’s computer, and then mines Bitcoins for the virus originator. Vermaak says this type of virus is particularly evasive. “It tries to make itself resilient and configures various system schedules to start it again if it’s stopped. The virus will also install itself on the system as a system service.

“The virus infiltrates the System Registry and changes some keys to make itself run again if it’s shut down. Shortcuts on the victims’s Desktop are modified to run the virus and these then run the original program, in an attempt to mask it’s presence. The virus also copies itself into various other files on the system – including Microsoft.exe – to try ensure resilience.”

Prevalent pest

According to Manuel Corregedor, chief operations officer at information security company Telspace Systems, Bitcoin-mining viruses have become rampant. “There has definitely, in recent times, been an increase in Bitcoin-mining viruses – in particular the diversification of the type of currencies they mine.”

Almost three months ago, Russian president Vladimir Putin’s Internet advisor, Herman Klimenko, issued a dire public warning that 20 to 30 percent of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.

At the time Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the “most common and most dangerous” type of computer malware in existence.

Corregedor says the main issue Bitcoin-mining malware creates, is that it negatively impacts the performance of the victim’s computer. “[The malware] does this by stealing/utilising the infected computer’s resources (CPU, GPU, RAM, etc). This may result, over time, in increased wear and tear, which may cause the computer to fail or cease.” On top of this destructive consequence, he adds, there are other costs associated with increased power consumption.

But this destructive malware goes even further. Apart from the said performance impact, Corregedor notes that – apart from mining Bitcoins – it  has also been seen launching web- and network-based attacks, such denial of service attacks, login brute force attacks and web application attacks.

“It should also be noted that the danger [with Bitcoin-mining malware] is further increased due to the fact that [it] has been found to be infecting Internet of Things devices i.e. web cameras, routers, Network Attached Storage devices, etc.  The infections have mainly occurred due to these devices having default credentials configured on them – for example user name admin and password admin on a router.”

Protection pointers

Corregedor says users can protect themselves against these kinds of malicious virtual attacks by ensuring their operating systems (Windows, Linux etc) are up to date with the latest security updates (patches).

He gives the following pointers:

  • Ensure you have anti-virus software installed and that it is up to date
  • Ensure your devices are not using any default login credentials and/or weak login credentials, in particular devices such as routers
  • Enable/install a Firewall
  • Install a HIPS (Host Intrusion Prevention System)
  • Be cautious/aware when it comes to receiving unexpected emails with attachments and/or installing potentially unwanted software

“Attackers are constantly scanning the internet looking for devices that are not up to date and/or are not configured securely (for example using default credentials).  Once such systems are identified, they are infected with malware,” he warns.

“Additionally, attackers are also constantly sending out spam/phishing emails that contain malicious attachments.”

Corregedor says, while South Africa is just as vulnerable as any country when it comes to infection, the country’s lack of a National Information Security Awareness campaign could render it in deeper danger.

SA experts stop bitcoin virus

Published by IT-Online on 17 October 2017

A dangerous Bitcoin-mining virus has been detected and disabled by two Johannesburg-based IT experts.

White hat ethical hacker William Vermaak, from PBSA’s digital arm pbDigital, and senior software developer Morne Wilken, detected malicious activity on one of their customer’s servers last week. The two immediately analysed the source of the virus and uninfected the server.

According to Vermaak, the virus had gone undetected by all available virus packages.

“We submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.”

By the time of detection, the virus had already infected 0,04% of Windows computers in South Africa. Russia was hardest hit, with 0,5% of all Windows computers infected.

Essentially a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim’s computer, and then mines Bitcoins for the virus originator.

Vermaak says this type of virus is particularly evasive. “It tries to make itself resilient and configures various system schedules to start it again if it’s stopped. The virus will also install itself on the system as a system service.

“The virus infiltrates the System Registry and changes some keys to make itself run again if it’s shut down. Shortcuts on the victims’s Desktop are modified to run the virus and these then run the original program, in an attempt to mask it’s presence. The virus also copies itself into various other files on the system — including Microsoft.exe — to try ensure resilience.”

Almost three months ago, Russian president Vladimir Putin’s Internet advisor, Herman Klimenko, issued a dire public warning that 20% to 30% of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.

At the time, Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the “most common and most dangerous” type of computer malware in existence.

 

SA white hat hackers disable Bitcoin-mining virus

Published by ITWeb on 17 October 2017.

A dangerous Bitcoin-mining virus has been detected and disabled by two Johannesburg-based IT experts.

A potentially devastating Bitcoin-mining virus has been stopped in its tracks, thanks to the vigilance and quick actions of two local IT experts.

Although mining Bitcoin with regular computer hardware is no longer profitable, that isn’t keeping criminals from giving it a try. Over the past few years, there have been several types of Bitcoin-mining malware, infecting computers all over the world.

White hat ethical hacker William Vermaak, from PBSA’s digital arm pbDigital, and senior software developer, Morne Wilken, detected malicious activity on one of their customer’s servers last week.

The two immediately analysed the source of the virus and uninfected the server. “Unfortunately, the only trace left in the code by the originator is the Bitcoin wallet that the Bitcoins will be deposited into. To trace the Bitcoin wallet is extremely difficult and you will need a police warrant to get any information from the Bitcoin companies hosting the wallet,” says Vermaak.

According to Vermaak, the virus had gone undetected by all available virus packages. “We submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.”

Founded in 1992, ESET is a Slovakia-based IT security company that offers anti-virus and firewall products such as ESET NOD32. The security company named the virus winlog.VBS – VBS/TrojanDownloader.Agent.QE trojan winlog.bat – BAT/CoinMiner.UG Trojan.

By the time of detection, the virus had infected 0.04% of Windows computers in SA, while Russia was hardest hit, with 0.5% of all Windows computers infected. Windows is currently the most popular end-user operating system in the world.

Essentially, a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim’s computer, and then mines Bitcoins for the virus originator. Vermaak says this type of virus is particularly evasive.

“It tries to make itself resilient and configures various system schedules to start it again if it’s stopped. The virus will also install itself on the system as a system service. It infiltrates the System Registry and changes some keys to make itself run again if it’s shut down,” Vermaak explains.

“Shortcuts on the victim’s desktop are modified to run the virus and these then run the original program, in an attempt to mask its presence. The virus also copies itself into various other files on the system – including Microsoft.exe – to ensure resilience.”

Bitcoin-mining machines

Almost three months ago, Russian president Vladimir Putin’s Internet advisor, Herman Klimenko, issued a dire public warning that 20% to 30% of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.

At the time Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the “most common and most dangerous” type of computer malware in existence.

With the surge in Bitcoin-mining viruses, Vermaak says: “You need to keep your anti-virus software updated, and your operating system on the latest updates.

“With the growing demand for Bitcoin, this is sure to escalate in the near future, but it is still very new so hopefully we’ve stopped this method of infection for now.

“These days there is no such thing as a bulletproof system. Everything has got some weakness whether it’s a known or unknown vulnerability. Someone will find a vector that no one will think of to gain access to a system and use it to their advantage. The only thing you can do is to minimise the risk by using a good anti-virus package and to do backups regularly,” Vermaak concludes.

Tackling security in an IoT world

Featured

eepublishersPublished by EE Publishers on 20 September 2016

The internet of things is here – and it is bigger than we could have imagined – is your business ready?

The internet of things (IoT) is undeniably one of this century’s biggest phenomena in terms of ubiquitous impact and, while the implications associated with this technological wave are varied, one of the most crucial – if not the most crucial of these – centres around security.

Type the words “IoT and…” into your Google search engine bar, and one of the first phrases that comes up in the dropdown menu is “IoT and security”, says Leon van der Merwe, head of digital at customer communications firm PBSA. Security is a huge concern for businesses when it comes to this emerging network of connected things. Even with the strides made in cultivating a secure internet, this vast entity is just not 100% secure.

By nature, he says, the internet is arguably impossible to fully secure – and is becoming considerably more complex as the human race starts connecting everyday hardware devices. “We are basically building an internet of any and everything.”

And, contrary to common belief, South Africa is not playing catch-up to such an extent that local businesses need not be concerned. The IoT may not be as mainstream in South Africa as it is in other, developed countries, but it is fast heading that way. Any business that even remotely values its security would be making a grave mistake by not heeding the red flags inherent in the IoT.

In fact, according to a recent International Data Corporation (IDC) report – The Internet of Things in Africa – the market for connected devices in the country will account for $2-billion of the global total value ($1,7-trillion) by 2020. As for the continent as a whole, the research firm says Africa is likely to house around one billion connected devices by the turn of the decade.

A 2015 survey revealed that 33% of South African enterprises are planning major and/or significant investment in IoT over the next three years.

Unprecedented power

We know the IoT is set to explode – globally and on our own doorstep – but we must also consider, when taking security measures, the immense power this thing denoting a connected future holds.

The World Economic Forum (WEF) designates the IoT part of the “Fourth Industrial Revolution” – an era of technological advancement characterised by ubiquitous, mobile supercomputing. Klaus Schwab, founder and executive chairman of the WEF, says the possibilities of billions of people connected by mobile devices, with unprecedented processing power, storage capacity, and access to knowledge, are unlimited.

These possibilities will be multiplied by emerging technology breakthroughs in fields such as artificial intelligence, robotics, the IoT, autonomous vehicles, 3D printing, nanotechnology, biotechnology, materials science, energy storage, and quantum computing.

Given the enormous impact the IoT will have on businesses’ security, Van der Merwe believes local companies need to take security far more seriously. Many of the larger, security-conscious organisations take their security very seriously, but they don’t necessarily have the right strategies in place. When it comes to the so-called midstream businesses in South Africa, these generally have very poorly managed security policies, if any.

Access management

But where does one start when it comes to tackling this giant, looming phenomenon? At ground level, at one of the very core aspects of your connected devices – accessibility.

One of the products PBSA’s software arm, pbDigital, advocates is identity and access management (IAM). IAM outsources all require security requirements to run on the latest international identity and access management on one centralised solution.

Contact Leon van der Merwe, PBSA, Tel 011 516-9459, leon@pbsa.co.za

Delta State tackles land ownership with SA tech

Featured

itologo

Published by IT-Online on 29 June 2016

 

Nigeria’s oil and agricultural producing state Delta State makes a major breakthrough in land title acquisition using new digital signature technology.

New, locally-developed, digital signature technology sits behind a major breakthrough for Nigeria’s Delta State government, which kicks off its “Fast Track 90” scheme – a new digital system for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed – thanks to a system written by pbDigital, a division of South African customer communications firm PBSA.

Delta State governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property in Delta State, Nigeria’s oil and agricultural producing state.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” says Okowa.

The solution was positioned as having significant benefits for Delta State, including much faster turnaround times, considerably reduced C-of-O fees, security surety and, ultimately, increased investment in the state

Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents.  The system is an end-to-end solution for issuing these documents.”

The software system features four main fully integrated platforms:

* Certificate Creator – a platform to import the variable data of the citizen that appears on the certificate.

* PDF and QR Code Creator – a platform that produces the digital certificates, each with its own unique QR code for printing.

* Digital Signature Workflow – a platform that allows the certificates to go through a digital approval and sign-off process.

* Certificate Manager – a platform that gives management full visibility throughout the certificate creation, sign-off and post certificate management processes.

Certificate verification

The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Although developed for Delta State’s new C-of-O scheme, pbDigital’s digital certificate software can be used in any process involving the issuance of printed documents in need of future verification. “The software speeds up business processes, digitises workflow – creating a full audit trail – and completely eradicates fraud,” Van der Merwe adds.

SA tech underpins Delta State’s ‘Fast Track 90’ system

Featured

itweb africa logo

Published by ITWeb Africa on 29 June 2016

 

Nigeria’s Delta State has launched the ‘Fast Track 90’ digital system designed for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed, claims pbDigital, a division of South African customer communications firm PBSA, and the company that developed the technology behind the digital system.

Delta State Governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” said Okowa.

Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents. The system is an end-to-end solution for issuing these documents.”

Certificate verification

The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Nigeria: Delta State tackles land ownership bane with SA tech

Featured

ITNewsAfrica_logo

Published by IT News Africa on 28 June 2016

 

New, South African developed digital signature technology sits behind a major breakthrough for Nigeria’s Delta State government, which kicks off its “Fast Track 90” scheme – a new digital system for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed – thanks to a system written by pbDigital, a division of South African customer communications firm PBSA.

Delta State Governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property in Delta State, Nigeria’s oil and agricultural producing state.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” said Okowa.

The solution was positioned as having significant benefits for Delta State, including much faster turnaround times, considerably reduced C-of-O fees, security surety and, ultimately, increased investment in the state.

The tech behind Fast Track 90
Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents.  The system is an end-to-end solution for issuing these documents.”

The software system features four main fully integrated platforms:

  1. Certificate Creator – a platform to import the variable data of the citizen that appears on the certificate.
  2. PDF and QR Code Creator – a platform that produces the digital certificates, each with its own unique QR code for printing.
  3. Digital Signature Workflow – a platform that allows the certificates to go through a digital approval and sign-off process.
  4. Certificate Manager – a platform that gives management full visibility throughout the certificate creation, sign-off and post certificate management processes.

Certificate verification
The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Although developed for Delta State’s new C-of-O scheme, pbDigital’s digital certificate software can be used in any process involving the issuance of printed documents in need of future verification. “The software speeds up business processes, digitises workflow – creating a full audit trail – and completely eradicates fraud,” concludes Van der Merwe.