The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published a security alert warning of cyber criminals using phishing emails to deploy KONNI malware on target machines.
KONNI is a remote administration tool (RAT) cyber attackers use to steal files, captures keystrokes, take screenshots and execute malicious code on infected machines.
While KONNI uses social engineering techniques to trick the user into running the malware, its intelligence gathering features are running in the background to gather information about the computer while logging and saving your data along the way. The malicious code gathers screenshots of what the user is doing and logs their keystrokes – potentially capturing usernames and passwords or any other vital information that can be used. This can possibly lead to a total account take over and can be devastating for companies.
The CISA has provided a few recommended best practices for organizations to help avoid this kind of attack including:
- Maintain up-to-date antivirus signatures and engines.
- Keep operating system patches up to date.
- Disable file and printer sharing services. If these services are required, use a strong password or Active Directory authentication.
- Restrict users’ ability to install and run unwanted software applications. Do not add users to the local administrator’s group unless required.
- Enforce a strong password policy
Read the full article to learn more by clicking here.
Make Sure Your Financial Institution Clients Have the Right Coverage!
Contact any one of the FI insurance experts below for help in making sure your FI customers have the right coverage from a strong, stable company!