Emotet Computer Worm

 

 

Security researchers have detected a new form of the famous malware loading program Emotet. This modified version of the worm spreads through Wi-Fi networks that are protected only by weak passwords. What makes this malware a worm as apposed to a virus is that while viruses must be triggered into activation by their host, worms can self-replicate and propagate independently as soon as they have breached a system.

According to Binary Defense, the main executable used for this process is called worm.exe.

“Upon startup of Worm.exe, the first action it takes is to copy the service.exe string to a variable that will be used during file spreading. Next, it steps into the main loop and immediately begins profiling the wireless network using wlanAPI.dll calls in order to spread to any networks it can access,” the firm explained.

Before it can infect a system, the malware must first defeat the password through a brute-force attack. By profiling the networks in this way beforehand, the worm maximizes its efficiency and can compromise more systems. If your password is not sufficiently robust, it is certainly possible that a simple brute force or dictionary attack against your network could succeed.

Once inside the network, Emotet begins searching for all non-hidden shares – either brute forcing these as well or doing the same for the administrator account within the network resource.

When individual user accounts have been accessed, it then modifies its binary which installs Windows Defender System Service to gain persistence.

Researchers noted that a worm.exe timestamped for 4-16-2018 indicates that the module may have been running without being detected for a considerable amount of time. It is possible that this is due to its infrequent use by attackers or because for it to show up researchers would have to have a Wi-Fi card in their sandbox environment.

The main takeaway and the good news for businesses is that stronger passwords make brute forcing entry incredibly processor intensive and is the best protection against such attacks.

“Detection strategies for this threat include active monitoring of endpoints for new services being installed and investigating suspicious services or any processes running from temporary folders and user profile application data folders,” the vendor concluded.

“Network monitoring is also an effective detection method, since the communications are unencrypted and there are recognizable patterns that identify the malware message content.”

In the increasingly network connected world, having your IoT devices infected can take your business totally offline depending on what you do. That is why is it critical to use passwords that take into consideration best practices for information security. Most all attacks against our systems rely on some element of user error or negligence, so consider making information security a part of your organization’s culture.

 

Automatic Systems Turnstiles

 

The events of the last year have created a demand for products that function not only as physical security measures, but also create an environment that is conducive to COVID rule adherence. While mask detection and temperature readings are being done in the video surveillance market, the access control industry has moved to “contactless” interfaces and designs that put distance between people. Here we will take a look at a world class manufacturer of such technology; Automatic Systems.

Automatic Systems flagship Slimlane turnstiles features bi-directional glass panels with stainless steel, giving them a sleek but discreet look that fits in to just about any environment aesthetically. The Slimlane comes in different configurations and heights from 600mm to 1700mm, single or twin lanes. These contactless glass turnstiles eliminate the physical manipulation of classic “Tripod” turnstiles that require a person to push through each time and can be configured for several access control protocols, including facial recognition and RFID cards. This appeals to those businesses that have a high rate of pedestrian traffic and want to minimize physical interaction.

Given that the Slimlane is a glass barrier, it is not meant as your only line of defense with respect to access control, but rather as a traffic control measure and people counter, allowing you to create a database of who went in and out and at what times.  The turnstiles would likely be paired with overview cameras to tie a visual record to the foot traffic.

At STST Inc., we are one of few dealers in the area certified by Automatic Systems to install their products and were trained in person by their technical staff. We have successfully completed projects at major corporations involving their turnstiles and the result is efficient and aesthetically satisfying. In the post-COVID world, businesses all want to at least appear as though they are doing something and are moving quickly to adopt contactless infrastructure. While they are a significant investment, organizations recognize the paradigm social shifts we are undergoing and are looking to add products like this to their facilities.

Security Technology of South Texas Inc. is a South Texas commercial video surveillance and access control integrator. We use high-end, quality products like the bigger corporations but have the responsive service of a small business. We have completed projects of all sizes and types. Call us today to get started on securing your facility.

 

210-446-4863

admin@gostst.com

https://securitytechnologyofsouthtexas.com/contact-us/

Access Control Systems Based on Physical Attributes

The ultimate access control system would uniquely identify a person and admit that person and only that person independent of whether the person possessed a particular coded card or token and/or knew a particular code. This ultimate identification system would be based on one or more physical characteristics.

Nonautomated physical attribute identification systems have long been the primary method of verifying the identity of a person: the signature (as used on personal checks and credit card slips); the fingerprint (as used by the FBI); pictures (as used on ID badges, passports, driver’s licenses, which have become the preferred form of identification for banking and credit transactions);and, to a limited extent in some criminal proceedings, the voiceprint. Digital Network Architecture may be next.

 

Types of Systems

The equipment that is now available for access control in some cases measures the physical attributes that are well-known and of accepted legitimacy, and in others relies on attributes that the manufacturers themselves have represented as being unique. A discussion of the current offerings follows; other techniques will doubtless come and go.

 

Facial Recognition.

There has never been a fully automated system using the face as a physical attribute, although for twenty years semi-automated systems have been available that store a person’s picture on microfilm, videotape, videodisk, or digital memory. Such systems are a sort of nonportable picture badge, with the image retrieved by an automated identification means such as a card or a PIN. Another simple and economic form of face-based non-automated access control that has become popular is the video intercom, which was originally developed for entry lobbies in apartment buildings. This device allows the occupant to both speak with and see the face of a visitor before opening the door (usually electronically).

 

Signature Comparison

The signature is the basis for personal identification in hundreds of millions of financial transactions every day. There are machine-assisted methods for presentation of a stored signature image to the bank teller, but these are not used for access control. There has never been a fully automated system for signature comparison, although for twenty years there have been fully automated systems that are based on the manner in which the person writes the signature (e.g., pressure, acceleration, speed), rather than on the appearance of the finished signature.

 

Fingerprint Comparison

Fully automated fingerprint access control systems have been marketed for 25 years by a continually changing series of unsuccessful vendors originally driven by work for the FBI and the Air Force. The technology is similar to that used in the FBI fingerprint search operation, which makes 15,000 searches a day through a file of 25 million prints. Fingerprint-based access control can be installed for a price that is little more than that for a top-end card access or proximity system.

 

Hand Geometry

Hand geometry as a unique physical attribute stems from a 1971 study by Stanford Research Institute on the efficiency of manufacturing and inventorying gloves for Air Force pilots. An access control system based on this physical attribute was introduced in 1972. It was successfully sold and widely used under the aegis of several companies, but was abandoned by a major player in the security electronics field in 1988 as a business area not worth pursuing. New systems are on the market today, at prices that are competitive with those for card access systems.

 

Voice Recognition

Voice recognition was the subject of extensive research activities in the early 1970s, but no serious voice-based products were marketed until the late 1980s. Voice input has a natural cost advantage over other physical attribute-based access control systems in that the data-entry mechanism is an inexpensive telephone handset and the workings are all electronic. However, it has suffered from suspicions of unreliability and fear of being easily outwitted by recording and playback devices, and from government reports openly stating these concerns. There have been a number of products on the market from time to time, at prices competitive with those for card access systems. One rudimentary form of voice-access control is the telephone entry system, which is actually a machine-assisted voice-plus-keypad system. Like the video intercom, it is intended for multi-unit residences and requires that the person on the inside recognize the voice of the prospective admittee.

 

Blood Vessel Patterns

Other systems analyze the patterns of blood vessels on various portions of the human anatomy. One system that was introduced in 1983 is based on the conclusion of a 1935 medical paper that the pattern of the blood vessels on the retina of the eye is unique. Another uses the blood vessels on the wrist. A question is legitimately raised about whether any one physical attribute provides a more dependable basis for identification than the others. Fingerprints certainly have the most solid legal precedent and endorsement through long-term use, and there is only one chance in a billion that two randomly selected fingerprints will match. Signatures are also well accepted as identification for financial transactions. Voiceprints have acquired some legitimacy in the courts. Faces have never been measured in an automated identification system. The uniqueness of the other attributes is validated only by the claims of the companies that sell the equipment. In practice, however, all of the products have accuracy rates in the one-in-a-thousand category because of the problems in measuring the attribute, and no attribute has been demonstrated to be superior.

 

These methods of biometric access control can be paired with other forms of authentication such as PINs, passwords, proximity or I-class cards to add another layer of assurance. Because biometrics are still not at the point of 100% accuracy, the room for error they leave necessitates, generally, the use of another method in conjunction with them. In the near future however we can expect the accuracy of these methods to improve and eventually become primary access control measures.

 

Security Technology of South Texas is a local leader in access control, video surveillance, and community management systems in the South Texas area. Get in touch with us today to see what we can do to help secure your location.

 

STST Inc.

Please contact us through email at admin@gostst.com

Through our website form :

www.securitytechnologyofsouthtexas.com/contact-us/

Or by phone at 210-446-4863     24/7

The Five Phases of Access Control

The purpose of access control is to grant entrance to a building or office only to those who are authorized to be there. The deadbolt lock, along with its matching brass key, was the gold standard of access control for many years; however, modern businesses want more. Yes, they want to control who passes through their doors, but they also want a way to monitor and manage access. Keys have now passed the baton to computer-based electronic access control systems that provide quick, convenient access to authorized persons while denying access to unauthorized ones.

Access control systems aim to control who has access to a building, facility, or a “for authorized persons only” area. This is typically carried out by assigning employees, executives, freelancers, and vendors to different types of groups or access levels. Everyone may be able to use their access cards to enter the main door but not to areas containing secure or privileged information.

 

Beyond the obvious reason, physical security, there are several reasons a business or medical facility might need an access control system.

 

Compliance:

.Hospitals, doctors’ offices, and health insurance companies need to comply with HIPAA health data regulations.

.Banks, insurance companies, and any business that accepts and processes credit cards is subject to PCI credit card data regulations.

.SaaS providers, data centers, or any company hoping to maintain SOC2 cybersecurity standards.

 

IP Data:

Businesses that deal with privileged data and intellectual property, such as software developers, entrepreneurs, startups, and pharmaceutical companies need to not only control who comes into their facilities, but which areas they are allowed to access.

 

5 Phases

The 5 phases in an access control system allow it to both rapidly and effectively process users through a structure while documenting who was where and when.

1. Authorization is the phase that turns strangers into members. The first step is to define company policy; determine what people can and cannot do. This should include who has access to which door(s), and whether members of the organization can share access.

The next step is role-based access control (RBAC). By assigning roles to users, they get a certain set of assigned privileges. This comes in handy for administrators since they don’t have to individually update every user, should something change.

Most organizations use employee directories in tandem with RBAC, since these lists include all authorized employees as well as their access levels.

2. Authentication goes one level deeper than authorization. In this phase, members present to a door reader whatever badge, token, or credential they were given upon being authorized. The reader will check its validation to determine whether or not it should unlock the electric lock on the door in question.

3. Access: Now that the credentials have been authenticated, the access tools available at this stage make sure everyone gets in the right door, at the right time, faster and easier.

Unlock- Upon validation, the presenter can unlock whatever she wants to access. This can happen by pushing a button, presenting an access card, fob, or badge that requests access.

Trigger- Once the request to enter has been received by the access control system, the access is triggered, typically in the form of a door unlock.

Infrastructure- If the door unlocks, multiple events are tracked at once: The user was correctly authenticated, the user triggered an unlock, the door opened and the door closed.

4. Manage

This phase helps the administrator meet several challenges, including adding new access points, onboarding and offboarding users, maintaining security, and troubleshooting problems. Let’s examine some advantages.

Scale:

Cloud-based access control systems can help startups and small businesses when they expand to new offices or additional offices by providing flexible and modular extensions of the existing setup.

Monitor:

Online access control systems send real-time alerts to administrators or security should any irregularity or attempted breach take place at any access point, allowing them to investigate immediately and record the event.

Troubleshoot:

Modern access control systems allow administrators to remotely configure permissions, or seek support from the vendor, should access points or users have issues—a huge advantage over locally-hosted systems.

 

5. Audit

Auditing physical access control is useful for all types of businesses. In addition, it helps certain sectors meet special requirements.

Scale:

Businesses can perform regularly-scheduled system reviews to make sure everything on the access control system is set up properly. It can also tell them if someone no longer employed by the company has been inadvertently left in the system.

Suspicious Events:

Since many access points are routinely tracked during any access event, auditing can prove useful to security officers when investigating unusual behavior. The data can be used to flag or highlight unusual access behavior or analyze it against historical data.

Compliance Reports:

Companies that process sensitive data like patient healthcare information, banking financial reports, or credit card payments must deal with audit requirements in the access control space when filing compliance reports in accordance with HIPAA, SOC2 or PCI. Some special categories like cyber security or ISO certifications also require managed and auditable access control. The audit phase can pull up the proper data for these periodic reports.

 

Security Technology of South Texas is a local leader in access control, video surveillance, and community management systems in the South Texas area. Get in touch with us today to see what we can do to help secure your location.

STST Inc.
Please contact us through email at admin@gostst.com
Through our website form :

Or by phone at  210-446-4863   24/7