We present new cybersecurity training programme provided on the KnowBe4 platformhttps://www.aec.cz/en/news/Pages/we-present-new-cybersecurity-training-programme-provided-on-the-knowbe4-platform.aspxWe present new cybersecurity training programme provided on the KnowBe4 platform<p> <strong>AEC, a leading cybersecurity provider, is offering an effective training programme for employees of enterprises and institutions. Recently, the company started to utilize tools featured by the U.S.-made KnowBe4 platform for the provision of its security awareness services. When using these new tools, AEC’s customers will be now ready to face cyberattacks with greater success, including scam e-mails or fraudulent phone calls.</strong></p><p>Now, AEC’s customers can choose between two learning modes. The first one enables them to purchase the product in the form of providing a unique access to the tools on the U.S.-made KnowBe4 platform. Here, they may simulate hacker attacks themselves and subsequently, use the follow-up e-learning training as needed.</p><p>However, the majority of Czech companies do not possess the know-how required for such activities. A proper processing, targeting and evaluation of all steps requires lot of effort. For this reason, AEC offers also a second option, namely the opportunity to order security awareness as an all-embracing service with all procedures, including the utilization of unique tools, executed by AEC experts.</p><p style="text-align:center;"> <img class="maxWidthImage" alt="AEC Security Awareness" src="/cz/PublishingImages/news/2021/aec-security-awareness-graphics-1-eng.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p><p>Maroš Barabas, Head of Product Management in AEC pointed out: “For AEC, the partnership with KnowBe4, a company that is indisputably one of the top leaders in the field of security awareness worldwide, means a significant evolution of its services portfolio,” and he added: “Now, we can interconnect and automate the individual partial steps in all our tutorials and steer their strength in the right direction.”</p><p>KnowBe4 has one main advantage. And that is its ability to combine testing with learning in an interesting way. The environment where it functions allows to carry out examinations before and after the training. This way, it is clearly visible which users are improving over time and which still need some help, and specifically with what. The results are helping to modify the trainings better, both to accommodate the individual participants, as well as the specific needs of the given organization.</p><p>A training programme assembled in the form of a series of attractive steps is now available to AEC’s customers: incident analysis, trainings, clear infographics, instructive e-mails, as well as examinations and specific testing of the knowledge acquired focusing on the physical, e-mail and phone call attack methods. The goal is to change the habits of the users and to reinforce new patterns in their behaviour until the topic of cybersecurity becomes a natural part of the corporate culture.</p><p>“We do not impersonate an attacker who would misuse the attack; in fact, exactly the opposite. Even though this is a training for educational purposes, our progress would be as insidious and as merciless as the actions taken by any of the experienced hackers,” observed Maroš Barabas, adding: “Our previous experience shows that personal confrontation with an attack, albeit simulated, together with an intense personal encounter with the situation provide a long-term experience for the employees."</p><p style="text-align:center;"> <img class="maxWidthImage" alt="AEC Security Awareness" src="/cz/PublishingImages/news/2021/aec-security-awareness-graphics-2-eng.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p><p>Today, the overwhelming majority of all cyberattacks focus on the weakest link in corporate data protection, i.e. the human factor. Attackers use a variety of fraudulent methods, including the gathering of publicly available data and they do not hesitate to use it in order to pressure the user, confuse, and deceive him.</p><p>“A rising number of enterprises are becoming aware that the best way to secure their data from social engineering attacks does not mean building an expensive technological wall around it, but to educate their staff as well as they can. Our offer is an answer to the fact that education of employees in the form of a standard one-off training has proven to be ineffective,” concludes Maroš Barabas.</p><p>For more information please see <a href="https://socialing.cz/cs">https://socialing.cz/cs</a>.</p><p>AEC organizes short free webinars on the issue of cyber attacks. The next one will take place on Tuesday February 16 from 10 am CET. Maroš Barabas and ethical hacker Martin Fojtík will introduce the most common attacks and their form to those interested within forty-five minutes and outline what a security awareness program focused on the risks of social engineering should look like. The next time will be put in Q&A. More information at: <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=c2e66a69-98ba-44b2-9c45-29be530f4c7c&TermSetId=f883c0d5-da01-4517-a46d-bb0f2322ac82&TermId=53fb62fc-50ff-4fc4-b58b-9b3ccbb838b0">https://aec.cz/cz/security-awareness-webinar</a>.</p><p style="text-align:center;"> <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=b9ce95c9-07dc-4bea-b380-1061fe4d85cd&TermSetId=884ec23f-e893-4c04-bd81-6d70c3c2a36c&TermId=53fb62fc-50ff-4fc4-b58b-9b3ccbb838b0"> <img class="maxWidthImage" src="/cz/PublishingImages/webinar/security-awareness-cz-2021.jpg" data-themekey="#" alt="" style="margin:5px;width:650px;" /></a> </p>
ARICOMA Group acquires the tech company Seavushttps://www.aec.cz/en/news/Pages/aricoma-group-acquires-the-tech-company-seavus.aspxARICOMA Group acquires the tech company Seavus<p> <strong>ARICOMA Group representatives have announced a major step in the international expansion of the company, which is part of Karel Komárek’s KKCG Group. According to the purchase agreement, ARICOMA Group has acquired the technology company Seavus. With this acquisition, ARICOMA Group penetrates further markets in Europe and strengthens its position in the USA. At the same time, it becomes an international player in the IT industry, with consolidated revenues of EUR 300 million, earnings of over EUR 23 million before interest, taxes, depreciation, and amortization (EBITDA), and more than 2,800 employees.</strong></p><p> <em>“This acquisition fulfils the long-term strategy of the KKCG Group in the field of information technology. Ever since ARICOMA Group was founded, when we consolidated the big players on the Czech IT market, we always envisaged that the next step would be international expansion. Personally, I am delighted that we have been able to complete the transaction in these challenging times,”</em> says <strong>Michal Tománek, Technology Investment Director of KKCG</strong>. </p><p>ARICOMA Group (the IT services consolidation platform of the KKCG Group), continues to deliver on its ambition to become a major European IT services provider. According to Tománek, it will encompass a group of specialized companies, which together will offer customers an integrated range of digital transformation services.</p><p> <em>“With its range of services focused on IT consulting, software development, implementation of software solutions and products for maintenance and support, infrastructure management, cybersecurity and compliance, Seavus fits perfectly into the ARICOMA Group portfolio,”</em> says <strong>ARICOMA Group CEO, Milan Sameš</strong>. Sameš is also positive about the history of Seavus, which was founded in Malmö and Skopje in 1999 and has continued to develop ever since. Probably the best testament to the quality of its 800 employees is the fact that the company provides services in many countries in Europe including, its core Scandinavian region, the Benelux countries, Switzerland, and the USA. Its main clients include companies in the telecommunications sector (e.g. Sunrise, Tele2, A1, Globalstar), banking industry (Erste Bank, Banca Intesa, Marginalen Bank), and tech companies, such as Bosch. <em>“The experience we have gained this year, which has been so fundamentally marked by the coronavirus pandemic, tells us that the digital transformation of companies is proceeding faster than we had expected. We see in this a massive opportunity for further growth. The acquisition of Seavus fits into this plan perfectly,”</em> says <strong>Sameš</strong>. </p><p>One of the main objectives of ARICOMA Group is to establish itself more strongly in foreign markets while supporting the more dynamic development of its own SW solutions and services.</p><p> <em>“We strongly believe that the involvement of a strong strategic partner, such as ARICOMA Group of companies, will accelerate innovation and further strengthen our capabilities to offer high quality software development services and next generation solutions, to our customers worldwide. Now, we will remain not only dedicated to success, but even more motivated to accomplish our goals: expand our portfolio of customers, become a trustworthy partner in their process of digitalization, and to lead the way as one of Europe’s best IT providers. Seavus is going to be an immense part of the KKCG success story,” </em>says <strong>Igor Lestar, Chairman of the Board, Seavus Group</strong>. With this acquisition, all operations and lines of business will continue unchanged in the near future. ARICOMA Group is committed to maintaining the leadership and the core values that have made Seavus a trusted partner, service provider, and a reliable employer. </p><p>  </p><h2>Seavus</h2><p>Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions. The company has over 800 IT experts worldwide and offers a variety of products and service options, successfully covering the European and US market from several offices in the world. Their expanding portfolio covers: BSS/OSS, CRM, CEM, Business Intelligence solutions, ALM, embedded programming, business and consumer products, mobile and gaming solutions, managed services, as well as custom development, consultancy and resourcing. Seavus’ portfolio includes over 4000 customers, among which are leading worldwide telecom and handset manufacturers, organizations from the banking and finance industry, consumer electronics, technology, education, government, health, etc.<br>As of today, Seavus has fifteen operating offices located in several countries, including Sweden, the United States of America, North Macedonia, Belarus, Moldova, Switzerland, Serbia, Bosnia and Herzegovina, with a continuous growth strategy.</p><h2>ARICOMA Group</h2><p>The largest ICT holding in the Czech Republic. The group includes the companies AUTOCONT, Cleverlance, DataSpring, AEC, Cloud4com and Internet Projekt. The companies in the ARICOMA group provide a wide range of services, starting with the design of ICT architecture, through infrastructure and Cloud services and the implementation of corporate applications, up to the development of its own comprehensive software solutions and outsourcing.  Last year, the group’s overall revenue exceeded 7 billion crowns.</p><h2>About KKCG</h2><p>KKCG Group, founded and led by successful Czech entrepreneur, Karel Komárek, is an in-ternational investment company which manages more than EUR 6 billion (book value) of assets. KKCG operates in 19 countries and its key strategic sectors include gaming, oil and gas, technology and real estate. KKCG Group includes SAZKA Group, ARICOMA Group, MND Group, US Methanol, the Springtide Ventures capital fund, and others. <br></p>
IMPORTANT WARNING: TrickBot-Ryuk Activity Increasedhttps://www.aec.cz/en/news/Pages/important-warning-trickbot-ryuk-activity-increased.aspxIMPORTANT WARNING: TrickBot-Ryuk Activity Increased<p> <strong>TrickBot malware and Ryuk ransomware activity has grown significantly over the past 48 hours. This activity has been noticed by our technology team in the AEC customer base, across several different segments. Therefore, we recommend taking this warning with the utmost seriousness.<br><br></strong></p><hr /><h2>Update 02/11/2020:</h2><p>Further indicators of compromise were added, connected with, among others, the Emotet botnet. When investigating incidents at our customers’, we identified additional IOCs, which have been newly added in the table below.</p><hr /><p> </p><p>You may be aware of this malicious software due to the attacks successfully executed both this and last year; TrickBot malware and Ryuk ransomware were also taking part in the attack on the Benešov Hospital last December. We have already written several times about the abovementioned attack as well as about other activities by attackers using the Emotet botnet or the malware in question [1, 2].</p><p style="text-align:center;"> <img class="maxWidthImage" alt="TrickBot Ryuk" src="/cz/PublishingImages/news/2020/aec-TrickBot-Ryuk.jpg" data-themekey="#" style="margin:5px;width:650px;" /> </p><p>On Wednesday October 25, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) reported on the increased activity of this malware and the likeness of attacks on hospitals and other healthcare facilities [3]. The Czech National Cyber and Information Security Agency (NÚKIB) also warned about the increased activity of the botnet Emotet in early October [4].</p><p>The current version of the TrickBot malware is no longer just your regular banking trojan. Now, after your computer has been attacked, the attackers have the ability to steal credentials and e-mail messages, to extract cryptocurrencies, steal data from payment systems, or to download additional malware or ransomware to the infected system.</p><p>We recommend all our customers to check how up-to-date is their endpoint protection solution and to scan for vulnerabilities, since the exploitation of vulnerabilities is the way this malware spreads across the network the most often. Companies with an IOC search tool can search the managed devices for IOCs listed in the table below. <br><br></p><table width="100%" class="ms-rteTable-default" cellspacing="0" style="height:33px;"><tbody><tr><td class="ms-rteTableEvenCol-default" bgcolor="#6773b6" style="text-align:center;"><h3> <span style="color:#ffffff;">IOC type</span></h3></td><td class="ms-rteTableEvenCol-default" bgcolor="#6773b6" style="text-align:center;"><h3> <span style="color:#ffffff;">IOC</span></h3></td><td class="ms-rteTableEvenCol-default" bgcolor="#6773b6" style="text-align:center;"><h3> <span style="color:#ffffff;">Note</span></h3></td></tr><tr><td class="ms-rteTable-default" rowspan="2"> <strong>File name</strong></td><td class="ms-rteTable-default">12 characters (including ".exe")</td><td class="ms-rteTable-default" rowspan="2">F.e. mfjdieks.exe</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">anchorDiag.txt</td></tr><tr><td class="ms-rteTable-default" rowspan="3"> <strong>Location of the suspicious file in the directory</strong></td><td class="ms-rteTable-default">C:\Windows\</td><td class="ms-rteTable-default" rowspan="3"></td></tr><tr><td class="ms-rteTable-default">C:\Windows\SysWOW64\</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">C:\Users\\AppData\Roaming\</td></tr><tr><td class="ms-rteTable-default" rowspan="2"> <strong>String</strong></td><td class="ms-rteTable-default">Global\fde345tyhoVGYHUJKIOuy</td><td class="ms-rteTable-default">Typically present in running memory</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">/anchor_dns/[COMPUTERNAME]_<br>[WindowsVersionBuildNo].[32CharacterString]/</td><td class="ms-rteTable-default">Typically present in the communication to the C&C server</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default"> <strong>Planned tasks</strong></td><td class="ms-rteTable-default">[random_folder_name_in_%APPDATA%_excluding_Microsoft]<br>autoupdate#[5_random_numbers]</td><td class="ms-rteTable-default"></td></tr><tr><td class="ms-rteTable-default" rowspan="2"> <strong>CMD command</strong></td><td class="ms-rteTable-default">cmd.exe /c timeout 3 && del C:\Users\[username]\[malware_sample]</td><td class="ms-rteTable-default"></td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">cmd.exe /C PowerShell \"Start-Sleep 3; Remove-Item C:\Users\[username]\[malware_sample_location]\"</td><td class="ms-rteTable-default"></td></tr><tr><td class="ms-rteTable-default" rowspan="6"> <strong>DNS</strong></td><td class="ms-rteTable-default">kostunivo[.]com</td><td class="ms-rteTable-default" rowspan="6">DNS names connected with Anchor_DNS (included in the TrickBot malware)</td></tr><tr><td class="ms-rteTable-default">chishir[.]com</td></tr><tr><td class="ms-rteTable-default">mangoclone[.]com</td></tr><tr><td class="ms-rteTable-default">onixcellent[.]com</td></tr><tr><td class="ms-rteTable-default">innhanmacquanaogiare[.]com<span style="color:#6773b6;"> - update 2020-11-02</span></td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">edgeclothingmcr[.]com <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default" rowspan="8"> <strong>DNS</strong></td><td class="ms-rteTable-default">ipecho[.]net</td><td class="ms-rteTable-default" rowspan="8">DNS names used for connectivity checks</td></tr><tr><td class="ms-rteTable-default">api[.]ipify[.]org</td></tr><tr><td class="ms-rteTable-default">checkip[.]amazonaws[.]com</td></tr><tr><td class="ms-rteTable-default">ip[.]anysrc[.]net</td></tr><tr><td class="ms-rteTable-default">wtfismyip[.]com</td></tr><tr><td class="ms-rteTable-default">ipinfo[.]io</td></tr><tr><td class="ms-rteTable-default">icanhazip[.]com</td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">myexternalip[.]com</td></tr><tr><td class="ms-rteTable-default" rowspan="11"> <strong>IP address</strong></td><td class="ms-rteTable-default">23[.]95[.]97[.]59</td><td class="ms-rteTable-default" rowspan="11">C&C servers IP addresses</td></tr><tr><td class="ms-rteTable-default">51[.]254[.]25[.]115</td></tr><tr><td class="ms-rteTable-default">193[.]183[.]98[.]66</td></tr><tr><td class="ms-rteTable-default">91[.]217[.]137[.]37</td></tr><tr><td class="ms-rteTable-default">87[.]98[.]175[.]85</td></tr><tr><td class="ms-rteTable-default">81[.]214[.]253[.]80 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default">94[.]23[.]62[.]116 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default">104[.]28[.]27[.]212 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default">172[.]67[.]169[.]203 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr><td class="ms-rteTable-default">104[.]28[.]26[.]212 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr><tr style="border-bottom-color:#6773b6;border-bottom-width:2px;border-bottom-style:solid;"><td class="ms-rteTable-default">93[.]114[.]234[.]109 <span style="color:#6773b6;">- update 2020-11-02</span></td></tr></tbody></table><p> </p><p> <span style="color:red;"> <strong>If you register any of the IOCs listed above or any other suspicious activity in your network, please do not hesitate to <a href="mailto:matej.kacic[@]aec.cz">contact us directly</a> and ask for a consultation, incident analysis or the implementation of specific security measures. <br> <br></strong></span></p><hr /><h3>Sources:</h3><p>[1]: <a href="/cz/novinky/Stranky/zprava-o-bezpecnosti-v-prosinci-2019.aspx" target="_blank">https://aec.cz/cz/novinky/Stranky/zprava-o-bezpecnosti-v-prosinci-2019.aspx</a><br>[2]: <a href="https://www.antivirus.cz/Blog/Stranky/pozvanka-na-vanocni-vecirek-poradany-botnetem-emotet.aspx" target="_blank">https://www.antivirus.cz/Blog/Stranky/pozvanka-na-vanocni-vecirek-poradany-botnetem-emotet.aspx</a><br>[3]: <a href="https://us-cert.cisa.gov/ncas/alerts/aa20-302a" target="_blank">https://us-cert.cisa.gov/ncas/alerts/aa20-302a</a><br>[4]: <a href="https://www.nukib.cz/cs/infoservis/hrozby/1638-upozorneni-na-zvysenou-aktivitu-malwaru-emotet/" target="_blank">https://www.nukib.cz/cs/infoservis/hrozby/1638-upozorneni-na-zvysenou-aktivitu-malwaru-emotet/</a><br></p>