Recently, Microsoft sounded the alarm over StilachiRAT, a newly discovered remote access trojan (RAT) designed to steal sensitive data from compromised systems.

The tech giant’s incident response team first identified the malware in November 2024 and has now issued a public warning, urging businesses to take the necessary proactive security measures to protect themselves.

While StilachiRAT does not appear to be widespread at this moment, its sophisticated evasion techniques and persistence mechanisms make it a real problem, especially for companies handling sensitive financial, corporate, and personal data, and those dealing with crypto currency.

How StilachiRAT Works

StilachiRAT works as a stealthy backdoor that gives cybercriminals remote access to infected systems.

Once deployed, the malware gathers detailed system information and then carries out an extensive search for stored credentials, particularly those linked to cryptocurrency wallet extensions on Google Chrome.

To cause its chaos, these are some of the characteristics it is known to do:

• Extract usernames and passwords that are stored in Chrome.
• Continuously scan for copied credentials, including cryptocurrency keys.
• Monitor Remote Desktop Protocol (RDP) sessions, which potentially allows attackers to move from one side of a network to another.
• Execute various commands, such as rebooting the system, clearing the logs, and modifying registry entries.
• Use the Windows service control manager and watchdog threads to stop it from being removed.

Microsoft has not yet linked StilachiRAT to any known hacking groups or nations, but its complexity suggests that it is a part of a well-funded operation, one with a high level of technical expertise.

Advanced Evasion and Anti-Forensic Techniques

What makes StilachiRAT so different compared to other malware threats, and what makes it rather a scary trojan, is its uncanny ability to totally avoid detection.

Microsoft’s analysis found that the malware actively clears event logs, making it harder for security teams to trace its activity. It also continuously checks for analysis tools and sandbox environments, which has essentially stopped researchers from fully examining its behaviour.

StilachiRAT also scrambles Windows API calls and encodes many of its internal strings, which greatly complicates any attempts at manual analysis.

These measures all ensure that the malware stays hidden for as long as possible, which, as you can imagine, gives it more time to be a problem.

How StilachiRAT Spreads

Microsoft has not spoken about the exact way the trojan spreads, but if we look at similar threats, we can surmise that it is delivered through trojanised software, phishing emails and compromised websites, all of which can be avoided if your staff are well-trained in online security protocols.

*

Online threats are growing, but your business doesn’t have to be vulnerable. When you work with an expert IT company, like 24/7 IT Services, you can rest easy knowing that you and your company data are well protected. For advanced IT Security Solutions, Managed IT Support and more, contact us today.

The post Microsoft Warns of New StilachiRAT Malware Targeting Sensitive Data appeared first on 247 IT Services.

According to Fortinet, a leading cybersecurity in the United States, the latest version of the Snake keylogger (also known as 404 Keylogger) has been responsible for over 280 million attack attempts since the beginning of 2025!

This malware has been detected executing up to 14 million infection attempts per day, making it one of the worst cyber threats of the year, so far.

How the Snake Keylogger Works

The Snake keylogger is designed to quietly monitor and record keystrokes made by users on infected devices, allowing the cybercriminals to easily gather sensitive information such as passwords, financial details, and personal data.

Once they have their hands on this data, the stolen information is then sent back to the attackers using various channels, such as SMTP email servers, Telegram bots, and HTTP post requests.

This malware is particularly dangerous because it goes well beyond simple keystroke logging.

It can access browser autofill data and then steal personally identifiable information, and even geolocation details.

Cybersecurity experts have warned that both individuals and businesses are at high risk of being exploited, with the potential consequences ranging from unauthorised financial transactions to identity theft and corporate data breaches.

Designed to Evade Detection

The Snake keylogger is built using AutoIT, a Windows-based automation scripting language, which is especially effective when used to infect Windows.  

Once installed, it neatly embeds itself into the system’s Startup folder, allowing it to begin its data theft every time the device is started. Unlike many other malware strains, it does not require administrative privileges to run, making it even more insidious and effective for the attacker.

Security experts have specifically highlighted that the latest version of the Snake keylogger makes use of advanced obfuscation techniques (which are techniques made to hide their attacks) which is disguising its malicious code within legitimate system processes.

This makes it that much harder for antivirus software to detect and remove the malware before it causes damage.

The Growing Threat of Phishing Attacks

Like many other forms of malware, the Snake keylogger primarily spreads through phishing attacks.

Cybercriminals are basically tricking unaware users into downloading the malicious attachments or the users are being tricked into clicking on harmful links in emails that appear legitimate.

Phishing scams are becoming more and more difficult to identify, with attackers convincingly impersonating reputable organisations and using persuasive language to convince recipients to interact with their phishing messages.

How UK Businesses Can Protect Themselves

Given the scale and sophistication of this malware, UK business owners using Microsoft products should take immediate action to check and improve their cybersecurity measures. To reduce the risk of infection, experts recommend that you take the following steps:

• Educate your employees by conducting regular cybersecurity training to help staff recognise phishing attempts and to encourage staff to avoid clicking on suspicious links or attachments.
• Enhance your email security by using advanced email filtering solutions to identify and block phishing emails before they even reach inboxes.
• Keep software updated to ensure that all operating systems, software, and antivirus applications are regularly updated to patch vulnerabilities that malware could exploit.
• Use strong authentication and use multi-factor authentication (MFA) to add an extra layer of security to accounts and sensitive systems.
• Monitor all of your network activity by using detection systems to identify and respond to suspicious activity before it escalates into a security breach.

For those concerned about their cybersecurity setup, consulting with IT security professionals, like 24/7 IT Services, is the best course of action. We provide our clients with expert IT security solutions, managed IT support, and more. Contact us today to book a consultation.

The post A New High-Risk Snake Keylogger is Attacking Windows Users appeared first on 247 IT Services.

The latest CrowdStrike 2024 Global Threat Report has revealed a rather concerning trend as cybercriminals are increasingly abandoning their traditional malware-based attacks in favour of rather more nefarious identity exploitation methods.

According to the report, three out of every four cyberattacks now use stolen credentials rather than malicious software.

This change is introducing us to a troubling new reality, one where businesses with otherwise excellent defence mechanisms are now faced with an attacker who is able to gain access using legitimate credentials, giving them free rein within a company’s network.

“You may have really locked down environments for untrusted external threats, but as soon as you look like a legitimate user, you’ve got the keys to the kingdom,” said Elia Zaitsev, CTO at CrowdStrike.

With a booming underground market for stolen credentials and the rise of AI-driven phishing campaigns, identity is fast becoming the primary battlefield in cybersecurity.

This raises a pressing question for business owners: if an attacker doesn’t need malware to infiltrate a network, how can they be stopped?

Attackers Moving Faster Than Defenders

Speed is one of the most important factors in combating modern cyberattacks.

The CrowdStrike report uncovered the fastest recorded breakout time, which is the time it takes for an attacker to move across a network after gaining access.

To give you an idea of just how fast modern attackers have become, CrowdStrike reported a speed of just 2 minutes and 7 seconds. This means that by the time a business detects a breach, it may already be too late.

Unlike traditional threats, identity-based attacks do not rely on malicious payloads that can be detected by security software.

Instead, cyberattackers are using legitimate credentials to get through the network undetected, using what is known as “living-off-the-land” techniques which means they use built-in system tools to avoid raising the alarm.

Microsoft users should be particularly vigilant, as these techniques exploit widely used authentication and remote access tools. Without the right identity protection measures in place, businesses could find themselves vulnerable to silent intrusions that bypass conventional security.

DDoS Attacks Are Growing in Scale and Complexity

Aside from the worrying rise in identity-based threats, businesses also face an increasing risk from Distributed Denial of Service (DDoS) attacks.

Cloudflare recently halted the largest DDoS attack on record, an unprecedented 5.6 terabit-per-second (Tbps) attack targeting an East Asian telecoms provider. The attack, launched by a Mirai-variant botnet comprising 13 000 hijacked devices, dwarfed the previous record of 3.8 Tbps.

DDoS attacks, which flood websites and online services with overwhelming traffic, are becoming both larger and more frequent.

Microsoft itself fell victim to a major DDoS incident in July 2024, leading to nearly 10 hours of Azure cloud service downtime. Cloudflare’s data shows that the number of DDoS attacks exceeding 1 Tbps surged by 1,885% in just one quarter!

Protecting your Business From Identity-Based Cybercrimes

The days of relying solely on malware detection and perimeter defences are well and truly over.

Attackers no longer need sophisticated exploits when they can simply buy credentials online, phish employees, or manipulate AI-driven authentication systems.

For Microsoft-dependent businesses, now is the time to start adopting zero-trust security frameworks, implementing multi-factor authentication (MFA) on all accounts, and continuously monitoring user behaviour to pick up potential problems before they escalate.

The harsh reality is that failing to prioritise your identity security will leave you defenceless against modern cyber threats.

*

As cybercriminals continue to innovate, outdated security measures may no longer be enough. If you are worried that your digital defences are no longer up to the task, you need the help of an IT company, like 24/7 IT Services. We provide a wide range of IT related services including IT Security Solutions, VoIP and Managed IT Support. Contact us today for a consultation.

The post Identity-Based Cybercrime? Yes, It’s Happening appeared first on 247 IT Services.

Microsoft is quietly implementing a major change to how users sign into their accounts, and for business owners relying on Microsoft’s suite of products; this is news worth paying attention to.

Some in the tech news world were surprised that the announcement was discreetly tucked away in the Microsoft Account Help page. But while this update news has largely flown under the radar, its implications are significant.

Starting in February 2025, Microsoft accounts that are accessed via web browsers or apps will no longer log users out automatically when the browser or app is closed.

Without manually signing out, anyone using the same device afterwards could potentially access private emails, Cloud files on OneDrive, or even the browsing activity tied to the account.

A Security Shift That is Raising Serious Questions

For many users, automatic sign-outs have long been a safety net relied upon when accessing accounts on public or shared devices.

This default security feature, used by countless other platforms as well, ensures that sensitive information isn’t left exposed.

Removing this automatic logout raises an important question: why has Microsoft made this change?

One theory is convenience.

While Microsoft has dedicated apps for its services, a significant number of users still access their accounts through browsers, whether it’s Outlook for emails or OneDrive for file storage. For users accessing accounts on personal devices, removing the need to sign in repeatedly makes sense as it saves time.

However, this small convenience comes at a potentially great cost.

If users forget to manually log out or neglect to use private browsing mode (which will remain an alternative for those concerned about security), their accounts could be left vulnerable to unauthorised access.

This should be particularly concerning for businesses handling sensitive client data or financial information, where even a small lapse in security could have serious repercussions.

Microsoft’s move also mirrors the way Google accounts currently operate, where users remain signed in indefinitely unless they actively log out or enable private browsing. While this has become an accepted norm for many, it has also attracted criticism for introducing unnecessary risks, especially for users who don’t have two-factor authentication enabled.

Implications for Businesses

For businesses that depend on Microsoft’s suite of apps, this change simply highlights the importance of implementing and maintaining tough cybersecurity practices. Without the safety net of automatic sign-outs, it is more important than ever for organisations to encourage employees to adopt safer habits, such as:

• Manually logging out after using shared or public devices.
• Enabling two-factor authentication (2FA) to add an extra layer of security to their accounts.
• Using private browsing mode, particularly when accessing accounts on devices not owned by the organisation.

A Worrying Lack of Transparency

What is perhaps most concerning about this shift is Microsoft’s relatively quiet rollout of the update.

Unlike other major policy changes, which are often accompanied by prominent announcements or user notifications, this decision has been buried in the company’s support pages. For a change with such significant security implications, a clearer and more publicised communication strategy would have certainly been the better approach.

Since the update is set to take effect in February 2025, businesses have little time to prepare.

And while Microsoft could still introduce warning messages or pop-ups to remind users that they will remain logged in unless they take specific actions, it is best to be proactive to the change, and start logging out of apps accessed by browsers now.

*

Need help with your business IT Security? Or maybe you need Managed IT Support or a reliable VoIP provider? At 24/7 IT Services, we help companies like yours. Contact us today for more information.

The post Microsoft’s Quiet Login Update Could Impact Your Business Security appeared first on 247 IT Services.

However, this shift in the way of doing business and storing data comes with a whole new set of considerations, particularly regarding data compliance, something that needs to be seriously managed to ensure that both business and customer data is kept safe.

Basic UK Regulations

UK data compliance is intricate. It is made up of various regulations that are used to govern how businesses handle data.

The General Data Protection Regulation (GDPR) remains the cornerstone of compliance, emphasising principles like data minimisation, transparency, and subject access requests.

Companies that handle and store personal data on Cloud-based servers are responsible for ensuring compliance with the GDPR. Generally, the company will be seen as the “Cloud customer” and as such will take on the role of the data controller. And even if the company isn’t in complete control over the Cloud (which can happen if the company is using a 3rd party provider), the company will still take on the responsibility around the handling of the data.

Aside from the GDPR, businesses need to also consider industry-specific regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) for financial services or the National Health Service (NHS) data protection standards for healthcare.

The Challenges around Cloud Data Compliance

While the Cloud has numerous benefits, several factors can complicate compliance for UK businesses. If you are one of those businesses that rely heavily on Cloud storage, you must understand the difficulties around compliance, to ensure that you don’t fall on the wrong side of regulations. These are just a few of the data compliance challenges that you might encounter:

• Data Location and Residency Issues

One of the biggest concerns is data location and understanding where your Cloud provider stores data and having clear contractual clauses is a must.

The GDPR states that the personal data of EU citizens must be processed within the EEA (European Economic Area), unless stated otherwise. Businesses using Cloud services with servers outside the EEA need reliable and secure data transfer agreements (DTA) to ensure adequate data protection.

• Data Breaches

This is another of the biggest concerns around storing or handling data on the Cloud. Data breaches and the resulting data theft are always something that companies should not only keep in mind but be fully prepared for. It is important that businesses only choose Cloud services that are renowned for their security features. Such services should have particular control over the prevention of unauthorised access.

• Working with a Shared Responsibility Model

Cloud providers often have a “shared responsibility model” for data security. This means the provider secures the underlying infrastructure, while the businesses using the services remain responsible for the data itself and how it’s accessed and managed.

Businesses should be proactive when using this model and they can do this by implementing strong access controls, encryption, and data loss prevention (DLP) measures within their side of the Cloud environment.

• Responsible Vendor Management

Selecting a reputable Cloud provider is naturally a must.

Businesses should always conduct thorough due diligence on a vendor’s security practices, compliance certifications, and incident response protocols. They should also commit to regularly reviewing these aspects to maintain proper oversight.

Easy Strategies for Effective Cloud Compliance

UK businesses like yours can take certain, hands-on steps to address these challenges and ensure that the approach to the Cloud is fully data-compliant. You can take these steps by either hiring the services of an IT company or by appointing someone in your business to be the data compliance officer. If you opt for the latter, then these are some strategies to try out:

• Comprehensive Data Mapping – You should start by conducting a thorough data mapping exercise to identify all of the personal data stored and processed in your Cloud. This understanding helps to determine which regulations will apply to your company, as well as risk areas.
• Cloud Provider Selection – Choose a Cloud provider with a strong track record of compliance and which has tough security measures. You should also look for companies with certifications like ISO 27001 and SOC 2, which demonstrate a commitment to data security.
• Contractual Safeguards – Make sure that your contract with your Cloud provider clearly defines their responsibilities for data security and privacy.
• Internal Controls and Training – Implement internal controls for data access, encryption, and incident response within the Cloud environment. Regular employee training on data privacy best practices should also be something that you do on an on-going basis.
• Compliance Management Framework – Finally you shoulddevelop a comprehensive compliance management framework for the Cloud. This framework should map data flows, identify risks, and outline procedures for on-going monitoring and compliance audits, specifically for your business.

*

If you need assistance with Cloud data compliance for your company, contact 24/7 IT Services today. Our helpful IT consultants can assist with Cloud Services, IT Security Solutions and more.

The post Cloud Compliance Challenges and Solutions for UK Businesses appeared first on 247 IT Services.