The Growing Problem of E-Waste

Donate, E-waste, Ophtek, PACE, recycle, refurbish, , , ,
26
Feb 2019

Most organizations are on board with reducing their carbon footprint, but when it comes to dealing with e-waste then there’s real proof this is an issue.

E-waste is, as the name suggests, any electronic product with a power lead or battery that needs disposing of. And, unfortunately, almost every example of e-waste poses a significant threat to the environment. Accordingly, e-waste should be treated and disposed of correctly, but the truth is that many business owners are failing to act responsibly in this area.

A recent report by PACE has revealed that e-waste is one of the world’s fastest growing waste streams with around 48.5 million tons of e-waste reported in 2018. IT equipment contributes significantly towards e-waste, so it’s important you understand a little more about the issue.

Why is E-Waste Such a Problem?

The age of the microchip has brought an exponential turnover in new technology. No sooner is a new electronic product released, it’s been superseded by faster and more powerful technology. Mobile devices are the perfect example of this and, when it comes to IT, these are crucial pieces of technology required to keep pace with the modern business landscape. As technology finds itself becoming redundant quicker than ever before, the amount of e-waste in the environment is building up.

The main problem with e-waste is the toxic chemicals and substances contained within electronic equipment. IT technology, for example, can easily contain a wide range of chemicals such as lead, chromium and beryllium. All three of these chemicals, which are only a handful of those found within a PC, can be dangerous to human health and equally devastating on the wider environment. Evidence of this health risk can easily be found, as PACE report, in the levels of toxic elements recorded in the blood streams of workers employed at waste disposal sites.

Combating the Problem of E-Waste

With levels of e-waste estimated to reach 120 million tons by 2050 without any affirmative action being taken, the time to act is now. And for organizations this is much simpler than you might think.

Naturally, the need to replace technology is vital to remain competitive, but this doesn’t mean you need to turn your old tech into waste. The simplest solution here is to sell the equipment as you can bet your bottom dollar that there’s someone out there who will find a use for it. And, of course, there’s also the option for donating your unwanted technology to charities or local organizations such as schools.

Faulty equipment is slightly different to redundant technology, but is also a significant contributor towards e-waste. However, rather than just leaving this equipment out with the trash and purchasing new equipment, the responsible approach is to repair the equipment. Not only does this bring a new lease of life to your equipment, but it also reduces the build-up of e-waste. Unfortunately, repairing electronic equipment isn’t always straightforward due to a reluctance on manufacturers’ parts to support repair and refurbishment, but it should always be considered.

Final Thoughts

In the fast-paced world of technology, e-waste is rapidly becoming a global problem. However, organizations can make a concerted effort to reverse this trend by facilitating the recycling and refurbishment of technology that would otherwise be disposed of. And if we make simple changes to our handling of e-waste now, the benefits in the future will be significant.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Biggest Cloud Security Mistakes You Can Make

Cloud, Cloud Backup, Ophtek, Password Security, Security, , , , ,
19
Feb 2019

Cloud storage and infrastructure is the way forwards for organizations due to the massive range of benefits it offers, but how secure is your cloud?

Security is the single most important factor when it comes to an organization’s IT operations, so it’s essential that it’s treated with the utmost attention. However, cloud networks are a relatively new platform and, as a result, the level of security knowledge behind these platforms is lacking compared to more traditional networks. Hackers, of course, are keen to this fact and invest substantial time and effort in uncovering security vulnerabilities that they can exploit. Combating this threat, therefore, is paramount to your organization’s security.

As I’ve already stated, cloud networks are a new phenomenon and the wider community generally isn’t as clued up on them as they perhaps should be. And this leads to common mistakes that can cost dearly. However, by taking a look at the biggest cloud security mistakes you can make, you can hopefully avoid them.

Multi-factor Authentication is Vital

Administrative accounts on cloud networks have significantly more privileges than your standard employee’s privileges. Mostly, this is down to the amount of IT knowledge required to carry out these system admin tasks. A non-IT employee simply doesn’t need these privileges. Accordingly, an administrative account is much more attractive to a hacker, so security needs to be tightened. Any cloud platform that understands security risks should have an option for multi-factor authentication, so make sure this is rigorously enforced for all administrative accounts.

Limit the Use of your Admin Account

The root account is the first account you create when you sign up with a cloud provider. It’s a highly privileged account as it contains access to every aspect of your cloud network. If this account is compromised then your entire cloud network is at the mercy of hackers. And this is why you need to limit usage on this account to only the most necessary tasks e.g. do not use the root account for general day to day tasks that put you more at risk of being infected by malware etc.

Check the Encryption Methods

Security moves at a rapid pace and the level of encryption that is now available on cloud networks such as TLS-based encryption is fantastic. Unfortunately, there are also plenty of cloud networks that still operate with less security encryption methods such as the SSL protocol. To minimize the risk of your cloud account becoming compromised, you need to investigate the encryption method used on your network. If it’s even slightly outdated, then it’s time to upgrade.

Restrict the Availability of Sensitive Information

The beauty of cloud storage is that it can be accessed from anywhere, so this opens up your data to a much larger audience if you grant them access to it. While this allows you to collaborate with other organizations and remote employees much more easily than ever before, it also puts your data at risk. Your organization needs to bear this in mind and access controls need to be thoroughly thought through to prevent sensitive data being accessed outside of your organization. Ensure that your employees are aware of the open nature of cloud networks when saving data to such public drives.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

LoJax Malware is Persistent and Highly Dangerous

LoJack, LoJax, Ophtek, Russian Hackers, Security Threats, , , ,
12
Feb 2019

Most malware can be eradicated once its DNA has been analyzed and solutions are developed by security experts, but what happens when it can’t be combated?

Unkillable malware may be a rare phenomenon, but it’s a reality that could become increasingly common. And when we say unkillable, we mean that the malware itself simply can’t be removed from a PC. You can replace hard drives and reinstall Windows, but the malware will remain on the PC. The disruption this can cause is immense and presents a serious threat to productivity for any organization affected. Although these forms of malware are currently rare, it’s likely that advances in technology and the skills of hackers could see their popularity increasing.

A recent strain of unkillable malware is LoJax, so we’re going to take a look at this and see what lessons we can learn.

The Unkillable LoJax

The origins of LoJax go all the way back to 2008 and, surprisingly, it all started with a piece of anti-theft software named LoJack. The LoJack software helped to protect PCs by working its way deep inside the Unified Extensible Firmware Interface (UEFI). Much like the traditional BIOS, UEFI helps to connect a PCs operating system to its firmware and is the first program that runs at startup. LoJax has taken the advanced technology of LoJack and modified it so that it can remain hidden deep within the workings of a PC.

And no matter what changes a user makes to their PC – be it software or hardware related – LoJax will retain a presence on that PC. Not only will LoJax be able to continually execute tasks in relative safety, it will also be able to keep up communications with remote command and control servers. This allows updates to be issued alongside new tools and pieces of malware. Clearly, LoJax is a particularly insidious and persistent threat to your PC.

First discovered in early 2018, LoJax has lived up to its reputation as unkillable and continues to wreak havoc several months later. Worst of all, many of the command and control servers are the original ones that were setup by the hackers. Usually, these C&C servers have to be regularly relocated and updated to thwart the efforts of security experts. However, underlining their ‘unkillable’ credentials, the hackers have been able to continue using their original setup without any resistance.

Are You Safe from LoJax?

It’s believed that LoJax was develop and created by the Russian hacking group Fancy Bear who appear to be in collusion with the Russian government. Accordingly, any industry is at risk from unkillable malware due to the lack of stability this can bring to an economy. At present, the only real advice for infections with LoJax is to wipe/replace the hard drive and carry out a complete reflash of the motherboard hardware. Even then there remains a risk that LoJax will remain on the PC and the simplest solution is to replace the entire system and start from scratch.

LoJax infections remain relatively rare, but the more pressing concern is that unkillable malware is being developed and released into the wild. This points to a future where increased security is more important than ever, so ensuring your organization adheres to best security practices is vital.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Vidar and GandCrab Combine for a Double Attack

Ophtek, Security, Security Threats, vidar, , , , ,
05
Feb 2019

One set of malware is bad enough for most organizations to deal with, but what should they do when they’re hit with two sets at once?

Hackers are constantly trying to breach the defenses of PC users, but it’s not easy for them to succeed. Defenses are constantly improving and PC users are becoming more technically minded when it comes to hacking. Attacks, therefore, need to be cleverer and more aggressive for hackers to succeed. And one of the newest threats to PC defenses is a combined attack which teams up multiple forms of malware to pack a devastating punch.

In particular, reports are coming in that hackers are combining the data miner Vidar alongside the GandCrab ransomware to maximize their chances of success. And it’s proving to bear fruit for the hackers, so it’s crucial that you understand the risk.

The Double Whammy of Vidar and GandCrab

The combined attack of Vidar and GandCrab was identified by Malwarebytes Labs who observed that the hack first installs Vidar and then proceeds to strengthen the attack with GandCrab. Using malicious advertising software, the hackers expose users to an exploit kit (usually Fallout) which targets vulnerabilities in specific apps. Once this exploit kit has been executed, Vidar is installed on the infected PC and proceeds to mine user data such as communications, digital wallet info and login details.

This attack is bad enough, but the victim things are about to get worse as Vidar is capable of downloading additional malware. Using a command and control center to receive and transmit data, Vidar will, after a minute of its own installation, download and execute the GandCrab ransomware. It’s true that Ransomware has, to a degree, fallen out of favor with hackers over the last year, but it still has the potential to cause severe disruption for organizations. Encrypting files and then demanding a ransom will stifle the productivity of any organization effected, even if backup copies are available.

Protecting Your Organization from Vidar and GandCrab

It’s clear to see that the two headed attack of Vidar and GandCrab is particularly nasty and one to watch out for. In order to understand how to protect your organization from this threat, you need to understand how this attack is able to take place. As ever, that age old favorite of unpatched software is squarely to blame and, on this occasion, it’s Adobe’s Flash Player and Microsoft’s Internet Explorer.

Anti-malware software is now capable of detecting Vidar when it’s found within your PC, but the easiest option for any organization is to avoid allowing it access in the first place. One of the keenest security practices to adhere to is the installation of software patches as soon as they become available. Sadly, this task is often superseded by more immediate, pressing matters and this grants hackers more time to detect and exploit these vulnerabilities. However, with what is usually just a few clicks of a mouse, protection from potential security threats can be implemented by immediately installing patches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More