Most malware can be eradicated once its DNA has been analyzed and solutions are developed by security experts, but what happens when it can’t be combated?

Unkillable malware may be a rare phenomenon, but it’s a reality that could become increasingly common. And when we say unkillable, we mean that the malware itself simply can’t be removed from a PC. You can replace hard drives and reinstall Windows, but the malware will remain on the PC. The disruption this can cause is immense and presents a serious threat to productivity for any organization affected. Although these forms of malware are currently rare, it’s likely that advances in technology and the skills of hackers could see their popularity increasing.

A recent strain of unkillable malware is LoJax, so we’re going to take a look at this and see what lessons we can learn.

The Unkillable LoJax

The origins of LoJax go all the way back to 2008 and, surprisingly, it all started with a piece of anti-theft software named LoJack. The LoJack software helped to protect PCs by working its way deep inside the Unified Extensible Firmware Interface (UEFI). Much like the traditional BIOS, UEFI helps to connect a PCs operating system to its firmware and is the first program that runs at startup. LoJax has taken the advanced technology of LoJack and modified it so that it can remain hidden deep within the workings of a PC.

And no matter what changes a user makes to their PC – be it software or hardware related – LoJax will retain a presence on that PC. Not only will LoJax be able to continually execute tasks in relative safety, it will also be able to keep up communications with remote command and control servers. This allows updates to be issued alongside new tools and pieces of malware. Clearly, LoJax is a particularly insidious and persistent threat to your PC.

First discovered in early 2018, LoJax has lived up to its reputation as unkillable and continues to wreak havoc several months later. Worst of all, many of the command and control servers are the original ones that were setup by the hackers. Usually, these C&C servers have to be regularly relocated and updated to thwart the efforts of security experts. However, underlining their ‘unkillable’ credentials, the hackers have been able to continue using their original setup without any resistance.

Are You Safe from LoJax?

It’s believed that LoJax was develop and created by the Russian hacking group Fancy Bear who appear to be in collusion with the Russian government. Accordingly, any industry is at risk from unkillable malware due to the lack of stability this can bring to an economy. At present, the only real advice for infections with LoJax is to wipe/replace the hard drive and carry out a complete reflash of the motherboard hardware. Even then there remains a risk that LoJax will remain on the PC and the simplest solution is to replace the entire system and start from scratch.

LoJax infections remain relatively rare, but the more pressing concern is that unkillable malware is being developed and released into the wild. This points to a future where increased security is more important than ever, so ensuring your organization adheres to best security practices is vital.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


One set of malware is bad enough for most organizations to deal with, but what should they do when they’re hit with two sets at once?

Hackers are constantly trying to breach the defenses of PC users, but it’s not easy for them to succeed. Defenses are constantly improving and PC users are becoming more technically minded when it comes to hacking. Attacks, therefore, need to be cleverer and more aggressive for hackers to succeed. And one of the newest threats to PC defenses is a combined attack which teams up multiple forms of malware to pack a devastating punch.

In particular, reports are coming in that hackers are combining the data miner Vidar alongside the GandCrab ransomware to maximize their chances of success. And it’s proving to bear fruit for the hackers, so it’s crucial that you understand the risk.

The Double Whammy of Vidar and GandCrab

The combined attack of Vidar and GandCrab was identified by Malwarebytes Labs who observed that the hack first installs Vidar and then proceeds to strengthen the attack with GandCrab. Using malicious advertising software, the hackers expose users to an exploit kit (usually Fallout) which targets vulnerabilities in specific apps. Once this exploit kit has been executed, Vidar is installed on the infected PC and proceeds to mine user data such as communications, digital wallet info and login details.

This attack is bad enough, but the victim things are about to get worse as Vidar is capable of downloading additional malware. Using a command and control center to receive and transmit data, Vidar will, after a minute of its own installation, download and execute the GandCrab ransomware. It’s true that Ransomware has, to a degree, fallen out of favor with hackers over the last year, but it still has the potential to cause severe disruption for organizations. Encrypting files and then demanding a ransom will stifle the productivity of any organization effected, even if backup copies are available.

Protecting Your Organization from Vidar and GandCrab

It’s clear to see that the two headed attack of Vidar and GandCrab is particularly nasty and one to watch out for. In order to understand how to protect your organization from this threat, you need to understand how this attack is able to take place. As ever, that age old favorite of unpatched software is squarely to blame and, on this occasion, it’s Adobe’s Flash Player and Microsoft’s Internet Explorer.

Anti-malware software is now capable of detecting Vidar when it’s found within your PC, but the easiest option for any organization is to avoid allowing it access in the first place. One of the keenest security practices to adhere to is the installation of software patches as soon as they become available. Sadly, this task is often superseded by more immediate, pressing matters and this grants hackers more time to detect and exploit these vulnerabilities. However, with what is usually just a few clicks of a mouse, protection from potential security threats can be implemented by immediately installing patches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A new year is here and it’s rich with opportunity, but not just from a business point of view. For hackers, 2019 promises to be a busy and lucrative year.

From enhancements to existing methods of hacking through to completely new approaches, hackers will be doing their best to breach the defenses of organizations all over the world. With methods such as cryptomining rapidly gaining popularity – and generating nice incomes for the hackers – it’s easy to see why hacking is evolving so quickly. If a hacker can design software that gives them just a 1% advantage over their rivals then there’s a good chance they will reap the financial rewards on offer. And that’s why 2019 is going to see significant advances in hacking technology.

However, it’s possible to protect your organization by educating yourself on the five biggest cyber-security threats for 2019.

  1. A Rise in Internet of Things (IoT) Attacks

Despite the headlines regarding IoT device vulnerabilities, little has been done to rectify the flaws. Default passwords are still commonplace across devices and a demand for increased flexibility to work with various operating systems has made IoT devices easy targets. Securing your IoT devices, therefore, is crucial.

  1. An Increase in Biometric Hacking

Biometric passwords such as fingerprint or retina recognition are methods of security which, on the surface, appear to be difficult to beat due to the individual nature of fingerprints and retinas. However, the software behind this technology is much more vulnerable. Flaws in both the software and hardware are likely to be discovered and exploited during 2019, so relying purely on biometric passwords is not a recommended strategy.

  1. Chatbots will Start Phishing

Bots have been present online for decades, but an emerging trend has seen hackers designing chatbots that socially engineer computer users and extract their sensitive data. Computer users are becoming increasingly reliant on chatbots contained within websites for help, so it’s a clever move on the hackers’ part as it allows them to send malicious links direct to users in real time. Educating your staff on the dangers of such interactions will be essential during 2019.

  1. A Major Cloud Hack Will Occur

The amount of data stored within the cloud is immense and it’s surprising that one of the major cloud vendors hasn’t suffered a major hack already. And this is why it’s likely that attacks on cloud vendors will increase in 2019. The cloud, of course, remains a fantastic storage solution, but make sure you’re aware of your vendors security capabilities and retain physical backups of your data.

  1. Botnet Attacks Will Take Down the Internet

Botnets have disabled large sections of the internet before such as the 2016 attack which saw PayPal, Twitter and Amazon taken down. Naturally, this is terrible news for the organizations which have been hacked, but the knock on effect is a decrease in productivity for organizations that rely on these services e.g. accepting PayPal payments. Therefore, identifying the key online services your organization relies on and creating a contingency plan in the event of an attack is vital.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More



Adobe’s Flash Player has had a bad press in recent years due to the numerous security flaws in its design and these problems remain a major issue.

While we frequently worry about the dangers of malware and ransomware, we seem to have forgotten about the security vulnerabilities that are present in software we use every day. Flash has been exposed as having major security flaws in the last few years, so there’s been a tendency to migrate towards HTML5 code which is similar to Flash and much more secure. However, many people still use Flash online, so it’s likely that your organization will come into contact with it on a regular basis.

Understanding how to combat vulnerabilities in Flash is essential for your organization’s security, so let’s try and get a better understanding of Flash’s latest security crisis.

Flash Hits the Headlines Again

On the same day that Adobe released their latest patch for Flash, an independent security expert revealed that they had identified a glaring vulnerability in the software. This security flaw – given the unwieldy name of CVE-2018-15981 – is a curious software bug that has the potential to execute a malicious code through an instance of Flash hosted on a malicious website. Versions of Flash affected are all those up to version 31.0.0.148 and could affect the following browsers: Firefox, Chrome, Edge and Internet Explorer.

Combating Flash Vulnerabilities

The most recent version of Flash (31.0.0.153) is more than safe to use in terms of this recently discovered vulnerability, but the question remains as to whether more vulnerabilities are lurking within it. So, how do you combat the security flaws presented by Flash?

Many browsers, such as Chrome, Firefox and Edge, now insist that users have to manually activate Flash each and every time it’s encountered, but confidence tricks can easily be employed by hackers to disguise this. Flash, of course, is being discontinued at the end of 2020, so many people are simply disabling the software. With only a small minority of websites still using Flash, the loss of productivity from disabling it are considered minimal due to the alternative solutions on offer such as HTML5.

However, many organizations rely on Flash-based websites to complete essential tasks such as online customer portals etc. In these cases, the importance of monitoring crucial software updates and acting on these immediately should be a priority for all IT teams. Many businesses have been caught out on countless occasions due to a lack of care when it comes to installing patches and software updates. While this latest vulnerability does not appear to have been exploited by hackers, it could have easily led to severe data breaches and a drop in productivity for any organization affected.

Final Thoughts

Flash has been present within the landscape of the internet for over 20 years, but it almost feels as though Adobe have barely concentrated on it for the last few years. As a result, Flash has received nothing but negative feedback due to the security flaws present. Naturally, with just two years left in its lifespan, these issues will soon become irrelevant, but for now it’s vital that you regularly install updates or, where possible, disable it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More