October 2020 - Ophtek

The Malware That Cannot Be Deleted

Kaspersky, malware, Ophtek, Security, Trojansmalware, Ophtek, security, trojanOphtek, LLC

Oct 2020

Removing malware threats from your PC is the simplest way to keep it safe from the attentions of hackers. But what happens when you can’t delete it?

Anti-malware software is fantastic at providing you with a means of removing malware from a PC. It can quickly scan your PC for threats and delete them with the minimum of fuss. But the ease with which malware can be removed has provided hackers with an appetizing challenge. What if they could create a strain of malware which couldn’t be deleted? It’s been the holy grail for malware developers since the first virus was created. And it’s a quest which has now been achieved.

A form of malware that cannot be deleted presents many problems for PC users, so let’s take a look at what it consists of.

The Invincible Malware

The unnamed malware was recently discovered by security giants Kaspersky and has left even them scratching their heads at its origin and construction. What they do know is that it’s a highly persistent threat and one that has been designed to resist deletion. It succeeds with this strategy as, rather than targeting a PC’s hard drive, it focuses its attack on a PCs motherboard. In particular, this new malware targets PC’s Unified Extensible Firmware Interface (UEFI). The approach of exploiting the UEFI is novel as it is involved in booting up a PC. Therefore, it is separate from your hard drive and will remain untouched by any operating system reinstalls.

Once the UEFI malware is in place it acts much like any conventional malware. Its first task is to create a Trojan file in the Startup folder under the name of IntelUpdate.exe. Without some in-depth investigation, the average PC user is unlikely to know this is even present. But even if it is noticed, and a user decides to delete it, the IntelUpdate app will simply reinstall once the PC is rebooted. And it’s an app which will cause your PC further troubles. IntelUpdate will not only install further malware, but it will spy on your PC activity and transmit data and files back to a command and control server which appears to be located in China.

How Do You Defeat the Undeletable?

The prospect of a malware strain which cannot be deleted may leave you wondering how you can ever be protected from it. Thankfully, it can be deleted, but not by conventional means. Security tools are now available from firms such as Kaspersky and Microsoft which scan firmware on PCs. It’s recommended that you upgrade your anti-malware tools to include this option to counter this new attack strategy. The means by which this latest malware is spread is currently unknown, but it’s recommended that you follow these security tips to maximize your defenses:

· Install all updates and patches as soon as your PC prompts you to do so · Practice vigilance when dealing with incoming emails which contain attachments and links · Make sure that your workforce understand how to create strong passwords

For more ways to secure and optimize your business technology, contact your local IT professionals.

How to Train a Non-Tech Employee to Use a PC

Non-Tech Employee, Ophtek, PC Training, Training TipsNon-Tech Employee, Ophtek, PC Training, Training TipsOphtek, LLC

Oct 2020

We take it for granted that every employee knows how to use a PC, but this isn’t always the case. Particularly if it’s a non-tech employee.

As our workplaces and industries have become more computerized, the need for PCs has increased. And this need is one which has spread to almost every corner of the workplace. Therefore, employees that haven’t previously needed to use a PC are now being asked to use one. For example, warehouse staff and engineers may now need to detail their workload digitally for other departments to access it quickly. However, for this to be achieved effectively, these new PC users need to learn how to use a PC.

This may sound like a mountain to climb, but if you know how to train them correctly then it becomes much easier.

Training Tips for Non-Tech Employees

Everyone learns at a different pace and responds to different techniques, but the following tips should help you get everyone off to a good start:

Don’t Get Technical: As with all forms of learning, it’s best to keep things as simple as possible. An employee who is new to using a PC doesn’t, for example, need to understand the importance of BIOS in the startup process – all they need to know that this is how the PC begins to access Windows. The complex and technical nature of the workings of a PC will be like a foreign language to new users, so it’s crucial you don’t make the learning process intimidating.
Start with the Mouse: The mouse is the most commonly used tool on a workplace PC and it’s important you start your training with this. Your employee will need to learn how to navigate around the PC and, from the very start, this will involve the mouse. It may seem intuitive and natural – for us – to know when to left click, right click and double click, but to a beginner this is a world of uncertainty. Once they are trained into how they use a mouse they have the tools to start moving forwards.
Provide Demonstrations: It may be possible, in theory, to learn how to use a PC from written materials, but we all know how hands-on a PC is. And that’s why you will need to ensure that all training involves a demonstration. With a trainer on hand to, for example, demonstrate the basics of updating a spreadsheet, your trainee will feel more confident in completing this task themselves and be able to ask questions.
Do Not Overload on Training: You can’t teach an employee all they need to know about using a PC in one session. There’s simply too much. And, in fact, too much learning at once is detrimental when it comes to learning new skills. Thankfully, it’s unlikely that your employee will be going straight from paper-based working to using a PC. There will be a transition period and it’s vital that you schedule training sessions that are light, yet regular to help embed them into their new work environment.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Zerologon is the Latest Microsoft Vulnerability

Ophtek, patches, PC Security, Windows vulnerability, ZerologonOphtek, patches, security, vulnerability, ZerologonOphtek, LLC

Oct 2020

Microsoft may be one of the leading names in PC technology, but hackers have recently exposed their Zerologon vulnerability.

A vulnerability is a flaw within a PC which can be exploited and used to gain access to the PC in question. These vulnerabilities can be found in both software and hardware, so pretty much everything on your PC is at risk. Thankfully, the majority of your PC’s apps and components will be secure. But PCs are complex pieces of machinery. The sheer amount of coding involved means that it’s inevitable that mistakes will be made and gaps not plugged. And this is what hackers spend half their lives looking for.

Protecting your PCs is a crucial part of any organization’s security, so we’re going to take a closer look at the Zerologon vulnerability.

What is Zerologon?

Zerologon is not an app or piece of hardware that you will find in your PC, it’s simply the name that has been assigned to this new vulnerability. To understand what the Zerologon flaw is would require degree-level knowledge of how PC software works. But we can describe it in layman’s terms. If a PC is logging on to a specific type of server – one that uses NT LAN Manager – then it performs a specific logon process. But where part of the code behind this logon should contain a random number it actually contains four zeros. And it’s these four zeros that give the vulnerability its name.

How is Zerologon Exploited?

Hackers can exploit the Zerologon flaw within seconds as the number of encryption keys needed to decipher the four zero text is relatively small. With access to a PC account secured, the hacker is then able to begin changing passwords within the network. It’s a strategy which, as well as being quick, also grants full control of the PC. This means that a hacker with unauthorized access has the potential to start injecting malware – such as ransomware – onto the network. And this is where your problems will really begin.

Can You Patch Zerologon?

The good news is that Microsoft has quickly released a patch to address the Zerologon vulnerability. Installing this patch should be labeled a priority to protect your organization’s network. The average time taken on install a patch is between 60 – 150 days which is far too slow. All it takes to install the Zerologon patch is a few seconds, so there are few excuses for delaying it. The best rule of thumb, when it comes to patches, is to install them immediately to nullify any threats.

Final Thoughts

As long as software and hardware is being designed then there will be flaws in their build. Designers are only human and mistakes will happen. Vulnerabilities may be inevitable, but your networks don’t need to fall foul of them. While a PC user will be the last party to know about the emergence of a threat such as Zerologon, they can help their case by installing any patches as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Different Types of Malware to Look Out For

botnets, fileless malware, malvertising, malware, Ophtek, Ransomware, spywarebotnets, fileless malware, malvertising, malware, Ophtek, ransomware, spywareOphtek, LLC

Oct 2020

The world of malware is a complex one due to the sheer variety of forms it can take. And it’s these differences which make it difficult to deal with.

The term malware is generally used as an all-encompassing term to describe a piece of malicious software. But, over the years, many different strains of malware have emerged as hackers evolve their tools and techniques. These strategies are often put into action to help avoid detection, but sometimes these new strains are the result of changes in technology.

Regardless of the reasons for developing a new malware variant, the end result is the same: a threat to your PC.

It’s vital that these threats are countered to protect your networks and your data; the best way to secure this safety is by understanding the different types of malware.

Identifying the Most Common Malware Variants
It’s difficult to put a precise number on all the malware strains that are out in the digital wild, but these are five of the most common forms:

1. Ransomware: One of the most debilitating forms of malware, in terms of finance and productivity, ransomware has generated many headlines over the last few years. It’s a type of malware which infects PCs and encrypts crucial files. The only way to decrypt these locked files is by paying a ransom, usually demanded in an untraceable cryptocurrency, in order to obtain a key for their release.

2. Malvertising: We all find online adverts irritating, but usually all we have to do is either close or mute the advert. With malvertising, however, things are more sinister. A new take on malware, malvertising laces legitimate online adverts with malicious files . And what’s most troubling about this malware strain is that it doesn’t require any user action e.g. clicking on the advert. If the advert runs then the malware is active.

3. Botnets: Hackers like to strengthen their attacks and one of the simplest ways for them to achieve this is by infecting large numbers of PCs. By collecting together whole networks of PCs, a hacker can use these numbers, and associated processing power, to launch large attacks on other networks and websites. These botnets are created through malware attacks and are causing particular problems within IoT networks.

4. Spyware: Data is crucial to organizations and, due to its value, is also highly prized by hackers. Not only can data be used to access secure systems, but financial data is extremely valuable. Therefore, hackers are keen to steal this data; spyware represents one of the easiest methods of achieving this. Once a PC is infected with spyware it’s every action is monitored, logged and transmitted e.g. keystrokes are recorded to reveal sensitive login details.

5. Fileless Malware: One of the more recent developments in malware, fileless variants are exactly what they sound like: no files necessary. Fileless malware sidesteps the traditional route of operating within the hard drive and, instead, works within a PCs memory. This is a clever approach as anti-malware software concentrates on hard drive activity. From the relative safety of a PCs memory, fileless malware leaves little evidence of its presence.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: October 2020

The Invincible Malware

How Do You Defeat the Undeletable?

Training Tips for Non-Tech Employees

What is Zerologon?

How is Zerologon Exploited?

Can You Patch Zerologon?

Final Thoughts