2021 - Page 3 of 10

Fake Amnesty International Campaign Delivers Malware

Fake Amnesty Int'l website, malicious websites, malware, Ophtek, Pegasus spyware, Sarwent malwarefake websites, malicious websites, malware, Ophtek, pegasus spyware, sarwent malwareOphtek, LLC

Oct 2021

The Pegasus spyware has made headlines around the world, but it appears that the anxieties around Pegasus are being used to spread further malware.

The sophistication behind the Pegasus spyware and the near impossibility of detecting, let alone removing, it has proved to be a fearsome combination. Naturally, many users are becoming increasingly concerned that they could fall victim to it. While Pegasus is only being used to target high ranking individuals, the fact that the technology is available means that no one is safe. Concerns are running high and people are desperate to protect themselves.

This anxiety is now being targeted by hackers who have designed a malicious website which, far from offering protection, is packed full of malware.

The Malicious Website

The website in question has been set up to resemble that of the global humanitarian group Amnesty International. Hosted on this fake website is an application which claims to be an antivirus program capable of protecting users from Pegasus. However, this application is nothing more than a sham. Instead, users will find that they are downloading a strain of malware known as Sarwent. Active since 2014, the Sarwent malware may look like antivirus software, but it’s more concerned with setting up backdoor access, stealing data and accessing users’ desktops.

This version of Sarwent appears to have had its source code tinkered with to make it more effective. It immediately records information about the infected user – such as operating system, system structure and whether antivirus software is installed – and then begins receiving commands from a remote system. Hackers are gifted the opportunity to download further malware, transmit confidential nature to external users and take control of users’ PCs. The attacks have been detected globally with the US, UK, Russia and India all being affected.

Avoiding the Threat of Sarwent

The strategies and methods of attack employed by Sarwent have the potential to cause major damage. While it may not be quite as dangerous as Pegasus, it represents a significant headache to anyone who falls victim to it. You can avoid these IT disruptions by implementing these best practices:

Don’t Download from Unknown Sources: Malicious websites on the internet run into tens of millions and act as major security risks. Allowing employees to download software from unknown sources is a dangerous privilege to have in place. As the fake Amnesty International website has demonstrated, it’s easy to be manipulated into downloading dangerous software. Minimize the availability of download privileges within your organization to maximize security.

Learn How to Identify Malicious Websites: Key to avoiding malicious downloads is by understanding how to identify a malicious website. Always read URLs carefully to confirm whether it is the website it claims to be – spelling mistakes are a classic giveaway. Always hover your mouse over any embedded links to verify where the link will actually send you to. And, remember, if it sounds too good to be true then it probably is. Pegasus is a sophisticated spyware tool and is unlikely to be solved by a basic antivirus app.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How Do You Secure a Server Room?

lock server room door, multi factor authentication, Ophtek, secure racks and cages, secure server room, server room video surveillance, Serverslock server room door, multi factor authentication, Ophtek, secure racks and cages, secure server room, servers, video surveillanceOphtek, LLC

Oct 2021

The backbone of any IT infrastructure is always the server room. It’s here that your most crucial IT tasks will be processed. And it needs to be secure.

A server room is a dedicated area within an organization which is used to house networking devices and storage servers. These are used to provide your business with the fundamentals of a fully functioning IT structure in the 21^st century. But, as with all elements of IT, security is paramount. The data storage, alone, represents a rich source of intrigue to outside parties. And the networking solutions contained within a server room offer a shortcut deep into an organization. The potential damage from a server room breach, therefore, is huge.

Securing Your Server Room

It’s important that you secure your server room to protect both yourself and your customers. Thankfully, it’s straightforward once you understand the basics of server room security. Make sure you carry out the following:

Always Use Locked Doors: The simplest step you can take to secure your server room is by ensuring that its doors are lockable. Using locks will instantly reduce access to a select few. And it’s vital that access is only allowed to those who need access. Your receptionist, for example, should have no need to hold a key to the server room. And neither should the marketing team. But your IT team should all have access to allow them to investigate any server issues.

Use Video Surveillance: A locked door may stop people gaining access to a server room, but it doesn’t necessarily stop people from trying to gain access. Intruders – or even rogue employees – could easily try to force their way in or pick the lock. The presence of a security camera, however, will not only act as a major deterrent, but it will monitor any attempts – no matter how minor – to breach the server room.

Secure Racks and Cages: The best way to organize your storage and networking servers is by using racks and cages. These structures will allow you to neatly store your devices and locate them quickly for maintenance. But these racks and cages need to be secure. Aside from the confidential data stored on these devices, the equipment typically housed in racks and cages is expensive. Accordingly, you will need to secure these housings to minimize the risk of your server equipment leaving the premises.

Multi-factor Authentication: One of the strongest security measures you can implement involves multi-factor authentication. The need for a key, for example, is a fantastic way to provide security. But what if you doubled this up with the need for a credential card or even a biometric input? This strategy minimizes the problems that can arise when a key is lost or stolen. Naturally, it may seem time consuming and expensive, but the enhanced security provided by multi-factor authentication is more than worth it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Form of Malware is Sneakily Avoiding Detection

anti malware, Cyber Security, malware, OpenSUpdater, Ophtek, PC Security, PhishingAnti- malware, Cyber Security, malware, Ophtek, OpthSUpdater, PC Security, phishingOphtek, LLC

Sep 2021

Anti-malware tools provide a firm level of defense against hackers, but what happens when the malware can bypass detection tools?

Around 300,000 new pieces of malware are created daily, so it’s important that we can protect ourselves against this constant threat. Anti-malware tools such as Kaspersky and even in-built Windows security systems are crucial for providing this protection. Accordingly, you should find that your systems remain protected for most of the time. However, hackers are industrious individuals and are constantly looking to evolve their techniques. As a result of this ongoing adaptation, it appears that hackers have found a way around current detection methods.

The threat comes in the form of the OpenSUpdater and is one that you need to take seriously.

What is OpenSUpdater?

Digital signatures are used online to demonstrate that code is legitimate and accepted by Windows security checks. They are an important part of online security, but this has made them a viable target for hackers. In the case of OpenSUpdater, their online code samples are carrying manipulated security certificates which, despite these manipulations, are passed as authentic by Windows. More importantly, security tools which use OpenSSL decoding are unable to detect these malicious changes.

OpenSUpdater is free to bypass security measures and avoid being labelled as malware which is quarantined and deleted. The malware’s main method of attack is through riskware campaigns. This involves injecting malicious ads into the browsers of those infected and downloading further malware. The majority of targets so far have been found in the US and the malware typically bundled in with illegal downloads such as cracked software.

How Can You Protect Against OpenSUpdater?

This latest malware threat was detected by Google’s security researchers and has since been reported to Microsoft. A specific fix has not been announced yet, but hopefully something will be implemented shortly. In the meantime, however, it’s vital that you take steps to protect yourself. In particular, make sure you focus on the following:

Minimize User Privileges: There’s no real need for employees to be downloading software onto their workstations. All the tools they need should be readily available. However, some employees are likely to be tempted by things they see online, particularly the promise of quick fixes. The best way to reduce the risk of downloading malware is by eliminating download privileges for all but the IT team.

Educate on Phishing Techniques: Phishing is a dangerous hacking technique which uses email to push social engineering attacks. By instilling a threat of urgency to act upon an email’s call to action – such as ‘click here to download a vital security tool’ – hackers are able to deceive victims into downloading all kinds of malware. Thankfully, through continued training, your employees should be able to recognize phishing emails quickly and hit the delete button even quicker.

Do Not Abandon Detection Tools: Despite the ability of OpenSUpdater to bypass detection tools, this does not mean that these tools should be resigned to the scrapheap. They still play an essential role in providing digital security options and should remain in place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Fix a Frozen PC

Frozen PC, Ophtek, overheated hard drive, reboot, task managerfrozen pc, Ophtek, overheated pc, Reboot, task managerOphtek, LLC

Sep 2021

Nothing halts your productivity like a frozen PC. It’s one of the most frustrating problems a PC user will face. But you can easily solve it.

Even the most basic PC will be a complex piece of machinery. Not only are there the electrical and mechanical elements of the hardware, but the software is also at risk of developing problems. Accordingly, a PC can soon run into a major issue. And one of the most common symptoms of this is a frozen PC. No matter how many times you click your mouse or tap at the keyboard, there simply isn’t any response. Your productivity will instantly stop, and you will become highly frustrated. No one wants this, but what’s the answer?

How Can You Unfreeze Your PC?

It’s important to rectify a frozen PC as soon as possible to ensure you can continue being productive. The best ways to successfully solve this are:

Wait: The first step you should take is to wait and be patient. A workplace PC can suffer all many of issues due to drops in network speed and intensive usage across the network. Therefore, the occasional hold up is a real possibility. If, after two to three minutes, your PC remains frozen then it’s likely there is a need to explore further solutions.

Check for Overheating Issues: Once a PC begins to overheat, it will struggle to run correctly. As the heat builds up – and the processor is put under more and more strain – the PC will gradually start slowing down until it freezes. The cause of this could be down to poor ventilation or a build-up of dust. Make sure that there is plenty of ventilation around the PC and that all ducts are cleaned of dust. Following these steps, make sure that the PC is turned off for five minutes before rebooting.

Access Task Manager: Sometimes, you may find that only one application freezes. This can be particularly frustrating when it’s one that is in constant use. It’s also likely that you won’t be able to hit the close button due to its lack of response. However, by using Task Manager, you should be able to close it. Just hit the Windows button and type in Task Manager in the start box. This will open the Task Manager which displays all the applications currently running. From Task Manager you can right click on any frozen apps and select the End Task command.

Manual Reboot: If a PC is completely frozen then it’s unlikely that you will be able to initiate any resolutions due to the lack of available options. In these cases, you will need to carry out a manual reboot. This should only be considered as a final option as manual reboots can result in data loss and file corruption. To complete a manual reboot, hold down the power button on your PC until it turns off – this should usually take around five seconds. Leave the machine turned off for a minute until restarting it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Sidewalk Malware Linked to Chinese Hacking Group Grayfly

Cyber Security, Grayfly, Ophtek, Secure Socket Layer, Sidewalk Malware, strong passwords, upgrade softwareCyber Security, Grayfly, Ophtek, secure socket layer, Sidewalk Malware, SSL, strong passwords, upgrade softwareOphtek, LLC

Sep 2021

A new strain of backdoor malware has been discovered and named as Sidewalk. And the hacking group behind it – Grayfly – mean business.

Believed to have major links to China, Grayfly has been launching global cyber-attacks since 2017 and has also operated under the names of Wicked Panda and GREF. With a keen interest in espionage, Grayfly favors attacking public facing web servers. Once they have their foot in the door, the hackers being installing backdoors across the network to maximize their access. The Grayfly group represent a sophisticated threat and show few signs of letting up in their endeavors.

The Sidewalk malware, which appears to be Grayfly’s latest weapon, has been attacking servers in the US, Mexico and Asia. Accordingly, you need to be on your guard.

How Does the Sidewalk Malware Work?

Sidewalk was first discovered in August 2021 when a new piece of malware was detected by Slovakian researchers. Sidewalk, it was revealed, operates by loading plugins into breached systems to search out and log running processes. This information is then transmitted back to a remote server where hackers can analyze the infected servers in forensic detail. The researchers were keen to note that the Sidewalk malware shared many similarities to Grayfly’s previous hacking tool Crosswalk.

Sidewalk has been concentrating its efforts on a number of targets in the US, Vietnam, Mexico and Taiwan. Given the espionage nature of Grayfly’s operation, it comes as no surprise that a large proportion of the victims are involved in the telecoms industry. Grayfly start these attacks by identifying Microsoft Exchange servers which can be accessed through the public internet. With this in their sights, the hackers install a web shell which grants them the opportunity to run administrative commands on the server. From here they can dig deeper into the server and begin harvesting confidential data such as login credentials.

How Can You Protect Your Public Facing Server?

Public facing servers are crucial for any businesses which need to allow the public to access their services are online. However, as the Sidewalk malware has shown, they’re at the risk of cyber-attacks. Nonetheless, you can protect your public facing servers by practicing the following:

Monitor Logins: By using specialist security tools, you can monitor login attempts to your server. These will monitor suspicious activity such as brute force attacks and can block IP addresses suspected of being dangerous.

Only Allow Strong Passwords: Servers need to use strong passwords to thwart the efforts of hackers. Avoid making common password mistakes and always change any default passwords as soon as possible.

Use Secure Sockets Layer Certificates: Your web administration areas should always be protected by a Secure Socket Layer (SSL). These security certificates protect and encrypt information passed between two systems on the internet e.g. a website and a visitor to that website. This ensures that personal data remains secure.

Always Upgrade Your Software: One of the surest ways for a public facing server to become breached is by eliminating vulnerabilities in its design. These weak points allow hackers to gain easy access, so it’s vital these are plugged. Software and hardware manufacturers regularly release firmware and security patches, so make sure these are installed as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 … 10 Next »

Yearly Archives: 2021