US Companies Targeted by Black Basta Ransomware

Black Basta, Cyber Security, Ophtek, RaaS, Ransomware, , , ,
27
Dec 2022

Companies in the US have recently found themselves under attack by the Qakbot malware, a campaign leading to numerous infections by Black Basta ransomware.

Black Basta is a ransomware group which first entered the digital waters in April 2022. Positioned as a Ransomware-as-a-Service (RaaS) group, Black Basta have been very busy in the months following their initial detection. Their attack strategy tends to focus on specific targets rather than hitting thousands of targets and hoping that some fall victim. Primarily, Black Basta have been observed to be using malware such as Qakbot and exploits including PrintNightmare to gain an initial point of entry to PC networks. From here, they ratchet up the chaos by installing ransomware.

Due to the financial risk associated with ransomware, it’s crucial your IT infrastructure is on high alert when it comes to the Black Basta attacks.

The Lowdown on Black Basta’s Campaign

At least 10 US-based companies have been attacked by Black Basta’s campaign in the last two weeks, and at the heart of its attack is a double-extortion method. Essentially, this strategy involves taking a standard ransomware attack (encrypting files and demanding a ransom) and adding further weight by threatening to publish the encrypted data on the dark web. Naturally, this is considered a very serious and aggressive threat, but exactly how does Black Basta take control of these networks in the first place? By launching a spear phishing attack, Black Basta is able to deliver a malicious disk image to unsuspecting victims which, if opened, activates Qakbot. This malware is then used to connect to a remote server and distribute Cobalt Strike, a legitimate piece of software which threat actors can use to set up numerous ‘beacons’ on a network. Once these beacons are established, Black Basta begins to steal credentials and launch ransomware attacks on the compromised network. A number of instances have also arisen where users are completely locked out of their network.

How to Protect Against Black Basta

This is far from the first ransomware attack to be launched, but it is considered a significant threat to PC users and the finances of organizations. Therefore, protecting your IT infrastructure against the Black Basta threat actors must be a major priority. As with most ransomware attacks you should be carrying out the following:

  • Be aware of social engineering: spear phishing attacks, such as those deployed by Black Basta, are incredibly deceptive and have the potential to hoodwink even the most vigilant employee. However, if your employees are encouraged to always take time to double check emails – e.g. links, uncharacteristic writing styles and unusual requests – then you will reduce your risk of falling victim to spear phishing.
  • Make multiple backups of your data: many organizations are forced into paying ransomware demands as it’s the only way to retrieve their valuable data. Backing up your data to multiple sources, however, ensures you have a copy of this data preserved. As a result, you can ignore the hackers’ demands and keep your finances looking healthier.
  • Install all updates: attacks similar to Black Basta’s recent campaign are often attributed to software vulnerabilities – such as the PrintNightmare exploit – so it makes sense to make sure all updates are installed as soon as they are available. It may feel like a small step to take, but it provides your IT network with a serious security boost.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Middle East Countries Targeted by World Cup Malware

Hackers, malware, Ophtek, Phishing, World Cup, , , ,
20
Dec 2022

The World Cup has arrived and, as ever, it is creating headlines around the world, but it’s also creating numerous opportunities for hacking groups.

Fair play should be at the heart of everything taking place on the pitch during the World Cup, which is being held in Qatar, but matters off the pitch are slightly different. Threat actors thrive on a good opportunity and the popularity of the World Cup – over 3.5 billion people watched the last World Cup final in 2018 – makes it full of potential. And it’s an opportunity which hackers have taken advantage of, with a string of malware campaigns launched before the first ball is kicked.

While these attacks have, so far, mostly targeted countries in the Middle East, it’s likely these efforts will spread globally as the tournament progresses. Therefore, you need to understand the tactics that the hackers are following.

Football Phishing Attacks Hit the Middle East

Security researchers at Trellix have discovered, in the lead up to the World Cup, a significant increase in the number of phishing attacks hitting the Middle East. These phishing campaigns have been shown to be unashamedly cashing in on the interest in the World Cup, with many of the emails claiming to originate from either departments within FIFA or even from specific team managers.

The emails being delivered to unsuspecting victims are used to tempt the recipients into clicking links which, for example, promise to take them to payment pages for match tickets. However, the true destination of these links are malicious websites. As with most malicious websites, the potential for risk is very high, and the websites involved in this latest attack have been found to be housing malware such as Emotet, Qakbot, Remcos, Quad Agent and Formbook. All these malware strains have the potential to harvest data and gain remote access to infected PCs.

How To Defend Against the World Cup Malware

Whilst the malware at the heart of this campaign may not be the most dangerous ever seen, the fact remains that it is malware. And all malware should be considered a major problem for your IT infrastructure. Accordingly, protecting yourself against these phishing campaigns, and any others in the digital wild, is paramount for your cybersecurity. Therefore, make sure you adopt these tactics into your team:

  • Analyze every email: if an email sounds too good to be true, it’s likely it is. Say, for example, you receive an email from a manager of one of the World Cup teams, it’s unlikely they would be contacting you directly. Likewise, if you receive an email regarding payment for something you’ve never ordered – such as World Cup tickets – you should be equally suspicious.
  • Use an anti-malware suite: one of the best ways to protect your organization is by installing an anti-malware suite. This is a collection of tools which provides protection against malicious websites and emails by evaluating their risk level as well as monitoring network connections and installing a firewall.
  • Install all updates: you can maximize your security by ensuring that all software updates are installed and in place. Taking this crucial step will maximize the security of your IT infrastructure by protecting you against software vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Tor Snowflake: The Best Way to Beat Internet Censorship

anonymity, Iran, onion routing, Ophtek, Tor Snowflake, , , ,
13
Dec 2022

We live in a world where countries are capable of blocking internet access for their citizens, but Tor Snowflake allows the people to beat this censorship.

A contemporary example of internet censorship can be found in Iran, a country currently undergoing protests and civil unrest due to confrontations with the authorities. To minimize the ‘noise’ of these protests, the government has enacted a series of regional shutdowns of internet services. The aim, it is believed, is to prevent news of the civil unrest reaching the wider world. However, internet access is far from straightforward, and simply hitting the OFF button is, it turns out, not enough to stop those being suppressed from getting online.

What is Tor?

The Tor internet browser has been available for 20 years but has only started making inroads with mainstream PC users in the last decade. Tor’s unique selling point is that it delivers completely anonymous browsing; you don’t even need a VPN installed to browse under a cloak of anonymity with Tor.

Tor achieves its anonymity through the use of ‘onion routing’ and a peer-to-peer overlay network. In simpler terms, Tor provides a series of randomly chosen relay servers (imagine a series of virtual tunnels) which it uses to direct traffic through before reaching its destination. This method ensures that any traffic which passes through it is encrypted. This applies to both the source and destination of the traffic, they are fully concealed from any prying eyes such as your ISP or government departments.

What Happens When Access to Tor is Banned?

Tor may provide a fantastic option when it comes to anonymous browsing, but the authorities are well aware of this. Accordingly, countries such as Iran and Russia have taken steps to block access to Tor. However, these attempts at shutting down access to Tor have been met with innovation in the form of Tor bridges. These bridges allow users to get around national blocks on Tor, but the problem is that the authorities can identify the IP addresses of these bridges and block them.

There is, though, a way to get around the restrictions: pluggable transports. These processes disguise connections to Tor as ordinary internet connections to popular destinations such as Google. The problem with pluggable transports was that they were difficult to set up and implement for your average PC user. Thankfully, an easy-to-use pluggable transport has now been released under the name of Snowflake. And, within seconds, those affected by internet shutdowns can be back online.

How Does Snowflake Work? Tor Snowflake works thanks to volunteers who can provide short-lived proxies on their browser. The volunteers do this by opening their browser up to those who are seeking access to Tor. In between the volunteers and those with restricted internet, a broker sits to facilitate the connection between the two parties. The broker will set up a connection between both parties in a manner similar to the way in which Skype calls are connected. This allows the volunteer to pass the requestee’s traffic to the Tor internet safely and anonymously.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

7 Helpful Tips and Tricks for Windows 11

Enhanced Audio, Focus Assist, Keyboard Shortcust, Ophtek, Snap Layouts, teams, Windows 11, , , , , ,
08
Nov 2022

Each new edition of Windows comes with a range of features to make life easier, and Windows 11 is no different. But do you know all its tips and tricks?

Windows 11 was released in October 2021 and instantly became the go-to operating system for PC owners. With enhanced accessibility, beautiful visual aesthetics, and optimizations in almost every area, it’s easy to see why Windows 11 has proved to be such a success. However, as with any new software, there’s a lot to be learned when it comes to getting the best out of Windows 11. Thankfully, we’ve done the hard work for you and tracked down 7 helpful tips and tricks for Windows 11 which will make life easier.

Enhance Your Windows 11 Experience

Make sure you start incorporating the following tips and tricks into your daily usage of Windows 11 to get the best out of it:

  1. Avoid distractions with Focus Assist: it’s easy to get distracted by notifications on a modern PC, with Teams notifications and Outlook popups being two of the major culprits. The built-in Focus Assist app, however, allows you to minimize and even eliminate all notifications when you need to concentrate.
  • Pin your most used apps: Windows 11 gives you the opportunity to pin your most regularly accessed apps to either your Start menu or taskbar. All you have to do is find the app within your Start menu, right-click it and then select either ‘Pin to Start’ or ‘Pin to taskbar’ for quick access.
  • View all your apps: previously, accessing the Start menu in Windows would have allowed you to view all of your apps at once. However, with Windows 11 the layout is slightly different. If you want to view all of the apps on your PC, you need to open your Start menu and then click the ‘All Apps’ button in the top right corner.
  • Snap Layouts: Microsoft have enhanced the ‘snap and resize’ ability of previous Windows versions by introducing Snap Layouts. This feature provides enhanced options such as hovering over apps and accessing layout options.
  • New keyboard shortcuts: the new features of Windows 11 mean that there are a new series of keyboard shortcuts associated with them:
  • Windows key + c: opens the Teams chat box
  • Windows key + n: opens your notifications center
  • Windows key + a: opens quick settings
  • Windows key + z: opens snap layouts

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

VMware Exploit Allows Hackers to Deliver Malware Package

install updates, malware, Ophtek, Security, VMware Exploit, Workspace ONE, , , , ,
07
Nov 2022

The importance of installing updates has been highlighted by VMware Users who have failed to update and found themselves at the mercy of malware attacks.

VMware is a tech company which specializes in providing both cloud computing services and virtualization technology (such as remote desktop software). Founded nearly 25 years ago, VMware has proved to be highly popular with businesses of all sizes. However, this experience doesn’t mean their software is perfect. In fact, no tech company – not even the biggest ones – can claim to create products which are 100% resistant to threat actors.

And that’s why VMware’s Workspace ONE Access service, an application which allows digital apps in an organization to be accessed on any device, has been compromised. The attack has been declared a significant one, so we’re going to take you through it.

Workspace ONE Compromised

The attack, which was discovered by security experts at Fortiguard Labs, centers around a vulnerability patched by VMware back in April 2022. However, this attack is still targeting this exploit, an indicator that the uptake of VMware’s patch has been poor. As a result, the CVE-2022-22954 vulnerability has the potential to open your PC up to all manner of malware.

If the vulnerability is still present, threat actors have the opportunity to launch remote code execution attacks against an infected PC. With the help of this foothold, the hackers have been able to download a wide range of malware to PCs and their associated networks. Examples involved in this attack have included:

  • Cryptoware
  • Ransomware
  • Software which removes other cryptomining apps
  • Malware used to spread the attack even further
  • Botnets

All of these campaigns are installed and operated separately, indicating that this is a well-organized attack by the unknown threat actors. Activity for the overall campaign peaked in August 2022, but it remains active as it seeks further users of Workspace ONE who have failed to patch their software.

Protecting Yourself Against Software Exploits

The impact of falling victim to the Workspace ONE vulnerability is huge as it attacks its victims on numerous fronts. Not only is there the financial risk of ransomware, but the activity of cryptoware and ransomware is going to seriously eat into the resources of your IT infrastructure. Therefore, you need to make sure you carry out the following:

  • Install all updates: if you are a Workspace ONE user then you need to ensure it’s fully patched and up to date. And, once this is complete, it’s crucial you make sure all your software is patched.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 9