Lenovo Laptops Shipped with New Malware Risk

BIOS Vulnerability, Hackers, Lenovo Laptop, Ophtek, , ,
26
Apr 2022

You’d like to think that brand new IT equipment is as malware resistant as possible. But, as Lenovo has discovered, this isn’t always the case.

In a highly embarrassing move for the company, Lenovo has had to issue an announcement that more than 100 of their laptop models are at risk of BIOS vulnerabilities. And remember, Lenovo ship a lot of computers; in the first quarter of 2022, Lenovo shipped 18.3 million units. Therefore, the impact of these vulnerabilities has the potential to be huge.

Sadly, it’s not the first time that Lenovo has found themselves in this situation. A number of rookie errors have been made in the past such as preloading laptops with spyware and the Lenovo rootkit fiasco. Some may argue that a company of this size will always have their mistakes magnified, but the risk posed by these mistakes is significant. Accordingly, it’s important to understand what this risk is and how you can protect yourself.

What is a BIOS Vulnerability?

Once you turn a PC on, the first program to run is BIOS (Basic Input/Output System); its primary use is to start your PC and facilitate the movement of data between an operating system and any devices attached to the system e.g. keyboard, mouse and hard drive. BIOS is a crucial element of getting your operating system up and running; without BIOS, your PC simply won’t work.

We now know what BIOS is, but what does a BIOS vulnerability consist of? Well, a vulnerability is any flaw or weakness in a piece of hardware or software which can give hackers a helping hand. So, for example, with BIOS, there could be an internal control which has been coded in a way that hackers can disable security controls e.g. bypassing security certificates in a piece of hardware. This makes vulnerabilities very dangerous, particularly when the only people aware of them are the hackers.

What Have Lenovo Shipped Their Laptops With?

In total, three vulnerabilities have been discovered on Lenovo’s affected laptops. Two relate to drivers which, despite only being necessary during the laptop manufacturing process, have not been deactivated before shipping. This has granted hackers the opportunity to exploit user privileges and take control of affected machines. The final vulnerability also gives hackers elevated user privileges but also includes local access to the machine.

How Can You Protect Your Lenovo Laptops?

To check if your Lenovo laptop is one of the affected models, you should immediately head to Lenovo’s security bulletin. This will list the full range of models at risk and, thankfully, links to a patched copy of the BIOS firmware. Installing this will render the vulnerabilities redundant and ensure your laptop is safe.

Final Thoughts

Designing a PC is complex and it’s almost impossible to eliminate every single problem. However, some problems have a higher capacity for disaster. While the type of vulnerability present in the affected laptops is rarely exploited in the wild, the potential for damage remains. As ever, security patches remain the best way forwards with vulnerabilities, so ensure these are always installed as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Ophtek CEO Presenting at 3 Conferences in 2022 on Cyber Security

Cyber Security, Cyber Security Conference, Ophtek, Russian Hackers, , ,
19
Apr 2022

Ophtek’s expertise and authority within the world of cybersecurity will be demonstrated at three cyber security conferences in 2022.

Every modern organization should prioritize IT as one of the most crucial elements of their day-to-day operations. Without suitable IT infrastructures in place, an organization’s scope for communication, productivity and security will be severely limited. Accordingly, Ophtek strives to turn these business aspirations into a reality for their clients. Ophtek’s success in this field has been the result of investing in talented employees and the careful stewardship of CEO Arash Shokouh.

The experience and knowledge that Ophtek has amassed over the last decade is invaluable. It’s a commodity which is severely in demand as, now more than ever, businesses need help navigating their way through cyber security issues and understanding the best IT practices to maximize productivity. And that’s why Arash Shokouh has been asked to present at three conferences in 2022 on cyber security.

Statement by President Biden on our Nation’s Cybersecurity.

A recent announcement from President Biden on the importance of Cyber Security highlights these issues:

“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.  I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.” Read his full statement here..

Cybersecurity and Infrasctucture Security Agency.

Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks.  For more information..

Where Will Arash Be Presenting?

Arash is due to speak at the following three conferences in 2022:

Given Arash’s diverse background as an inventor, holder of BS and MS degrees in computer engineering, status as a part-time professor in computer engineering and, of course, ownership of Ophtek, he is perfectly placed to share his wealth of cyber security knowledge.

Given the current landscape of cyber security, where ransomware and malware represent major, significant threats, Arash’s presentations will focus on addressing these issues and pointing towards a safer, more secure future for organizations. In particular, the content will be focused on:

  • Protecting your business from modern cyber threats and technology
  • Cyber security best practices for individuals and businesses
  • The future of IT best practices
  • Addressing cyber security compliance

The cumulative insights provided by these presentations promise to impart a strong understanding of cyber security to forward thinking businesses and Arash cannot wait to share his knowledge.

Read More

Email Threads Are Being Hijacked to Spread Malware

attachments, email links, fake emails, Hijacks, multi factor authentication, Ophtek, Updates, , , , , ,
12
Apr 2022

A new method for spreading malware online has been discovered, and it involves taking advantage of email threads to deploy malware loaders.

Email threads can quickly build, especially if there are more than two participants. As such, it can be difficult to keep up with who is saying what and, crucially, who is attaching files to the thread. Accordingly, this creates the perfect scenario for threat actors to get involved and turn the situation to their advantage. And, as a result of a vulnerability in Microsoft Exchange servers, this is exactly what has been happening.

If you work in any modern organization, the chances are that you use email on, at least, an hourly basis to keep up to date with the rest of the world. Therefore, this new threat is one that you need to understand.

How Email Threads are Being Hijacked

This latest campaign is particularly deceptive and relies on the presence of unpatched Microsoft Exchange servers. This email service is commonly used by businesses to synchronize email between an Exchanger server and an email client e.g. Outlook. The vulnerability offered up by these unpatched servers allows hackers to harvest login credentials; the threat actors are then presented with the opportunity to illegally access specific email accounts. Once they are logged in, the hackers can view all the email threads that the account is involved with.

By viewing the various email threads, the hacker can then decide which is best to launch their attack through. All they have to do is choose an email thread and start replying to it. More crucially, they will also attach some infected attachments. These are packaged within a ZIP archive and comprise an ISO file which contains both a DLL file and an LNK file. Once the LNK file is activated, it will run the DLL file and activate the IcedID malware loader. IcedID is a well-known banking trojan which can steal financial information, login credentials and start the installation of further malware.

Protecting Your Emails

First and foremost, it’s vital that you install new updates as soon as they are available. This will instantly minimize the chances of vulnerabilities being exploited on your network. Fail to implement these upgrades, however, and you could fall victim to attacks such as the one we have been discussing. In addition to this, it also pays to take notice of the following:

  • Verify Any Email Attachments: if, in the middle of an email thread, a suspicious file attachment suddenly appears, verify it with the person it appears to have been sent by. However, do not do this over email; if the email account has been compromised then the hacker will simply confirm it is genuine. Instead, speak in-person or over the phone to the sender to get confirmation.
  • Use Multi-Factor Authentication: one of the simplest ways to reduce the impact of stolen login credentials is by strengthening the login procedure with multi-factor authentication. This approach will provide an extra layer of security and ensure that any threat actors will struggle to navigate their way through it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Cyber Attacks Increase After Russia Invades Ukraine

cyber attacks, Hackers, Ophtek, Russian Hackers, Security, Ukraine, , , , ,
05
Apr 2022

The Russian invasion of Ukraine has created headlines around the world; one of the lesser-known stories to emerge has been the increase of cyber attacks.

Numerous aspects of life have changed since Ukraine was invaded by Russian forces at the end of February. Alongside the military attacks and breakdown in social infrastructure that Ukrainians have had to contend with, there have been consequences for those outside the region as well. Supply chains have broken down, the price of fuel has risen and there is widespread skepticism over global peace. And, with the internet being such an integral part of modern society, there has been a notable rise in the number of cyber attacks occurring.

An Escalation in Cyber Attacks

The ensuing chaos of a war being waged on European soil and the military might of Russia has created the perfect environment for cyber attacks to thrive. Not only has Russia been accused of using cyber attacks as part of their campaign against Ukraine, but hackers have turned the situation to their advantage by exploiting concerns over the conflict.

As early as February, Ukraine was experiencing significant attacks on its defense ministry and two major banks. These DDoS attacks were used to temporarily take down websites associated with the targets and cause panic and certainty in financial and government sectors. Within 48 hours of the conflict breaking out, it was reported that an increase of 800% in the number of cyber attacks originating in Russia had been observed. There has also been a notable increase in attacks against Ukraine from groups allying themselves with Russia, the Stormous hacking group, for example, announced that they intended to target Ukrainian organizations with ransomware.

Independent hackers have also taken advantage of the conflict to boost the emotional credentials of their campaigns. With emotions and sympathies running high across the world, hackers have exploited these concerns by using Ukraine as a key email subject to increase engagement. Spam email campaigns have also been modified to use the Ukraine conflict as emotive honeypot used to trick recipients into making donations to false organizations.

How to Prepare for Spillover Attacks

While most of these attacks have targeted organizations in Ukraine, it’s likely that these attacks will soon spillover into allies of Ukraine and, eventually, any PC on the planet. As such, it’s crucial that you remain on your guard and observe the following:

Any source of conflict has the potential to cause uncertainty in the digital landscape and, with the Russia/Ukraine conflict expected to be in place for some time, it’s vital that you protect your IT infrastructures. Not only will this maintain IT continuity, but it will provide support for organizations in Ukraine.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More