September 2022

How Iranian Citizens Accessed the Internet Against the Odds

Freedom of information, Iran Internet, Ophtek, Starlink, Tor, VPNFreedom of information, Iran internet, Ophtek, Starlink, Tor, VPNOphtek, LLC

Sep 2022

Internet networks all over Iran are being shut down amid a series of protests in the country over women’s rights. However, the internet is fighting back.

Following the death of a young woman, who was being held by Tehran’s morality police for not properly wearing her hijab, protestors have been taking to the streets of Iran to demonstrate. Several internet networks already appear to have been closed down, and many services such as Instagram and WhatsApp are unavailable to those on mobile networks. And it’s not the first time that Iran has restricted public access to the internet. November 2019 saw a complete shutdown of the internet in Iran, again following protests in the country.

But the beauty of the internet is that it’s innovative and capable of adapting to any situation. As a result, the people of Iran have the chance to circumnavigate the restrictions put in place by their government.

How is Iran Accessing the Internet

To provide Iranians with freedom of speech, several groups have ensured that internet access in Iran is a reality. The main methods of access to get around the internet shutdown are:

Starlink: Elon Musk’s satellite internet service, Starlink, has emerged as one of the most high-profile options for Iranians to log on to the internet. The technology uses low-orbiting satellites to beam radio signals direct to terminals. And, as of Sunday 25^th September, the Starlink service has been activated in Iran. Accessing the service requires specialist terminals, but as long as these are available, uninhibited access to the internet will be possible.

Tor Browser: tapping into the need for online anonymity, the Tor browser has been encrypting the online activities of its users since 2008. It achieves this by using multiple layers of encryption known as ‘onion routing’. This method allows Tor to re-route traffic through numerous relay servers and conceal the true source and destination of any data transmitted. Taking this anonymity further, the developers of Tor are recommending that Tor bridges are set up – these are secret Tor relays which hide any evidence of being connected to a Tor network.

VPN: one of the most common ways to access the internet anonymously is through a virtual private network (VPN), and this is perfect for the current issues faced by those in Iran. A VPN works by creating a private network across an existing public network. This private network allows users to conceal their identity and location while accessing a local, public network. So, for example, a PC user in Iran could access the internet by rerouting their internet traffic through a server in the US.

Final Thoughts

The suppression of the internet in Iran is clearly a troubling blow for freedom and information. However, the solutions provided so far have allowed Iranians to have a voice. Instead of being silenced, the protestors are now able to upload evidence of the social upheaval taking place. This evidence is now spreading around the world and providing a more honest appraisal of the situation. And this breakthrough has been made possible by the decentralized nature of the modern internet.

7 Quick Tips to Improve the Security of Your PC

download privileges, Ophtek, Password Security, Phishing, shut down pc, Updatesdownload priviledges, Ophtek, password security, phishing, shut down pc, updatesOphtek, LLC

Sep 2022

It’s impossible for a PC to be 100% secure, but there’s nothing to stop you strengthening the defenses of your PC.

With cyberattacks on small businesses at an all-time high, there’s never been a more important time to strengthen your PC’s security. However, as ever, budgets are a crucial factor in achieving this. Thankfully, investing thousands upon thousands of dollars isn’t your only option (although it certainly helps) as simpler solutions are available. Many of these are processes which are either overlooked or simply unknown to most PC users. But the enhanced security they offer is unarguable. Therefore, it’s time integrate these 7 quick tips to improve the security of your PC:

Automatic updates: software vulnerabilities are a sure-fire way to open your IT infrastructure to the world, so it’s vital you install updates as soon as possible. Installing updates, though, is far from glamorous and this is why many PC users fail to install them when available. Luckily, it’s possible to implement automatic updates in Windows to take the pain out of this process.

Never write down your passwords: it may be one of the biggest sins when it comes to PC security, but PC passwords are routinely written down in every single business in the world. And it’s a practice which needs to stop. The only place passwords should ever be stored is in either your memory or a password manager.

Avoid illegal downloads: not only are illegal downloads against the law, but they also pose a major threat to your PC’s security. While an illegal torrent may promise you the latest Hollywood blockbuster, there’s every chance it contains all manner of malware. Accordingly, it pays to avoid torrent sites and any downloads which sound too good to be true.

Use strong passwords: a password is only effective if it’s difficult to guess, and it’s important you make them as strong as possible. It may seem difficult to remember strong passwords, but there are a wide range of tricks you can use to improve their strength.

Always hover over links: the problem with links on websites and emails is that they aren’t always genuine. And clicking on them could lead to your PC becoming compromised by malicious downloads. Therefore, always double check the legitimacy of links by hovering your mouse cursor over a link, this will produce a pop-up box which displays the link’s true destination.

Disable downloads: On a business PC, it’s unlikely that an employee will need to download any additional software, everything they need should be in place. As such, the risk of malicious downloads being executed is instantly reduced by removing download privileges for employees.

Shut your PC down: when you’ve finished on your PC for the day, you should always shut it down. It may be tempting to leave it running, so that you can start straight away again the next day, but all this does is label your PC as a sitting duck for hackers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Phishing Scam Uses a Photo from the Webb Telescope

GO#WEBBFUSCATOR, network activity, Ophtek, Phishing, SMACS 0723, Updates, Webb TelescopeGO#WEBBFUSCATOR, network, Ophtek, phishing, SMACS 0723, updatesOphtek, LLC

Sep 2022

A new malware threat has been discovered which uses the public excitement around the Webb telescope to deliver a phishing scam.

The first image to be released by the Webb telescope project was entitled SMACS 0723, and its new, stunning view of the galaxy created headlines around the world. However, it’s this level of interest which has led to hackers using it as bait. The image is used as part of an email phishing scam and, unfortunately, fails to highlight the wonders of space. Instead, it compromises a PC and leaves it at risk of further attacks.

Phishing scams are a contemporary irritant in the IT security world, so we’re going to delve deeper into this one and see what we can do to help protect your PC.

The Threat from Outer Space

This latest strain of malware has been given the rather complex name of GO#WEBBFUSCATOR but the way in which it operates is simple. Security experts Securonix have discovered a phishing email – described as one promoting satellite service plans – which contains an infected Microsoft Office document. If this document is downloaded and opened, the malware will – if Word macros are enabled – begin to release its payload.

The malware begins by downloading the SMACS 0723 image, but this image is far from innocent as it contains hidden Base64 code. With this code activated, the infected PC is then systematically tested for vulnerabilities and weaknesses. Once these have been detected and analyzed, the hackers begin a campaign of exploitation to take control of the PC. It’s also interesting to note that the computer language behind this malicious code is constructed from Go, a cross-platform language which highlights the scope of the threat actors behind GO#WEBBFUSCATOR.

Staying Safe on Planet Earth

The number of vulnerabilities this malware targets, along with its deceptive approach, make it a powerful weapon for hackers. Therefore, protecting yourself against its dangers is paramount and you must make sure you:

Be mindful of phishing scams: the main threat that phishing scams employ is to push a sense of urgency or offering something that sounds too good to be true. Always double check any incoming emails for any links or attachments which appear suspicious e.g. hover your mouse cursor over links to discover the true URL destination.

Install all updates: threats such as GO#WEBBFUSCATOR rely on vulnerabilities being present on an infected system to unleash their full potential. The best way to combat this threat is by ensuring all updates are installed as soon as possible, ideally by setting up automatic updates. This approach minimizes the amount of damage that can be caused by malware which has gained unauthorized access.

Monitor network activity: once malware such as GO#WEBBFUSCATOR has made its way onto your PC, it’s likely that you will notice a surge in unusual activity on your network e.g. increased traffic and downloads. And this is likely to be one of the only signs you receive, so it pays to keep a close eye on any spikes in network activity.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

New Malware Lets Hackers Log in to Windows as Anyone

ADFS secure, APT29, MagicWeb, Network, Ophtek, Security, The CloudADFS Secure, APT29, MagicWeb, network, Ophtek, security, The CloudOphtek, LLC

Sep 2022

Microsoft has announced that Windows login credentials can now be bypassed by a new strain of malware, one which is being used by Russian hackers APT29.

Logging onto Windows is the first thing we do after turning a PC on, and we do this by entering a combination of username/password credentials to gain access. This first step in security is crucial for protecting the integrity of your PC. If your credentials are highly secure, and known to no one else, it’s going to be difficult for anyone else to log on to your PC. And you certainly don’t want anyone gaining unauthorized access to your desktop. Accordingly, this has made login credentials a major target for threat actors.

This latest piece of malware, known as MagicWeb, doesn’t, however, steal your username/password combination. Instead, it’s much cleverer.

MagicWeb’s Deceptive Power

Windows passwords are hashed, and this means that although they are stored on your PC and associated servers, they are encrypted and translated into a series of unintelligible characters. So, for example, your password of PASSWORD (please don’t ever use this!) may be hashed into %fG1a:: – and these hashed passwords are completely useless. However, by entering PASSWORD into a login system, it will be translated into a hash and then matched against the stored hash to determine if it’s the correct password.

As it’s incredibly difficult to decrypt hashed passwords, threat actors must find different methods to bypass login credentials. MagicWeb does this by obtaining unauthorized access to login credentials for Active Directory Federation Services (ADFS) servers. It’s within these ADFS servers that access to systems within an organization can be processed. This access is validated by a token generated within ADFS. MagicWeb compromises this token by manipulating the claims process used to authorize any logon requests. Therefore, it can validate any Windows logon request.

Protecting Your PCs from MagicWeb

Once MagicWeb has a foothold within your ADFS servers, it can allow anyone to log on to your network with ease. Both identifying and preventing this is important for you IT infrastructure’s security. As such, you need to make sure you do the following:

Make ADFS secure: one of the most effective ways to protect your ADFS is by designing it to be secure. This is far from straightforward, but it will pay dividends down the road when it comes face-to-face with threats such as MagicWeb. Luckily, Microsoft have provided advice on the best practices for achieving this.

Isolate admin access: malware threats such as MagicWeb have the opportunity to gain unauthorized admin access, and this gives them free rein to make major changes to your IT network. It makes sense, therefore, to isolate any admin infrastructures and restrict access to as few people as possible. Also, make sure your admin infrastructure is regularly monitored for any changes, as this may indicate an attack is taking place.

Use the cloud: cloud-based security tools such as identity solution applications can make a significant difference to your security. These platforms will rarely go unpatched, whereas in-house solutions are prone to falling behind on updates and, as a result, opening security risks. Azure Active Directory, for example, will be updated as soon as a patch is available and elevate your security with ease.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: September 2022