March 2023 - Ophtek

Why Do You Need Different Passwords?

Ophtek, password manager, Password Security, Passwork Checkup, strong passwordsOphtek, Password Checkup, password manager, password security, strong passwordsOphtek, LLC

Mar 2023

A password is one of the simplest and strongest ways to deliver high-strength IT security, but it’s also one which has the potential to cause great damage.

We use passwords on such a regular basis that their presence has become the norm. Logging onto your PC in the morning requires a password, unlocking your PC screen is only possible with a password and signing into your webmail needs, you guessed it, a password. In fact, such is their ubiquity, one study has estimated, on average, we use 100 passwords. And remembering all of these is difficult! Therefore, it comes as no surprise that many of us use the same password across multiple platforms. But this is one of the biggest mistakes you can make in IT.

The Dangers of Recycling Passwords

It may be quick and easy to recycle your passwords, but there are some major reasons why IT professionals advise against it:

One password means multiple hacks: once a hacker gets hold of, for example, your webmail password, you can bet your bottom dollar they will try it across multiple platforms. Accordingly, if your webmail password is the same as your PayPal password then there’s a good job your account could become compromised. Ultimately, using different passwords means that you minimize the number of accounts which could be breached.

Passwords need to be complex: rather than recycling passwords, some people favor site specific passwords e.g. using ‘password123gmail’ for Gmail and then ‘password123facebook’ for Facebook. While this may be enough to outwit an automated bot, a sentient threat actor will be able to easily put 2 + 2 together and uncover your strategy. As such, you need passwords which are both unique and complex.

Different passwords are easy: one of the most surprising aspects of recycling passwords is that it’s easy to avoid going down this route. Aside from taking the time to create a complex password, there are numerous automated options to help you create one.

Creating Different Passwords

As we’ve already said, creating different passwords doesn’t have to be difficult, and you don’t even have to remember them. All you have to do is:

Use a password generator: from Google Chrome to LastPass and on to security providers such as Norton, there is plenty of choice when it comes to using technology to generate a password. These applications take your passwords to the next level and will never suggest something as simple as Qwerty123. Instead, they will generate complex passwords which include numbers, mixed case letters and symbols.

Store your passwords securely: as well as acting as a password generator, many password apps also contain or link up to password managers. These secure devices store your complex passwords and take the pain out of remembering those 16-character passwords you struggle to remember. All you have to do is authorize them to fill in your login credentials each time you go to log in.

Final Thoughts

In 2023, there’s no excuse for using the same password across multiple logins. It’s a sure fire way to maximize the impact of a security breach, so you need to take the necessary steps to prevent this. Thankfully, the presence of password generators and managers mean that your passwords can instantly be upgraded and secured.

For more ways to secure and optimize your business technology, contact your local IT professionals.

PlugX Malware Found Infecting USB Drives

Ophtek, PlugX malware, USB Drives, USB Malwaremalware, Ophtek, PlugX, usb drives, USB malwareOphtek, LLC

Mar 2023

We all use USB devices daily, but these innovative and simple devices also make the perfect environment for the PlugX malware to take hold.

USB devices are installed and ready to use within seconds of being plugged into a PC, a setup procedure which is a marked improvement on the traditional approach of installing via a CD. In fact, since the 1990s, USB connections have become ubiquitous in the hardware market. One of the most popular USB devices is the portable drive, a simple way of transferring data from one PC to another. However, USB drives have always represented a security risk and it’s this risk which PlugX is now exploiting.

How Did PlugX Get onto USB Drives?

First gaining notoriety around 15 years ago, PlugX is far from a new and mysterious strain of malware. However, it remains a viable threat when it comes to spreading malware and infecting systems.

This recent attack started with a popular Windows debugging tool called x64dbg being hijacked and manipulated by threat actors. Using the 32-bit version of x64dbg (x32dbg.exe), the threat actors execute a malicious file they have created called x32bridge.dat. Once activated, x32bridge.dat infects the resident PC and, more importantly, searchew out any USB drives connected to it. The PlugX malware is then loaded onto this USB drive.

To cover its tracks, PlugX uses a Unicode character technique to prevent the true contents and structure of the USB drive being displayed by Windows Explorer. A shortcut .LNK file is then installed in the root directory of the USB drive, which appears to be a link to the USB drive and even copys the device’s name. However, the link actually activates the PlugX malware from a hidden directory on the USB drive and allows it to search out other USB drives attached to the PC. And each time this drive is connected to a new PC, the infection process begins again.

PlugX, of course, does much more than simply spread from PC to PC without causing any damage. In fact, PlugX has the capability to launch the following attacks:

Keystroke logging
Screen captures
Managing processes on PCs
Rebooting the system
Remote control of the keyboard and mouse
Copying PDF and Word documents from the infected PC to the USB’s hidden directories

How Do You Pull the Plug on PlugX?

PlugX is currently difficult to detect due to the way in which it works, with only 11 out of 5U9 anti-malware tools currently detecting it according to Virus Total. Therefore, it’s a tough slice of malware to contend with. Nonetheless, you can minimize the risk it presents to your organization by:

Blocking access to USB storage drives: it’s a good idea to restrict access to USB storage drives by employees. After all, there’s little reason why they should be removing data from a company PC. Accordingly, you can block employee access to USB drives through your administration settings, effectively rendering USB ports as unusable. If an employee does need to transfer data, make this an action only privileged users can process.
Monitor network activity: PlugX falls under the category of being a Remote Access Trojan, so it’s likely that unusual network activity will be caused by the threat actors connecting to infected PCs. As such, any network activity which involves connections to unknown destinations should immediately be halted and investigated.

For more ways to secure and optimize your business technology, contact your local IT professionals.

CircleCI Hacked: Cookie Theft Bypasses 2FA Process

cookies, Google Authenticator, Ophtek, Phishing, Two Factor Authenticationcookies, google authenticator, Ophtek, phishing, two factor authentificationOphtek, LLC

Mar 2023

Two-factor authentication (2FA) is there to provide a high level of security, but what happens when this process is compromised?

CircleCI is a platform used by software developers to build, test and implement code. Therefore, due to the amount of confidential and potentially valuable data CircleCI holds, it’s a highly attractive target for threat actors. Thankfully, for those using CircleCI, strong security practices are in place to provide a secure environment, and one of the most important is 2FA. Nonetheless, threat actors are persistent and innovative individuals, and the presence of 2FA merely represents a challenge. And it was this obstacle hackers managed to overcome in December 2022 when they breached CircleCI.

As 2FA is such a critical element of excellent cybersecurity practices, it’s important that we understand what went wrong at CircleCI.

How 2FA Failed at CircleCI

The first sign of CircleCI becoming compromised came in early January 2023 when a user discovered that their OAuth token – used to identify customers to online platforms – had been accessed by an unauthorized party. CircleCI were unable to pinpoint how the security token had been compromised, but immediately began to randomly rotate the OAuth tokens in use by their users.

Further investigation, however, revealed how access to the OAuth tokens had been breached. A developer at CircleCI had fallen victim to a malware attack, one which focused on stealing data. Among the stolen data was a session cookie which had already been validated through the 2FA process and, therefore, ensured that anyone in possession of it could gain quick and easy access to the CircleCI network. And this is exactly what the threat actors did, stealing encryption keys, OAuth tokens and customer data.

Can You Combat a Compromised Cookie?

2FA has long been championed as one of the cornerstones of IT security, but this attack on CircleCI has brought the spotlight on to one of its glaring weaknesses. The success of the attack also highlights the popularity of this technique, which has recently been deployed against several major IT organizations. Accordingly, to protect your IT infrastructure, it’s crucial that your organization practices the following:

Be careful with emails: most malware is delivered by email, so it makes sense to treat all your emails carefully. If anything looks suspicious, then always ask an IT professional to run their eyes over it. And always verify a link embedded in an email before clicking it, you can do this by hovering your mouse cursor over the link to display the true destination.

Monitor cookies: abandoning 2FA is far from recommended, but you do need to look at how you monitor cookies. Identifying when validation processes are being carried out by cookies in new locations is vital, and once this has been identified, a new 2FA validation should be generated.

Strengthen with Google Authenticator: you can back up the security of your 2FA process by also implementing an authentication code generated by Google Authenticator. This piece of software uses an algorithm to generate a unique code on your phone which must then be entered into a prompt for the software app you are trying to access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Yes, You Do Still Need Offline Storage in 2023

External Hard Drive, magnetic tapes, Offline Storage, Ophtek, Optical Drives, USB Flash Drivesexternal hard drive, magnetic tapes, offline storage, Ophtek, Optical Drivers, USB Flash DriveOphtek, LLC

Mar 2023

Cloud storage continues to grab the headlines with all manner of head turning statistics, but this doesn’t mean that offline storage is now redundant.

Ease of access, scalability and high levels of security are just three of the many reasons why cloud storage has become the go to solution for data storage. As a result, in many people’s eyes, offline storage appears clunky and outdated in comparison. However, offline storage solutions – no matter how old fashioned – remain relevant to businesses in 2023. It’s simply a case of understanding why you should implement them into your storage schedules and the best ways to achieve this.

What is Offline Storage?

In its simplest terms, offline storage is data which is not connected to your network or accessible by the internet. Cloud storage solutions – including mainstream services such as Google Drive – all require one key element to grant access to their users: an internet connection. Therefore, a storage solution which isn’t accessible by the internet is classed as offline storage. Examples of offline storage options include:

External hard drives
USB flash drives
Optical media such as Blu-Ray and DVD
Magnetic tapes (still in use, but less popular compared to more modern solutions)

Why Do You Still Need Offline Storage?

The wonders of cloud storage may be cutting edge and deal with an old problem in a new way, but offline storage remains crucial for the following reasons:

Multiple backups are critical: relying on a single data storage solution is a recipe for disaster. Say, for example, your cloud storage provider is hacked and all your data is encrypted or, worse yet, wiped from the servers, this is going to cause you major continuity issues if this is your only backup. However, with offline storage options in the background, you are significantly reducing the risk of your productivity dropping to zero. The 3-2-1 backup method is the best approach to adopt and could save your organization.

Your internet connection can drop: the internet may have advanced significantly in the last 20 years, but internet connections can still drop out. We all know the inconvenience of connection problems, but these are multiplied when you rely on the internet to access your backups and data. Thankfully, the simplest solution here is to ensure that you have offline storage options which allow you to access your data in an emergency.

More secure: offline storage is the safest option when it comes to protecting your data. Regardless of the levels of encryption and world class security technology in place, cloud storage remains accessible to hackers all over the world. Offline storage, on the other hand, will only be accessible to a handful of known people. Accordingly, offline storage options are barely at risk when it comes to cybersecurity threats.

Final Thoughts

Cloud storage is clearly an exciting and effective option when it comes to data storage in 2023, but it should not be considered the only option. Instead, it’s vital that businesses understand that a multiple backup approach, which utilizes both online and offline storage, is the surest way to keep data safe.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: March 2023