May 2023 - Ophtek

Linus Tech Tips Falls Victim to Session Hijack

Linus Tech Tips, malware, Ophtek, Public WiFi, Session Hijack, social engineering, System UpdatesLinus Tech Tips, malware, Ophtek, public wifi, session hijack, social engineering, system updatesOphtek, LLC

May 2023

Linus Sebastian, owner of popular YouTube channel Linus Tech Tips, has revealed how he woke at 3am in the morning to find his channel hacked.

Linus Tech Tips is a YouTube channel which delivers technology-based content to over 15 million subscribers. Driven by Sebastian’s passion for technology, the channel has been running for 15 years and proven to be wildly successful. So, not surprisingly, it made a tempting target for hackers. As well as Linus Tech Tips, two other channels associated with Sebastian – TechLinked and Techquickie – were also compromised in this attack.

While your organization may not run a YouTube channel, the method in which Linus Tech Tips was hacked could be applied to any IT system. Therefore, it’s crucial that we learn about session hijacking.

What Happened to Linus Tech Tips

Alarm bells started ringing for Sebastian when he was woken at 3am to reports of his channels being hacked. New videos had been loaded and were being streamed as live events. But, far from being productions sanctioned by Sebastian, they were rogue videos featuring crypto scam videos apparently endorsed by Elon Musk.

Desperately, Sebastian repeatedly tried to change his passwords, but it made no difference; the videos continued to be streamed. Sebastian was equally puzzled as to why the associated 2FA processes hadn’t been activated. Eventually, he discovered the attack was the result of session hijacking.

A member of Sebastian’s team had downloaded what appeared to be a PDF relating to a sponsorship deal, but the file was laced with malware. Not only did the malware start stealing data, but it also retrieved session tokens. You may not be familiar with session tokens but, effectively, these are the authorization files which keep you logged into websites. So, when you return to that website, you don’t have to re-enter your login credentials each time. Unfortunately, for Sebastian, it gave the threat actors full and unauthorized access to his YouTube channels.

How Do You Prevent Session Hijacking?

Once it had been established that compromised session tokens were behind the breach, YouTube was able to swiftly secure Sebastian’s channels. Nonetheless, the ease with which the threat actors managed to bypass login credentials and 2FA is troubling. This means it’s vital you follow these best practices to protect against session hijacking:

Understand what malware is: the attack on Linus Tech Tips was the result of malware and social engineering combining to deliver a sucker punch. Accordingly, educating your staff through comprehensive and regular refresher courses should be a priority. This will allow your staff to identify threats before they are activated and protect your IT systems from being compromised.

Don’t use public WiFi: unsecure networks such as public WiFi found in cafes and airports pose a significant risk to your data, and this includes sessions tokens. Therefore, unless you have access to a VPN, where your data will be encrypted, you should avoid connecting to public WiFi.

Perform system updates: the malware behind session hijacking will often take advantage of vulnerabilities in software. Consequently, this should act as the perfect motivation to keep your software updated. The simplest way to achieve this is by setting up automatic updates, this will ensure your software’s security is maximized as soon as updates are released.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Importance of IT Documentation

IT Contacts, IT Documentation, IT Inventory, IT Recovery, IT Responsibilities, Knowledgebase, OphtekIT Contacts, IT Documentation, IT Inventory, IT Recovery, IT Responsibilities, Knowledgebase, OphtekOphtek, LLC

May 2023

IT documentation is seen by many businesses as a labor-intensive task with little value. However, this is a big mistake as IT documentation is essential.

The complexity of even the most basic IT infrastructure is vast. Therefore, it makes sense for all organizations to record details about their systems. This can take in simple details such as ID numbers for individual workstations all the way through to more complex configurations including SSL certificates and firewall settings. With this information at your disposal, you will have a much better understanding of your IT infrastructure. While it’s recommended to maintain digital copies of your IT documentation, it also makes sense to keep printed copies in case of an IT emergency.

Why Do You Need IT Documentation?

As we’ve already stated, IT documentation isn’t taken very seriously by all organizations. They are, after all, often busy focusing on other objectives. But this outlook can come back to haunt you when there’s a major IT failure within your infrastructure. And, once you’ve done the hard work of establishing a documentation system, maintaining it is relatively straightforward.

So, for those of you who still need convincing, here are the main reasons that IT documentation is crucial:

It makes up part of your contingency plan: if your IT systems fail completely, then information will prove to be key in recovering your systems. This means that a comprehensive list of all your IT equipment (including server details and backup storage locations) is highly useful in such a scenario. Accordingly, this will allow your IT team to bring your systems back online much quicker and preserve your productivity.

Creates a central, shared knowledgebase: it’s important for your all your employees to understand how your IT systems work. While it may not be necessary for them to have access to the finer points regarding your IT servers, it’s useful for all this information to be readily available. Therefore, when it comes to training, it will be much easier to share your organization’s IT practices. It also protects your business from losing vital knowledge of your IT systems when members of your team leave.

Acts as a useful inventory: any modern business will be aware of the need for IT equipment, but managing the sheer number of devices is often difficult. In fact, ask most businesses how many PCs and laptops they own, and they’ll struggle to give you a solid answer. Consequently, this can cause overspending when organizations believe new equipment is required, but readily available equipment has simply been lost in the system. But, with all your inventory recorded, you can make better purchasing decisions.

Details contacts and responsibilities: not only does there need to a be a hierarchy for your IT team, but there also needs to be contact details for each individual. So, for example, if an employee is experiencing problems with their laptop, they need to know which number to call to log this problem. Additionally, even your IT team need a list of useful contact numbers such as cloud service providers and manufacturers of your equipment. With all this contact information documented and available, you will find that IT issues can be dealt with quickly.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What are the Best Ways to Maintain a Server Room?

Ophtek, Server cables, Server Room, Server Room Cleaning, Server room temperature, ServersOphtek, Server, Server cables, Server room, server room cleaning, Server room temperatureOphtek, LLC

May 2023

Your server room should act as the heartbeat for all your day-to-day IT operations. But it will only support your productivity if it’s maintained correctly.

The complexities of a server room are numerous. Not only is there the wide range of technical equipment which needs to be connected, but there are also several health and safety requirements which need to be met. This means that keeping a server room operating is hard work, but it’s a task which is crucial for any modern business.

Why Do You Need to Maintain a Server Room?

A well-maintained server room is essential for preserving the reliability of your computer networks and overall IT infrastructure. By providing a secure, controlled environment, you will ensure your server room is optimized for housing IT equipment such as servers, routers, data storage and back-up power supplies. Failing to maintain a server room will jeopardize the long-term health of all your IT operations. Therefore, maintaining your server room is vital for your business to remain operational and productive.

How Do You Maintain a Server Room?

Optimizing the performance of your server room is essential, but how do you go about maintaining it correctly? Well, the best way to get started is with the basics, so make sure you implement the following into your server room maintenance:

Practice good cable practices: server rooms rely heavily on cables to connect equipment together, but cables can quickly become a tangled mess. This can cause two major problems: identifying specific cables becomes difficult and the risk of overheating increases significantly. Accordingly, you need to group cables together and label them to allow quick identification. The best way to group cables together is by using velcro straps and you can easily label cables by color coding them e.g. yellow for communication cables and blue for data.

Monitor temperature: servers are delicate and complex pieces of equipment and, as such, they need specially controlled environments to remain functional. If servers are forced to operate in high temperatures, you run the risk of them failing or, at the very least, having their lifespans shortened. Therefore, you need to ensure that the temperature of your server room is kept between 65 – 80 degrees Fahrenheit to provide the perfect environment. And don’t forget humidity, this needs to maintained around 50% to prevent damage to your systems.

Cleaning is essential: if a server room isn’t cleaned regularly and correctly, there’s a major risk of your IT systems failing. A buildup of dust may seem insignificant to the naked eye, but it’s a major contributor when it comes to equipment overheating. And, if equipment overheats, there’s not only a risk of it failing, but it can also turn into a fire risk. But a regular cleaning regime, either by your team or an external cleaning company, which includes careful vacuuming and cleaning with microfiber cloths, will keep your server room safe and operational.

For more ways to secure and optimize your business technology, contact your local IT professionals.

President Biden Launches New National Cybersecurity Strategy

Cyber Security, Internet, Joe Biden, National Cybersecurity Strategy, Ophtek, SafetyCybersecurity, internet, National Cybersecurity Strategy, Ophtek, safetyOphtek, LLC

May 2023

At the start of March 2023, a new National Cybersecurity Strategy was launched by the Biden administration. And it promises big things.

The previous National Cybersecurity Strategy was released by the Trump administration in 2018. However, since then, the world and the internet has changed significantly. An updated strategy makes sense. But what exactly does it seek to change about the way in which we access and navigate our way through the internet? Well, for one thing, it starts by stating that the Biden administration will be investing $65 million in order to provide every American with access to high-speed internet.

In terms of cybersecurity, however, the 2023 strategy tackles a much broader range of problems

The Ins and Outs of the 2023 National Cybersecurity Strategy

The paper which outlines the 2023 National Cybersecurity Strategy is 35 pages long. It’s also a complex read. But this doesn’t mean the main takeaways are exclusive to high-level IT experts. This is why we’ve decided to help you by breaking down the five pillars that the paper covers:

One of the major priorities of the 2023 strategy is to secure our critical infrastructures. This means that essential systems and networks – such as energy grids and water supply systems – are at risk from cyberattacks. And, just imagine, if a group of threat actors disrupted power supplies, it would result in a major catastrophe. Therefore, the Biden administration is aiming to foster collaboration between government agencies and other stakeholders to identify and protect against any vulnerabilities.

Strengthening our cyber defenses and disrupting threat actors has been identified as a major area for the 2023 strategy to cover. This involves developing strong cybersecurity policies, ones which can quickly detect and respond to cyber-attacks. Once developed, these policies need to be implemented as seamlessly as possible to protect our networks. Naturally, investment in technology and skilled staff will feature heavily in the success of this second pillar.

The third pillar of the new National Cybersecurity Strategy seeks to make market forces drive security and resilience. This means that companies which own personal data will be expected to develop more secure storage systems, and existing laws will be updated to protect users against the risk of software vulnerabilities. The aim of this pillar is to ensure that developers need to foster higher standards of care. The result will be a safer digital landscape.

Investment is crucial in any area seeking to make improvements, and the internet always needs improvements. Accordingly, the Biden administration is seeking to improve three key areas: computing technology, clean energy technology and biotechnology/biomanufacturing. This pillar is also concerned with strengthening the US cyber workforce through enhanced education and digital awareness.

The final pillar in the 2023 strategy focusses on the importance of international partnerships to pursue shared goals. After all, the US alone cannot stop the rise of cybercrime. Common threats need to be addressed by sharing resources and pooling knowledge. The end objective is to deliver higher levels of assurance that digital systems and platforms are safe and secure.

The latest National Cybersecurity Strategy continues the excellent foundations put in place over the last two decades. It’s a responsible step for the Biden administration to take and, at the very least, will provide peace of mind that the internet remains, on the whole, safe to use.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft’s OneNote Poses a Real Malware Risk

AsyncRAT, Formbook, OneNote, Ophtek, Phishing, QbotAsyncRAT, Formbook, OneNote, Ophtek, phishing, QbotOphtek, LLC

May 2023

Making notes is part and parcel of any working day, so it’s fantastic that we have apps such as Microsoft’s OneNote. Except when it opens you up to malware.

Part of the Microsoft Office suite, OneNote is an app which allows you to create notes and store them in one central location. Therefore, you can create text documents, drawings and tables on a blank canvas and then access them from any location. While it has proved popular with business users, it has also been readily adopted by threat actors for malicious means. And this is because OneNote also allows you to share its files – known as notebooks – with other users. Accordingly, malicious software has been able to spread.

How Has OneNote Been Compromised?

The malware risk with OneNote has been growing for some time and can be evidenced by the following attacks:

Qbot: Active in the digital landscape since 2007, Qbot began being passed around via OneNote notebooks in January 2023. These notebooks were distributed, at first, through a series of malicious spam email campaigns where embedded links redirected users to the malicious notebooks. However, it also turned out that existing email threads were being hijacked, with malicious notebooks being attached to trick the recipients. With Qbot activated, threat actors were able to steal data and download further malware.

AsyncRAT: Posing as Canadian fuel provider Ultramar, threat actors sent phishing emails to recipients which contained ‘invoices’ in the form of notebooks. These invoices, though, were far from genuine. In fact, all they contained was the AsyncRAT malware. And, once activated, AsyncRAT would provide remote access to threat actors. This means that they would have the power to steal data, download further malware onto infected systems and compromise networks.

Formbook: In December 2022, it was discovered that the information stealing malware Formbook had been at the heart of another OneNote campaign. Using phishing methods, the Formbook malware was observed as part of an email claiming to be a customer seeking a quote. The attached notebook file was used to activate a Windows Script File which, in turn, unleased Formbook’s malicious activity. Again, Formbook was primarily used as a data thief, stealing data from website forms, clipboards, and keystrokes.

Staying Safe from OneNote Attacks

With OneNote’s notebooks becoming a popular method for cyber-attacks, it’s crucial you understand how to deal with them. Therefore, make sure you practice the following:

Block notebook files: If your organization doesn’t use OneNote files, the best thing to do is block notebook files in your email servers. This will minimize the risk of these attachments appearing in your employees’ inboxes and ensure the malware can’t be activated.

Understand what phishing is: With over 255 million phishing attacks in just six months in 2022, it’s clear to see that phishing poses a credible threat. This means it’s vital your organization understands how phishing campaigns work and the best ways to defend against them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: May 2023