Bumblebee Malware Gives a Nasty Sting Through Google Ads 

Ad-Blocker, Bumblebee, malvertising, malware, Ophtek, , , ,
27
Jun 2023

It’s difficult to avoid online ads these days. This makes them the perfect target for hackers. And this is what they have done with the Bumblebee malware. 

It’s estimated that the average American is exposed to between 4,000 to 10,000 online ads a day. And each one of these ads has the potential to carry malware. Therefore, it’s not surprising that threat actors have started exploiting them. This recent attack, however, has also employed SEO poisoning in its campaign – this is a method by which hackers create malicious websites and tempt visitors there with high-demand keywords. 

Bumblebee, then, is a credible threat to your organization and its IT systems. Consequently, it’s important that you know how it operates and, most importantly, how to avoid it. 

What Do You Need to Know about Bumblebee? 

First discovered in April 2022, the Bumblebee malware is classed as a ‘malware loader’ variant. This means that it is used to connect a remote attacker directly with the infected system. It’s believed that Bumblebee comes from the same hacking group behind BazarLoader. Bumblebee, however, is more powerful and is backed by enhanced stealth capabilities. So, not only is it capable of causing greater damage, it’s also harder to detect. This, as I’m sure you’ll agree, is the last thing any PC owner wants to hear. 
 
The most common approach for Bumblebee is to use Google Ads to lay bait for unsuspecting PC owners. For example, a Google Ad promising a free SQL to NoSQL guide was used to redirect those who clicked it to a fake download page. We say “a fake download page” but it did, in fact, take people to a page where a download occurred. Instead of a free guide, though, it instead downloaded Bumblebee. This malware was then opened and, to reduce detection, loaded Bumblebee into the infected system’s memory. 

Typically, Bumblebee has been targeting businesses rather than consumers. Ransomware, therefore, has been at the front of the threat actors’ operations. But this is achieved through highly detailed planning. Upon the initial infection, Bumblebee quickly downloads a series of malicious tools such as remote access services, network scanning apps and keystroke loggers. This strategy allows the attackers to identify weak spots and deploy ransomware where it will be most effective. 

How Do You Beat Bumblebee? 

All business owners can agree that ransomware is a headache they can do without. So, how do you keep your systems safe from the Bumblebee attack? Well, you may be surprised that the following tips make it very easy: 

  • Keep your software up to date: malicious ads often take advantage of vulnerabilities in outdated software. By keeping your web browser, operating system, and other software up to date, you can reduce your risk of falling victim to malvertising attacks

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

RapperBot Malware Develops New Distribution Tricks 

IoT Attacks, malware, Ophtek, RapperBot, Security, strong passwords, Updates, , , , , ,
20
Jun 2023

Malware constantly evolves, and that’s why it’s a constant thorn in the side of PC users. The ever-changing RapperBot malware is a perfect example of this. 

If malware was boring and lacked innovation, it wouldn’t last very long or infect many computers. It would make our lives a lot easier, but it would defeat the main objective of malware. And that is to cause chaos. Repeatedly. Therefore, malware developers are keen to extend the lifespan of their creations. This is why malware is regularly developed, to keep one step ahead. It’s the digital example of a game of cat and mouse. But the good news is that you don’t have to be the mouse. 

The Lowdown on RapperBot and Its Evolution 

First discovered in 2022, RapperBot started its malware career in the Internet of Things (IoT) niche. Most notably, RapperBot was observed to be using parts of the Mirai botnet code. However, RapperBot was much more than just another take on Mirai. It was much more sophisticated. Not only had its remote access capabilities been upgraded, but it could now also brute force SSH servers – these allow two PCs to communicate with each other. 

This evolution has continued at pace, with security experts Fortinet and Kaspersky detecting the following changes: 

  • After infection, further code was added into RapperBot by the developers to avoid detection. A situation which persisted even after rebooting. A remote binary downloader was later added to allow self-propagation of the malware. 
  • The self-propagation capabilities of RapperBot were later changed to allow the malware to gain constant remote access to SSH servers which had been brute forced. 
  • Finally, RapperBot moved its aim away from SSH servers and targeted telnet servers. Cleverly, RapperBot sidestepped the traditional technique of using huge data lists and, instead, monitored telnet prompts to determine the target device. This allowed the threat actors to identify IoT devices and quickly try their default credentials. 

The Best Tips for Tackling RapperBot 

IoT devices are plentiful in the modern age, and we certainly couldn’t be without them. Accordingly, we need to protect them from threats such as RapperBot and BotenaGo. You can do this by following these best tips: 

  1. Keep devices up to date: it’s crucial that you regularly update the firmware and software which supports your IoT devices. Few, if any, pieces of hardware reach consumers without some form of security flaw present. Once these flaws are detected, the manufacturer will usually release a patch or update to remove this vulnerability. Therefore, you need to install these as soon as possible, a strategy which is made easy by allowing automatic updates. 
  1. Change default passwords: Many IoT devices come with default usernames and passwords, these are often the same across every single version of that device. As such, they represent an incredible risk. This means you need to change these default credentials to strong, unique usernames and passwords before they are connected to your IT infrastructure. Additionally, enable two-factor authentication, wherever possible, to add an extra layer of security. 
  1. Network segmentation: ideally, separate networks should be created to house your IoT devices and isolate them from your core network. As IoT devices carry a certain amount of risk, it makes sense to keep them away from the majority of your IT infrastructure. This ensures that, if an IoT device does become infected, the malware can only spread so far. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

How to Complete a Business IT Vulnerability Assessment 

Cyber Security, Data Security, email security, IT Vulnerability Assessment, Ophtek, procedure, , , , , ,
13
Jun 2023

No IT infrastructure is 100% secure, but you can maximize your defenses and reduce your risk. All you need to do is complete an IT vulnerability assessment. 

It’s important to understand exactly what your cybersecurity procedures can and can’t protect against. After all, assuming that your security measures are perfect is a sure-fire way to become complacent. And if there’s one thing that threatens the safety of your IT systems, it’s complacency. Therefore, it’s essential you understand why you need to complete an IT vulnerability assessment. And, more importantly, that you know how to complete one. 

Understanding the Purpose of a Vulnerability Assessment 

A vulnerability assessment looks at your IT infrastructure and reviews each and every security procedure, as well as highlighting any potential weaknesses. This pre-emptive approach is critical for reducing risk and protecting your systems. Its main objective is to evaluate your existing procedures and deliver suggestions for future improvements. 

Preparing an Assessment 

There are several steps when it comes to preparing an IT vulnerability assessment, and these include: 

Analyzing Your Assessment 

Once all your preparation is in place, you can complete your assessment as per your plan and guidelines. You then need to analyze the results of your assessment. As previously stated, no IT system is 100% secure, and your assessment will likely raise several concerns and vulnerabilities. Therefore, you will need to categorize these vulnerabilities both by area and severity e.g. weak firewall defenses (major) and staff writing passwords down (medium). This will allow you to begin planning a mitigation strategy to nullify these threats. 

Implementing a Mitigation Strategy 

With the information gleaned from your vulnerability assessment, it’s vital that you begin communicating this with the stakeholders within your organization. Ensure that your IT staff, department managers and executives are all aware of the vulnerabilities. Most importantly, also communicate how these will be mitigated, this will keep everyone on the same page and generate discussion on any potential implementation problems. 

Finally, you need to put your mitigation strategy into place. These steps will vary, depending on your vulnerabilities, but common examples include additional training sessions for employees, updating software and upgrading legacy equipment. Whatever the plan, speed is of the essence to prevent these vulnerabilities turning into a catastrophe. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Qbot is Back and Causing Digital Chaos Once Again 

malware, Ophtek, Qbot, Ransomware, spear phishing, , , ,
06
Jun 2023

It appears that you can’t keep a good piece of malware down as Qbot, first seen over 15 years ago, has reared its ugly head once again. 

Qbot was discovered in the late 2000s and, since then, has gone through numerous developments to keep pace with modern IT systems. Also known as Qakbot, this malware has strong capabilities to cause damage, a scenario which can be attributed to its longevity as a threat vector. Qbot has a habit of suddenly emerging after a period of inactivity and its most recent spike in activity was seen at the end of 2022. With a long history of stealing data and being used to deliver further malware, Qbot is a threat which could easily target your IT infrastructure. 

What Does Qbot Consist Of? 

Historically, and still to this day, Qbot has been used to steal login credentials by logging keystrokes and giving remote access to threat actors. Alongside this, it has also been used to download additional malware – such as ransomware – and hijacking email threads. Now, you may not be familiar with email hijacking, but it’s important you’re aware of what this is. 

Qbot is a sneaky piece of malware, and this is most readily demonstrated by its ability to hijack email threads. This is basically when it jumps into your email threads and messes with the messages. It does this to try and trick you into thinking you’re having a genuine conversation. This technique makes you more likely to click on a malicious link. It’s most effective in a work environment where people are used to communicating frequently via email. Qbot has been deploying this attach method regularly since 2020 and has been highly successful. 

How Much of a Threat is Qbot? 

Given its longevity, it should come as no surprise that Qbot is successful. However, Qbot is, in fact, the most prevalent malware currently active in the digital landscape. Therefore, you’re more likely to be infected by Qbot than any other piece of malware. It’s a serious feather in the cap for the developers behind Qbot’s latest incarnation, but it spells trouble for most PC users. This means it’s crucial that you know how to defend your IT systems. 

Staying Safe From Qbot 

The threat from Qbot is very real, but you can strengthen your IT defenses by employing the following best practices: 

  • Always install updates: make sure you install all updates as soon as they become available. Qbot thrives upon vulnerabilities in software, such as the Follina exploit, so keeping everything updated is an easy way to secure your network. It may feel time consuming for what is a small step, but allowing automatic updates ensures it makes a big difference in the long run.
  • Beware of phishing emails: email hijacking is very similar to spear phishing in that it attempts to trick your employees into clicking malicious links. Accordingly, you should you encourage your team to take their time and double-check emails for things like strange links and unusual writing styles. Even a quick 10-second check of an email will reduce your risk of being compromised. 
  • Backup: Qbot is often used to distribute ransomware and, as we know, ransomware can often rob you of your data. Often, it won’t even return your data if you pay the ransom fee. Therefore, protecting your data with regular and multiple backups is essential. With backups readily available, you will be able to navigate away from the threat actors and simply restore your data. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More