2023 - Page 4 of 10

Security Experts Targeted by Malware on GitHub

GitHub, Hackers, install updates, malicious websites, malware, Ophtek, POC, proof of conceptGitHub, hackers, malware, Ophtek, POC, security, updates, vulnerabilityOphtek, LLC

Sep 2023

It’s always important to be cautious online, but it’s easy for people to fall victim to malware. Even security experts can fall for the tricks of hackers.

Yes, even those skilled and highly experienced security researchers can find themselves on the receiving end of malware. The most recent piece of evidence for this phenomena is an attack which is as brazen as it is powerful. It revolves around a piece of bait left, by threat actors, on GitHub, an online repository for developers to store and share their code. And it was a piece of code, disguised as a highly tempting piece of software for a security expert, which led to many of these professionals being left embarrassed.

How Were the Experts Fooled?

The GitHub attack involved a piece of software being made available which claimed to be a proof-of-concept (POC). Typically, a POC is a demonstration of a software project, and is used to determine how feasible the project is and the potential of its long-term success. For a security researcher, a POC is a useful way to test for security vulnerabilities, and this is why they are frequently downloaded and analyzed.

However, this specific ‘POC’ proved to be little more than malware in disguise. Within the fake POC structure was a malware downloader, which was used to download malware and set off a chain of malicious events. Once the malware was downloaded, it began by executing a Linux script to automate specific commands. This allowed the threat actors to start stealing data, which was automatically downloaded to a remote location, by scraping the entire directory of the infected PC.

The fake POC also allowed the threat actors to gain full access to any of the infected systems. This was achieved by adding their secure shell (a protocol for operating network services) to the authorized keys file on the infected system. All of this was made possible, for the threat actors, due to a vulnerability – known as CVE-2023-35829 – discovered in the Linux operating system, an OS usually used by software developers.

Avoid the Mistakes of the Experts

You may be thinking that, if a security expert can fall victim to malware, what hope do you have in the face of targeted attacks? However, as we know, nobody is 100% immune from the efforts of threat actors, and this includes security researchers. As ever, vigilance is key to maintaining the security of your IT infrastructure:

Always update: the surest way to minimize the risk of your PC being infected is to always install updates. No piece of software, due to the sheer amount of coding involved, is going to be free from mistakes. However, developers are keen to patch these mistakes as soon as they are aware of them, hence the issuing of security patches. Therefore, it makes sense to install these as soon as they are available.

Be wary of malicious websites: while GitHub is far from malicious, the people using it often are. This means you should always do some research on what you’re downloading and who you’re downloading it from. So, for example, try Googling the username of whoever is offering you a download, and see whether there are any trustworthy results or otherwise. Alternatively, ask an IT professional to take a look and assess the risk – contrary to the GitHub attack, they can usually spot malware from a mile away.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How to Future Proof Your IT Infrastructure in 2023

Cloud, future, new technology, Ophtek, proof your IT infrastructure, security, virtualizationcloud, future, IT Infrastructure, new tech, Ophtek, proof, security, virtualizationOphtek, LLC

Sep 2023

Technology advances at a rapid pace, and this means you need to build scalability into your IT infrastructure to maintain future productivity.

Businesses need to future proof their IT infrastructure to ensure long-term success and sustainability. After all, technology is constantly evolving, and failing to adapt can result in outdated systems which hinder growth, productivity, and competitiveness. But if you adopt a culture of future proofing, you can minimize this risk by using new technology to enhance scalability and maximize your productivity. Implementing scalability, however, is easier said than done. And that’s why we’ve decided to give you a head start with some suggestions.

The Best Future Proofing Methods for Success

If you want to make sure that your IT infrastructure remains relevant and keeps one eye on the future, make sure you adopt these best practices for future proofing:

Use the cloud: one of the simplest ways to future proof your IT operations is by adopting cloud-based solutions. With a wide range of providers and plans available, you can use cloud-based platforms to take care of your storage, software, and infrastructure. Best of all, these services can easily be upgraded to cope with future demand, this makes cloud computing the epitome of scalability and reduces the risk of your in-house hardware becoming obsolete.

Invest for the future: while it may make financial sense, in the short term, investing in low quality IT hardware will only ever provide a short term solution. You see, given how fast technology evolves, if you buy IT equipment at the cheaper end of the market, its performance levels will soon be superseded by newer technology. Therefore, while remaining financially sensible, make sure you invest in the best technology you can afford to increase its lifespan and suitability for your needs.
Virtualization: this creates virtual versions of resources and allows your business to optimize your equipment and reduce costs. Virtualization optimizes your resources by consolidating multiple virtual machines onto a single server, this approach will reduce costs and enhance efficiency. It also helps to future proof your IT infrastructure as it allows you to scale resources up or down quickly based on demand. So, not only is your system flexible and scalable, but it also provides a strong foundation for your IT infrastructure going forwards.
Watch technology: if you want to future proof your businesses IT operations, then it’s crucial that you keep an eye on what’s happening in the world of technology. This will ensure that you are aware of innovative opportunities for growth within your business. More importantly, it will give you time to plan and implement these innovations early on compared to your competitors. This will give you not only a competitive edge, but it will also allow you to anticipate changes in customer behavior.
Strengthen your security: cyber criminals are constantly updating their methods of attack, so you need to keep pace with them to secure your IT infrastructure. Accordingly, always make sure that your antivirus software is up to date and that your employees are educated about upcoming, as well as contemporary, threats. These simple steps will help facilitate the future security of your IT systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft Teams at Risk of Letting Malware In

install updates, malware, Microsoft Teams, Ophtek, Phishing, securitymalware, Microsoft Teams, Ophtek, phishing, security, updatesOphtek, LLC

Aug 2023

Microsoft Teams has experienced a surge in popularity among businesses since the pandemic, and this makes it a highly prized target for hackers.

Businesses find Microsoft Teams a powerful tool as it allows employees to work remotely, communicate and be productive. And it’s all through one app. This is why it’s a fantastic business solution and used by 280 million people. Naturally, the size of this audience is going to turn a threat actor’s head. Where there are high numbers of users, there’s an opportunity for malware to be successful. And that’s why the discovery of a vulnerability in Teams has caused so much concern.

The Vulnerability Lying Within Microsoft Teams

One of the main uses of Teams is as a communication tool, a nd this means that the potential for spreading malware via file transfers and linked hard drives is high. But this newly discovered vulnerability is very different. Therefore, it’s important you understand the threat it poses.

Now, Microsoft Teams allows you to communicate with a wide range of people within your organization. It also allows you to communicate with external parties e.g. subcontractors, clients and facility management teams. Usually, these external users are unable to transmit files to other organizations through Teams. And this is a good thing, as it lowers the risk of malware being sent between businesses.

However, the security protocols which are in place to stop unauthorized file sending can, it turns out, be compromised. Once this vulnerability is exploited, a threat actor can start sending malware direct to the Teams inbox of staff within that business. Often, the threat actors are increasing the chances of their attack being successful by setting up similar email addresses to that of their target. All it takes is for one employee to open the malware and it can start to spread.

While the incoming message will still be tagged as “External”, the busy nature of many employees’ days means that it’s likely this message will be ignored. Also, this method of attack is relatively new. Users are well drilled in the telltale signs of a phishing email, but a Teams instant message is very different. Accordingly, the risk of falling victim to this attack is concerning.

Staying Safe on Microsoft Teams

Curiously, Microsoft has advised that this vulnerability doesn’t, at present, warrant fixing. No doubt, at some point, it will be patched, but for now you should remain cautious. To help strengthen your defenses, make sure you practice the following:

Always update: there’s never an excuse for not carrying out software updates once they are available. It’s the quickest and simplest way to plug weak points in your cyber defenses, so, if they are not already in place, setting up automatic updates should be your priority.

Warn your staff: make sure that your staff are aware of this new threat to minimize the risk of your business falling victim. You can achieve this by sending out email updates to your staff and also updating your IT induction process to cover this new form of attack.

Reduce your availability: it’s possible to limit your communication through Teams to specific domains only. Again, this reduces your risk by ensuring that your staff can only communicate with trusted sources and not threat actors operating from similar, yet malicious domains.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Ukraine’s Military Hacked by Russian Backed USB Malware

malware, Ophtek, Phishing, Pteredo, Russian Hackers, Shuckworm, Ukraine, USB_malwaremalware, Ophtek, phishing, Pterodo, Russia, Shuckworm, Ukraine, USB_MalwareOphtek, LLC

Aug 2023

The news footage may focus on military strikes, but, behind the war in Ukraine, cyberattacks are being utilised as a major weapon by Russia.

Government-backed cyberattacks are nothing new, and they will continue to be utilized as part of global espionage campaigns for the foreseeable future. However, while these attacks are unlikely to be aimed at small businesses, the methods and techniques employed are likely to trickle down into the arsenal of smaller hackers. Therefore, in the near future, these powerful attacks could regularly be launched against your business.

At Ophtek, we pride ourselves on keeping our clients up to date on contemporary threats. But we also strive to keep you one step ahead of the hackers. And that’s why we’re going to take you through this latest attack.

Understanding the Mechanics of this Military Hack

Warfare has always relied on much more than just weapons, intelligence has always been equally important. And, with the rise of technology in the digital age, compromising IT equipment has proven to be highly rewarding in the pursuit of sensitive information. This latest attack, which has links with Russia’s FSB security service, has been launched by Shuckworm, a Russian threat actor with a long history of attacks.

February 2023 saw Shuckworm intensifying their attacks against Ukraine, a campaign which has been running for several years. Most notably, Shuckworm have been developing new malware in conjunction with command-and-control servers. Central to these attacks has been a strain of malware called Pterodo. Developed by Shuckworm, Pterodo is a backdoor attack which is executed when malicious USB drives are installed onto PCs. The first step that Pterodo takes is to install shortcut links on the infected PC, with these links given names such as evidence.rtf.lnk in order to tempt users into clicking them.

Clicking these links will install Pterodo on the user’s PC and allow Pterodo to spread through any connected drives and download further malware. To cover its tracks, Pterodo uses a number of innovative approaches. Numerous variants of Pterodo have been developed to bypass identification tools and, in order to conceal their identity, the related command-and-control servers regularly rotate their IP addresses. W hile the USB route for launching this attack appears to be Shuckworm’s preferred method, there is also evidence that it’s being spread through phishing emails.

How Do You Beat Military Backed Hackers?

Threat actors which receive government support are very powerful, but it doesn’t mean they are unbeatable. In fact, this latest attack by Shuckworm can easily be deflected by practicing the following:

Be wary of USB drives: USB drive attacks have been commonplace for many years, so it’s important that you don’t let your guard down. Mysterious USB drives which arrive in the mail or are found out in the parking lot should be fully scrutinized and never plugged into your PCs. As well as compromising data security, malicious USB drives also have the potential to destroy your PC.

Understand the hallmarks of phishing: businesses need to be vigilant against phishing campaigns in order to protect their IT infrastructure. Therefore, make sure your employees know how to identify telltale signs of phishing emails: misspellings, generic greetings, urgent demands, suspicious attachments/links, and email addresses with slight variations. If your team can stay alert to these threats, then you stand a much better chance of protecting your data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Every business wants their IT infrastructure to be secure, so it’s crucial that you understand all your options. And two of the best are an SOC and an NOC.

A Security Operations Center (SOC) and a Network Operations Center (NOC) are exciting options for your defenses, but not everyone knows what they are. The good news is that both of these options, which can be based in-house or outsourced to external contractors, are here to protect your IT operations. And they both do this with a high level of sophistication, which ensures that cybersecurity threats are quickly identified and nullified.

How Does an SOC Protect Your IT Infrastructure?

Integrating an SOC into your cybersecurity strategies is one of the quickest ways to enhance your defenses. In short, an SOC is a dedicated team of professionals who can provide 24/7 monitoring of your IT systems. Their main duties include:

Maintenance: one of the surest ways to keep any system operating effectively is through routine and preventative maintenance. And this is a duty which an SOC will take in its stride. From initiating and installing updates through to updating firewalls and managing backup protocols, a dedicated SOC will ensure that none of these vital tasks are missed.
Creating response plans: in the case of a security incident, your organization needs to have a solid response plan ready to go. This could involve restoring data from backups, partitioning your networks, or even shutting your entire IT infrastructure down. Regardless of the strategy, you need to make sure that the perfect response plan has been formulated. And, thanks to the experience of those employed in an SOC, you can rest assured that your response minimizes disruption.
Monitoring: security incidents can strike your organization at any time of day, so it’s important that you have round-the-clock monitoring to flag up any attacks. An SOC can take care of this by not only monitoring network activity, but also analyzing it to provide a strong determination as to the threat level posed. This allows the SOC team to quickly identify potential threats and react accordingly.

Why Does Your Organization Need an NOC?

IT networks are complex, highly complex. This means that monitoring them effectively is difficult, but crucial when it comes to securing them. It’s difficult for your standard IT team to dedicate themselves to this task, so this is why the emergence of NOCs is so exciting for organizations. With an NOC supporting your IT infrastructure, you can expect 24/7 coverage in the following areas:

Network monitoring: an NOC can provide your organization with constant network monitoring and surveillance. This monitoring will cover all of the most common elements found in a network such as servers, routers, and switches. It’s an approach which is not only comprehensive, but also allows the NOC team to minimize any disruptions to your network.
Enhanced security: the main aim of a threat actor is to bypass the security of your network, and it’s very easy for them to sneak in when a vulnerability is in place. However, the presence of an NOC team means that not only will updates and patches be installed quickly, but their constant monitoring of your network will allow them to identify any unauthorized access.
Performance monitoring: given the level of competition within business in the 21^st century, your organization’s network needs to perform at a high level. Monitoring the complexities of an IT network, though, is a tough ask. But the experience of an NOC team means they can easily analyze your network performance, and then suggest plans for improving and maximizing its output.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 6 … 10 Next »

Yearly Archives: 2023