Threat actors are determined to harvest as much sensitive data as possible, and the Housing Authority of the City of Los Angeles (HACLA) know all about this.

It’s been revealed that HACLA has recently been attacked by the Cactus ransomware gang. First emerging in early 2023, the Cactus group has gained a reputation for stealing confidential data. Around 260 organizations have been affected by Cactus’ activities in the last year and a half, with no sign of them slowing up. HACLA, unfortunately, has previous form for data breaches, with the LockBit ransomware group gaining access to their IT systems for nearly a full year in 2022.

To help you bolster your organization’s defenses, we’re going to explore the Cactus attack in closer detail.

Cactus Get Prickly with HACLA

With 32,000 public housing units falling under its administration, HACLA is a prime target for any threat actors hungry for personal data. Accordingly, Cactus have struck at the heart of HACLA to harvest significant amounts of data.

Understandably, in order to protect their defenses, HACLA have revealed very little about the attack. They acknowledge that, after becoming aware of suspicious activity, IT professionals were contacted to investigate a possible cyberattack. HACLA’s systems remain operational as of this writing, but they haven’t confirmed exactly what happened or whether any data was stolen.

Cactus, on the other hand, has been more forthcoming with details. Announcing that they’ve managed to steal 891 GB of files from HACLA’s network, Cactus has clearly carried out an audacious attack. The data stolen, as Cactus claims, is highly sensitive and includes personal client details, financial documents, database backups, and correspondence. To demonstrate that they’re not just showboating, Cactus has published screenshots of some of this stolen data. Alongside this, Cactus has also followed up their claims by uploading an archive containing some of the stolen data.

Shielding Your Business from Breach Risks

While it’s currently unclear whether HACLA’s systems or data has been encrypted by ransomware, it’s a very real possibility. Regardless of whether encryption has taken place, the 891 GB of stolen data is a seriously worrying amount of personal data to leak. Therefore, you need to be on your guard against such attacks by practicing the following:

  • Data Backup Strategy: To minimize the impact of ransomware, it’s always a good idea to carry out regular, automated backups of your data. As well as keeping these backups close to hand on site, it’s crucial that you also keep copies stored on secure, off-site locations such as in the cloud. The 3-2-1 backup method is an excellent strategy to employ in order to keep your data secure and retrievable.
  • Regular Software Updates: Many data breaches are the result of vulnerabilities being exploited within software. These vulnerabilities allow threat actors to gain a foothold with IT infrastructures and start implementing malware infections or stealing data. Consequently, to plug all of these security holes, you should automate all software updates to optimize the strength of your defenses.
  • Employee Training: Regular training of your employees, both at the induction stage and through refresher courses, provides your organization with its strongest form of defense. It just takes one wrong click by an employee to expose your entire network, so it’s vital that you can sharpen their cybersecurity skills to secure your IT infrastructure.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The headlines generated by cybersecurity attacks always focus on the damage caused by hackers, but who exactly are the hackers and why do they hack?

Financial losses associated with cybercrime hit a mighty $12.5 billion in 2023, so it’s clear to see that hackers have a major impact on society. And yet we know so little about them. Characterized as shady, hidden figures, hackers rely on this mysterious air to create panic and fear when they strike. Technically savvy, they pose a major threat to computer systems all over the world, and they often get away with it through a mixture of ingenuity and bravado.

To help you understand their motives better, we’re going to pull back the digital curtain and show you who these hackers are and what drives them to attack IT infrastructures.

The Main Types of Hackers

There are many different types of hackers, with different methods of operation and varying skillsets. The main variants you’re likely to encounter are:

  • Black Hat Hackers: Perhaps the most infamous type of hacker, black hat hackers are regularly discussed on the Ophtek blog due to their love of breaking into IT systems. Their main activities involve launching malware, compromising software vulnerabilities, and setting up phishing campaigns.
  • White Hat Hackers: In contrast to their black hat counterparts, white hat hackers are a force for good. Typically, they work in conjunction with organizations to identify weak spots in their IT security e.g. demonstrating where software vulnerabilities are present or highlighting the use of default passwords on routers.
  • Hacktivists: These hackers aren’t out to commit cybercrime in the same way as a black hat hacker, but hacktivists operate on the wrong side of the law in order to bring about social or political change. A good example of this can be found in the 2022 attacks launched against Russian websites by the hacking group Anonymous, an attack designed in response to the Russian war on Ukraine.

What are the Motivations Behind Hacking?

Every hack will have a motive behind it and it’s important to understand these motives in order to better protect our computer systems. The main driving forces behind cyberattacks include:

  • Financial Gain: As with all crime, money acts as a significant motivating factor. Stolen credentials, for example, can be sold on the dark web for large amounts of cash. Likewise, the rise of Malware-as-a-Service has proved highly lucrative for hackers and been responsible for some devastating attacks.
  • Challenging Themselves: Hackers love the prestige of a successful hack, and this hit of dopamine is enough to encourage them to set about launching increasingly audacious attacks. This not only challenges them and provides a firm motivation, but it also encourages them to hone their skills and make their attacks harder to defend against.
  • Personal Grievances: Often, the main motivation behind a hack is simply a slice of old-fashioned revenge. An ex-employee, perhaps terminated unfairly in their eyes, may seek revenge by exploiting their knowledge of an organization’s IT system. This insider knowledge may offer them the opportunity to strike back and hurt the organization.

Final Thoughts

Hackers, with their varying objectives and motivations, are a complex set of individuals and groups. While some may be a force for good, just as many have taken up their craft to inflict damage and benefit financially from their digital chaos. Whatever their circumstances, one thing remains clear: it’s crucial to strengthen your IT systems against all threats all the time.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Hackers have designed fake Google Meet error pages to distribute info-stealing malware which can compromise all the data on a network.

It feels as though malicious websites are springing up on a daily basis, and with 12.8 million websites infected with malware, this is a fair assumption to make. The latest attack under the Ophtek spotlight centers around Google Meet, a videoconferencing service hosted online by Google. The threat uses fake connectivity errors to lure victims into inadvertently launching the malware on their own system. And with Google Meet having over 300 million active users every month, the chance of this campaign tripping people up is exceptionally high.

The Danger of Fake Google Meet Pages

Google Meet attack appears to be part of a wider hacking campaign known as ClickFix, which has also been identified using similar fake websites impersonating Google Chrome and Facebook. In all these cases, the objective of the campaign is to install info stealers onto infected PCs. Malware used in these attacks include DarkGate and Lumma Stealer.

Fake error messages are displayed in the web browsers of victims to indicate a connectivity issue with a Google Meet call. However, there is no Google Meet call taking place, it’s simply a ruse to deceive victims into following through on a malicious call-to-action. These ‘errors’ recommend copying a ‘fix’ and then running it in Windows PowerShell, an app commonly used to automate processes on a Microsoft system.

Unfortunately, rather than fixing the ‘error’ with Google Meet, the execution of this code within PowerShell simply downloads and installs the malware. Once installed, malware such as DarkGate and Lumma Stealer has the potential to search out sensitive data on your network, establish remote network connections, and transmit stolen data out of your network.

Victims are redirected to these malicious websites via phishing emails, which claim to contain instructions for joining important virtual meetings and webinars. The URLs used within the emails appear like genuine Google Meet links but take advantage of slight differences in the address to deceive recipients.

Protecting Yourself from Fake Google Meet Malware

The best way to stay safe in the face of the fake Google Meet pages (and similar attacks) is by being proactive and educating your staff on the threats of malicious websites. Accordingly, following these best practices gives you the best chance of securing your IT infrastructure:

  • Double Check URLs: malicious websites often mimic genuine ones to catch people off guard. Therefore, always verify any URL for anything unusual such as misspelled words or lengthened and unusual domain endings, before clicking them. This will minimize your risk of falling victim to phishing and malware attacks.
  • Use Browser Security Features: many browsers, such as Google Chrome, come with built-in security features which can block sites known to be harmful or detect suspicious downloads. If you have these protections enabled, and this is easily done through your browser settings, you can rest assured you’re putting a strong security measure in place.
  • Install Antivirus and Firewall Software: one of the simplest way to protect yourself is by installing antivirus and firewall software, which is often available for free in the form of AVG and Kaspersky. This software can not only detect malware, but also block it before it reaches your system, so it can be considered a very strong form of defense.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A new malware campaign, targeting finance and insurance sectors, is using infected GitHub repositories to distribute the Remcos remote access trojan (RAT).

GitHub is an online platform which allows software developers to store and share code online. It’s like an online hard drive, but one which is specifically dedicated to coding projects. It’s main use is to foster collaboration between developers and track changes in their code as it evolves. However, as it’s a trusted source, it makes it the perfect target for hackers. On this occasion, the threat actors haven’t been starting malicious repositories. Instead, they’ve been taking advantage of the comments section in legitimate repositories.

The Dangers of GitHub Comments

The GitHub attack in question appears to be targeting genuine open-source repositories, with those affected including HMRC, Inland Revenue, and UsTaxes. These are well-known and trusted repositories. Users wouldn’t expect to be infected by malware visiting these, whereas lesser known and newer repositories pose more of an obvious risk. So, how are the threat actors compromising these accounts? Well, they’re uploading malware files into the comments section.

Although the comment is deleted, the link to file stays in place. Phishing emails are then used to redirect users to the infected link on GitHub. Again, as GitHub is a genuine, trusted platform, these phishing emails are not detected as being suspicious. This puts the recipient at risk of unknowingly downloading and executing the Remcos RAT. This RAT allows threat actors to remotely take control of an infected PC. From here, they can steal your data, execute further commands on your system, and monitor all your activity. This makes the attack highly dangerous and follows in the footsteps of numerous GitHub attacks in the last year.

Staying Safe from Malicious Comments

Your employees may not have anything to do with software development, but the Remcos RAT relies on phishing techniques which could easily deceive them. Therefore, you need to ensure your employees stay safe from this innovative threat. The best way to achieve this is by following these best practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More