2024 - Page 2 of 9

New Malware Used to Target Security Software

BYOVD, DSE, EDRKillShifter, install updates, malware, Ophtek, Russian Hackers, SophosBYOVD, DSE, EDRKillShifter, malware, Ophtek, Russia, Sophos, updatesOphtek, LLC

Sep 2024

The hacking collective RansomHub has unveiled a new strain of malware, one which is used to disable security software and leave PCs open to attack.

Discovered by security firm Sophos, RansomHub’s new malware has been dubbed EDRKillShifter. First detected during May 2024, EDRKillShifter carries out a Bring Your Own Vulnerable Driver (BYOVD) attack. The main objective of a BYOVD attack is to install a vulnerable driver on a target PC. With this driver in place, threat actors can remotely gain unauthorized access and get a foothold within the system.

The Story Behind EDRKillShifter’s Attack

EDRKillShifter typically targets Endpoint Detection and Response (EDR) security software, leaving PCs at risk of multiple malware attacks. Classed as a ‘loader’ malware, EDRKillShifter delivers a legitimate, yet vulnerable driver onto the target PC. In many cases, it’s been identified that multiple drivers, which are all vulnerable, have been introduced to PCs.

Once the vulnerable drivers have been deployed within the PC, EDRKillShifter executes a further payload within the device’s memory. This payload allows the threat actors to exploit the vulnerable drivers and, as a result, gain access to elevated privileges. This change in privileges gives the attackers the ability to disable EDR software on the machine. And the name of this software is hardcoded into EDRKillShifter’s processes, to prevent it from being restarted.

Attempts to run ransomware on compromised machines has been noted by Sophos and, digging deeper into the EDRKillShifter code, there are strong indicators that the malware originates from Russia. As regards the vulnerable drivers, these are freely available on the Github repository and have been known about for some time.

Preventing the Spread of EDRKillShifter

The mechanics of EDRKillShifter are effective and dangerous but are nothing new. Similar attacks, such as AuKill, have been carried out in the last year, and the technique currently appears popular with threat actors.

Luckily, your organization doesn’t have to fall victim to malware such as EDRKillShifter and its variants. Instead, you can maintain the security of your IT infrastructure by following these best practices:

Enable Tamper Protection: It’s important that you limit user privileges for installing drivers. For the average PC user, there’s no reason why they should be installing drivers. Therefore, you can protect your security defenses by limiting driver privileges to restricted admin accounts. This ensures that unauthorized users are unable to disable your EDR software.

Always Install Updates: Vulnerable drivers, such as those exploited by EDRKillShifter, are often updated once vulnerabilities have been detected. This is why it’s paramount that your organization always installs updates as quickly as possible. By eliminating compromised files from your PCs, you’re instantly strengthening the safety of your machines.

Use Driver Signature Enforcement: Windows has a tool called Driver Signature Enforcement (DSE), which can help protect your PC from BYOVD malware. DSE ensures that only drivers signed by Microsoft can be installed on your devices. By enlisting the help of DSE, you’re adding another layer of protection to your defenses.

For more ways to secure and optimize your business technology, contact your local IT professionals .

5 Ways to Optimize Your IT Budget

automation, cloud computing, educate staff, evaluate spending, IT budget, IT Support, Ophtekautomation, cloud computing, educate staff, evaluate spending, IT budget, it support, OphtekOphtek, LLC

Sep 2024

Managing your IT budget is crucial in today’s fast paced business environment. A fter all, technology is becoming more important, but also expensive.

An IT budget allows you to plan your IT expenses for the year ahead, so it needs to be planned carefully. Every cent counts and you want to be able to optimize your IT budget to remain efficient and competitive. This may sound simple, but it presents a major headache for almost every business. You need to determine exactly where you can save money in your budget and which areas need prioritizing for investment. It’s a difficult balancing act, but if you can get it right, you’re guaranteed an effective IT infrastructure.

Optimizing Your IT Budget

To help you get started with optimizing your IT budget, we’re going to share 5 simple ways you can get the most bang for your buck:

Evaluate Existing IT Spending: Over time, your use of IT technology will change, and this often leads to unnecessary spending or a lack of investment in vital services. Therefore, you need to assess your current expenses and focus on the costs which directly impact your day-to-day operations. This will allow you to identify areas where you can make savings e.g. using open-source software such as Google Docs or OpenOffice instead of the subscription-based Microsoft Office.
Embrace Automation: The future of business is automation, and this is never more true than when it comes to IT. By streamlining repetitive tasks, you can reduce manual workloads and reduce your labor costs. A good example of this comes in the form of network monitoring software, this can be used to keep a continuous eye on the traffic flowing in and out of your infrastructure. Anything suspicious can be immediately flagged, and this saves you having to manually monitor your network activity. While there will be an initial outlay in automation software, the long-term savings will greatly enhance your IT budget.
Invest in Cloud Computing: Flexibility is an important part of any budget and cloud computing is the perfect example of this in IT. Using cloud services ensures that your organization only pays for what it uses e.g. a specific amount of storage space for your backups. Cloud computing also reduces the need for physical equipment on your premises and comes complete with minimal maintenance costs. The combined benefits of cloud computing, especially when provided by a single supplier, will quickly streamline your costs.
Optimize IT Support: Rather than handling IT support yourself, why not consider outsourcing this duty to a specialized provider? This minimizes your spending on in-house IT staff and enables you to benefit from remote support services. External providers will be more than capable of maintaining your IT infrastructure and, due to their experience across multiple clients, their expertise will be more varied than in-house staff who primarily work with the same systems every day.
Educate Your Staff: Incorrect usage of your IT resources by staff can quickly generate outgoing costs, so it pays to be mindful of this. So, make sure your staff are regularly trained to use IT equipment correctly and efficiently e.g. only printing in color when necessary. It’s also important that your IT and finance teams are in regular contact with each other to monitor IT spending, so ensure catch-up meetings are scheduled to keep everyone on the same page.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

A vulnerability has been discovered within AMD processors which has the potential to expose affected PCs to incredibly stealthy strains of malware.

AMD processors are used to power computers, and this is achieved by executing instructions within software applications. Therefore, everything you do on a PC is powered by a processor e.g. running Windows, processing data, and calculations. Some processors are more powerful than others, and the type chosen depends on the user’s need e.g. a diehard gamer will need a high-performance processor to get the best gaming experience, while someone working in a small office will need something less powerful to complete word processing tasks.

As AMD is a highly popular manufacturer of PC processors, we’re going to take a close look at this vulnerability and discuss the impact it could have on your PC users.

Understanding the AMD Chip Vulnerability

The vulnerability in AMD’s chips was discovered by the security firm IOActive, who has named the vulnerability Sinkclose. The flaw was first found in October 2023, but it appears Sinkclose has been present in AMD processors for close to two decades, a remarkable amount of time for a vulnerability to go unnoticed.

Sinkclose affects a specific operating mode within the processors named System Management Mode. This function is used to control systemwide processes including power management and system hardware control. Key to the Sinkclose vulnerability is the fact that System Management Mode also offers high privilege access. And it’s this access which, potentially, could allow a threat actor to run malicious code undetected.

Gaining access deep enough within a PC to even tackle the System Management Mode is difficult for even the most skilled hackers, but it’s not impossible. After infecting a machine with a bootkit – a form of malware w hich executes very early in the boot process – a threat actor could make their way deep within the system. And if a threat actor does manage to install malware through the Sinkclose vulnerability, the location of the infection means it would survive multiple reinstallations of Windows.

Are You Safe from Sinkclose?

With the Sinkclose vulnerability potentially active since 2006, and IOActive warning that all AMD chips dating back to this period could be affected, the potential damage is huge. AMD has been quick to respond and, since Sinkclose was first identified last year, has been working on an update ever since. Patches for AMD Ryzen and Epyc chips have recently been issued, but clearing up this debacle looks to be a long-term project for AMD.

While the threat is currently difficult to exploit, if threat actors discover an effective method to abuse it, countless PCs could be at increased risk of being compromised. Therefore, it’s crucial you follow these best practices to maintain the security of your PCs:

Antivirus and Anti-malware Tools: always implement reputable antivirus and anti-malware software across your network. These security solutions, which are regularly updated against the latest threats, offer continuous scanning, real-time protection and the option to quarantine suspicious files before removing them safely.
Install All Updates Promptly: one of the most important security steps you can take is to ensure you regularly update all your software, including operating systems and applications. This is the best way to make sure they’re patched against any existing or new vulnerabilities. Automated patch management tools can simplify this process, and Windows provides options for automatic updates of Microsoft apps.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The 5 Best Tips for Keeping Your PCs Running Smoothly

Antivirus, Battery usage, Bundled software, Laptop ventilation, Ophtek, PC care, PC efficiency, Startup appsantivirus, battery usage, bundled software, Ophtek, PC care, PC efficiency, startup appsOphtek, LLC

Sep 2024

The key to a successful IT infrastructure is ensuring that your PCs are cared for and run smoothly. However, not everyone knows how to achieve this.

Computers which are not performing optimally can have a negative impact on your organization’s productivity. Accordingly, you need to make sure your devices – both PCs and laptops – are correctly cared for. Devices which have been looked after will offer both high productivity and a long lifespan, both attractive factors for any business.

But where do you start? After all PCs are such complex machines that it may seem overwhelming to organize and schedule a plan to put your technology back on track. Luckily, Ophtek is here to serve up our 5 best tips for keeping your PCs running smoothly.

Transforming Your PCs into Efficient Machines

The good news is that you don’t need to get too technical to maintain and enhance the productivity of your devices. Instead, you can start with relatively simple practices to take care of your PCs and boost their performance:

Keep Your Laptops Ventilated: Laptops are fantastic devices for employees who are on the move, but they’re also prone to overheating and this can impact a laptop’s performance. Therefore, you need to keep them ventilated at all times. You can do this easily by following the best laptop ventilation practices. Always use laptops on a flat surface and, if possible, elevate them with a laptop stand to enhance ventilation. You also need to ensure laptops are kept clean, so use compressed air to blast out any dust buildup in ports.
Minimize Startup Applications: Many PCs end up running far too many apps at startup, and this can slow your startup time and compromise performance. To address this, press Ctrl + Alt + Delete and then select the Task Manager option on the resulting menu. Head into the ‘Startup apps’ tab and disable any unnecessary apps from loading at startup e.g. if Xbox App Services is showing as enabled, and you don’t use an Xbox, you may as well disable this.
Beware of Bundled Software: Often, when you’re installing software downloaded from the internet, additional and unnecessary software is included with the download. The software manufacturer is paid to include these additional downloads, but they almost always serve no purpose for the end user. And this takes up valuable storage space on your devices. So, when installing software, always check the installer pop-up windows and make sure you tick the option to not include bundled software.
Perform Antivirus Scans: There’s no such thing as good malware, and even the least dangerous malware will put a strain on a PC’s resources. This is why it makes sense to perform regular antivirus scans to eliminate any potential threats to your PC’s performance. Free antivirus software such as Malwarebytes, AVG, and McAfee will all run automated background scans and instantly alert you to any security issues which need addressing.
Optimize Laptop Battery Usage: New laptops come with a long battery life, but this doesn’t mean you should neglect optimizing them. Not only will this keep your laptop powered for longer, but it will improve the longevity of your battery. If you type “edit power plan” into your Windows search bar, you will be provided with a wide range of battery options such as putting the computer to sleep or turning the display off after a set amount of inactivity.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

Software updates should always enhance your PC’s efficiency, but the recent breach of an ISP has demonstrated quite the opposite.

This recent compromise appears to have been exploited by StormBamboo, a collection of Chinese threat actors who have been causing digital chaos since 2012. The attack was made possible after StormBamboo breached the defenses of an undisclosed ISP. This allowed StormBamboo to take control of the ISP’s traffic and redirect it for their own malicious gains.

If you’re accessing the internet, even if it’s only for basic email and browsing usage, your business is going to be partnered with an ISP. And this attack by StormBamboo tells a cautionary tale of how you always need to be on your guard.

StormBamboo’s Innovative Attack

Having gained unauthorized access to the ISPs servers, StormBamboo was able to intercept and compromise DNS requests from users of that ISP. A DNS request is a query to provide an IP address for a host name – e.g. en.wikipedia.org. An ISP will provide this IP address and allow the user to visit the required webpage.

However, StormBamboo was able to manipulate these DNS requests and, instead of the legitimate IP address, provide a malicious alternative. No action was required from the end user, and they would be transferred to a malicious domain automatically. In particular, StormBamboo focused on poisoning DNS requests for software updates. These updates were insecure as they were found to not validate digital signatures for security purposes.

As a result of these compromises, StormBamboo was able to deceive victims into downloading malware such as Macma (for MacOS machines) and Pocostick (for Windows devices). For example, users of 5KPlayer, a media player, were redirected to a malicious IP address rather than fetching a specific YouTube dependency. This led to a backdoor malware being installed on affected systems. StormBamboo was then observed to install ReloadText, a malicious Chrome extension used to steal mail data and browser cookies.

Staying Safe from StormBamboo

The attacks carried out by StormBamboo appear to have been active during 2023 and were identified by Volexity, a reputable cybersecurity organization. Volexity’s first step was to get in touch with the ISP and identify the traffic-routing devices which were being compromised. This allowed the ISP to reboot its servers and instantly stop the ISP poisoning. Users of the ISP, therefore, were no longer at risk of being exposed to malware. Further advice on eliminating this specific threat can be found on Volexity’s blog.

Nonetheless, businesses are reminded to remain mindful about malicious activity on their networks. Implementing robust security measures, conducting regular vulnerability assessments, and monitoring network traffic for unusual patterns are all crucial. Additionally, employing advanced threat detection tools and training employees on cybersecurity best practices will further strengthen your defenses. Finally, never forget the importance of keeping software and systems updated with official patches, firmware, and updates.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 … 9 Next »

New Malware Used to Target Security Software

AMD Chip Vulnerability Exposes Malware Threat

The 5 Best Tips for Keeping Your PCs Running Smoothly

Poisoned Software Updates Issued after ISP is Hacked

Yearly Archives: 2024