AMD Chip Vulnerability Exposes Malware Threat

AMD Chip, anti malware, Antivirus, bootkit, install updates, IOActive, malware, Ophtek, Sinkclose, System Management Mode, , , , , , , , ,
10
Sep 2024

A vulnerability has been discovered within AMD processors which has the potential to expose affected PCs to incredibly stealthy strains of malware.

AMD processors are used to power computers, and this is achieved by executing instructions within software applications. Therefore, everything you do on a PC is powered by a processor e.g. running Windows, processing data, and calculations. Some processors are more powerful than others, and the type chosen depends on the user’s need e.g. a diehard gamer will need a high-performance processor to get the best gaming experience, while someone working in a small office will need something less powerful to complete word processing tasks.

As AMD is a highly popular manufacturer of PC processors, we’re going to take a close look at this vulnerability and discuss the impact it could have on your PC users.

Understanding the AMD Chip Vulnerability

The vulnerability in AMD’s chips was discovered by the security firm IOActive, who has named the vulnerability Sinkclose. The flaw was first found in October 2023, but it appears Sinkclose has been present in AMD processors for close to two decades, a remarkable amount of time for a vulnerability to go unnoticed.

Sinkclose affects a specific operating mode within the processors named System Management Mode. This function is used to control systemwide processes including power management and system hardware control. Key to the Sinkclose vulnerability is the fact that System Management Mode also offers high privilege access. And it’s this access which, potentially, could allow a threat actor to run malicious code undetected.

Gaining access deep enough within a PC to even tackle the System Management Mode is difficult for even the most skilled hackers, but it’s not impossible. After infecting a machine with a bootkit – a form of malware which executes very early in the boot process – a threat actor could make their way deep within the system. And if a threat actor does manage to install malware through the Sinkclose vulnerability, the location of the infection means it would survive multiple reinstallations of Windows.

Are You Safe from Sinkclose?

With the Sinkclose vulnerability potentially active since 2006, and IOActive warning that all AMD chips dating back to this period could be affected, the potential damage is huge. AMD has been quick to respond and, since Sinkclose was first identified last year, has been working on an update ever since. Patches for AMD Ryzen and Epyc chips have recently been issued, but clearing up this debacle looks to be a long-term project for AMD.

While the threat is currently difficult to exploit, if threat actors discover an effective method to abuse it, countless PCs could be at increased risk of being compromised. Therefore, it’s crucial you follow these best practices to maintain the security of your PCs:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The 5 Best Tips for Keeping Your PCs Running Smoothly

Antivirus, Battery usage, Bundled software, Laptop ventilation, Ophtek, PC care, PC efficiency, Startup apps, , , , , ,
03
Sep 2024

The key to a successful IT infrastructure is ensuring that your PCs are cared for and run smoothly. However, not everyone knows how to achieve this.

Computers which are not performing optimally can have a negative impact on your organization’s productivity. Accordingly, you need to make sure your devices – both PCs and laptops – are correctly cared for. Devices which have been looked after will offer both high productivity and a long lifespan, both attractive factors for any business.

But where do you start? After all PCs are such complex machines that it may seem overwhelming to organize and schedule a plan to put your technology back on track. Luckily, Ophtek is here to serve up our 5 best tips for keeping your PCs running smoothly.

Transforming Your PCs into Efficient Machines

The good news is that you don’t need to get too technical to maintain and enhance the productivity of your devices. Instead, you can start with relatively simple practices to take care of your PCs and boost their performance:

  1. Keep Your Laptops Ventilated: Laptops are fantastic devices for employees who are on the move, but they’re also prone to overheating and this can impact a laptop’s performance. Therefore, you need to keep them ventilated at all times. You can do this easily by following the best laptop ventilation practices. Always use laptops on a flat surface and, if possible, elevate them with a laptop stand to enhance ventilation. You also need to ensure laptops are kept clean, so use compressed air to blast out any dust buildup in ports.
  2. Minimize Startup Applications: Many PCs end up running far too many apps at startup, and this can slow your startup time and compromise performance. To address this, press Ctrl + Alt + Delete and then select the Task Manager option on the resulting menu. Head into the ‘Startup apps’ tab and disable any unnecessary apps from loading at startup e.g. if Xbox App Services is showing as enabled, and you don’t use an Xbox, you may as well disable this.
  3. Beware of Bundled Software: Often, when you’re installing software downloaded from the internet, additional and unnecessary software is included with the download. The software manufacturer is paid to include these additional downloads, but they almost always serve no purpose for the end user. And this takes up valuable storage space on your devices. So, when installing software, always check the installer pop-up windows and make sure you tick the option to not include bundled software.
  4. Perform Antivirus Scans: There’s no such thing as good malware, and even the least dangerous malware will put a strain on a PC’s resources. This is why it makes sense to perform regular antivirus scans to eliminate any potential threats to your PC’s performance. Free antivirus software such as Malwarebytes, AVG, and McAfee will all run automated background scans and instantly alert you to any security issues which need addressing.
  5. Optimize Laptop Battery Usage: New laptops come with a long battery life, but this doesn’t mean you should neglect optimizing them. Not only will this keep your laptop powered for longer, but it will improve the longevity of your battery. If you type “edit power plan” into your Windows search bar, you will be provided with a wide range of battery options such as putting the computer to sleep or turning the display off after a set amount of inactivity.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Poisoned Software Updates Issued after ISP is Hacked

backdoor malware, Chinese hackers, DNS requests, ISP Hack, Malicious alternative IP address, malware, Ophtek, Poisoned Software, ReloadText, software updates, StormBamboo, System Updates, Volexity, , , , , ,
27
Aug 2024

Software updates should always enhance your PC’s efficiency, but the recent breach of an ISP has demonstrated quite the opposite.

This recent compromise appears to have been exploited by StormBamboo, a collection of Chinese threat actors who have been causing digital chaos since 2012. The attack was made possible after StormBamboo breached the defenses of an undisclosed ISP. This allowed StormBamboo to take control of the ISP’s traffic and redirect it for their own malicious gains.

If you’re accessing the internet, even if it’s only for basic email and browsing usage, your business is going to be partnered with an ISP. And this attack by StormBamboo tells a cautionary tale of how you always need to be on your guard.

StormBamboo’s Innovative Attack

Having gained unauthorized access to the ISPs servers, StormBamboo was able to intercept and compromise DNS requests from users of that ISP. A DNS request is a query to provide an IP address for a host name – e.g. en.wikipedia.org. An ISP will provide this IP address and allow the user to visit the required webpage.

However, StormBamboo was able to manipulate these DNS requests and, instead of the legitimate IP address, provide a malicious alternative. No action was required from the end user, and they would be transferred to a malicious domain automatically. In particular, StormBamboo focused on poisoning DNS requests for software updates. These updates were insecure as they were found to not validate digital signatures for security purposes.

As a result of these compromises, StormBamboo was able to deceive victims into downloading malware such as Macma (for MacOS machines) and Pocostick (for Windows devices). For example, users of 5KPlayer, a media player, were redirected to a malicious IP address rather than fetching a specific YouTube dependency. This led to a backdoor malware being installed on affected systems. StormBamboo was then observed to install ReloadText, a malicious Chrome extension used to steal mail data and browser cookies.

Staying Safe from StormBamboo

The attacks carried out by StormBamboo appear to have been active during 2023 and were identified by Volexity, a reputable cybersecurity organization. Volexity’s first step was to get in touch with the ISP and identify the traffic-routing devices which were being compromised. This allowed the ISP to reboot its servers and instantly stop the ISP poisoning. Users of the ISP, therefore, were no longer at risk of being exposed to malware. Further advice on eliminating this specific threat can be found on Volexity’s blog.

Nonetheless, businesses are reminded to remain mindful about malicious activity on their networks. Implementing robust security measures, conducting regular vulnerability assessments, and monitoring network traffic for unusual patterns are all crucial. Additionally, employing advanced threat detection tools and training employees on cybersecurity best practices will further strengthen your defenses. Finally, never forget the importance of keeping software and systems updated with official patches, firmware, and updates.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

PKfail Flaw Exposes Secure Boot to Unauthorized Access

Acer, DDoS attacks, Dell, firmware vulnerability, Hackers, Lenovo, Ophtek, PK Fail, secure boot, unauthorized access, , , , , , , , ,
20
Aug 2024

Hundreds of devices from vendors such as Acer, Dell, and Lenovo have been found to be left wide open to threat actors due to untrusted test keys.

These devices have been left compromised due to PKfail, a firmware supply chain vulnerability. On devices where PKfail (short for Platform Key fail) is present, threat actors can install malware with ease. This is because the presence of PKfail means hackers can bypass the Secure Boot process and gain access to the device. Naturally, unauthorized access puts a device at risk of not only being infected with malware, but also suffering data breaches and being hijacked for DDoS attacks.

As the threat of PKfail has affected some of the major PC manufacturers, it’s important we investigate this a little closer.

The Failure of PKfail

Secure Boot is an integral part of any modern PC, ensuring a device’s firmware and operating system is correctly authenticated against a secure key on the machine. The devices at the center of this security failure have, within their system, a test Secure Boot key. This is named “DO NOT TRUST” and is created by American Megatrends International (AMI), a widespread BIOS system used to start up a computer after being powered on.

The intention of the test key was simply that, a test. Vendors using AMI on their systems, for example Lenovo PCs, should have removed this test key before generating a unique Platform Key. This would then protect the BIOS system, prevent Secure Boot from being compromised, and eliminate the threat of unauthorized access via this route. However, this task was missed by numerous vendors, leaving their devices unprotected.

Threat actors, aware of this flaw, could then exploit this workaround for Secure Boot and access the compromised devices without breaking a sweat. By taking control of the machines, the attackers were able to start downloading malware such as CosmicStrand and BlackLotus to the devices. This firmware vulnerability, linked to a June 2024 release as per supply chain security firm Binarly, has affected close to 900 devices, with those affected listed here.

Staying Safe from PKfail

Vendors who have failed to the replace the test key from AMI are being encouraged to immediately rectify this on any systems waiting to be issued. End users of the affected devices should also keep an eye on firmware updates issued by the vendors, prioritizing any which mention the PKfail flaw. Binarly has also given end users a helping hand by creating the pk.fail website, where those at risk can scan firmware binaries to identify any PKfail-vulnerable devices.

PC users, therefore, should be aware of the risk that even newly shipped products, with the latest firmware and patches in place, can be compromised straight out of the box. Forgetting the debacle of the Crowdstrike update debacle, promptly installing updates is one of the best ways to maintain your PC’s security.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How AI is Revolutionizing Cyber Threats

anti-malware tools, Artificial Intelligence, cyber attacks, Ophtek, phishing training, , , ,
13
Aug 2024

Threat actors are increasingly turning to artificial intelligence (AI) and generative AI technologies to launch cyberattacks against businesses.

Technology is always advancing, and AI represents the future of where technology is likely to head. AI is also a powerful force for good, with countless benefits on offer for society. But it’s also a technology which can be exploited by threat actors. The development of AI means more sophisticated attacks can be launched with more ease and cause more damage. Therefore, businesses need to be on their guard against these new attack methods.

Why is AI So Dangerous?

Creating malware and sending it out into the digital wild is a complex and time-consuming task for threat actors. AI and generative AI remove this obstacle by allowing threat actors to automate complex tasks and generate realistic content e.g. creating malware code automatically and writing realistic phishing emails without spelling mistakes. This means phishing emails, for example, have the potential to become much more engaging and dangerous.

Another area where AI can be subverted is within the realm of vulnerability detection. No longer do threat actors have to spend their time manually analyzing security systems to discover weaknesses. Instead, they can delegate this duty to AI tools which quickly and accurately scan data to highlight vulnerabilities e.g. checking for outdated operating systems and software. The threat actor will then know which vulnerabilities are available to target.

When it comes to generative AI, the potential for successful social engineering attacks is significantly enhanced. This is down to the emergence of deepfakes, a type of content which appears to be genuine but is 100% fake. Deepfakes can take the form of audio, video, and text content to deceive recipients into acting on any call-to-actions at the heart of the content. So, for example, a threat actor could generate a voice note which purports to be a senior executive requesting a password. Deepfakes are already disturbingly realistic, and their authenticity is only going to increase.

How Can You Stay Safe from AI?

The prospect of AI, in terms of cybersecurity attacks, is concerning, but it’s a threat which can be countered. For one thing, the very reasons why threat actors have adopted AI can also be adopted into your defenses. Anti-malware tools such as McAfee are now using AI technology to combat malicious AI-generated content. Additionally, threat detection systems can use AI to analyze traffic patterns and automatically highlight potential threats to your IT infrastructure e.g. recording new and unknown IP addresses accessing the network.

As phishing emails are one of the main beneficiaries of AI, it makes sense to strengthen your employee training in this area. Not only should this be an integral part of IT inductions for new staff, but solidifying this knowledge with regular refresher training is crucial for protecting your network. The effectiveness of this training can be evaluated by running random phishing email tests, whereby a ‘fake’ phishing email is randomly sent to staff to determine if they can identify the malicious nature of it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4 5 10