Twitter Learns a Lesson in Spear Phishing

Ophtek, Security, Security Threats, spear phishing, Twitter, , ,
11
Aug 2020

Even the biggest tech companies are at risk of having their networks breached. Twitter, with 330 million users, is huge, but far from immune from hackers.

A recent spear phishing attack on Twitter managed to generate headlines around the world and seriously disrupt the platform’s service. The attack, which was carried out by three young men aged between 17 – 22, was remarkable in its scope and its execution. It was an unexpected breach of Twitter’s defenses and one which defied their technological prowess. But there was more to this attack than just disruption. There was also a financial sting in the tail.

You may not run a social media company, but it’s likely that your organization has a presence in this sphere. Therefore, it’s important to understand what happened.

Twitter is Breached

On the 15th July, a number of high-profile and verified Twitter accounts were taken over by hackers. The hackers used this control to not only access the accounts’ private message systems, but also download their data. Most dramatically, however, the accounts were used to post links to a Bitcoin scam. This scam claimed that if users sent Bitcoins to a specific account they would double their money. But this was far from true. Instead, the hackers made off with more than $100,000 in Bitcoin.

How did this Attack Take Place?

The Twitter breach was a textbook case of spear phishing, a strategy which involves targeting individuals and encouraging them to reveal confidential data. Graham Clark, one of the accused hackers, conducted a social engineering campaign to pass himself off as a member of Twitter’s IT team. A genuine Twitter employee fell for this deceptive ploy and handed over a set of credentials for Twitter’s customer service portal. These credentials allowed Clark and his fellow hackers to gain instant access to accounts such as Joe Biden, Elon Musk and Apple.

Lessons to be Learned

Twitter, upon discovering this attack, took immediate action by suspending all verified accounts. However, the damage had already been done and Twitter was left extremely embarrassed. Social engineering is, of course, a powerful hacking technique. And, if it’s pursued and executed numerous times, it will eventually pay off. But this doesn’t mean you are defenseless. You can easily protect your systems by reinforcing the following points:

  • Use Multi-Factor Authentication: Requesting a set of credentials to gain access to a system is a powerful defense. But requesting multiple sets of credentials is even better. And that’s why multi-factor authentication is so important. Rather than relying on just a username/password combination, it can also request a unique pin number generated to a registered phone number.
  • Understand the Spear Phishing Signs: It’s important to educate your staff on the signs of spear phishing.  Suspicious phone calls and emails requesting confidential information, for example, should immediately be challenged. It only takes a minute or two to contact a user on their direct phone or email to verify the request, so don’t fall victim to rushed demands.
  • Always Patch Your Systems: Operating systems are regularly issuing updates to address new and emerging phishing techniques. Therefore, a network which has all its software fully updated should be secure. However, many firms are guilty of leaving patches to the last minute due to time concerns. And it’s this complacency which allows hackers to get a foothold in your systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Protect Yourself against Social Engineering

Hacking, Ophtek, Phishing, Phishing Email, Security Threats, social engineering, , , ,
04
Aug 2020

 

Hackers thrive upon deception and the result of this endeavor is social engineering. It’s a powerful tactic and one you need to protect yourself from.

Social engineering has been used to deploy attacks such as the Coronavirus malware and the recent attack on high profile Twitter accounts. The method is intriguing due to its sophistication and its human element. Rather than relying on complex coding techniques to outwit computer systems, social engineering takes advantage of human naivety. More importantly, however, is the sheer destruction that it can cause.

The world is a perilous place at the best times, but now more than ever we need to make sure we protect ourselves and our businesses. One of the best ways to get started is by reinforcing the barricades against social engineering.

What is Social Engineering?

Manipulation is, in a word, exactly what social engineering is. But you’re going to need a little more information than that, so let’s take a closer look.
Social engineering is a process in which one party seeks to deceive individuals into revealing sensitive information. When it comes to the world of IT this sensitive data tends to relate to login credentials, but can also involve transferring sensitive documents such as employee records. These attacks are commonly executed through the use of phishing emails, but this is not the only technique. It’s possible for hackers to carry out social engineering attacks over the telephone and even face to face.

The Best Ways to Protect Yourself

Protecting yourself against social engineering takes a concerted effort. You can’t rely on software alone to protect you. Luckily, you can strengthen your personal defenses by practicing the following:

Take Your Time: Social engineering relies on a lack of caution on the victim’s part. Therefore, it’s crucial that you always take your time when it comes to any form of communication. A social engineer will do their best to force you into making a quick decision e.g. clicking a link or disclosing your password. To counter this, evaluate all requests and press for answers if you feel even slightly suspicious.

Use Email Filters: There have been great advances made in email filters over the course of the last 20 years. Where these junk filters once had relatively little use they are now highly intelligent. Enabling your email filters will enhance your security and prevent the majority of phishing emails making their way into your inbox. This reduces your risk and stops you from engaging with a social engineer.

Too Good to Be True: As with all areas of life, if something sounds too good to be true then it makes sense to be suspicious. After all, it’s unlikely that a representative for an African prince wants to deposit millions of dollars into your bank account. And, if they did, why would they require your social security number? And your workplace login credentials? As a rule of thumb, if it sounds like a scam then it probably is and should be deleted.

Is the Source Genuine: If an email says that it’s from your bank then this doesn’t mean it’s from your bank. Likewise, a phone call from your HR team isn’t necessarily genuine. Hackers specialize in trickery and deception, so they won’t shy away from such blatant and direct approaches. Always check every request for details such genuine URL details (by hovering over a link) and only transmitting sensitive data to internal email addresses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Carry Out a Successful IT Reorganization

IT, Office IT, Ophtek, Reorganization, , ,
28
Jul 2020

The business landscape is liable to change at any moment and this can mean big changes for organizations. And this is especially true when it comes to IT.

IT systems and infrastructures are far from perfect. But, on the whole, they should help your organization to tackle all the requirements of the digital age. However, changes both internally and externally can have a major impact on your IT efficiency. And when this leaves your IT infrastructure struggling it’s time for an IT reorganization.

Naturally, IT infrastructures are complex setups and any form of reorganization needs to be approached with care and caution. To help take the pain out of this process we’re going to give you a helping hand in getting started.

The Lowdown on IT Reorganization

IT systems are crucial to the running of any modern business, so you need to ensure yours is ready for the challenge. If you have found that your IT infrastructure isn’t effective as it once was then it’s time to act. And the best strategy should take in the following steps:

  • Identify the Problems: Key to solving your IT problems is identifying them. You need to know where your infrastructure is failing if you want to fix it. Some of these problems may be obvious such as storage issues, but other problems may be buried beneath a mountain of complexities. Therefore, it’s important that significant time is set aside to investigate the inherent faults that are having a negative impact on your IT. 
  • Understanding Bad Decisions: IT systems should be allowed to evolve in order to keep pace with technology, but too much change can be disastrous. Adding additional layers of complexity is not always necessary. However, in business there’s a tendency for organizations to feel that constant change is the only way to remain fresh. This is particularly true when leadership changes happen. Evaluating any recent changes to your IT infrastructure is vital in to determine whether they have had a positive/negative impact. 
  • Plan Your Strategy: Reorganizing an IT infrastructure is a monumental task and is littered with complexity. Rushing into such as reorganization is far from recommended. Instead you need to tread carefully and plan extensively. The labor and costs involved in reorganizing IT will be high and these are valuable commodities you do not want to waste. Also bear in mind that these are long-term projects which require multiple inputs. Accordingly, you will not be able to expect immediate results, but the long term should bring gradual changes.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Trickbot Malware Shows that Hackers are Getting Cleverer

Hackers, malware, Ophtek, Spam, , , ,
21
Jul 2020

Malware is a thorn which we find in our sides on a regular basis. But what happens when this thorn becomes even harder to tackle? The answer is Trickbot.

First released in 2016, Trickbot has made its name by using a variety of attack methods. The malware has been shown to steal Bitcoin, target banks and harvest login credentials. Naturally, this makes it a very dangerous piece of malware. But as with a virus that attacks humans, this malware is constantly changing its DNA. New features have regularly been added to Trickbot which not only makes it harder to detect, but also makes it more dangerous.

Trickbot has the potential to cause significant damage to your IT setup, so it’s important to know what you’re up against.

The Lowdown on Trickbot

The most common infection method used by Trickbot is through the use of malicious spam campaigns. Emails that pretend to be from financial institutions are used to distribute infected attachments and URLs that the victims are urged to action. And, once the payload has been activated, it’s unlikely that the victim will be aware. Trickbot will communicate with a remote command and control centre almost silently and, at the same time, infect other PCs on the same network.

Trickbot’s Latest Trick

As we mentioned earlier, the hackers behind Trickbot thrive upon their ability to evolve the malware. And their latest upgrade to Trickbot is both innovative and deceptive. This is most keenly demonstrated by its ‘anti-virtual machine’ strategy. One of the safest ways for security professionals to analyze malware is within a virtual machine environment. Therefore, in order to hide its operations, Trickbot will stop working when it detects a virtual machine.

And, believe it or not, one of the simplest ways to do this is to analyze the PCs current screen resolution. Any screen resolution that is set to 1024×768 and below will cause Trickbot to terminate its operations. This means that security researchers using a virtual machine to will draw a blank. This is a very clever technique and is one that allows Trickbot to reactivate once the PC is restarted into a higher resolution.

How Do You Stop Trickbot?

Anti-malware software such as Malwarebytes is capable of detecting and removing most strains of Trickbot, but there will always be a slight delay when it comes to new strains. And, of course, you should never rely on removing infections as the best strategy for defense. Instead you should make every effort to prevent infection in the first place. This can be achieved in the following ways:

  • Evaluate All Incoming Emails: It’s essential that your staff is aware of the dangers of phishing emails. Thankfully, the tell-tale signs are easy to detect and, with this knowledge to hand, it should become much harder to fall victim to Trickbot. 
  • Avoid Malicious Websites: Given their deceptive nature, it’s easier said than done to avoid malicious websites. However, it’s crucial that you have the ability to identify malicious websites. This will severely limit the chances of downloading malware such as Trickbot. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Taking Care of your External Hard Drive

Backup, Backup Strategies, Data Storage, External Hard Drive, Ophtek, , ,
14
Jul 2020

We process and evaluate a huge amount of data every day, so external hard drives are vital for our storage needs. But how do we get the best out of them?

Capable of holding up to 12TB (that’s 12,000GB) and easily connected via USB, external hard drives are an affordable solution to data storage. However, when a device is holding so much data it’s important that you know how to use it properly. An external hard drive which is used correctly and maintained will keep your data safe for years. But one which is mismanaged can soon lead to a data disaster. And no business needs that.

Luckily, we’ve put together a few pointers on the best ways to use an external hard drive.

Getting the Best Out of Your External Hard Drive

Making sure that your device remains operational and productive is simple as long as you follow these best practices:

  • Don’t Move Your Drive When Transferring Data: Beneath their solid exterior, external hard drives are delicate pieces of kit. This is particularly true for Hard Disk Drives which contain spinning and moving parts. Therefore, moving or jostling your external drive when it is transferring data has the potential to not only damage the device, but also create data errors. Make sure that your device is properly connected, on a flat surface and not in the way of your general PC activities e.g. using the mouse and keyboard. 
  • Format Your Drive as NTFS: There are many reasons for formatting your external hard drive, but it’s important that you format your drive as NTFS. Using this method, as opposed to FAT32, is perfect when your device is mostly used with Windows PCs. NTFS formatting provides faster results and has the added bonus of making your drive less susceptible to disk failure. 
  • Run CHKDSK: Better known as Check Disk, CHKDSK is a handy system tool which should regularly be used to check the status of your external drive. It has the capacity to identity any file system errors and repair them. This gives you the dual benefits of a stable folder structure on your device and less chance of it crashing. 
  • Better to Repair than Replace: It can be frustrating when an external hard drive fails, but it’s often simpler to replace a troublesome device rather than repairing it. The labor, and associated costs, to repair an external hard drive will usually be more expensive than a replacement. And, as our next point will show, this shouldn’t compromise your data too much. 

If you can follow the advice above then you should be guaranteed a hassle-free experience with your external drive. And you can rest assured that your data will be safe and available at all times.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 42 43 44 45 46 123