Reductor Malware Brings a New Threat to Data Security

Data Security, Internet, malware, Ophtek, Security, , , ,
22
Oct 2019

Each time that malware evolves it becomes more dangerous. And our data becomes less secure. A case in point is the Reductor malware.

We’re used to malware being used to download malicious files and open up remote access to infected PCs, but Reductor is different. It’s new and it does things differently. And it’s this unfamiliarity which makes it all the more dangerous. Focusing its target on web traffic, Reductor brings a new threat to data security. Combating it is crucial, but to do this you need to understand how Reductor works.

It’s not easy to understand how a new piece of malware operates, so let’s drill down into its core and see what we can discover.

The Basics behind Reductor

Reductor, which has only recently been uncovered by Kaspersky, is a sophisticated piece of malware. Its main objective is to compromise encrypted web traffic. But what does this mean? And how does Reductor achieve this? Well, when a website is secure it will use Hypertext Transfer Protocol Secure (HTTPS) to securely transmit data. And this allows sensitive data such as login and credit card details to be encrypted into nonsensical code. Anyone attempting to view this encrypted data will be unable to make use of it.

But Reductor allows hackers to view all of this sensitive data before it’s encrypted. It does this by compromising the Transport Layer Security (TLS) and manipulating the associated security certificates. Reductor also patches the pseudo random number generator (PRNG) to establish how the corresponding data will be encrypted. It’s then possible to decrypt any resulting data with ease. And, despite all this activity taking place, the web traffic does not exhibit any signs of having been altered. Therefore, Reductor is unlikely to arouse the suspicious of any infected users.

Staying Safe from Reductor

Web traffic contains such an immense amount of data that concealing it from prying eyes is crucial. Reductor aims to remove these barriers and exploit as much data as it can. But you can protect yourself by taking note of the following:

  • Run any downloaded files through anti-malware software to limit the risk of executing carefully concealed malware.

Thankfully, following the discovery of Reductor, the majority of anti-malware manufacturers now offer protection against Reductor and the ability to block it.

Final Thoughts

Privacy concerns have become a major issue over the last decade with malware being at the forefront of this rise. And Reductor is only going to fan these flames further. It’s likely that malware will evolve into something even more sophisticated over the next couple of years, so it’s important to take note of any developments in malware. As ever, proceed with caution online and, most importantly, if something looks suspicious do not click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Do Cookies Affect Your Cyber Security?

cookies, Ophtek, Security, Tracking, , ,
15
Oct 2019

We’ve all seen a pop up on a website which asks you to accept cookies. And we tend to click yes. But do we know what we’re agreeing to?

Cookies have been part of the internet since the dawn of the world wide web, but most internet users are unclear on what they are. Yet, concerns have been building about them for several years now. 2011 saw the European Union (EU) passing the Cookie Law which states that websites need to seek consent before exposing you to cookies. Most popular websites attract users from the EU, so even US based websites, in theory, need to seek this consent.

The Cookie Law has heightened concerns around cookies, so it’s time to brush up on exactly what a cookie is and how it can affect your security.

What is a Cookie?

The simplest explanation of a cookie is that it’s a piece of code used to track your online activity. Naturally, this sounds sinister and contributes towards the concern over cookies. But most cookies have harmless motives. Their main objective is to remember useful information about specific users e.g. login details to keep you logged into websites and credit card details to autocomplete online forms. These ‘authentication’ cookies are useful allies for online life. But ‘tracking’ cookies receive considerable cynicism.

A tracking cookie records and broadcasts your web history, a rough location of where you are and the device you’re using. These are all pieces of data which help to identify personal information. And no internet user wants to reveal this to anonymous strangers. But these details can be shared by third-party software such as Google Analytics. This is why we live in age where personalized online ads crop up with an alarming regularity.

Keeping Safe with Cookies

Cookies carry a security risk, but as with most online activities it’s possible to negate and reduce these risks. To protect yourself for the more dangerous aspects of cookies make sure you do the following:

  • Always be careful when sharing personal information. Cookies can transmit this information, so tread carefully. And if you’re using a public computer then do not send any personal information.
  • Disable the storage of cookies in your internet browser. This reduces the amount of information being shared and can be adjusted in your browser’s privacy settings.
  • Always make sure you have anti-malware software installed on your PC as malware can often disguise itself as harmless cookies or infiltrate advertising networks.

Final Thoughts

There have been calls for cookies to be banned, but this is unlikely to happen any time soon. There will always be some form of online tracking in our internet experience, especially while it is being pushed by Google, but you can still remain safe by being vigilant and clever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Panda Malware Continues to Thrive and Make Money

malware, Ophtek, Panda Malware, Security, , , ,
08
Oct 2019

One of the biggest threats to data security over the last few years has been crypto-malware. And, as the Panda malware proves, it can be a persistent danger.

We may think of pandas as gentle, beautiful creatures but that notion only applies when we’re talking about mammals. When it comes to malware, Panda is far from gentle. The malware in question has been active in the digital landscape since 2018 and, since then, has managed to secure close to $100,000 in cryptocurrency ransoms. And it has achieved this by constantly reinventing itself and modifying its structure. Staying one step ahead of the security experts is crucial for malware and Panda has done this with aplomb.

Understanding the motives and mechanics of Panda is important in strengthening your organization’s security, so let’s take a closer look at how it works.

What is Panda?

First identified in 2018, Panda is a form of malware which combines crypto-malware with remote administration tools (RATs) to render any infected PC under complete control of the hacker. Not only is the victim at the risk of having their data encrypted, but there’s the added danger of unauthorized access to their PC at any time. Panda achieves all of this by exploiting web applications, spreading via infected Word documents and unauthorized downloads by compromised websites. Web applications that have been found to be infected include a wide variety of industries such as social media, financial, web services and digital analytics.

How has Panda Managed to Persist?

Most malware has a relatively short lifespan due to design flaws and the talents of security experts, but Panda has persisted for over a year now. It owes this longevity to its coders and the speed at which they evolve Panda. The malware has always been an expert in stealth and this has allowed it to escape the attentions of antivirus software. Most concerning, however, is the number of additions that have been added to Panda’s arsenal since it first appeared. Reports have indicated that Panda now includes highly sophisticated exploit tools originally designed by the NSA. It’s that most dangerous form of malware: one that continues to grow in strength.

Protecting Your Business from Panda

Panda is a dangerous piece of malware, but it’s not one that you need to live in fear of. Instead, make sure you remain vigilant by implementing the following:

  • Regular training for your staff is essential in keeping your defenses as strong as possible. The knowledge that these training sessions provide is invaluable for keeping your staff up to date on current threats.
  • Crypto-malware’s main objective is to encrypt your data and then demand a ransom. Therefore it’s important that you establish a backup routine that ensures your files are kept securely in more than one location.
  • Monitor any unusual network activity. Panda may be highly skilled when it comes to stealth, but its operation is likely to lead to unusual traffic in and out of your network. Identifying this early on may allow you to limit the damage caused.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Just How Safe is Your Data with Kaspersky?

Data Security, Javascript, Kaspersky, Online Security, Ophtek, , ,
01
Oct 2019

Cyber-security providers should be able to guarantee you one thing: security. However, it appears that Kaspersky isn’t as secure as you would imagine.

It’s fair to say that, with revenue hitting $726 million in 2018, Kaspersky is a major player in the cyber-security world. And it’s this success that has cultivated the high levels of trust placed in their products. Many would say that going without Kaspersky products in the 21st century is a foolhardy move. And they certainly are effective at preventing security breaches when it comes to PCs. But stories are now emerging that your data isn’t necessarily safe when it’s in their hands.

We live in an age where it’s important to stay safe online and, accordingly, many people reading this will be using Kaspersky products. It’s crucial to be aware of any potential data risks, so we’re going to examine this story a little closer.

What’s happening with Kaspersky?

Malicious websites can be a nightmare when it comes to protecting your data. Kaspersky understands this threat and has designed software which can identify whether a website is malicious or not. It achieves this by injecting your internet browser with a Javascript code that evaluates the safety of every website you visit. If the evaluation flags a website as unsafe then Kaspersky will prevent you from visiting it. This is all well and good, but the Javascript code employed has a major flaw.

The code injected into your browser is unique. And it can be read by any website. This means that your online activity can be tracked. For example, if your unique code shows up on ophtek.com and avg.com then online marketers would be able to identify a specific interest of yours: internet security. It’s known as cross site tracking and is a method used to tailor online advertisements that are likely to appeal to those viewing them. While this is nothing new, especially when you consider how cookies are used online, it’s unheard of to hear of a cyber-security provider facilitating this.

Avoiding the Security Risks of Kaspersky

Kaspersky has been keen to reduce the concerns of worried consumers and has advised that any data breaches are highly unlikely. Naturally, this is very easy for a multi-million pound corporation to say and has all the hallmarks of a damage limitation exercises.

What has been more useful is the patch released which removes the unique ID associated with the Javascript code. The cross-site tracking issue should, therefore, be remedied with this patch. However, this updated version will still identify users as using Kaspersky – a valuable piece of information that can easily provide a hacker with an insight into your defenses. The only way to truly protect yourself while working with Kaspersky is to go into the settings and untick the ‘Inject script into web traffic to interact with web pages’

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

New Domen Malware is Highly Advanced and Dangerous

Domen, malware, Ophtek, pop ups, Security, Security Threats, , , ,
24
Sep 2019

There’s only one thing worse than malware: clever malware. If it’s clever then it will to be difficult to detect and remove. And Domen is exactly that.

You probably haven’t heard of Domen before, but that’s because it’s a brand new toolkit. And it’s a toolkit which is fiendishly clever. What a hacker classes as ‘good’ malware is one that is deceptive and skilled in the art of subterfuge. If it can adapt to different scenarios and conditions that it’s even better. And, again, Domen ticks these boxes.

It certainly doesn’t sound appealing, does it? And I’ll bet my bottom dollar that you don’t want your organization to fall victim to it. Well, to help you avoid the perils of Domen, let’s hold it up to the light and see what we can make of it.

What is Domen?

Social engineering is a key part of the modern hacker’s arsenal, so it’s no surprise to see Domen clutching it so closely to its digital chest. A toolkit, of course, is much more than one single application. As the name suggests, it’s packed full of different applications that can work individually or side by side to maximize its impact. Domen is most likely to be found housed within the code of a compromised website – sites based upon WordPress are particularly affected – where it lurks discreetly and quietly.

However, Domen will not lurk discreetly for long. Nonetheless, when it does make an appearance it takes a keen eye to spot that anything is amiss. The infected website will generate a pop-up window that contains a link to a malicious download. This download will initiate a PowerShell attack that leaves your PC at the mercy of hackers who will gain full control of it. Dangerous pop-up windows are nothing new, but Domen differs in that it’s adaptive to the PC it’s attacking.

Domen has been designed so that it identifies the operating system, the user’s location and their browser. It’s at this point that the social engineering aspect comes into play. Domen uses this unique data to tailor a specific pop-up window that urges the user to download a necessary update. So, for example, if you’re using a Chrome browser then a pop-up will appear for a Chrome update.  And, if you’re based in France, for example, the content will be written in French.

Protecting Your Organization from Domen

It’s important that you practice vigilance when working with PCs as malware is so prevalent in the digital age. Evidence of malware such as Domen being present can include:

  • Your default browser homepage changing to something new without your authorization
  • New software installed and loading at startup
  • Evidence of remote access to your PC taking place

Thankfully, the PowerShell attack – initiated by the download of a .hta file – can be thwarted by protecting yourself with any good cyber-security suite. The tools contained with these suites should be able to identify the malicious .hta file and prevent it from executing on your PC. However, this can all be prevented by being vigilant and ignoring any suspicious pop-ups.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 43 44 45 46 47 116