anti malware Archives

A vulnerability has been discovered within AMD processors which has the potential to expose affected PCs to incredibly stealthy strains of malware.

AMD processors are used to power computers, and this is achieved by executing instructions within software applications. Therefore, everything you do on a PC is powered by a processor e.g. running Windows, processing data, and calculations. Some processors are more powerful than others, and the type chosen depends on the user’s need e.g. a diehard gamer will need a high-performance processor to get the best gaming experience, while someone working in a small office will need something less powerful to complete word processing tasks.

As AMD is a highly popular manufacturer of PC processors, we’re going to take a close look at this vulnerability and discuss the impact it could have on your PC users.

Understanding the AMD Chip Vulnerability

The vulnerability in AMD’s chips was discovered by the security firm IOActive, who has named the vulnerability Sinkclose. The flaw was first found in October 2023, but it appears Sinkclose has been present in AMD processors for close to two decades, a remarkable amount of time for a vulnerability to go unnoticed.

Sinkclose affects a specific operating mode within the processors named System Management Mode. This function is used to control systemwide processes including power management and system hardware control. Key to the Sinkclose vulnerability is the fact that System Management Mode also offers high privilege access. And it’s this access which, potentially, could allow a threat actor to run malicious code undetected.

Gaining access deep enough within a PC to even tackle the System Management Mode is difficult for even the most skilled hackers, but it’s not impossible. After infecting a machine with a bootkit – a form of malware w hich executes very early in the boot process – a threat actor could make their way deep within the system. And if a threat actor does manage to install malware through the Sinkclose vulnerability, the location of the infection means it would survive multiple reinstallations of Windows.

Are You Safe from Sinkclose?

With the Sinkclose vulnerability potentially active since 2006, and IOActive warning that all AMD chips dating back to this period could be affected, the potential damage is huge. AMD has been quick to respond and, since Sinkclose was first identified last year, has been working on an update ever since. Patches for AMD Ryzen and Epyc chips have recently been issued, but clearing up this debacle looks to be a long-term project for AMD.

While the threat is currently difficult to exploit, if threat actors discover an effective method to abuse it, countless PCs could be at increased risk of being compromised. Therefore, it’s crucial you follow these best practices to maintain the security of your PCs:

Antivirus and Anti-malware Tools: always implement reputable antivirus and anti-malware software across your network. These security solutions, which are regularly updated against the latest threats, offer continuous scanning, real-time protection and the option to quarantine suspicious files before removing them safely.
Install All Updates Promptly: one of the most important security steps you can take is to ensure you regularly update all your software, including operating systems and applications. This is the best way to make sure they’re patched against any existing or new vulnerabilities. Automated patch management tools can simplify this process, and Windows provides options for automatic updates of Microsoft apps.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Latin America Banks Targeted by BBTok Malware Variant

anti malware, antivirus software, banking malware, banking trojan, BBTok Malware, firewall, Ophtek, Phishing Emailanti-malware, antivirus, banking malware, BBTok, firewall, malware, Ophtek, phishingOphtek, LLC

Nov 2023

Back in 2020, a new banking trojan by the name of BBTok emerged into the digital landscape and was responsible for numerous attacks. And now it’s back.

Banks in Brazil and Mexico appear to be the main targets of BBTok’s new campaign, and it’s a variant which is far more powerful than any of its previous incarnations. Its main deceptive threat is that it is able to spoof the interfaces of 40 different banks in Brazil and Mexico. This means that it’s perfectly placed to harvest sensitive data. In particular, this new strain of BBTok is deceiving victims into disclosing their credit card details and authentication codes. This gives the campaign a financial angle and highlights the serious threat it poses.

How Does BBTok Launch Its Attacks?

BBTok’s latest strategy begins with a phishing email, one that contains a malicious link which kickstarts the attack by launching the malware alongside a dummy document. BBTok is particularly successful as it has been coded to deal with multiple versions of Windows, and it also tailors the content of the attack to both the victim’s country and operating system. BBTok also allows the threat actors behind it to execute remote commands and steal data without the victim being aware.

Most notably, however, is the way in which BBTok replicates the interface of numerous banking websites – such as Citibank and HSBC – to truly deceive the victim. Appearing to be genuine at first glance, these interfaces are used to trick victims into entering security codes and passwords associated with their accounts. This gives the threat actors full access to their financial data and, more disturbingly, full control over their finances. This means that unauthorized payments and bank transfers can quickly land the victim in severe financial trouble.

How to Stay Safe from Banking Malware

In an increasingly digital world, where we all make numerous financial transactions online every week, it’s important to remain guarded against banking malware. As well as the financial damage that malware such as BBTok can cause, it can also create a foothold for threat actors to delve deep into your networks. And this represents a major threat to the security of both your data and your customer’s data. Accordingly, you need to stay safe, and here are some crucial tips to help you:

Beware of phishing emails: your employees should always be cautious when opening emails or clicking on links from unknown sources. As with BBTok, many banking trojans spread through phishing emails which trick you in to visiting fake banking websites. This provides threat actors with the perfect opportunity to harvest your credentials. Therefore, make sure that your employees know how to quickly identify a phishing email and what to do with them.
Install a firewall: putting a firewall in front of your network is a vital step in strengthening your digital defenses. Firewalls act as keen-eyed gatekeepers who scrutinize incoming and outgoing traffic, this allows them to determine whether traffic is trusted and whether any alarms need to be raised. Banking trojans, of course, often transmit stolen data out of your network, so a firewall is the perfect way to identify and prevent this activity.
Strong endpoint security: to protect your network against malware, it’s essential that you employ robust cybersecurity measures throughout your business. In particular, employee workstations and mobile devices are most at risk, so installing advanced antivirus and anti-malware software here should be a priority.

For more ways to secure and optimize your business technology, contact your local IT professionals.

British Snacks in Short Supply Due to Ransomware Attack

anti malware, Backup Strategies, Employee Training, Ophtek, PC Security, PC Training, Ransomwareanti-malware, backup, Ophtek, PC Security, rensomware, TrainingOphtek, LLC

Feb 2022

British shoppers have been warned to expect some of their favorite snacks to be in short supply following a ransomware attack on a major manufacturer.

KP Snacks has been producing snacks in Britain since the 1850s, but this production has recently run into a major obstacle: ransomware. Cyber criminals have successfully launched a ransomware attack on KP Snacks, and its effects are running deep. Due to the impact of the ransomware on their IT infrastructures, KP Snacks has had to advise stores that delays in production are expected. As a result, British shoppers are likely to be facing empty shelves when they head out to pick up their favorite snacks.

Snack food may not be crucial to society, but the impacts of this hack demonstrate why organizations need to remain vigilant.

The Story Behind the Snack Attack

Following an unexplained outage of their IT systems, KP Snacks investigated and discovered that they had fallen victim to a strain of ransomware. The exact details of the ransomware in question has not, as of yet, been disclosed. However, rumors are circulating that the attack was launched by the WizardSpider group, a gang of hackers who attacked the Irish health service in 2021. It’s alleged, according to leaked sources, that KP Snacks was given five days to pay a ransom fee, but clarification on this is lacking.

The response of KP Snacks has been to launch a defensive strike against the attack. Being a major organization, the snack makers had a cybersecurity response plan which was quickly put into action. Third-party security experts have also been drafted in to complete a forensic analysis of the firm’s IT infrastructure. Nonetheless, the disruption to productivity has hit KP Snacks hard. As well as their IT systems being compromised, their communications systems have been hit equally hard. In modern business, these two elements are essential for operating and, as a result, supply shortages are expected.

Protecting Yourself Against Ransomware

While a shortage of snacks may sound like a mild inconvenience, this is only the tip of the iceberg. Not only is there a financial risk for KP Snacks, but the company’s employees can also expect financial ramifications e.g. delayed payments due to compromised IT systems and even the threat of redundancy. Naturally, this is a situation that no organization wants to find itself in, so make sure you always follow this advice:

Always Backup: the main impact of ransomware is that it encrypts files before demanding a ransom fee to decrypt them. However, you can minimize the impact of this effect by ensuring you have a strong backup strategy in place. This will provide you with access to your data and provide you with business continuity.

User Training: ransomware can be activated in a number of different ways such as infected emails, malicious links and running outdated software. Thankfully, shutting these attack routes down is relatively easy with the correct training. Therefore, regular staff training is vital when it comes to securing your IT defenses.

Install Anti-Malware Tools: it’s almost impossible to detect every single threat in the digital wild, but anti-malware tools will protect you from most of them. Installing anti-malware tools is simple and instantly provides an enhanced level of protection against ransomware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows Update Being Used to Deliver Malware

anti malware, Lazarus, Ophtek, Security, spear phishing, UpdatesAnti Malware, Lazarus, Ophtek, security, spear phishing, updatesOphtek, LLC

Feb 2022

Updates are crucial for protecting your PC, so Windows Update is a useful ally in this objective. But what happens when it starts downloading malware?

News has emerged that hackers have exploited the Windows Update system to execute malicious code on users’ PCs. It’s an attack which is typical of hackers as it’s innovative, deceptive and dangerous. Currently, the perpetrators of the attack appear to be Lazarus, a hacking group who are backed by North Korea. Dozens of cyberattacks have been attributed to Lazarus – such as the ThreatNeedle hack – over the last decade, so it should come as no surprise that this latest attack is a serious threat.

At Ophtek, we’ve always advised you that updates are the best way to protect your PC. And this remains the case. However, this exploit of the Windows Update service provides a cautionary tale, so we’re going to take a closer look at it.

Why is Windows Update Downloading Malware?

Lazarus have chosen the Windows Update client as a facilitator in its attack as it’s a highly trusted piece of software. After all, the main consensus of updates is that they protect your PC, so why suspect Windows Update of anything else? However, it’s this type of assumption which leads to threats developing.

This latest attack employs a spear-phishing technique which uses infected Microsoft Word documents, these false email attachments claim to be offering job opportunities at the aerospace firm Lockheed Johnson. However, far from containing opportunities for the recipients, these infected documents only contain opportunities for Lazarus. Once the Word documents are opened, users are prompted to activate macros. And this allows Lazarus to automatically install a fake Windows Update link in the PCs startup folder as well as downloading a malicious .dll file.

This Windows Update link is then used to load the malicious .dll through the Windows Update client. The hackers use this approach as it’s innovative and won’t get picked up by anti-malware tools. Lazarus are then free to download as much malware as they like onto the infected PC.

How to Protect Your PCs Against this Threat

You may think that the simplest way to protect yourself is by turning off Windows Update, but we do not recommend this. The best approach involves ensuring that Windows Update can’t be exploited by Lazarus’ attack methods. And this requires you to understand the techniques involved in spear-phishing, so make sure you practice the following:

Awareness: the most important step you can take in tackling spear-phishing is by introducing awareness to your employees. Make sure that regular training is provided to educate your staff on what spear-phishing is and the ways in which it can manifest itself on a PC.

Always Check Links: spear-phishing often uses false, infected links to activate its payload, so it makes sense to always double check links before clicking. The simplest way to do this is by hovering your mouse cursor over the link in question. This will bring up a pop-up which demonstrates the true location of the link. Remember, if in doubt, always double check a link with an IT professional if you are not 100% sure it’s safe.

Use Anti-Malware Tools: a good way to keep your inbox safe from spear-phishing campaigns is by installing anti-malware tools. This software is regularly updated with details of existing and emerging threats, so it can automatically scan all incoming emails to determine if they are trustworthy.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Chrome Users Targeted by Malicious Websites

anti malware, Google Chrome, malicious websites, Ophtek, SecurityAnti- malware, Google Chrome, malicious websites, Ophtek, securityOphtek, LLC

Nov 2021

Google’s Chrome browser is one of the most popular choices for accessing the internet, but this popularity makes it an enticing target for hackers.

A substantial number of business activities are conducted online in the 21^st century. Accordingly, most organizations find themselves accessing the internet with a browser almost every minute of the day. But each time we venture online we open ourselves up to numerous security threats. Malicious websites, of course, are a well-known security risk. At the heart of these threats is a determined effort to conceal their malicious payload. And that’s why a malicious website can be difficult to spot.

Chrome has an estimated userbase of 2.65 billion users and, as such, presents the perfect opportunity for hackers to cast their net far and wide.

How Chrome is Targeted

This latest malware attack specifically targets Chrome users who are running the browser on the Windows 10 operating system. Upon visiting an infected website, Chrome’s legitimate ‘advertising service’ delivers an advert which claims that Chrome requires updating. However, the advert contains a malicious link. Clicking this link will take you to a website entitled ‘chromesupdate’ which is designed to look like an official Google site. Unfortunately, it’s far from genuine.

The only thing that you will be able to download from this malicious website is malware. The payload in question is typical of modern malware, its main objective is to harvest sensitive data and steal cryptocurrency. Therefore, any login credentials you enter, while your PC is infected, can be logged and then transmitted to a remote server. Worst of all, the malware also grants remote access to your workstation. This opens you up to further malware downloads and, potentially, harnessing your machine into a DDoS attack.

How to Protect Your Browsing

Chrome is targeted by this latest campaign due to the manipulation of a Windows environment variable which allows Chrome’s advertising service to be exploited. The simplest way to avoid this attack is by using a different browser. But there’s a much bigger picture at play here. A better approach is to use the browser you are most comfortable with but remain vigilant. To do this, make sure you follow these best practices:

Disable Download Privileges: It’s very easy for a busy employee to lose focus for a second and click on a malicious download. But, in the case of this specific threat, an application update should be something that an IT professional handles. To minimize the risk of malicious downloads taking place, disable download privileges for your employees.

Use Anti-Malware Software: Malicious websites can be detected prior to accessing them thanks to the power of anti-malware software. Backed by huge databases, which are regularly updated, anti-malware software can instantly alert users when they try to access websites known to be malicious.

Don’t Be Rushed: The main strategy employed by malicious websites will be to instill a sense of urgency into their call-to-actions. For example, the threat of an imminent infection if a Chrome update is not installed is designed to create urgency. And it’s this urgency which can catch you off guard. So, if you feel that a website is rushing you into making a decision, always make sure you speak to an IT professional before going any further.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 3 Next »

Category Archives: anti malware