attachments Archives

The 5 Biggest IT Security Mistakes

attachments, Backup, Data Security, Hackers, Ophtek, Password Securityattachements, backup, Data Security, hackers, Ophtek, password securityOphtek, LLC

Aug 2022

Almost all cyber-attacks are due a common denominator: a mistake. We aren’t perfect, of course, but we can limit number of IT security mistakes we make.

Working on a PC is far from straightforward and, as a result, the sheer number of complex routines you must work through leaves plenty of room for mistakes. At the same time, all a hacker needs to take control of your system is a few milliseconds. Accordingly, even the smallest security mistake can leave your PC at the mercy of a hacker. However, by understanding what the most common, and usually simplest, IT security mistakes are, you can strengthen your IT defenses almost immediately.

Start Eliminating These Mistakes Today

If you want to make sure your IT infrastructure is safe from hackers, then you need to avoid these five IT security mistakes:

Not locking your screen: you may trust your work colleagues, but the fact remains that numerous people will enter your organization’s premises throughout the day. Some may be familiar, some may not. And that’s why it’s crucial you lock your screen. All you have to do is hit the Windows button and the L key; your screen will be locked with a password and the contents of your PC immediately protected.

Underestimating your value as a target: threat actors are malicious and, although they are certainly interested in big targets, they’re equally likely to target smaller organizations too. Additionally, many cyber-attacks are automated and don’t discriminate against who they attack. Therefore, never assume that your small business is of no concern to hackers. Remain vigilant and practice good IT security.

Passwords on Post-it notes: we all know that remembering passwords is difficult, but the biggest mistake you can make is by writing your password on a Post-it note. And then sticking it to your monitor. Sure, it’s convenient for you, but it’s also highly convenient for anyone looking to compromise your PC. Instead, create passwords you can easily remember, but are difficult for anyone else to crack.

Not backing up effectively: when it comes to IT, the range of backup options available in 2022 is plentiful. From on-site storage, to external cloud storage and even onto good old fashioned optical drives, there are numerous options. And it’s important that you use more than one backup option to protect your data, this will ensure it’s available when you need it. Remember: failing to maintain an effective backup process will seriously hurt your recovery time in the event of a cyber-attack.

Assuming email attachments are safe: ever since email became a mainstay of modern communications, it has carried a huge risk of delivering malware through email attachments. Most concerning of all, these infected attachments may be sent by email contacts you consider safe, it could even be your colleague sitting next to you. Threat actors can easily take control of a victim’s email address book and email malware under the guise of the victim’s email address. And that’s why you should evaluate every email you receive.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Email Threads Are Being Hijacked to Spread Malware

attachments, email links, fake emails, Hijacks, multi factor authentication, Ophtek, Updatesattachments, email links, fake emails, Hijacks, multi-factor authentification, Ophtek, updatesOphtek, LLC

Apr 2022

A new method for spreading malware online has been discovered, and it involves taking advantage of email threads to deploy malware loaders.

Email threads can quickly build, especially if there are more than two participants. As such, it can be difficult to keep up with who is saying what and, crucially, who is attaching files to the thread. Accordingly, this creates the perfect scenario for threat actors to get involved and turn the situation to their advantage. And, as a result of a vulnerability in Microsoft Exchange servers, this is exactly what has been happening.

If you work in any modern organization, the chances are that you use email on, at least, an hourly basis to keep up to date with the rest of the world. Therefore, this new threat is one that you need to understand.

How Email Threads are Being Hijacked

This latest campaign is particularly deceptive and relies on the presence of unpatched Microsoft Exchange servers. This email service is commonly used by businesses to synchronize email between an Exchanger server and an email client e.g. Outlook. The vulnerability offered up by these unpatched servers allows hackers to harvest login credentials; the threat actors are then presented with the opportunity to illegally access specific email accounts. Once they are logged in, the hackers can view all the email threads that the account is involved with.

By viewing the various email threads, the hacker can then decide which is best to launch their attack through. All they have to do is choose an email thread and start replying to it. More crucially, they will also attach some infected attachments. These are packaged within a ZIP archive and comprise an ISO file which contains both a DLL file and an LNK file. Once the LNK file is activated, it will run the DLL file and activate the IcedID malware loader. IcedID is a well-known banking trojan which can steal financial information, login credentials and start the installation of further malware.

Protecting Your Emails

First and foremost, it’s vital that you install new updates as soon as they are available. This will instantly minimize the chances of vulnerabilities being exploited on your network. Fail to implement these upgrades, however, and you could fall victim to attacks such as the one we have been discussing. In addition to this, it also pays to take notice of the following:

Verify Any Email Attachments: if, in the middle of an email thread, a suspicious file attachment suddenly appears, verify it with the person it appears to have been sent by. However, do not do this over email; if the email account has been compromised then the hacker will simply confirm it is genuine. Instead, speak in-person or over the phone to the sender to get confirmation.

Use Multi-Factor Authentication: one of the simplest ways to reduce the impact of stolen login credentials is by strengthening the login procedure with multi-factor authentication. This approach will provide an extra layer of security and ensure that any threat actors will struggle to navigate their way through it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

3 Million Windows PCs at Risk of Login Credential Theft

attachments, email links, malware, Ophtek, Updates, Windows PCattachments, links, Login, malware, Ophtek, updates, Windows PCOphtek, LLC

Jul 2021

Login credentials are a sure-fire way to protect your IT systems. But hackers are now using a new piece of malware to steal them from your organization.

User ID / Password combinations have been a cornerstone of IT security since the earliest days of computers. Traditionally, it was almost impossible to guess both of these values. The only option a hacker had was to literally look over the shoulder of the user as they entered the details. But a lot has changed in the way we use computers since then. And the possibilities created by the internet mean that hackers can now steal login credentials from anywhere in the world. All they need is some malware and a potential victim.

A new piece of malware has recently been discovered which has been used in a large scale attack, so it’s important we take a closer look.

What is this Latest Attack?

This latest malware – discovered by Nord Security and currently unnamed – to hit the digital headlines is classified as a Trojan. As the name suggests, a Trojan is a piece of malware which disguises itself as genuine software, but contains malicious code. Little is known about the origins of this latest malware or its exact mechanisms, but its strength is beyond question. This has been demonstrated by the malware carrying out the following:

Infecting three million Windows PCs
Stealing 1.2TB of data which includes email addresses, cookies and over six million individual files
Using infected PCs in-built webcams to take photos of the victims

How Do You Avoid Falling Victim to Malware?

Malware is a complex threat to tackle due to the ease with which it can be constructed by hackers. This allows the hacker to give their malware an individual blueprint with unique features that are difficult to detect. Even the best defenses in the world can easily fall victim to malware. Nonetheless, you are far from helpless when it comes to combatting the threat of malware. To help strengthen your defenses, make the following part of your security structure:

Always Verify Links: Almost every website and email will contain at least one link. But these links can easily be disguised to contain something nasty. A link may, for example, claim to take you to a Microsoft security fix, but the true destination within the link may be for a malicious website. Therefore, always make sure you hover your cursor over links to reveal their true destination.

Double Check Email Attachments: Highly powerful malware can easily be packed into a small file and delivered as an email attachment. Accordingly, you need to be suspicious of all files entering your organization. Even if an email is received from a reputable source you need to remain vigilant. Genuine email addresses can easily be hacked and used to spread malware. If something doesn’t feel right about an email then check with an IT professional.

Install all Updates: All software and hardware is prone to vulnerabilities due to the amount of code involved in their operation. And these vulnerabilities provide hackers with quick and easy access to your IT systems. Thankfully, manufacturers regularly issue security patches to plug these holes. Make sure that these are always installed quickly to minimize any risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

PowerPepper Malware is the Master of Evasion

attachments, malware, Ophtek, PowerPepper, shell terminalsmalware, Ophtek, PowerPeppet, security, vulnerabilityOphtek, LLC

Dec 2020

There’s only one thing worse than malware and that’s malware which is difficult to detect. And PowerPepper is incredibly difficult to detect.

Discretion is one of the most crucial aspects of any form of hacking. A well-executed hack should remain invisible to the victim for as long as possible. Such a scenario allows a hacker to cause maximum damage and also gives them time to cover their tracks. Thankfully, good security practices should either eliminate this risk from happening or, where anti-malware apps are in place, provide an early warning. But hackers are well aware of these defenses and are constantly trying to outwit them.

The emergence of the PowerPepper malware demonstrates that hackers have (temporarily) succeeded in hiding their activities better than ever before.

What is PowerPepper?

PowerPepper, discovered and named by Kaspersky, is a new strain of malware which is believed to have been designed by hacking group DeathStalker. Active since 2012, DeathStalker has made a name for themselves by developing numerous strains of innovative malware. Complex delivery chains are their trademark, but what really stands out is their dedication to evading detection. And PowerPepper is the latest development in DeathStalker’s abilities.

First discovered in May 2020, PowerPepper allows hackers to carry out shell commands from a remote location. But what is a shell command? It’s not something that the average PC user will ever carry out, but a shell command allows you to control your computer by using commands entered with a keyboard through special apps such as Terminal. Naturally, this is a highly valuable app to exploit and DeathStalker have made sure that PowerPepper is not detected. It does this by filtering the clients MAC address, tailoring its processes to deceive anti-malware tools and evaluating mouse movements.

For PowerPepper to take hold, of course, it needs to get on to a victim’s PC. And it does this through a variety of spear phishing campaigns. These attacks utilize both malicious links and email attachments in a number of ways aimed at reducing detection e.g. hiding malicious code in embedded shapes in Word documents and using compiled HTML files to obscure malicious files.

How Do You Protect Your PCs?

PowerPepper has already gone through a number of changes since it was first discovered, so keeping on top of it is difficult for even the most knowledgeable PC user. However, there are plenty of preventative measures you can take:

Install all Updates: One of the surest methods to protect your PC systems is by ensuring all their software and hardware is up to date. This is easily achievable by installing all the relevant updates your system needs. The last thing that you want to present malware with is a back door entry point, so eliminate this by installing all updates.

Restrict Access to Shell Terminals: There’s little need for your PC users to have access to shell terminals, so it makes sense to restrict this access. By removing this privilege you are also removing the risk of hackers taking control of such a powerful app.

Be Wary of Attachments: Malware such as PowerPepper makes its way through the digital landscape thanks to a lack of vigilance on the part of PC users. This is most often demonstrated by opening malicious email attachments. Therefore, it’s crucial to evaluate all email attachments before opening them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Category Archives: attachments

What is PowerPepper?

How Do You Protect Your PCs?