Cyber Security Archives - Page 3 of 8

Social Engineering Used to Hack into Camera Firm

Cyber Security, Employee Training, malware, Ophtek, Password Security, social engineeringmalware, Ophtek, passwords, security, social engineering, TrainingOphtek, LLC

Mar 2022

Social engineering is one of the modern menaces of online life, and this has been demonstrated by a recent malware attack on a Swedish camera firm.

Axis Communications, who manufacture network and security cameras, are the company at the centre of this recent attack. The organization announced that they had been the victims of what they described as an “IT-related intrusion” and advised that, as a result, they had temporarily closed their public-facing services online. Naturally, the attack caused great disruption to Axis; it also brought to light a number of shortfalls in cyber-security, namely the impact of social engineering.

What is Social Engineering?

Social engineering is a form of hacking which involves using various methods of deception to glean information from the victims. So, for example, an employee who receives an email, from what appears to the organization’s IT department but is from a fake email address, asking for confirmation of their login credentials is a form of social engineering. And these incidents of social engineering don’t have to take place online, simply telling someone your mother’s maiden name – a popular choice for password recovery questions – is another example.

This image has an empty alt attribute; its file name is bus-cyber-attack2-lrg-960x480.jpg

How The Axis Attack Happened

The exact details of the Axis attack are yet to be released as the company are conducting a forensic investigation intoexactly what happened. Nonetheless, they have revealed the following details:

Several methods of social engineering were used in order to gain access to the Axis network, these were successful despite the presence of security procedures such as multi-factor authentication.
Advanced hacking techniques were used by the hackers – once they had breached the network – to enhance their credentials and gain high-level access to restricted areas.
Internal directory services were compromised by this unauthorized access.
While no ransomware was detected, there was evidence that malware had been downloaded to the Axis network.

Following concerns of suspicious network activity, and the employment of IT security experts, all external connectivity to the Axis network was closed down.

How to Protect Yourself from Social Engineering

It can be difficult to tackle the highly polished social engineering methods employed by hackers, but following the practices below can make a real difference:

Always Think: slowing down and assessing the situation is crucial when it comes to social engineering. If someone has asked you for sensitive information, such as password details, ask yourself why the need this and what could they do with it? Internal sources – such as managers and IT departments – will never ask for this, so guard your password carefully and, to clarify the situation, speak face-to face with the person who has apparently asked for it.

Regular Staff Training: it’s important that your staff understand the tell-tale signs of social engineering, so make sure that you arrange regular training/refresher courses to keep their knowledge up to date. After all, social engineering is all about the deception, and identifying this can be difficult. But, with the correct knowledge, your staff should be able to protect themselves and your organization.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Millions of Routers and IoT Devices Targeted by BotenaGo

BotenaGo, Cyber Security, Internet Traffic, IoT Attacks, Ophtek, router, Software Security PatchesBotenaGo, Internet Traffic, IoT, Ophtek, patches, router, securityOphtek, LLC

Nov 2021

Routers and Internet of Things (IoT) devices are essential when it comes to modern business. But this has made them a target for the BotenaGo malware.

Wireless technology is in place in almost every business in the world. The presence of routers allows PCs to connect to the internet and enhance their capabilities. IoT devices, meanwhile, bring wireless functionality to business such as wireless access to printers and data storage. Both routers and IoT devices, therefore, present an enticing opportunity to hackers. Compromising just one of these devices grants backdoor access to IT infrastructures. And this is where they can really cause your organization some damage.

BotenaGo is an innovative new strain of malware which has routers and IoT devices in their targets, so it’s crucial that you learn a little more about it.

What is BotenaGo?

The BotenaGo malware is difficult detect, but it appears that it’s hiding in plain sight. BotenaGo is written in Google’s popular Golang programming language, a process which has become steadily popular with hackers. Golang allows programmers to use the same code across different systems, so this saves significant time when coding. Malware, such as BotenaGo, coded in Golang can, therefore, spread across multiple operating systems with the same code.

BotenaGo is programmed to identify 30 different vulnerabilities and this is why so many routers and IoT devices are at risk. The malware starts by scanning the internet for vulnerable devices and then activates the available exploits. BotenaGo’s next step is to create backdoor on the infected devices, this is typically opened on ports 31421 and 19412. This allows the hackers to take control of the device. Further malware and DDoS attacks can then be launched using the victim’s internet connection.

How to Stay Safe

Malware which uses malicious links and attachments is easy to combat as it requires users to action the payload. The techniques used by BotenaGo, however, rely on system vulnerabilities that the average PC user will be unable to identify. Furthermore, current anti-virus software seems unable to detect BotenaGo. But there are ways you can protect yourself:

Install all Patches: Most exploits arise due to coding errors which have failed to fully protect the software. Hackers regularly comb software to discover these exploits and then use them to gain unauthorized access. And, therefore, software manufacturers release regular security patches, these plug any holes in the software and make it more secure. But the end user needs to make sure they are installed. This can be difficult to maintain manually, but Windows allows you to set all updates to automatic to make it easier.

Monitor Your Internet Traffic: BotenaGo is difficult to detect, but it does leave telltale signs as to its presence. A sudden increase in internet traffic, particularly through ports 31421 and 19412, should be a cause for concern. Accordingly, it’s important that your organization arms itself with traffic monitoring software to identify unusual behavior. Any increase in traffic should be investigated immediately and, where possible, access shut off immediately.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Quick Ways to Secure Your PC

Cyber Security, Data Security, email security, modem security, Online Security, Ophtek, PC Security, SecurityCyber Security, Data Security, email security, Modem Security, Online Security, Ophtek, PC Security, securityOphtek, LLC

Nov 2021

IT security can be a complex series of procedures and this can be intimidating to many people. Luckily, there are some easy ways to secure your PC.

Installing and configuring a firewall isn’t something that your average PC user will feel comfortable with. After all, how do you know exactly which services you should be allowing/denying access to? Security tasks such as this should be left to the professionals. But there are lots of quick and easy tips you can put in to place to protect your PC. All you need to do is know how to get started securing your PC. And today we’re going to share 5 quick ways to secure your PC.

How to Secure Your PC

If you want to secure your PC with the minimum amount of fuss, then make sure you:

Verify All Downloads: It’s very easy to fall victim to a malicious email or website. These threats appear to be genuine methods of communication in order to encourage you clicking on their malicious payload. These payloads can take the form of malicious downloads disguised as links or ‘helpful’ apps. A quick way to avoid falling victim in these scenarios is to verify the true destination of links by hovering your mouse cursor over them. You can also perform a Google search to verify the legitimacy of any website.

Lock Your Screen: An unattended PC screen leaves you open to not only external threats, but also internal ones. Therefore, whenever you leave your workstation, make sure that you lock your PC screen. This will password protect your desktop and ensure that no one can access it. You can lock your screen instantly by hitting the Windows key and the L key.

Use a VPN: A virtual private network (VPN) may sound like a complicated enterprise to undertake, but it’s relatively simple to install. A VPN can be installed in minutes and will use high level encryption methods to conceal your identity and data online. So, for example, if you are based within Chicago, you can use a VPN to connect to the internet through a connection based in Australia. This masks your identity and maximizes the security of any data you are transmitting.

Do Not Write Your Passwords Down: The single biggest mistake that a PC user can make is to write their passwords down. Sure, it’s difficult to remember every single password, but there are options to overcome this such as using Google’s Password Checkup. These password managers are far superior to writing your password credentials on a Post-It note and keeping it on your desk. Revealing your login credentials publicly should be avoided at all costs.

Only Use USB Devices That You Own: It’s not worth the risk of damaging your PC, so avoid connecting USB devices you aren’t familiar with. In fact, in a workplace, it’s recommended to disable USB access to individual workstations. If USB access is required then this should only be granted to IT professionals.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Form of Malware is Sneakily Avoiding Detection

anti malware, Cyber Security, malware, OpenSUpdater, Ophtek, PC Security, PhishingAnti- malware, Cyber Security, malware, Ophtek, OpthSUpdater, PC Security, phishingOphtek, LLC

Sep 2021

Anti-malware tools provide a firm level of defense against hackers, but what happens when the malware can bypass detection tools?

Around 300,000 new pieces of malware are created daily, so it’s important that we can protect ourselves against this constant threat. Anti-malware tools such as Kaspersky and even in-built Windows security systems are crucial for providing this protection. Accordingly, you should find that your systems remain protected for most of the time. However, hackers are industrious individuals and are constantly looking to evolve their techniques. As a result of this ongoing adaptation, it appears that hackers have found a way around current detection methods.

The threat comes in the form of the OpenSUpdater and is one that you need to take seriously.

What is OpenSUpdater?

Digital signatures are used online to demonstrate that code is legitimate and accepted by Windows security checks. They are an important part of online security, but this has made them a viable target for hackers. In the case of OpenSUpdater, their online code samples are carrying manipulated security certificates which, despite these manipulations, are passed as authentic by Windows. More importantly, security tools which use OpenSSL decoding are unable to detect these malicious changes.

OpenSUpdater is free to bypass security measures and avoid being labelled as malware which is quarantined and deleted. The malware’s main method of attack is through riskware campaigns. This involves injecting malicious ads into the browsers of those infected and downloading further malware. The majority of targets so far have been found in the US and the malware typically bundled in with illegal downloads such as cracked software.

How Can You Protect Against OpenSUpdater?

This latest malware threat was detected by Google’s security researchers and has since been reported to Microsoft. A specific fix has not been announced yet, but hopefully something will be implemented shortly. In the meantime, however, it’s vital that you take steps to protect yourself. In particular, make sure you focus on the following:

Minimize User Privileges: There’s no real need for employees to be downloading software onto their workstations. All the tools they need should be readily available. However, some employees are likely to be tempted by things they see online, particularly the promise of quick fixes. The best way to reduce the risk of downloading malware is by eliminating download privileges for all but the IT team.

Educate on Phishing Techniques: Phishing is a dangerous hacking technique which uses email to push social engineering attacks. By instilling a threat of urgency to act upon an email’s call to action – such as ‘click here to download a vital security tool’ – hackers are able to deceive victims into downloading all kinds of malware. Thankfully, through continued training, your employees should be able to recognize phishing emails quickly and hit the delete button even quicker.

Do Not Abandon Detection Tools: Despite the ability of OpenSUpdater to bypass detection tools, this does not mean that these tools should be resigned to the scrapheap. They still play an essential role in providing digital security options and should remain in place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Sidewalk Malware Linked to Chinese Hacking Group Grayfly

Cyber Security, Grayfly, Ophtek, Secure Socket Layer, Sidewalk Malware, strong passwords, upgrade softwareCyber Security, Grayfly, Ophtek, secure socket layer, Sidewalk Malware, SSL, strong passwords, upgrade softwareOphtek, LLC

Sep 2021

A new strain of backdoor malware has been discovered and named as Sidewalk. And the hacking group behind it – Grayfly – mean business.

Believed to have major links to China, Grayfly has been launching global cyber-attacks since 2017 and has also operated under the names of Wicked Panda and GREF. With a keen interest in espionage, Grayfly favors attacking public facing web servers. Once they have their foot in the door, the hackers being installing backdoors across the network to maximize their access. The Grayfly group represent a sophisticated threat and show few signs of letting up in their endeavors.

The Sidewalk malware, which appears to be Grayfly’s latest weapon, has been attacking servers in the US, Mexico and Asia. Accordingly, you need to be on your guard.

How Does the Sidewalk Malware Work?

Sidewalk was first discovered in August 2021 when a new piece of malware was detected by Slovakian researchers. Sidewalk, it was revealed, operates by loading plugins into breached systems to search out and log running processes. This information is then transmitted back to a remote server where hackers can analyze the infected servers in forensic detail. The researchers were keen to note that the Sidewalk malware shared many similarities to Grayfly’s previous hacking tool Crosswalk.

Sidewalk has been concentrating its efforts on a number of targets in the US, Vietnam, Mexico and Taiwan. Given the espionage nature of Grayfly’s operation, it comes as no surprise that a large proportion of the victims are involved in the telecoms industry. Grayfly start these attacks by identifying Microsoft Exchange servers which can be accessed through the public internet. With this in their sights, the hackers install a web shell which grants them the opportunity to run administrative commands on the server. From here they can dig deeper into the server and begin harvesting confidential data such as login credentials.

How Can You Protect Your Public Facing Server?

Public facing servers are crucial for any businesses which need to allow the public to access their services are online. However, as the Sidewalk malware has shown, they’re at the risk of cyber-attacks. Nonetheless, you can protect your public facing servers by practicing the following:

Monitor Logins: By using specialist security tools, you can monitor login attempts to your server. These will monitor suspicious activity such as brute force attacks and can block IP addresses suspected of being dangerous.

Only Allow Strong Passwords: Servers need to use strong passwords to thwart the efforts of hackers. Avoid making common password mistakes and always change any default passwords as soon as possible.

Use Secure Sockets Layer Certificates: Your web administration areas should always be protected by a Secure Socket Layer (SSL). These security certificates protect and encrypt information passed between two systems on the internet e.g. a website and a visitor to that website. This ensures that personal data remains secure.

Always Upgrade Your Software: One of the surest ways for a public facing server to become breached is by eliminating vulnerabilities in its design. These weak points allow hackers to gain easy access, so it’s vital these are plugged. Software and hardware manufacturers regularly release firmware and security patches, so make sure these are installed as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 … 8 Next »

Category Archives: Cyber Security