The Dangerous Power of the Prometheus Malware

antivirus software, Cyber Security, email security, malware, Ophtek, Prometheus Malware, , , , ,
18
Aug 2021

Malware-as-a-service (MaaS) provides a powerful malware solution for hackers. And Prometheus is the perfect example of such an infrastructure.

There’s money in everything and hacking is no different. But rather than extorting funds through ransomware, hackers can also design MaaS to generate some quick cash. MaaS takes the pain out of designing your own malware by offering a ready-made solution. And all you need to do is a pay a fee to use it. Typically, MaaS will give the user access to software which can distribute malware through malicious campaigns; this is exactly what Prometheus does.

As Prometheus, and all forms of MaaS, is so powerful, it’s important that you understand what it is and how to tackle it.

How Does Prometheus Work?

Prometheus has been available to purchase for a year now, with a subscription costing $250 per month. It uses two main attack strategies:

  • Distributing MS Word and Excel documents which are infected with malware
  • Using malicious links to divert victims to phishing websites

Subscribers to the Prometheus MaaS are given a central control panel from where they can launch their campaigns. From here they are able to configure various parameters to tailor their attacks e.g. targeting specific email addresses with a malicious call-to-action. Prometheus can also be used to assess potential victims. Using infected websites, Prometheus can collect data on visitors – such as IP address and user details – to assess which method of attack is best to launch. It’s a sophisticated form of hacking and one that requires high levels of awareness to combat.

It’s estimated that over 3,000 email addresses have been targeted by Prometheus as of this writing. These targets have included individuals in Europe and a number of government agencies and businesses in the US. While 3,000 potential victims may sound relatively small, it’s clearly best for every one of them to avoid it. And it is possible.

How to Combat Prometheus

Prometheus uses traditional methods to infect PCs with its malicious payloads, so it’s easy to avoid becoming a victim. All you need to do is practice the following:

  • Check All Emails: Malicious emails are very good at hiding the fact that they are malicious. Therefore, it always pays to quickly verify every email. Is the email address correct or is it a strange variation e.g. security@micros0ft.com? Is there an unusual and urgent call-to-action in the email such as a “click here before you lose access to your account” link? Anything suspicious should be queried with your IT team immediately.
  • Verify Links: It’s very easy to insert a malicious link into an email or website, so these need to be verified before clicking. For example, a link could be displayed as www.bankofamerica.com but hovering your cursor over this link will reveal the genuine destination. And this could be redirecting you towards a malicious website, so always verify your links.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What Do You Need in Good Antivirus Software?

anti malware, Antivirus, Cyber Security, Data Security, email security, firewall, Ophtek, , , , ,
27
Jul 2021

Antivirus software is a sure-fire way to keep your PC protected against malware. But you need to make sure it has the right features for your organization.

No two pieces of antivirus software are the same. And there are a lot of different antivirus tools available. In fact, if you google the term “antivirus software” you will be faced with 175 million search results. Not surprisingly, the sheer range of options available can make choosing one a daunting task. But it doesn’t need to be this difficult. All you need to do is understand what the most important features are in antivirus software.

The Essential Antivirus Software Features

As I advised earlier, there are many different antivirus tools trying to get your attention. And they all contain a collection of different features. The most essential ones that you should be looking for are:

  • Firewall Availability: Many antivirus software packages will include a firewall and this feature can prove invaluable. It’s a tool which is employed to monitor all incoming and outgoing connections to your network. Essentially a barrier between your organization and the internet, a firewall allows you to restrict access to any unidentified connections while recognized and permitted connections can operate freely.
  • Email Scans: One of the best ways for a hacker to gain access to your organization’s network is via email. It’s a venture which typically succeeds when an infected email attachment or malicious link is activated by the recipient. And these infections can be very powerful. Ransomware is easily spread through malicious emails and phishing scams, of course, are particularly prevalent. Thankfully, many pieces of antivirus software can scan all incoming emails to evaluate the danger contained within.
  • Download Protection: Most files that you download from the internet will be fine e.g. software installation packages or even plain old spreadsheets. But there’s always a chance that you may download some malicious software. And, in many cases, it’s easy to find yourself fooled by authentic looking websites. A good antivirus suite, however, should be able to scan all downloaded files in real time to verify if they are safe. Often, if the file is hosted on a malicious website, antivirus software will not even allow you access to the site in the first place.

Final Thoughts

Basic antivirus software is available for free and, despite some limitations in its functionality, can provide you with powerful protection. However, when you start paying for antivirus software you can expect to gain even more features and some much-needed technical support. Regardless of which option you go for, though, antivirus software should be an essential part of any organization’s fight against cyber-crime.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows Print Spooler Vulnerability Accidentally Leaked

Cyber Security, Microsoft, Network, Ophtek, patches, print spooler, zero-day, , , , , ,
13
Jul 2021

If a hacker can find a software vulnerability, then it grants them easy access to a PC. This is even easier when a vulnerability is leaked by researchers.

Security researchers are constantly searching for software and hardware vulnerabilities. But where researchers and hackers differ is their intent. A security researcher wants to legitimately identify vulnerabilities so that they can be secured and lessons learned for the future. However, a Chinese technology firm by the name of Sangfor recently revealed details of an unknown Windows vulnerability in Print Spooler. And, unfortunately, Microsoft hadn’t managed to patch it.

What is a Zero-Day Vulnerability?

The type of vulnerability found in Print Spooler is known as a zero-day vulnerability. This name refers to the number of days a software vendor has had to patch a vulnerability and the percentage chance that a user has of being protected. And this is why zero-day vulnerabilities are so dangerous. There is no immediate protection available, so hackers are given free rein to cause widespread chaos.

What is the Print Spooler Vulnerability?

The design of the Print Spooler vulnerability – whose exploit code was listed within Sangfor’s paper – has the potential to cause numerous issues. The specifics of this exploit allow hackers to obtain full system access privileges. This is achieved by granting them permission to load malicious drivers into any servers containing this vulnerability. With full control of an IT network, hackers can then download further malware, steal data and operate infected workstations from a remote location. And, although a patch was recently released for vulnerabilities in Print Spooler, this particular exploit was not identified by Microsoft.

How Do You Protect Against Vulnerabilities?

As of the time of this article, Microsoft do not have a patch available for what has been dubbed the PrintNightmare vulnerability. This is concerning as it provides a significant amount of risk to Windows users. While it is certain that Microsoft will release a security patch, the fact remains that – as revealed by Microsoft – attacks using this exploit have already been identified. Therefore, you need to know how to protect your IT systems:

  • Disable Print Spooler: In the case of the PrintNightmare vulnerability, you can eliminate the risk is by temporarily disabling the print spooler. This does, however, remove the ability for your organization to print across its network.
  • Monitor Network Activity: If your IT system has been exploited through a vulnerability then it’s likely there will be an increase in network activity. This will be most visible in outgoing traffic as the hackers will likely be transmitting data to a remote server. An increase in data output to an unknown location should ring alarm bells and indicate that something is wrong.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Database of 26 Million Stolen Passwords Discovered

Cyber Security, Data Security, Ophtek, Password Security, Two Factor Authentication, Updates, , , ,
22
Jun 2021

Passwords are one of the most common security measures, but they’re still considered a risk. And 26 million stolen passwords have just been found.

We all use passwords on a regular basis throughout our working day. Logging on to remote servers and online platforms all require a set of login credentials. And, on the whole, they provide an adequate level of security. But security which is considered only adequate will always remain a tempting prospect to hackers. Login credentials will typically consist of only two pieces of information: username and password. Naturally, with only two data values required – which can be entered from any keyboard – login credentials represent some major security concerns.

That’s why the discovery of this database, containing 26 million sources of information, is considered a major alert.

What’s in the Database?

Coming in at a huge 1.2TB, the database – which was discovered by NordLocker – contains the following:

  • 26 million login credentials
  • 2 billion browser cookies
  • 1.1 million email addresses
  • 6.6 million various files including Word, PDF and image files

These numbers are, of course, huge. And it’s a safe bet that some serious data has been compromised along the way. It has also been revealed that the malware made a point of creating an image file by taking a screenshot via active webcams on infected devices. This, again, is troubling as it underlines the danger contained within the malware for compromising personal data.

The actual malware behind these data harvests is currently unknown. It is believed, however, that its method of attack is fairly standard. Upon infection, the malware will connect to a remote server where it can transmit any stolen data. The compromised data, as NordLocker found, was being hosted on a cloud-based hosting service and has now been taken down. But it’s likely that this database has already been traded and is out in the digital wild.

How Do You Protect Yourself?

Attacks such as this are sadly commonplace in the modern age, but there is a lot that you can do to protect your organization’s data:

  • Use Two-Factor Authentication: The combination of a username and password may seem strong, but it can be made even stronger by two-factor authentication. This additional layer of security requires the use of a unique piece of data transmitted to a device separate from your IT network.
  • Install All Updates: The attack in question could easily have been caused by a vulnerability put in place by outdated technology. Both software and hardware require regular updates to patch any issues that may be discovered post-launch. And it’s your responsibility to install these as soon as possible to close any potential back door attacks.
  • Regularly Monitor Network Activity: If significant amounts of data are being stolen and transmitted to a remote server, this activity will be associated with a rise in outgoing network activity. Therefore, it pays to keep a close eye on any spikes in traffic to minimize the impact of any breach.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Disk Wiping Malware Disguises itself as Ransomware

Apostle, Cyber Security, malware, Ophtek, Ransomware, Updates, , , ,
08
Jun 2021

Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.

The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.

Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.

How Does Apostle Wipe Disks?

The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.

The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.

How Do You Stop Your Disk Being Wiped?

The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:

  • Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.
  • Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4 5 6 8