Cyber Security Archives - Page 4 of 8

What are Initial Access Brokers?

Cyber Security, Hackers, IAB, Initial access brokers, Ophtek, RansomwareCyber Security, hackers, IAB, Initial access broker, Ophtek, ransomwareOphtek, LLC

Aug 2021

Gaining access to an unauthorized network is every hacker’s dream. And, now, this is easier than ever thanks to the rise of initial access brokers.

Initial access brokers (IABs) are a relatively new trend in the world of hacking. These threats have been tracked for several years now, but they have yet to create major headlines. Nonetheless, they represent a major threat to your organization’s security. And the number of IABs operating online is rising. Therefore, it’s important that you understand what IABs are and the threat they represent. So, to help keep your organization safe, we’re going to look at IABs.

What is an IAB?

We’ve discussed ransomware in depth on numerous occasions, but we’re yet to touch upon the role of IABs when it comes to ransomware. The hard work, for a hacker, is breaking into a network. Most networks will have some level of security, so significant time needs to be invested to beat this. But what if there was someone you could go to for ready-made access? It would be a dream scenario for a hacker and it’s one which is provided by IABs.

Acting as a literal broker, IABs carry out extensive research on organizations to identify those that are considered vulnerable. Slowly, these IABs will build up a portfolio of vulnerable targets and details on how to gain access to their networks. This takes the hard work out of hacking for the hackers and ensures that, for a fee, details of vulnerable networks can be quickly obtained. The majority of these deals take place on the dark web with access details being sold to the highest bidder.

How Do You Avoid Becoming an IAB Listing?

IABs are not selective in the industries that they target and tend to scour all industries for potential victims. These threats are also unfolding on a global basis, but some research has shown that a third of IAB listings involve businesses located in the US. Accordingly, you will want to make sure you don’t find your organization having its vulnerabilities advertised as being for sale. And you can do this by taking note of the following:

Eliminate Any Vulnerabilities: The simplest way to prevent IABs identifying your network vulnerabilities is by eliminating them. The best method for implementing this is by installing all firmware and patches as soon as they are available. This approach will close any potential entry points to IABs.

Train Your Staff: One of the quickest ways for IABs to gain access to your network is through your staff. Social engineering, for example, can quickly provide an IAB with a route straight into your network. Educating your staff, and regularly refreshing this knowledge, is essential for reducing unauthorized access to your network.

Check IAB Listings: Although IAB listings do not always directly list who the target is, it’s possible to narrow the options down and identify industry trends. As most of these listings are found on the dark web, it’s a good idea to employ an IT professional to investigate them and advise of any potential risks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Dangerous Power of the Prometheus Malware

antivirus software, Cyber Security, email security, malware, Ophtek, Prometheus MalwareAntivirus software, Cyber Security, email security, malware, Ophtek, Prometheus MalwareOphtek, LLC

Aug 2021

Malware-as-a-service (MaaS) provides a powerful malware solution for hackers. And Prometheus is the perfect example of such an infrastructure.

There’s money in everything and hacking is no different. But rather than extorting funds through ransomware, hackers can also design MaaS to generate some quick cash. MaaS takes the pain out of designing your own malware by offering a ready-made solution. And all you need to do is a pay a fee to use it. Typically, MaaS will give the user access to software which can distribute malware through malicious campaigns; this is exactly what Prometheus does.

As Prometheus, and all forms of MaaS, is so powerful, it’s important that you understand what it is and how to tackle it.

How Does Prometheus Work?

Prometheus has been available to purchase for a year now, with a subscription costing $250 per month. It uses two main attack strategies:

Distributing MS Word and Excel documents which are infected with malware
Using malicious links to divert victims to phishing websites

Subscribers to the Prometheus MaaS are given a central control panel from where they can launch their campaigns. From here they are able to configure various parameters to tailor their attacks e.g. targeting specific email addresses with a malicious call-to-action. Prometheus can also be used to assess potential victims. Using infected websites, Prometheus can collect data on visitors – such as IP address and user details – to assess which method of attack is best to launch. It’s a sophisticated form of hacking and one that requires high levels of awareness to combat.

It’s estimated that over 3,000 email addresses have been targeted by Prometheus as of this writing. These targets have included individuals in Europe and a number of government agencies and businesses in the US. While 3,000 potential victims may sound relatively small, it’s clearly best for every one of them to avoid it. And it is possible.

How to Combat Prometheus

Prometheus uses traditional methods to infect PCs with its malicious payloads, so it’s easy to avoid becoming a victim. All you need to do is practice the following:

Check All Emails: Malicious emails are very good at hiding the fact that they are malicious. Therefore, it always pays to quickly verify every email. Is the email address correct or is it a strange variation e.g. security@micros0ft.com? Is there an unusual and urgent call-to-action in the email such as a “click here before you lose access to your account” link? Anything suspicious should be queried with your IT team immediately.

Verify Links: It’s very easy to insert a malicious link into an email or website, so these need to be verified before clicking. For example, a link could be displayed as www.bankofamerica.com but hovering your cursor over this link will reveal the genuine destination. And this could be redirecting you towards a malicious website, so always verify your links.

Scan All Email Attachments: Many antivirus software packages offer email attachment scans as one of their features. And it’s crucial that you activate this tool. Incoming email attachments will be scanned before they arrive in your inbox for any malicious content. Alerts will be activated when malicious files are identified and quarantined to protect your IT systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What Do You Need in Good Antivirus Software?

anti malware, Antivirus, Cyber Security, Data Security, email security, firewall, Ophtekantivirus, Cyber Security, Data Security, email security, firewall, OphtekOphtek, LLC

Jul 2021

Antivirus software is a sure-fire way to keep your PC protected against malware. But you need to make sure it has the right features for your organization.

No two pieces of antivirus software are the same. And there are a lot of different antivirus tools available. In fact, if you google the term “antivirus software” you will be faced with 175 million search results. Not surprisingly, the sheer range of options available can make choosing one a daunting task. But it doesn’t need to be this difficult. All you need to do is understand what the most important features are in antivirus software.

The Essential Antivirus Software Features

As I advised earlier, there are many different antivirus tools trying to get your attention. And they all contain a collection of different features. The most essential ones that you should be looking for are:

Malware Scans: The biggest threat to your organization’s IT infrastructure will come from malware. And it’s a threat which can easily lurk undetected on your network. However, thanks to the power of collective databases, most of this malicious software can quickly be identified by its code. Good antivirus software will connect to these databases and use the inventory to verify every file on your network. Anything identified as malicious can then be quarantined and investigated before being deleted.

Firewall Availability: Many antivirus software packages will include a firewall and this feature can prove invaluable. It’s a tool which is employed to monitor all incoming and outgoing connections to your network. Essentially a barrier between your organization and the internet, a firewall allows you to restrict access to any unidentified connections while recognized and permitted connections can operate freely.

Email Scans: One of the best ways for a hacker to gain access to your organization’s network is via email. It’s a venture which typically succeeds when an infected email attachment or malicious link is activated by the recipient. And these infections can be very powerful. Ransomware is easily spread through malicious emails and phishing scams, of course, are particularly prevalent. Thankfully, many pieces of antivirus software can scan all incoming emails to evaluate the danger contained within.

Download Protection: Most files that you download from the internet will be fine e.g. software installation packages or even plain old spreadsheets. But there’s always a chance that you may download some malicious software. And, in many cases, it’s easy to find yourself fooled by authentic looking websites. A good antivirus suite, however, should be able to scan all downloaded files in real time to verify if they are safe. Often, if the file is hosted on a malicious website, antivirus software will not even allow you access to the site in the first place.

Final Thoughts

Basic antivirus software is available for free and, despite some limitations in its functionality, can provide you with powerful protection. However, when you start paying for antivirus software you can expect to gain even more features and some much-needed technical support. Regardless of which option you go for, though, antivirus software should be an essential part of any organization’s fight against cyber-crime.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows Print Spooler Vulnerability Accidentally Leaked

Cyber Security, Microsoft, Network, Ophtek, patches, print spooler, zero-daymicrosoft, network, Ophtek, patch, print spooler, security, zero-dayOphtek, LLC

Jul 2021

If a hacker can find a software vulnerability, then it grants them easy access to a PC. This is even easier when a vulnerability is leaked by researchers.

Security researchers are constantly searching for software and hardware vulnerabilities. But where researchers and hackers differ is their intent. A security researcher wants to legitimately identify vulnerabilities so that they can be secured and lessons learned for the future. However, a Chinese technology firm by the name of Sangfor recently revealed details of an unknown Windows vulnerability in Print Spooler. And, unfortunately, Microsoft hadn’t managed to patch it.

What is a Zero-Day Vulnerability?

The type of vulnerability found in Print Spooler is known as a zero-day vulnerability. This name refers to the number of days a software vendor has had to patch a vulnerability and the percentage chance that a user has of being protected. And this is why zero-day vulnerabilities are so dangerous. There is no immediate protection available, so hackers are given free rein to cause widespread chaos.

What is the Print Spooler Vulnerability?

The design of the Print Spooler vulnerability – whose exploit code was listed within Sangfor’s paper – has the potential to cause numerous issues. The specifics of this exploit allow hackers to obtain full system access privileges. This is achieved by granting them permission to load malicious drivers into any servers containing this vulnerability. With full control of an IT network, hackers can then download further malware, steal data and operate infected workstations from a remote location. And, although a patch was recently released for vulnerabilities in Print Spooler, this particular exploit was not identified by Microsoft.

How Do You Protect Against Vulnerabilities?

As of the time of this article, Microsoft do not have a patch available for what has been dubbed the PrintNightmare vulnerability. This is concerning as it provides a significant amount of risk to Windows users. While it is certain that Microsoft will release a security patch, the fact remains that – as revealed by Microsoft – attacks using this exploit have already been identified. Therefore, you need to know how to protect your IT systems:

Disable Print Spooler: In the case of the PrintNightmare vulnerability, you can eliminate the risk is by temporarily disabling the print spooler. This does, however, remove the ability for your organization to print across its network.

Monitor Network Activity: If your IT system has been exploited through a vulnerability then it’s likely there will be an increase in network activity. This will be most visible in outgoing traffic as the hackers will likely be transmitting data to a remote server. An increase in data output to an unknown location should ring alarm bells and indicate that something is wrong.

Always Install Patches: The best way to secure your IT infrastructure is to install all patches as soon as they’re available. New vulnerabilities are discovered every day, so it’s vital that you treat any newly released patches as a priority. A swift approach to these relatively hassle-free installs can be the difference between a secure system and one which is breached.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Database of 26 Million Stolen Passwords Discovered

Cyber Security, Data Security, Ophtek, Password Security, Two Factor Authentication, UpdatesCyber Security, Data Security, Ophtek, password security, two factor authenticationOphtek, LLC

Jun 2021

Passwords are one of the most common security measures, but they’re still considered a risk. And 26 million stolen passwords have just been found.

We all use passwords on a regular basis throughout our working day. Logging on to remote servers and online platforms all require a set of login credentials. And, on the whole, they provide an adequate level of security. But security which is considered only adequate will always remain a tempting prospect to hackers. Login credentials will typically consist of only two pieces of information: username and password. Naturally, with only two data values required – which can be entered from any keyboard – login credentials represent some major security concerns.

That’s why the discovery of this database, containing 26 million sources of information, is considered a major alert.

What’s in the Database?

Coming in at a huge 1.2TB, the database – which was discovered by NordLocker – contains the following:

26 million login credentials
2 billion browser cookies
1.1 million email addresses
6.6 million various files including Word, PDF and image files

These numbers are, of course, huge. And it’s a safe bet that some serious data has been compromised along the way. It has also been revealed that the malware made a point of creating an image file by taking a screenshot via active webcams on infected devices. This, again, is troubling as it underlines the danger contained within the malware for compromising personal data.

The actual malware behind these data harvests is currently unknown. It is believed, however, that its method of attack is fairly standard. Upon infection, the malware will connect to a remote server where it can transmit any stolen data. The compromised data, as NordLocker found, was being hosted on a cloud-based hosting service and has now been taken down. But it’s likely that this database has already been traded and is out in the digital wild.

How Do You Protect Yourself?

Attacks such as this are sadly commonplace in the modern age, but there is a lot that you can do to protect your organization’s data:

Use Two-Factor Authentication: The combination of a username and password may seem strong, but it can be made even stronger by two-factor authentication. This additional layer of security requires the use of a unique piece of data transmitted to a device separate from your IT network.

Install All Updates: The attack in question could easily have been caused by a vulnerability put in place by outdated technology. Both software and hardware require regular updates to patch any issues that may be discovered post-launch. And it’s your responsibility to install these as soon as possible to close any potential back door attacks.

Regularly Monitor Network Activity: If significant amounts of data are being stolen and transmitted to a remote server, this activity will be associated with a rise in outgoing network activity. Therefore, it pays to keep a close eye on any spikes in traffic to minimize the impact of any breach.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 6 … 8 Next »

Category Archives: Cyber Security