Windows Defender Needs Defending

Cyber Security, Data Security, Defender, Ophtek, PC Security, Security, Windows Defender, , ,
26
Jan 2021

You would like to think that your security software keeps you secure and, on the whole, it will. But there is the chance it could be turned against you.

One of the most trusted anti-malware tools is Microsoft’s Windows Defender app. Originally launched in 2005 – as Microsoft AntiSpyware – Windows Defender is a free tool which offers real-time protection against infected files and websites. It’s a highly effective piece of software and one that all Windows users should ensure is running. But, in an ironic twist, Windows Defender has fallen victim to a vulnerability. And, as you would expect, hackers have been keen to capitalize on it.

The Windows Defender Vulnerability

The basic process of Windows Defender is that it scans files and activity on a PC for any malicious potential. If these files are considered suspicious then they will be quarantined by Windows Defender; the user then has the option to either restore or delete the file. However, a problem has been discovered in Windows Defender in the form of CVE-2021-1647. This code, allocated by Microsoft, indicates that it’s a vulnerability in Windows Defender which allows remote access to the app.

By allowing remote access to Windows Defender, this vulnerability grants hackers the chance to turn the app against its user. Instead of scanning malicious files and quarantining them, remote users will program Windows Defender to execute these files. Therefore, a hacker could send infected files to a user safe in the knowledge that Windows Defender will do the hard work for them. It’s a serious threat and one which could cause major problems for your network in a matter of seconds. The exploit has been recorded as active in the digital wild, so this demonstrates that hackers have been aware of it for some time.

Defending Windows Defender

It may sound a tall order to defend a piece of software there to defend you, but this is the world we live in. Thankfully, putting safety measures in place is relatively simple. The vulnerability in question has been fixed thanks to a patch swiftly released by Microsoft. This will be installed automatically and requires no work on the user’s part. Naturally, this does not mean that Windows Defender is 100% secure, the threat of further exploits being discovered remains a possibility. But, by ensuring that automatic updates are in place, your system will be safer than before.

Final Thoughts

Vulnerabilities in PCs are all too common and even Microsoft are not immune from these flaws in their products. The Windows Defender vulnerability – and others such as Zerologon – underline the importance of installing updates. The simplest way to secure your PC is by making sure it has the best chance to defend itself. Accordingly, updates need to be installed as soon as possible. When it comes to Microsoft updates, these can be set to install automatically. This gives you the best chance of staying ahead of exploits and any hackers using them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Government Websites Compromised in Armenia

anti malware, Cyber Attack, Cyber Security, Hackers, malicious websites, Plugins, Security Threats, , , ,
07
Apr 2020

You would like to think that governments know a thing or two about cyber security. But a recent hack in Armenia has proved otherwise.

European security experts ESET have confirmed that numerous websites belonging to the Armenian government have been targeted and compromised by hackers.   The compromised websites have been infected with malware and pose a nasty security risk to visitors. It’s suspected that the hackers behind this attack are Turla, a Russian hacking group.

We’ve discussed malicious websites before, but this latest attack is a little different. Therefore, it’s crucial that you understand the unique methods behind the infection.

What’s the Story?

The suspected hackers have targeted several websites that come under the control of the Armenian government, but the same fingerprints have also been found on a few non-government websites. Regardless of which website is infected, the methods employed are the same. However, where this attack differs from normal is its selective nature. Rather than attacking every visitor that accesses the infected websites, the malware only targets high-ranking visitors. So, for example, a civilian visitor is likely to remain uninfected, but a government official will not be so lucky.

It’s intriguing that the malware is only interested in high-ranking officials and indicates that there could be a political angle to the attack. Speculation aside, what is known for certain is how the attack unfolds. Once a visitor has been established as ‘high-value’ a command-and-control server generates a malicious JavaScript code. This code is used to deliver a popup window prompting the user to download a Flash update. But while this does, in fact, install a genuine version of Flash, it also contains PyFlash. And this backdoor application allows hackers to gain full access to the infected PC.

How Do You Protect Yourself?

Naturally, the security risk of compromised government PCs is considered high. And, while it is unlikely to affect smaller organizations at present, the selective nature of the attack is troubling. Therefore, it’s important that you safeguard your business against similar attacks. This can be achieved by following these best practices:

  • Use Website Filters: One of the best ways to protect your organization from infected websites is by integrating website filters into your IT setup. These filters are backed up by huge databases, which are regularly updated, and will prevent your users from accessing websites considered a security risk. 
  • Prevent Software Installation: The majority of applications that your employees will want to install are likely to be genuine and safe. But, as with fake Flash updates, this is not always the case. And this is why it makes sense to enforce a complete blanket ban on unauthorized installs. Accordingly, any install requests should be submitted to an IT professional who can evaluate the risk of each proposition.
  • Block Popup Adverts: It’s rare that any PC user welcomes the appearance of a popup advert. And, with the risk of malicious popups so prevalent, it’s the last thing that an IT professional wants to see as well. Therefore, it makes sense to minimize this risk by installing a popup blocker. Not only will this reduce the risk of malware being installed, but it will also provide your PC users with an enhanced experience.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows Hit by New Enabler Malware

Cyber Security, malware, Ophtek, Security, Security Threats, , , ,
20
Aug 2019

Malware is well known for infecting systems and causing major problems from the second it’s executed. But certain strains of malware act as an enabler.

Security researchers have recently discovered one of these enablers and dubbed it SystemBC. It’s important to stress that SystemBC isn’t an immediate attack. However, it’s just as dangerous as your everyday malware. If not more dangerous. And this is why understanding how an enabler works is crucial for the security of your organization.

It’s always important, where PC security is concerned, to be proactive. So, to help you enhance your organization’s defenses, we’re going to run over the principles of the SystemBC malware.

What is the SystemBC Malware?

The simplest definition of SystemBC is that it enables other malware to unleash attacks. But how does it do this? The answer lies within SOCKS5 proxies. The average PC user will be unaware of what SOCKS5 proxies are, but this doesn’t mean they are impossible to understand. SOCKS5 is a method of internet communication that takes place between a client and a server. And it’s most commonly used in authorizing access to servers.

SystemBC takes advantage of these SOCKS5 proxies to overcome security systems and exploit vulnerabilities. The main method of exploitation is to illegally access a server and then install a command and control (C&C) server. With this C&C in place, SystemBC has the ability to cloak traffic and activity from other malware which can then spread outwards through the server.

How is SystemBC Distributed?

SystemBC has, at the time of writing, been discovered in both the Fallout and RIG exploit kits. These kits allow hackers to package together several different exploits in one product. These assorted exploits can work in synchronicity with each other or independently. And this makes them very dangerous. The Fallout and RIG exploit kits tend to focus on vulnerabilities in Flash and Internet Explorer, an approach which is exceptionally common when it comes to hacking.

Protecting Your Organization from SystemBC

The key to protecting your server from the threat of SystemBC is by being vigilant. Software patches remain the number one preventative measure when it comes to combating vulnerabilities. Software developers release these on a fairly regular basis, but also in emergencies when major vulnerabilities are discovered. And they need to be installed immediately. An exposed entry point to your network is a major threat to your security and plugging it is crucial.

One of the major problems facing organizations, in terms of IT security, is the use of legacy systems. These are systems which no longer receive support from their developers. If a vulnerability is discovered in such a system then it will remain there. It will not be resolved. Therefore, it’s vital that your organization regularly assesses the suitability of your PC systems for engaging with the internet. If a particular part of your network is no longer supported then it’s time to replace it. Otherwise you could soon find malware such as SystemBC making its home on your server.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

6 Reasons Why You Should Invest in Cyber Security

Cyber Attack, Cyber Security, Hackers, Hacking, malware, Ophtek, Password Security, PC Security, Secure Website, Security, Security Threats, , , ,
23
Jul 2019

Cyber-attacks are on the rise, so protecting your business has never been more important. But what exactly are the benefits of cyber security?

We all know about the need for firewalls and anti-virus software. They provide us with a layer of defense from the legions of hackers itching to access our data. Those who are new to the world of IT, however, are unlikely to know why they need cyber security. What can it deliver? Well, let’s run through six reasons why you should invest in cyber security:

  1. Protects Your Data: Businesses work with huge amounts of data in the 21st And, whether its employee or customer data, it’s going to be sensitive. This needs to be protected to prevent identity theft or financial damage. A professional approach to cyber security will reduce this threat and protect the integrity of you data. 
  1. Maintains Productivity: While the headlines regarding cyber-attacks always focus on data and costs, they fail to look at the impact on productivity. If, for example, a ransomware attack hits your network then critical files are going to be out of action. This means that your employees will be unable to work. And the impact that this can have on your organization’s productivity can be devastating. 
  1. Financial Damage: Cyber-attacks can hit a company where it hurts: the bank balance. Ransomware demands are, naturally, the most obvious cause of financial distress, but there are others. A drop in productivity can soon lead to a drop in sales which can significantly impact your revenue streams. And there’s also the chance that irreparable damage could be caused to your hardware resulting in the need for new purchases. 
  1. Protects Your Website: One of the cornerstones of a successful marketing strategy in the 21st century is a website. Whether it’s being used to promote your services or sell them it needs to be running 24/7. It’s a crucial communication channel, but it’s also one that’s regularly targeted by hackers. With the correct level of investment in cyber security you can limit the risk of it being compromised. This keeps your website running and ensures that your marketing strategies can run smoothly. 

  1. Keeps Malware Out: Malicious software, better known as malware, is the bane of all security professionals. Capable of causing massive damage to IT infrastructures, malware is a form of hacking which embraces subterfuge and results in untold problems for the victims. It can steal data, it can slow down systems and even set up attacks on other businesses. But if you invest in cyber security then then the chances of malware activating its payload is reduced. 
  1. Provides Customer Confidence: Consumers are wary of data security more than ever in the digital age. Therefore, inspiring trust in your IT systems is essential. If you can demonstrate that you’re working with professionals to protect your customers’ data then you can inspire this trust. Not only will you be able to protect your customer’s data, but you will enhance their loyalty to your brand.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 4 5 6 7 8