What Should You Do AFTER a Data Breach?

Data Breach, data recovery, Data Security, Hackers, Hacking, Ophtek, , ,
04
May 2021

One of IT security’s main aims is to avoid data breaches. However, breaches are inevitable in the modern age. Therefore, you need to know how to recover.

The impact of a data breach can be huge and catastrophic for all involved; organizations and their clients can be equally affected when data is stolen. And, in many cases, the clients are the ones who have the most to lose e.g financial and personal data being leaked and spread by hackers. Accordingly, if your organization finds itself in the unenvious position of experiencing a data breach, there is a lot of work to do.

A data breach is a stressful event and cleaning up afterwards can be a real struggle. But, with our tips on what you need to do after a data breach, you should find it a little easier.

Coping with a Data Breach

Once a data breach is confirmed then it’s crucial that you carry out the following:

  • Identify the Stolen Data: Understanding exactly what has been breached is vital when it comes to evaluating the extent of the attack. As long as you have a suitable set of defenses in place, you should have access to intrusion detection systems. These tools will provide an insight into which files were accessed and what the hackers did with them e.g. deleted or copied them. Putting this picture together will allow you to determine your next steps.
  • Prepare a Fix and Test It: A data breach indicates that there is a hole in your defenses, so you should act quickly to plug this. It may involve installing a security patch or it may require a more in-depth response from your IT team. Whatever the solution, you need to put it in to place as soon as possible. This will protect your data and limit any further damage. But you need to make sure this fix works. Test the solution several times to guarantee that the attacker cannot launch the same attack again.
  • Advise All Your Customers: It’s essential that, once your fix has been established, you inform your customers of what has happened. Naturally, they will be anxious as the phrase “data breach” carry a certain amount of dread. Honesty, therefore, is the best policy. Advise your customers of the data that has been breached and how it could affect them. This may be as simple as asking them to change their passwords, but could also extend to contacting their financial providers if the relevant information has been compromised.
  • Evaluate and Build Stronger Defenses: The one benefit (and we’re using that verb lightly) of a data breach is that it prompts you to strengthen your IT defenses. Your organization will need to carry out a full investigation to understand exactly what happened. Was, for example, the breach able to succeed due to out-of-date software? Or was it down to a lack of staff training on the dangers of social engineering? Regardless of the cause, the solution will need to be determined and put in place to prevent future breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

CopperStealer Malware Shows the Dangers of Illegal Downloads

CopperStealer, Cyber Security, Data Security, Illegal Downloads, malware, Ophtek, , , ,
23
Mar 2021

The world of illegal downloads is a dangerous place to travel to and the emergence of the CopperStealer malware demonstrates why.

Ever since the dawn of the world wide web, there have been illegal downloads. And pretty much anything that runs on a PC can be downloaded illegally. The new Kings of Leon album, the latest Marvel movie or even the most up-to-date version of Microsoft Office can be found online for zero dollars and zero cents. However, the fact that these downloads are illegal means that, aside from the fact that you’re committing a felony, you could download more than you bargained for.

CopperStealer is the perfect example of this dangerous activity, so we’re going to show you exactly what can happen.

What is CopperStealer?

The CopperStealer malware is believed to have been active in the wild since 2019, but its malicious activity has only just been detected. CopperStealer relies on illegal downloads to infect workstations and does this by either masquerading itself as, for example, a Windows 10 install file or by bundling itself with a genuine piece of software. Either way, when the person downloading the file tries to install their illegal software, they will inadvertently install CopperStealer on their system. This allows the malware easy access to PCs and does it with the help of the unwitting victim.

Once CopperStealer has taken hold on a PC it begins working quietly in the background as it harvests user information. In particular, it’s exceptionally hungry for login credentials; details for major platforms such as Amazon, Google, PayPal and Twitter have all been targeted by CopperStealer. These are all websites that are used by organizations to store huge amounts of personal data, so the threat that CopperStealer represents is serious. As well as this major threat, CopperStealer also finds time to download additional malware in order to compromise infected systems even further.

How To Protect Yourself from CopperStealer

There is one simple move you can make to defend yourself against CopperStealer: don’t get involved with illegal downloads. Not only is there the threat of unwanted malware being bundled with them, but you risk installing unpatched software without the safety net of available support. Thankfully, CopperStealer is far from sophisticated, certainly compared to other contemporary malware, and can easily be removed with anti-malware software such as AVG and Kaspersky products. Naturally, you will want to make sure that your anti-malware application is fully up to date to protect against all the latest threats.

Final Thoughts

The temptation of illegal downloads, especially when we are living in a time of economic turbulence, is strong, but it pays to resist it. If, for example, your PayPal credentials are stolen then you and your customers could face some significant financial hardship. Therefore, it’s crucial that you always pay for your software. This will, as discussed, ensure you receive regular updates and patches as well as providing you with peace of mind that your software is clean.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Exchange Email Vulnerability Hits 30,000 US Firms Hard

Cyber Security, Data Security, email security, Hackers, Microsoft, Online Security, Ophtek, Software Security Patches, , , , ,
09
Mar 2021

Vulnerabilities in the Microsoft Exchange Server software have led to 30,000 US businesses being hacked. And it’s a very dangerous hack.

A total of four vulnerabilities have been discovered in Microsoft Exchange Server (MES) which has allowed hackers to carry out numerous attacks. The hackers appear to be part of a Chinese cyber-espionage group who specialize in stealing email communications. It’s believed that hundreds of thousands of firms have been attacked with at least 30,000 of them being US-based. As email is a crucial part of any modern business, it’s not an exaggeration to say that the MES hack is a major threat.

What is the Microsoft Exchange Server Hack?

The MES hack appeared, at first, to be concerned with stealing email data from organizations that were running the server through internet-based systems. The four vulnerabilities, present through MES versions 2013 – 19, allowed the hackers easy access to emails. However, the hackers – who Microsoft have called Hafnium – did not stop at stealing emails. Once they had access to affected systems, they also installed a web shell. This granted Hafnium the opportunity to gain remote access and full administrator privileges. The web shell is password protected and ensures that disrupting the hackers’ access is highly difficult.

Microsoft quickly formulated a security patch to eliminate the vulnerabilities, but many organizations have failed to install the MES patch. As a result, these organizations remain at risk. And, to make matters worse, Hafnium still has them in their sights. Using automated software, Hafnium is actively scanning the internet for any organizations using unpatched versions of MES. This allows the hackers to continue their campaign of data theft and disruption. It also appears that Hafnium is not fussy about who they target. Industries as wide ranging as NGOs through to medical researchers and legal firms have all been infiltrated by the MES hack.

Protecting Against Vulnerabilities

When it comes to attacks such as the MES hack it’s vital that patches are installed as soon as possible. The longer your system is unpatched then the chances of it being breached are exceptionally high. And, if you give a hacker enough time, there’s the chance of additional malware such as ransomware being installed. Setting your updates to ‘automatic install’ is the simplest and quickest way to minimize this risk. This will ensure that any security updates are in place the moment they are available.

But you can’t rely on a patch alone. Patches are not always available in time. And this means that you run the risk of having your systems breached and data stolen. Therefore, make sure that you also implement these procedures:

  • Monitor traffic entering and leaving your network to identify any potential breaches. Unusual levels of traffic can often indicate that hackers have taken control of your network.
  • Segment your network where possible. By separating your network into several different segments, you are limiting the access that a hacker has if they infiltrate your system.
  • Employ two-factor authentication procedures for gaining administrator privileges. This should make it next to impossible for hackers to take full control of your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows Defender Needs Defending

Cyber Security, Data Security, Defender, Ophtek, PC Security, Security, Windows Defender, , ,
26
Jan 2021

You would like to think that your security software keeps you secure and, on the whole, it will. But there is the chance it could be turned against you.

One of the most trusted anti-malware tools is Microsoft’s Windows Defender app. Originally launched in 2005 – as Microsoft AntiSpyware – Windows Defender is a free tool which offers real-time protection against infected files and websites. It’s a highly effective piece of software and one that all Windows users should ensure is running. But, in an ironic twist, Windows Defender has fallen victim to a vulnerability. And, as you would expect, hackers have been keen to capitalize on it.

The Windows Defender Vulnerability

The basic process of Windows Defender is that it scans files and activity on a PC for any malicious potential. If these files are considered suspicious then they will be quarantined by Windows Defender; the user then has the option to either restore or delete the file. However, a problem has been discovered in Windows Defender in the form of CVE-2021-1647. This code, allocated by Microsoft, indicates that it’s a vulnerability in Windows Defender which allows remote access to the app.

By allowing remote access to Windows Defender, this vulnerability grants hackers the chance to turn the app against its user. Instead of scanning malicious files and quarantining them, remote users will program Windows Defender to execute these files. Therefore, a hacker could send infected files to a user safe in the knowledge that Windows Defender will do the hard work for them. It’s a serious threat and one which could cause major problems for your network in a matter of seconds. The exploit has been recorded as active in the digital wild, so this demonstrates that hackers have been aware of it for some time.

Defending Windows Defender

It may sound a tall order to defend a piece of software there to defend you, but this is the world we live in. Thankfully, putting safety measures in place is relatively simple. The vulnerability in question has been fixed thanks to a patch swiftly released by Microsoft. This will be installed automatically and requires no work on the user’s part. Naturally, this does not mean that Windows Defender is 100% secure, the threat of further exploits being discovered remains a possibility. But, by ensuring that automatic updates are in place, your system will be safer than before.

Final Thoughts

Vulnerabilities in PCs are all too common and even Microsoft are not immune from these flaws in their products. The Windows Defender vulnerability – and others such as Zerologon – underline the importance of installing updates. The simplest way to secure your PC is by making sure it has the best chance to defend itself. Accordingly, updates need to be installed as soon as possible. When it comes to Microsoft updates, these can be set to install automatically. This gives you the best chance of staying ahead of exploits and any hackers using them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Things That Are Slowing Your PC Down

Best Practices, Data Security, Data Storage, disk cleanup, Hacking, IT Efficiency, Ophtek, PC Tips, PC Tools, Speed, , , ,
29
Sep 2020

We live in a high speed age which allows us to be more productive than ever, but if anything can throw a wrench in the works it’s a slow PC.

The experience of a slow and sluggish PC is one that everyone is familiar with. And dealing with this frustration never gets easier. In fact, a PC which regularly slows down can have a serious impact on your job productivity. The complexities of the inner workings of a PC mean that identifying the exact cause is difficult. But this doesn’t mean you need to continue struggling.
It’s possible, with relative ease, to employ a number of methods and practices that will help restore your PCs speed.

5 Steps Towards a Faster PC

If you want to start ramping your productivity back up then make sure you look at the following:

  1. Defragment Your Hard Drive: A PC is, essentially, a data storage device. But the data stored on a PC needs to be retrieved every time it’s required. And the more data you store on your PC the more uneven this data distribution is. The end result is fragmented data that becomes increasingly harder to piece together. Naturally, this means that processes take longer to complete. Performing a disk defragmentation will help to reorganize your data and can easily be achieved with the Microsoft Drive Optimizer app.
  2. Browser Add-Ons: Installing add-ons to your web browser can help to maximize your online productivity, but too many can start to slow down your browsing experience. It’s common, however, to install add-ons that soon fall into disuse and no longer serve any purpose. Therefore, if your speed issues are only apparent when you’re using your browser, it may be worth evaluating your active add-ons and disabling any you don’t need.
  3. Start-up Programs: When a PC loads up it will automatically load up a long list of programs that are listed in your System Configuration. The more programs that are listed in System Configuration then the longer your PC will take to load up. Many of these programs, though, are not necessary during the start-up process e.g. a messaging app that you don’t use regularly. To avoid a bloated start-up experience just head into MSConfig and check what’s included in your start-up.
  4. Hard Drive Space: Your hard drive may, for example, have a capacity of 500GB but it’s not recommended to fill it to breaking point. The operating system on your PC needs a certain amount of hard drive space to carry out essential tasks such as creating temporary files. And if this space isn’t available then your PC will struggle to operate correctly. Regularly evaluating what is on your PC and what can be removed is crucial to avoid this.
  5. Malware: Hackers are keen to take control of PCs through the use of resource-heavy malware. Depending on the nature of the malware, such as a DDoS attack, your PCs memory can soon become overloaded and grind to a halt. Accordingly, you need to maintain good security practices to prevent the impact of malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4