email links Archives

Email Threads Are Being Hijacked to Spread Malware

attachments, email links, fake emails, Hijacks, multi factor authentication, Ophtek, Updatesattachments, email links, fake emails, Hijacks, multi-factor authentification, Ophtek, updatesOphtek, LLC

Apr 2022

A new method for spreading malware online has been discovered, and it involves taking advantage of email threads to deploy malware loaders.

Email threads can quickly build, especially if there are more than two participants. As such, it can be difficult to keep up with who is saying what and, crucially, who is attaching files to the thread. Accordingly, this creates the perfect scenario for threat actors to get involved and turn the situation to their advantage. And, as a result of a vulnerability in Microsoft Exchange servers, this is exactly what has been happening.

If you work in any modern organization, the chances are that you use email on, at least, an hourly basis to keep up to date with the rest of the world. Therefore, this new threat is one that you need to understand.

How Email Threads are Being Hijacked

This latest campaign is particularly deceptive and relies on the presence of unpatched Microsoft Exchange servers. This email service is commonly used by businesses to synchronize email between an Exchanger server and an email client e.g. Outlook. The vulnerability offered up by these unpatched servers allows hackers to harvest login credentials; the threat actors are then presented with the opportunity to illegally access specific email accounts. Once they are logged in, the hackers can view all the email threads that the account is involved with.

By viewing the various email threads, the hacker can then decide which is best to launch their attack through. All they have to do is choose an email thread and start replying to it. More crucially, they will also attach some infected attachments. These are packaged within a ZIP archive and comprise an ISO file which contains both a DLL file and an LNK file. Once the LNK file is activated, it will run the DLL file and activate the IcedID malware loader. IcedID is a well-known banking trojan which can steal financial information, login credentials and start the installation of further malware.

Protecting Your Emails

First and foremost, it’s vital that you install new updates as soon as they are available. This will instantly minimize the chances of vulnerabilities being exploited on your network. Fail to implement these upgrades, however, and you could fall victim to attacks such as the one we have been discussing. In addition to this, it also pays to take notice of the following:

Verify Any Email Attachments: if, in the middle of an email thread, a suspicious file attachment suddenly appears, verify it with the person it appears to have been sent by. However, do not do this over email; if the email account has been compromised then the hacker will simply confirm it is genuine. Instead, speak in-person or over the phone to the sender to get confirmation.

Use Multi-Factor Authentication: one of the simplest ways to reduce the impact of stolen login credentials is by strengthening the login procedure with multi-factor authentication. This approach will provide an extra layer of security and ensure that any threat actors will struggle to navigate their way through it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Ukraine Hit by Wiper Malware

Backup, email links, Ophtek, Segment Network, Ukraine, Wiper Malwarebackup, email links, Ophtek, segment network, Ukraine, wiper malwareOphtek, LLC

Mar 2022

As with all aspects of modern life, everything is a target for cybercriminals, even war. And this has been demonstrated with wiper malware attacking Ukraine.

Amidst its conflict with Russian, Ukraine has also had to contend with hundreds of its computers falling victim to a strain of data wiper malware. As the name suggests, wiper malware is used to wipe hard drives clean of any data. While this sounds like ransomware, and indeed wiper malware often promises the return of data for a fee, the chances of retrieving this data from the hackers is zero. It’s a powerful and destructive cyber-attack, one which has the potential to cause significant damage not just to security, but also IT infrastructures.

It’s an attack method which could strike anywhere at any time, you don’t have to be in Ukraine. Therefore, it’s crucial that we understand how wiper malware works. And, more importantly, how to protect your data.

The Cyber-Attack on Ukraine

The wiper malware in this opportunistic attack, which comes at a time of intense internal chaos, has been identified as HermeticWiper. It followed on from an earlier attack which had targeted Ukraine’s banks through a number of co-ordinated DDoS attacks. It came several hours before Russia launched its invasion campaign but, as yet, nobody has been identified as being behind the attack. What is known is that it’s a new strain of malware which, according to its date stamp, was created towards the end of 2021. Clearly, this attack had been in the works for some time.

Once downloaded onto a PC, HermeticWiper sets about wiping all the data from its hard drive. It achieves this objective by taking advantage of existing disc and storage management software. With this software compromised, HermeticWiper turns it against the PC to corrupt any data within its grasp and then reboots the PC. But it doesn’t stop there. HermeticWiper is also keen to attack any data recover software on the machine and also interferes with the hard drive’s rebooting system.

How Do You Stop Wiper Malware?

The government of Ukraine has a significant reach and has appealed to its native hackers to assist in protecting the country’s IT infrastructures. Unfortunately, almost all organizations will struggle to raise this level of support. But there’s still plenty you can do:

Backup Carefully: it’s unlikely that you will be able to retrieve the original copies of your data, but if you backup correctly you shouldn’t have any problems. Malware, of course, can spread through networks like wildfire, so it’s important that you keep copies of your backups on isolated networks. And, don’t forget, multiple backups on different storage mediums is key to retaining your data.

Be Email Aware: email is one of the most common methods for distributing malware and it’s surprisingly easy to fall victim to these attacks. All it takes is a momentary lapse in concentration, such as not checking a link correctly, for malware to take hold of your PC. Therefore, always hover your mouse cursor over links to identify their true destination and, to be completely sure, ask an IT professional to verify the link before doing anything.

Act Quickly If Infected: as soon as a wiper-malware is attacked, it’s critical that you begin segmenting your networking to minimize the malware’s spread. While this will not protect all your data, it will allow you to save large chunks of your data. Accordingly, it’s important you ensure your networks are constantly monitored for unusual activity to help you launch a contingency effort such as this.

For more ways to secure and optimize your business technology, contact your local IT professionals.

3 Million Windows PCs at Risk of Login Credential Theft

attachments, email links, malware, Ophtek, Updates, Windows PCattachments, links, Login, malware, Ophtek, updates, Windows PCOphtek, LLC

Jul 2021

Login credentials are a sure-fire way to protect your IT systems. But hackers are now using a new piece of malware to steal them from your organization.

User ID / Password combinations have been a cornerstone of IT security since the earliest days of computers. Traditionally, it was almost impossible to guess both of these values. The only option a hacker had was to literally look over the shoulder of the user as they entered the details. But a lot has changed in the way we use computers since then. And the possibilities created by the internet mean that hackers can now steal login credentials from anywhere in the world. All they need is some malware and a potential victim.

A new piece of malware has recently been discovered which has been used in a large scale attack, so it’s important we take a closer look.

What is this Latest Attack?

This latest malware – discovered by Nord Security and currently unnamed – to hit the digital headlines is classified as a Trojan. As the name suggests, a Trojan is a piece of malware which disguises itself as genuine software, but contains malicious code. Little is known about the origins of this latest malware or its exact mechanisms, but its strength is beyond question. This has been demonstrated by the malware carrying out the following:

Infecting three million Windows PCs
Stealing 1.2TB of data which includes email addresses, cookies and over six million individual files
Using infected PCs in-built webcams to take photos of the victims

How Do You Avoid Falling Victim to Malware?

Malware is a complex threat to tackle due to the ease with which it can be constructed by hackers. This allows the hacker to give their malware an individual blueprint with unique features that are difficult to detect. Even the best defenses in the world can easily fall victim to malware. Nonetheless, you are far from helpless when it comes to combatting the threat of malware. To help strengthen your defenses, make the following part of your security structure:

Always Verify Links: Almost every website and email will contain at least one link. But these links can easily be disguised to contain something nasty. A link may, for example, claim to take you to a Microsoft security fix, but the true destination within the link may be for a malicious website. Therefore, always make sure you hover your cursor over links to reveal their true destination.

Double Check Email Attachments: Highly powerful malware can easily be packed into a small file and delivered as an email attachment. Accordingly, you need to be suspicious of all files entering your organization. Even if an email is received from a reputable source you need to remain vigilant. Genuine email addresses can easily be hacked and used to spread malware. If something doesn’t feel right about an email then check with an IT professional.

Install all Updates: All software and hardware is prone to vulnerabilities due to the amount of code involved in their operation. And these vulnerabilities provide hackers with quick and easy access to your IT systems. Thankfully, manufacturers regularly issue security patches to plug these holes. Make sure that these are always installed quickly to minimize any risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How Do You Reduce the Risk of Phishing Attacks?

email links, Password Security, Phishing, Phishing Email, Security, Security Threatsemail, phishing, security, vulnerabilityOphtek, LLC

Oct 2018

Thanks to the power of social engineering, phishing remains a powerful method of hacking organizations. Reducing this risk, therefore, is crucial.

Phishing has been active since the early days of the internet and, unfortunately, it doesn’t appear to be going anywhere soon. Thankfully, you don’t have to fall victim to these deceptive attacks as there is plenty that any organization can do to protect its data. And, don’t worry, it doesn’t involve investing millions in state of the art technology. All it takes is a little bit of common sense and an understanding of how phishing attacks work.

To get you started we’re going to show you how to reduce the risk of phishing attacks.

Antivirus Software is Key

One of the best ways to reduce phishing emails is by working with antivirus software. Capable of scanning attachments and analyzing links contained within emails, a good antivirus software can easily target the two main ways that phishing attacks unleash their payload. However, as with all software, it’s important that you update it regularly and install updates immediately. Phishing attacks can spread round the world very quickly, so you need to stay one step ahead of them.

Keep Up to Date with Phishing Attacks

Hackers are constantly developing their techniques and tweaking their methods, so it’s vital that you keep an eye on what’s happening in the world of phishing. New attack methods can be launched very quickly and be in your inbox within a day, so make sure that you’re regularly monitoring IT news sources to prepare yourself for any incoming threats.

Educate Your Employees

The main targets of any phishing attack against your organization will be your employees, so they have to be educated in order to prevent any data breaches. The basics of phishing are relatively simple, so the training doesn’t need to be too in-depth. All you have to do is ensure that these basics are hammered home so that employees know how to spot a phishing email and how to deal with it.

Practice Phishing Attacks

A popular method for reducing the risk of phishing attacks is by running regular exercises to test your employees. For example, fake phishing emails can be randomly emailed to your employees that test whether they are susceptible to phishing scams or not. Usually, these emails will contain a fake link that urges them to complete something on behalf of the company – such as IT training – but the actual URL contained will be a ‘malicious’ one. Those employees that fail to spot the ‘malicious’ link can then be asked to take a refresher training course.

Combine All Your Preventative Methods

The key to reducing the risk of phishing attacks is by combining all of the above into one multi-faceted security approach. An amazing antivirus software solution, for example, isn’t effective enough on its own. Instead, you need a firm knowledge of the phishing landscape, amazing employee training and regular tests to guarantee that you can tackle phishing on all fronts.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Basics of How Phishing Works

email links, Phishing, Phishing Email, Security, Security Threatsemail, phishing, security, vulnerabilityOphtek, LLC

Oct 2018

You’ve read the headlines and you may even have been a victim of phishing, but what is it and how does it work?

Phishing is a highly dangerous form of hacking which can compromise sensitive data and cause significant disruption to the running of a business. One of the main reasons that phishing has become such a successful method of wreaking digital havoc is down to a lack of knowledge on the behalf of PC users. While phishing is far from the most complex hacking technique, the average PC user is unlikely to know the ins and outs of phishing.

As we know that time and productivity is a valuable asset for your organization, we’re going to take a look at the basics of how phishing works.

What is Phishing?

Let’s get one thing straight, phishing is nothing like sitting by a lake and peacefully fishing. In fact, it’s far from enjoyable, but there is one element that remains the same. And that’s the use of bait. You see, phishing thrives upon the use of bait to obtain information out of an innocent party. The most common way to phish, in the digital landscape, is through an email. And, within this email, will be a piece of bait with which the hackers plan to land a prize catch.

Leaving the world of fishing behind, a phishing email is one which uses a number of deceptive techniques to extract sensitive data such as login details, bank details or even secure data such as customer database spreadsheets etc. Essentially, phishing is one big con and, as with all cons, gaining the trust of the victim is crucial to success. That’s why hackers are so keen to appear genuine when they send their phishing emails.

The classic example of a phishing email is one that claims to have been sent from a bank to verify your login details. A scare tactic will usually be employed, such as a report of unusual activity on the account, in order to encourage a swift response which foregoes any rational thought. A link will be included in the email which the user is advised to click in order to go through a series of security checks. However, clicking this link will take you to a malicious website – even if it looks genuine – where your data will be harvested to help fuel identity theft or, in extreme cases, a loss of funds.

Why Does Phishing Work?

You may be wondering why people fall for phishing scams and the simple truth is that it’s down to a lack of concentration and analysis. Phishing takes advantage of these weaknesses on both individuals and security software. By planting a seed of trust, such as promising to safeguard your personal data, the hacker can, in fact, do the complete opposite and use this trust to harm you.

Key to successful phishing emails is the use of social engineering to convince recipients that the emails are genuine. Phishing emails will be packed full of official company logos and it’s even possible for hackers to spoof official email addresses in the From: section of an email. And, for people busy at work, it’s easy for them to take their eye off the ball for just a fraction of a second. As a result, links are clicked that shouldn’t be clicked and hackers land their prize catch.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 Next »

Category Archives: email links

Antivirus Software is Key

Keep Up to Date with Phishing Attacks

Educate Your Employees

Practice Phishing Attacks

Combine All Your Preventative Methods

What is Phishing?

Why Does Phishing Work?