What Do You Need in Good Antivirus Software?

anti malware, Antivirus, Cyber Security, Data Security, email security, firewall, Ophtek, , , , ,
27
Jul 2021

Antivirus software is a sure-fire way to keep your PC protected against malware. But you need to make sure it has the right features for your organization.

No two pieces of antivirus software are the same. And there are a lot of different antivirus tools available. In fact, if you google the term “antivirus software” you will be faced with 175 million search results. Not surprisingly, the sheer range of options available can make choosing one a daunting task. But it doesn’t need to be this difficult. All you need to do is understand what the most important features are in antivirus software.

The Essential Antivirus Software Features

As I advised earlier, there are many different antivirus tools trying to get your attention. And they all contain a collection of different features. The most essential ones that you should be looking for are:

  • Firewall Availability: Many antivirus software packages will include a firewall and this feature can prove invaluable. It’s a tool which is employed to monitor all incoming and outgoing connections to your network. Essentially a barrier between your organization and the internet, a firewall allows you to restrict access to any unidentified connections while recognized and permitted connections can operate freely.
  • Email Scans: One of the best ways for a hacker to gain access to your organization’s network is via email. It’s a venture which typically succeeds when an infected email attachment or malicious link is activated by the recipient. And these infections can be very powerful. Ransomware is easily spread through malicious emails and phishing scams, of course, are particularly prevalent. Thankfully, many pieces of antivirus software can scan all incoming emails to evaluate the danger contained within.
  • Download Protection: Most files that you download from the internet will be fine e.g. software installation packages or even plain old spreadsheets. But there’s always a chance that you may download some malicious software. And, in many cases, it’s easy to find yourself fooled by authentic looking websites. A good antivirus suite, however, should be able to scan all downloaded files in real time to verify if they are safe. Often, if the file is hosted on a malicious website, antivirus software will not even allow you access to the site in the first place.

Final Thoughts

Basic antivirus software is available for free and, despite some limitations in its functionality, can provide you with powerful protection. However, when you start paying for antivirus software you can expect to gain even more features and some much-needed technical support. Regardless of which option you go for, though, antivirus software should be an essential part of any organization’s fight against cyber-crime.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Exchange Email Vulnerability Hits 30,000 US Firms Hard

Cyber Security, Data Security, email security, Hackers, Microsoft, Online Security, Ophtek, Software Security Patches, , , , ,
09
Mar 2021

Vulnerabilities in the Microsoft Exchange Server software have led to 30,000 US businesses being hacked. And it’s a very dangerous hack.

A total of four vulnerabilities have been discovered in Microsoft Exchange Server (MES) which has allowed hackers to carry out numerous attacks. The hackers appear to be part of a Chinese cyber-espionage group who specialize in stealing email communications. It’s believed that hundreds of thousands of firms have been attacked with at least 30,000 of them being US-based. As email is a crucial part of any modern business, it’s not an exaggeration to say that the MES hack is a major threat.

What is the Microsoft Exchange Server Hack?

The MES hack appeared, at first, to be concerned with stealing email data from organizations that were running the server through internet-based systems. The four vulnerabilities, present through MES versions 2013 – 19, allowed the hackers easy access to emails. However, the hackers – who Microsoft have called Hafnium – did not stop at stealing emails. Once they had access to affected systems, they also installed a web shell. This granted Hafnium the opportunity to gain remote access and full administrator privileges. The web shell is password protected and ensures that disrupting the hackers’ access is highly difficult.

Microsoft quickly formulated a security patch to eliminate the vulnerabilities, but many organizations have failed to install the MES patch. As a result, these organizations remain at risk. And, to make matters worse, Hafnium still has them in their sights. Using automated software, Hafnium is actively scanning the internet for any organizations using unpatched versions of MES. This allows the hackers to continue their campaign of data theft and disruption. It also appears that Hafnium is not fussy about who they target. Industries as wide ranging as NGOs through to medical researchers and legal firms have all been infiltrated by the MES hack.

Protecting Against Vulnerabilities

When it comes to attacks such as the MES hack it’s vital that patches are installed as soon as possible. The longer your system is unpatched then the chances of it being breached are exceptionally high. And, if you give a hacker enough time, there’s the chance of additional malware such as ransomware being installed. Setting your updates to ‘automatic install’ is the simplest and quickest way to minimize this risk. This will ensure that any security updates are in place the moment they are available.

But you can’t rely on a patch alone. Patches are not always available in time. And this means that you run the risk of having your systems breached and data stolen. Therefore, make sure that you also implement these procedures:

  • Monitor traffic entering and leaving your network to identify any potential breaches. Unusual levels of traffic can often indicate that hackers have taken control of your network.
  • Segment your network where possible. By separating your network into several different segments, you are limiting the access that a hacker has if they infiltrate your system.
  • Employ two-factor authentication procedures for gaining administrator privileges. This should make it next to impossible for hackers to take full control of your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Very Basics of Good IT Security

anti malware, disable employee access, email security, IT Best Practices, Ophtek, Password Security, Safety, Security, Security Threats, two factor, , , , ,
18
Jun 2019

Cyber-crime remains a major threat to any organization that works with IT, but the basics of IT security are often the best way to counter this threat.

It’s difficult to avoid the fact that cyber-attacks are reaching record levels. IT systems are less secure than ever and need protecting. And that’s where your organization needs to take up the baton. Protecting these systems may sound like a monumental task, but it’s a lot easier than you think. Key to success is following the basics of IT security. The simplicity behind these processes is remarkable and can make a significant difference.

It’s crucial that you know what these are, so let’s take a look at the very basics of good IT security

Understanding the Basics

The complexity of IT systems often means they’re difficult to work with. And from this complexity comes flaws in security. The good thing is that IT security doesn’t have to be difficult. The best way you can help protect your IT system is by following these basics:

  • IT Inductions: You should never assume that new employees have a solid understanding of IT security. And that’s why your staff should always have to complete an IT induction. Not only will this familiarize them with the technology you use, but it allows you to run through the basics of cyber threats. This knowledge can make a real difference in strengthening your defenses. 
  • Disable USB Ports: The level of damage that USB devices can cause is shocking and unbelievable. Your employees are unlikely to be aware of this threat. To them, a USB port is simply a handy device for charging their mobile device. The truth is much different. This threat can be extinguished by disabling the USB ports. This can be achieved by adjusting the USB settings for your employees. 
  • Use Antivirus Software: It may feel like a simplistic step in IT security but antivirus software remains essential. Good antivirus software can recognize malware within milliseconds and flag it. A manual scan will never be able to match this. And your employees wouldn’t know what they were looking for. The vast databases in use and the speed in which they operate ensures that antivirus software is a must have in business. 
  • Assign Privileges Accordingly: Different employees will need different network privileges. These variations arise from the different tasks they perform within your IT system. Certain departments, for example, will need access to one drive whilst another department will not. Understanding these differences is critical. Once the necessary privileges have been identified then you can minimize the risk of cyber-attacks spreading through the entire system.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What is the Difference Between Malware, Ransomware and a Virus?

Cyber Attack, Cyber Security, email security, Hackers, Hacking, malicious code, Ophtek, Ransomware, Security, Security Threats, , , , ,
26
Mar 2019

The terminology used to describe various hacks and security threats usually includes the terms malware, ransomware and virus, but what exactly are these?

It can get a little confusing when discussing the various security concerns that are floating around and this confusion can lead to a lapse in security. After all, if you’re reading about malware, but don’t know exactly what it is you’re reading about, then you’re going to be unable to act against it. And that’s why we’re going to take the time today to explore each particular category in a little more detail.

What is Malware?

Malware is very much an all-encompassing term for any form of malicious software, so this can include ransomware and viruses. However, we’re going to cover those two categories in depth later, so for now we’ll look at some other types of malware:

  • Spyware: Installed on a user’s PC without their knowledge, spyware is software that can be used to track user activity and then transmit this to a remote server e.g. keystrokes can be recorded to determine and steal login details.
  • Bots: Capable of bringing entire networks to a halt, bots are a particularly troubling form of malware that can easily harness the power of an infected PC to carry out spam email campaigns or DDoS attacks.
  • Rootkits: Highly conspicuous and deceptive, rootkits allow hackers to take control of infected PCs from a remote location. Usually installed at a root level, hence the name, rootkits provide privileged access to the victim’s PC.

What is a Virus?

Much like the common cold, a computer virus is an infection which can spread quickly and effectively. Exposure to a computer virus usually occurs when the PC encounters an infected website or file. Following this exposure, the virus is downloaded to the PC and executed. And this can generate the following results:

  • The PC startup process can become corrupted and leave users unable to log on to their workstation.
  • Performance levels can suddenly drop as your PCs processing power is handed over to the virus’ tasks.
  • PCs can find themselves spammed by numerous popup adverts which, if they’re particularly virulent, can soon crash the computer or slow it down significantly.

What is Ransomware?

Ransomware has grabbed countless headlines over the last few years and it remains a pressing concern for any business. Most commonly spread through phishing emails, ransomware’s main objective is to extort a ransom in exchange for the release of files it has encrypted.

Once the ransom has been paid then the hackers should, in theory, supply a key to decrypt the files. However, it’s becoming increasingly common for hackers to take the ransom, which is usually demanded in untraceable cryptocurrency, and leave the compromised files encrypted.

Final Thoughts

Whether you find your PCs affected by malware, a virus or ransomware, it’s clear that they spell danger for your organization. It may sound a little clichéd, but when it comes to malicious software then prevention is the best cure. And one of the best ways to prevent your PCs from falling foul of infection is by educating yourself on exactly what you’re up against.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Scottish Brewery Hit by the Dharma Ransomware

Dharma, email security, Phishing, Phishing Email, Ransomware, Security, , , ,
23
Oct 2018

Ransomware continues to cause chaos for organizations with the latest story to hit the news concerning a Scottish brewery infected by the Dharma ransomware.

While it has been reported that ransomware attacks have fallen by 30% in the last 12 months, the fact remains that they’re still capable of causing significant disruption. In the case of the Arran Brewery on the Isle of Arran, Scotland, the organization had to accept that they would lose around three months’ worth of sales data due to the effects of the attack. This, of course, is the last thing that any business wants and acts as a fine reminder that we need to be on guard against ransomware.

To help provide a little background and demonstrate how the attack unfolded, we’re going to take a closer look at what happened.

Attacking the Brewery

What’s most interesting about the attack on the Arran Brewery is that it would appear the attackers deliberately targeted the brewery. Instead of a scattershot approach which targeted multiple organizations, the hackers focus was clearly on the Arran Brewery. Just before the attack, multiple adverts for a job at the Arran Brewery (which had already been filled) appeared on recruitment sites all over the globe. Naturally, the brewery received a sharp increase in the number of CVs being emailed in but, unfortunately, one of the emails contained a malicious payload.

The payload was contained with a PDF attachment which, when opened, initiated the attack and infected the entire network. Following the encryption of the Arran Brewery’s files, a ransom demand was issued which advised that the encryption keys would only be released in exchange for 2 bitcoin (roughly $14,000). Thankfully, an IT consultant was able to retrieve a significant amount of the encrypted data from backups and rid the system of the infection. However, certain files couldn’t be restored and, due to it not being economically viable to pay the ransom, the Arran Brewery decided to write off three months’ worth of sales data.

What is Dharma?

Dharma is a strain of ransomware which was first released in 2016 and has regularly been updated ever since due to the emergence of Dharma decryptors. In September 2018, for example, three new variants emerged which are resistant to previous decryptors. When files are encrypted by Dharma they will automatically append a new file extension onto the existing file and these extensions can include:

  • .dharma
  • .cesar
  • .onion
  • .wallet
  • .zzzzz

Final Thoughts

If anything acts as a reminder that organizations need to be vigilant against ransomware then it’s a current and contemporary threat. Dharma could easily hit your organization next, so you need to ask yourself whether you can afford to lose three months’ worth of data. I’ll let you into a little secret: no one wants to lose three months’ worth of data. Therefore, it’s crucial that you reiterate the importance of email security to your employees in order to maintain access to all your data at all times.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2