Hackers Archives - Page 4 of 7

Log4Shell Vulnerability Hits Major Web Services

Hackers, Javascript, Log4Shell, Ophtek, Software Security Patches, zero-dayhackers, Java, Log4Shell, Ophtek, software secuirty patches, zero dayOphtek, LLC

Dec 2021

A new zero-day exploit has been discovered which could easily disrupt the services of several major online platforms such as Twitter, Minecraft and Steam.

The vulnerability, which has been named Log4Shell, was recently discovered by LunaSec’s security researchers. It was first located within the Minecraft platform, which is operated by Microsoft, and has since been found in many other online services. The exploit was found in an open source logging utility known as Apache Log4j, an essential tool which is necessary in most Java-based apps and servers. It’s estimated that thousands of companies are likely to be at risk due to this vulnerability.

Vulnerabilities remain a major threat for every organization that employs an IT infrastructure, so we’re going to take a closer look at Log4Shell to see what lessons can be learned.

How Does the Log4Shell Vulnerability Work?

Log4Shell is known as a zero-day exploit and this means that it’s a natural vulnerability, likely due to an oversight on the original coders, which has been discovered but not yet patched. Hackers are determined individuals and are constantly focusing their efforts on analyzing software for vulnerabilities. Once a vulnerability is discovered, hackers can take advantage of it and, for example, gain unauthorized access to web servers. And, if like Apache Log4j, it’s a widely used utility, the hackers can replicate this attack against numerous organizations.

Web monitoring services have detected that around 100 hosts are actively scanning the internet to identify services which are running Apache Log4j. This scanning process is automated, so it can be left running continuously. Once platforms running Apache Log4j are identified, hackers have a relatively easy victim in their sights. All it would take is for the exploit to be taken advantage of and, very quickly, the hackers would be able to move deeper into the IT infrastructures of some major online businesses.

Protecting Yourself Against Vulnerabilities

Vulnerabilities such as Log4Shell are, unfortunately, inevitable due to the complexity of building software. Open source software, in particular, is difficult to police once it has been released and, of course, human error means nothing will ever be 100% secure. No specific damage has, as of this time of writing, been associated with the Log4Shell exploit, but the number of individuals at risk is very concerning. Thankfully, Apache have quickly developed a security patch for Log4j which will counter the vulnerability once it is installed.

The key takeaway from the Log4Shell vulnerability is that security patches are crucial. These need to be installed as soon as possible to mitigate any potential security breaches. However, there are other steps you can take minimize your risk:

Monitor your network activity for any unusual spikes in traffic or unknown destinations making connections. These indicators could be evidence that your infrastructure has been exploited.

Installing a strong firewall will allow you to restrict the flow of internet traffic in and out of your organization. A fully configurated firewall should quickly put the brakes on any unauthorized access to your network.

Protect devices on your network by using powerful security tools. These will provide you with a number of options for limiting the movements of hackers through your network if they manage to gain access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1.2 Million GoDaddy Users Hit By Managed WordPress Hack

GoDaddy Breach, Hackers, Hacking, Ophtek, Password Security, strong passwordsGoDaddy Breach, hackers, hacking, Ophtek, password security, strong passwordsOphtek, LLC

Dec 2021

Web hosting is an integral part of how the modern internet works, but what happens when a provider finds themselves the victim of a hack?

GoDaddy is one of the most popular web hosting providers in the world with an estimated customer base of over 20 million users. Through GoDaddy it’s possible to use their Managed WordPress service to build and host WordPress websites. And, with around 64 million websites currently being powered by WordPress, it’s clear to see why GoDaddy has focused on this platform. Online popularity, however, will always put you in the targets of hackers. A recent breach of GoDaddy’s Managed WordPress service has demonstrated this by hitting 1.2 million of their customers.

How Did GoDaddy Get Hacked?

GoDaddy’s Managed WordPress environment contains huge amounts of data. Not only is there access to the source code for hosted websites, but customer’s personal data is also stored there e.g. email addresses, login credentials and site security certificates. These are data sources which have the potential to cause widespread digital devastation. Email addresses can be used to power phishing campaigns, login credentials give hackers the ability to hijack websites and manipulating security certificates can result in malware being downloaded to unsuspecting victims. But how exactly did one of the world’s most powerful web hosting providers get hacked?

The attack appears to have started in early September 2021 and stemmed from a password becoming compromised. The password in question allowed a third party to gain unauthorized access to GoDaddy’s Managed WordPress system. From here, the hackers were able to harvest the previously mentioned data. Unfortunately, for GoDaddy’s customers, it appears that the passwords being stored for Secure File Transfer Protocol were not encrypted and were available in plaintext. Naturally, this made it much easier for hackers to harvest even more data more quickly. And, worst of all, the attack was not picked up for over two months.

Preventing Similar Breaches in the Future

After discovering the hack, due to suspicious activity being detected on their servers, GoDaddy have moved swiftly to limit the damage. All affected login credentials have been reset and GoDaddy are currently issuing new site security certificates. However, the nature of this breach is a damning indictment of GoDaddy’s security measures. Passwords should be secure. The best ways to prevent such breaches taking place are:

Strong Passwords: A strong password is one that is judged difficult to guess. The best way to achieve this is by using a mixture of uppercase characters, lowercase characters, numerical characters and symbols. Mixing these different elements together minimizes the odds of a hacker guessing lucky. Additionally, don’t go for obvious password choices such as your name or your date of birth.

Regularly Change Your Passwords: Another sure-fire way to prevent your password being compromised is by changing it regularly. An ever-changing password makes it much harder for hackers to take advantage of leaked login credentials, so make sure your employees are prompted to change their passwords every month.

Don’t Write Your Passwords Down: One of the most common ways for a password to be stolen is by having it written down. This increases the risk of it being stolen compared to a password which you have memorized or stored within a secure password managed app.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What are Initial Access Brokers?

Cyber Security, Hackers, IAB, Initial access brokers, Ophtek, RansomwareCyber Security, hackers, IAB, Initial access broker, Ophtek, ransomwareOphtek, LLC

Aug 2021

Gaining access to an unauthorized network is every hacker’s dream. And, now, this is easier than ever thanks to the rise of initial access brokers.

Initial access brokers (IABs) are a relatively new trend in the world of hacking. These threats have been tracked for several years now, but they have yet to create major headlines. Nonetheless, they represent a major threat to your organization’s security. And the number of IABs operating online is rising. Therefore, it’s important that you understand what IABs are and the threat they represent. So, to help keep your organization safe, we’re going to look at IABs.

What is an IAB?

We’ve discussed ransomware in depth on numerous occasions, but we’re yet to touch upon the role of IABs when it comes to ransomware. The hard work, for a hacker, is breaking into a network. Most networks will have some level of security, so significant time needs to be invested to beat this. But what if there was someone you could go to for ready-made access? It would be a dream scenario for a hacker and it’s one which is provided by IABs.

Acting as a literal broker, IABs carry out extensive research on organizations to identify those that are considered vulnerable. Slowly, these IABs will build up a portfolio of vulnerable targets and details on how to gain access to their networks. This takes the hard work out of hacking for the hackers and ensures that, for a fee, details of vulnerable networks can be quickly obtained. The majority of these deals take place on the dark web with access details being sold to the highest bidder.

How Do You Avoid Becoming an IAB Listing?

IABs are not selective in the industries that they target and tend to scour all industries for potential victims. These threats are also unfolding on a global basis, but some research has shown that a third of IAB listings involve businesses located in the US. Accordingly, you will want to make sure you don’t find your organization having its vulnerabilities advertised as being for sale. And you can do this by taking note of the following:

Eliminate Any Vulnerabilities: The simplest way to prevent IABs identifying your network vulnerabilities is by eliminating them. The best method for implementing this is by installing all firmware and patches as soon as they are available. This approach will close any potential entry points to IABs.

Train Your Staff: One of the quickest ways for IABs to gain access to your network is through your staff. Social engineering, for example, can quickly provide an IAB with a route straight into your network. Educating your staff, and regularly refreshing this knowledge, is essential for reducing unauthorized access to your network.

Check IAB Listings: Although IAB listings do not always directly list who the target is, it’s possible to narrow the options down and identify industry trends. As most of these listings are found on the dark web, it’s a good idea to employ an IT professional to investigate them and advise of any potential risks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Hackers Use Microsoft Platform to Launch Malware Attacks

data harvest, Hackers, malware, MSBuild, Ophtek, redline stealerdata harvest, hackers, malware, MSBuild, Redline StealerOphtek, LLC

Jun 2021

Hackers are innovative and industrious individuals, a description which is best demonstrated by their recent leverage of MSBuild to deliver malware.

The Microsoft Build Engine (MSBuild) is an open-source platform which allows software developers to test and compile their source codes. Operational since 2003, the platform has proved to be highly popular with developers and, accordingly, supports a large number of users. And it’s this popularity which has made it so attractive to hackers. By targeting these source codes at a development stage, the hackers are able to piggyback their malicious software into genuine software.

While your organization may not be involved in software development, there’s always the risk that you could end up working with software which is pre-loaded with malware. Therefore, we’re going to take a look at this MSBuild hack.

How are Hackers Infecting MSBuild?

Project files housed within MSBuild can be integrated within executable files which allow the hackers to launch their malicious payloads. But, as ever, hackers have been keen to remain stealthy; the infected payload does not run as a file. Instead, the malicious code is loaded into the PCs memory and it is here that the attack is launched. So far, it has been established that at least three forms of malware have been injected into systems via this approach. Redline Stealer, Remcos and QuasarRAT are the most recognisable forms of malware and have the potential to cause great damage.

Redline Stealer is primarily used as a data harvester and, as such, is mostly employed to steal login credentials and sensitive data. Remote access and surveillance, meanwhile, is the heartbeat of Remcos and allows hackers to hijack PCs remotely. Finally, QuasarRAT is another remote access tool and one which grants hackers full control of infected PCs. Naturally, these three malware variants are the last things you want on your system. And, given that they run filelessly and in the memory of a PC, it’s a threat which is difficult to tackle.

Protecting Yourself Against Memory Based Malware

Malware which operates from within the memory of your PC is difficult to tackle, but not impossible. Start by making sure you carry out these best security practices:

Monitor Network Activity: Regardless of whether a malware attack is file-based or fileless, there will be noticeable changes in your network activity. Any unusual spikes in data transfer or transmissions to unusual destinations should be investigated immediately.

Ensure PCs are Updated and Patched: Many fileless attacks take advantage of hardware and software vulnerabilities. Therefore, it’s critical that all updates are implemented as soon as they are available. This strategy ensures that, even if your PCs memory is breached, the chance of this malware taking hold is minimized.

Disable Macros where Possible: Macros are useful pieces of code that can save users time by carrying out automated procedures instantly. But they can also be manipulated by hackers to carry out malicious procedures. And that’s why many IT departments choose to disable these within organizations except where trusted macros have been tested and verified.

Unfortunately, not all antivirus software can detect fileless malware such as that involved with the MSBuild hack. Conventional, file-based malware leaves behind digital footprints which are easy to detect, but this is not the case with fileless variants. In order to fully protect yourself, check with vendors whether their software has the capability to combat fileless malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What Should You Do AFTER a Data Breach?

Data Breach, data recovery, Data Security, Hackers, Hacking, Ophtekdata breach, hackers, Ophtek, securityOphtek, LLC

May 2021

One of IT security’s main aims is to avoid data breaches. However, breaches are inevitable in the modern age. Therefore, you need to know how to recover.

The impact of a data breach can be huge and catastrophic for all involved; organizations and their clients can be equally affected when data is stolen. And, in many cases, the clients are the ones who have the most to lose e.g financial and personal data being leaked and spread by hackers. Accordingly, if your organization finds itself in the unenvious position of experiencing a data breach, there is a lot of work to do.

A data breach is a stressful event and cleaning up afterwards can be a real struggle. But, with our tips on what you need to do after a data breach, you should find it a little easier.

Coping with a Data Breach

Once a data breach is confirmed then it’s crucial that you carry out the following:

Identify the Stolen Data: Understanding exactly what has been breached is vital when it comes to evaluating the extent of the attack. As long as you have a suitable set of defenses in place, you should have access to intrusion detection systems. These tools will provide an insight into which files were accessed and what the hackers did with them e.g. deleted or copied them. Putting this picture together will allow you to determine your next steps.

Prepare a Fix and Test It: A data breach indicates that there is a hole in your defenses, so you should act quickly to plug this. It may involve installing a security patch or it may require a more in-depth response from your IT team. Whatever the solution, you need to put it in to place as soon as possible. This will protect your data and limit any further damage. But you need to make sure this fix works. Test the solution several times to guarantee that the attacker cannot launch the same attack again.

Advise All Your Customers: It’s essential that, once your fix has been established, you inform your customers of what has happened. Naturally, they will be anxious as the phrase “data breach” carry a certain amount of dread. Honesty, therefore, is the best policy. Advise your customers of the data that has been breached and how it could affect them. This may be as simple as asking them to change their passwords, but could also extend to contacting their financial providers if the relevant information has been compromised.

Evaluate and Build Stronger Defenses: The one benefit (and we’re using that verb lightly) of a data breach is that it prompts you to strengthen your IT defenses. Your organization will need to carry out a full investigation to understand exactly what happened. Was, for example, the breach able to succeed due to out-of-date software? Or was it down to a lack of staff training on the dangers of social engineering? Regardless of the cause, the solution will need to be determined and put in place to prevent future breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 6 7 Next »

Category Archives: Hackers