Hackers Archives - Page 5 of 7

Defense Companies Under Attack from ThreatNeedle

Hackers, macros, Ophtek, spear phishing, threatneedle, Updateshacker, macros, Ophtek, spear phishing, threatneedle, updatesOphtek, LLC

Apr 2021

Defense firms in over a dozen countries have found themselves targeted by a new backdoor threat named as ThreatNeedle. And it’s hitting firms hard.

The last thing that a defense firm wants is for their networks to be breached. Not only does it damage their reputation as a defense firm, but it puts significant data at risk. Hackers, of course, love to cause trouble, so a defense organization is the perfect target. But the hackers behind the ThreatNeedle malware are more than just a minor hacking group. The threat is believed to come from Lazarus, a secretive hacking group with ties to the North Korean government.

As this is a major threat we’re going to put ThreatNeedle under the microscope for a closer look.

What is ThreatNeedle?

ThreatNeedle takes a spear phishing approach to begin its campaign and does this by faking email addresses that look as though they belong to the target company. This move, which is relatively easy with an email server and the right software, allows the victims to be lulled into a false sense of security. This scenario is then exploited by embedding malicious links or attaching infected documents. Often, these emails have been laced with a COVID-19 theme in order to fully engage the user, but any subject may be used to rush the recipient into action.

The attackers, once the ThreatNeedle payload has been unleashed, are then able to take control of the victim’s PC. Naturally, this means that they will carry out typical hacking attacks such as:

Executing remote commands to run applications and download further malware
Send workstations into hibernation mode to disrupt IT activities
Log data and transmit to a remote PC where it can be archived and exploited

However, ThreatNeedle also has an innovative ace up its sleeve. Generally, if a network is segmented then malware will be limited to the segment it infects. This limits the amount of damage that can be caused to an entire network. So, for example, a set of PCs which are not connected to a network by the internet should be safe from all hacks. Unfortunately, ThreatNeedle is able to take advantage of IT department’s administrator privileges. This grants them the opportunity to access all segmented areas of a network. And it maximizes the damage they can cause.

How Do You Protect Against ThreatNeedle?

As with all malware, you don’t have to fall victim to ThreatNeedle. You just need to keep your wits about you and understand its threat. You can do this by carrying out the following:

Disable Macros: The ThreatNeedle emails rely on macros being executed within infected documents. But, if you disable Macros across your organization, the malware will not be able to run. This will stop ThreatNeedle at the earliest opportunity.

Educate Staff on Phishing Emails: It’s important that your staff are fully trained on the dangers of phishing emails. Social engineering is a popular technique employed by hackers, but it can be thwarted if you know what to look for.

Always Install Updates: ThreatNeedle, as far as researchers are aware, does not exploit any vulnerabilities in software or hardware. But this doesn’t mean it can’t or won’t in the future. Either way, it always pays to be proactive with installing updates to protect your PC.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft Exchange Email Vulnerability Hits 30,000 US Firms Hard

Cyber Security, Data Security, email security, Hackers, Microsoft, Online Security, Ophtek, Software Security PatchesCyber Security, email security, hackers, microsoft, Microsoft patches, OphtekOphtek, LLC

Mar 2021

Vulnerabilities in the Microsoft Exchange Server software have led to 30,000 US businesses being hacked. And it’s a very dangerous hack.

A total of four vulnerabilities have been discovered in Microsoft Exchange Server (MES) which has allowed hackers to carry out numerous attacks. The hackers appear to be part of a Chinese cyber-espionage group who specialize in stealing email communications. It’s believed that hundreds of thousands of firms have been attacked with at least 30,000 of them being US-based. As email is a crucial part of any modern business, it’s not an exaggeration to say that the MES hack is a major threat.

What is the Microsoft Exchange Server Hack?

The MES hack appeared, at first, to be concerned with stealing email data from organizations that were running the server through internet-based systems. The four vulnerabilities, present through MES versions 2013 – 19, allowed the hackers easy access to emails. However, the hackers – who Microsoft have called Hafnium – did not stop at stealing emails. Once they had access to affected systems, they also installed a web shell. This granted Hafnium the opportunity to gain remote access and full administrator privileges. The web shell is password protected and ensures that disrupting the hackers’ access is highly difficult.

Microsoft quickly formulated a security patch to eliminate the vulnerabilities, but many organizations have failed to install the MES patch. As a result, these organizations remain at risk. And, to make matters worse, Hafnium still has them in their sights. Using automated software, Hafnium is actively scanning the internet for any organizations using unpatched versions of MES. This allows the hackers to continue their campaign of data theft and disruption. It also appears that Hafnium is not fussy about who they target. Industries as wide ranging as NGOs through to medical researchers and legal firms have all been infiltrated by the MES hack.

Protecting Against Vulnerabilities

When it comes to attacks such as the MES hack it’s vital that patches are installed as soon as possible. The longer your system is unpatched then the chances of it being breached are exceptionally high. And, if you give a hacker enough time, there’s the chance of additional malware such as ransomware being installed. Setting your updates to ‘automatic install’ is the simplest and quickest way to minimize this risk. This will ensure that any security updates are in place the moment they are available.

But you can’t rely on a patch alone. Patches are not always available in time. And this means that you run the risk of having your systems breached and data stolen. Therefore, make sure that you also implement these procedures:

Monitor traffic entering and leaving your network to identify any potential breaches. Unusual levels of traffic can often indicate that hackers have taken control of your network.

Segment your network where possible. By separating your network into several different segments, you are limiting the access that a hacker has if they infiltrate your system.

Employ two-factor authentication procedures for gaining administrator privileges. This should make it next to impossible for hackers to take full control of your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Danger of Supply Chain Attacks

Hackers, Hacking, Ophtek, Shylock, SolarWInds, Supply Chainhackers, hacking, Ophtek, Shylock, SolarWinds, Supply ChainOphtek, LLC

Feb 2021

The supply chain is a crucial element in the business world and, accordingly, this makes it the perfect target for hackers to attack.

When a finished product ends up with a consumer it’s the culmination of a lengthy business process. The supply chain is the succession of activities which are involved in sourcing materials, processing materials and delivering products. Naturally, this process can involve numerous different processes and the involvement of many different organizations. Therefore, the number of opportunities to discover a backdoor or a vulnerability are attractive to a hacker. By infiltrating just one stage of a supply chain, a hacker is granted the chance to attack a large number of individuals.

Supply chain attacks have received a number of headlines over the last few years, so it’s important to arm yourself against them with knowledge.

How Does a Supply Chain Attack Work?

Hackers tend to focus on specific supply chains and carry our research on which part of the process is weakest. This gives the hacker the best opportunity of exploiting the entire supply chain. Typically, these attacks concentrate on smaller firms but, as we will see later, larger firms are also susceptible. The attack will generally be focused upon a target company and hackers will seek to disrupt their operations by infiltrating a third-party supplier e.g. a company which supplies bespoke parts to a manufacturer. The main strategy for a supply chain attack involves disabling IT systems with malware.

This image has an empty alt attribute; its file name is code-1839406_640.jpg

Examples of Supply Chain Attacks

There has been an increase in supply chain attacks in the last few years and some of the most notable ones are:

SolarWinds: In late 2020 it was discovered that IT infranstructure company SolarWinds had been the victim of a supply chain attack. Having gained access to SolarWinds’ network, hackers were able to insert malware into SolarWinds’ software. Due to the stealth employed, SolarWinds were unaware that they were distributing this malware. The malware involved allowed hackers to disable system services, transfer files and reboot infected PCs.

Shylock: A banking trojan which emerged in 2014, Shylock targeted websites based in the creative and digital industries. The authors of the Shylock trojan used a redirect script that sent victims to a malicious website. However, the team behind Shylock did not directly target these victims. Instead, they infiltrated a creative agency that designed website templates. This allowed the hackers to conceal their malicious script within legitimate website templates.

How to Protect Against Supply Chain Attacks

Defending against a supply chain attack is difficult due to the number of third parties involved. Each one that your organization works with has the potential to create a supply chain breach. However, by implementing the following measures you should enhance your protection:

Eliminate passwords and aim to use strong identification methods such as biometric data or, at the very least, two-factor authentication.

Only allow devices that have been identified and approved to access your network.

Enforce a culture of strong identity with any third-party suppliers when it comes to accessing your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Understanding the Basics of Botnet Attacks

botnets, Hackers, Online Security, Ophtek, PC Maintenance, Security, Updatesbotnets, Ophtek, security, updates, vulnerabilityOphtek, LLC

Nov 2020

The internet has connected us to each other in a way we would have thought impossible a few decades ago. But these massed connections can be very dangerous.

The beauty of the internet is that one PC can connect to another PC with relative ease. And these connections allow us to pool resources, share information and provide services. The foundations of almost every web service are based upon collections of PCs all working together to deliver an end result. These are often automated tasks that allow a website to continue operating correctly. But the fact that these PCs are generally left to their own devices means they aren’t actively monitored. And this situation makes them a security risk.

Known as botnets, these collections of PCs can have their cumulative power put to use for the gains of hackers.

What are Botnet Attacks?

While most botnets combine harmless coding with hardware, malicious botnets are another matter. A malicious botnet can gain access to your PC via two methods:

A targeted attack such as an infected email or password breach
The discovery of a vulnerability in your PC by an automated code which crawls the internet in search of such weaknesses

Regardless of the strategy involved, the end result is the same: an infection which adds your PC to the hacker’s botnet. Naturally, the more PCs added to the botnet, the more powerful it is. And, with the infection in place, the hacker will have full control of your PC. This allows them to carry out the following tasks:

Spread across the rest of your organization’s PCs by executing malware in order to swell the numbers of the botnet
Loading fake adverts in your internet browser designed to trick you into providing financial details to malicious websites
Use the cumulative processing power of all the PCs in a botnet to carry out DDoS campaigns in order to take websites down
Generating spam emails to be automatically sent from your organization’s email server

How Can You Protect Against Botnets?

As you can tell, a botnet attack will do your organization no favors and will cause untold damage to other businesses it targets. Therefore, you need to put these precautions into place:

Make sure that your internet traffic is monitored in terms of both what is entering and leaving your network. Any unusual levels of internet traffic are often an indicator that a botnet is either attacking you or you have become part of a botnet.
Install all updates to prevent falling victim to any vulnerabilities. Hackers regularly unleash web crawling bots that automatically scan online PCs for these vulnerabilities. With all updates in place, however, you are minimizing this risk.
Practice best email security practices such as not opening attachments that look suspicious or from senders you don’t recognize. Remember, all it takes is one infected email to bring your organization to a halt.
Use internet security software to help protect your PC as comprehensively as possible. Tools such as Kaspersky and McAfee’s security suites can provide warnings against visiting malicious websites and infected email attachments – two sure-fire ways of falling victim to a botnet.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Trickbot Malware Shows that Hackers are Getting Cleverer

Hackers, malware, Ophtek, Spamhackers, malware, Ophtek, Spam, TrickBotOphtek, LLC

Jul 2020

Malware is a thorn which we find in our sides on a regular basis. But what happens when this thorn becomes even harder to tackle? The answer is Trickbot.

First released in 2016, Trickbot has made its name by using a variety of attack methods. The malware has been shown to steal Bitcoin, target banks and harvest login credentials. Naturally, this makes it a very dangerous piece of malware. But as with a virus that attacks humans, this malware is constantly changing its DNA. New features have regularly been added to Trickbot which not only makes it harder to detect, but also makes it more dangerous.

Trickbot has the potential to cause significant damage to your IT setup, so it’s important to know what you’re up against.

The Lowdown on Trickbot

The most common infection method used by Trickbot is through the use of malicious spam campaigns. Emails that pretend to be from financial institutions are used to distribute infected attachments and URLs that the victims are urged to action. And, once the payload has been activated, it’s unlikely that the victim will be aware. Trickbot will communicate with a remote command and control centre almost silently and, at the same time, infect other PCs on the same network.

Trickbot’s Latest Trick

As we mentioned earlier, the hackers behind Trickbot thrive upon their ability to evolve the malware. And their latest upgrade to Trickbot is both innovative and deceptive. This is most keenly demonstrated by its ‘anti-virtual machine’ strategy. One of the safest ways for security professionals to analyze malware is within a virtual machine environment. Therefore, in order to hide its operations, Trickbot will stop working when it detects a virtual machine.

And, believe it or not, one of the simplest ways to do this is to analyze the PCs current screen resolution. Any screen resolution that is set to 1024×768 and below will cause Trickbot to terminate its operations. This means that security researchers using a virtual machine to will draw a blank. This is a very clever technique and is one that allows Trickbot to reactivate once the PC is restarted into a higher resolution.

How Do You Stop Trickbot?

Anti-malware software such as Malwarebytes is capable of detecting and removing most strains of Trickbot, but there will always be a slight delay when it comes to new strains. And, of course, you should never rely on removing infections as the best strategy for defense. Instead you should make every effort to prevent infection in the first place. This can be achieved in the following ways:

Evaluate All Incoming Emails: It’s essential that your staff is aware of the dangers of phishing emails. Thankfully, the tell-tale signs are easy to detect and, with this knowledge to hand, it should become much harder to fall victim to Trickbot.

Patch Any Vulnerabilities: Trickbot hasn’t, as of yet, been shown to exploit software vulnerabilities. But given its innovative and evolving approach it’s likely this will become part of its strategy in the future. And that’s why it’s vital all patches are installed and implemented as soon as they are available.

Avoid Malicious Websites: Given their deceptive nature, it’s easier said than done to avoid malicious websites. However, it’s crucial that you have the ability to identify malicious websites. This will severely limit the chances of downloading malware such as Trickbot.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 3 4 5 6 7 Next »

Category Archives: Hackers

What are Botnet Attacks?

How Can You Protect Against Botnets?

The Lowdown on Trickbot

Trickbot’s Latest Trick

How Do You Stop Trickbot?