Hacking Archives

One of the recent developments in hacking has been the Bring Your Own Vulnerable Driver (BYOVD) attack, but what is it and how do you defend against one?

By now, the Ophtek blog should have informed you about ransomware, trojans, and cryptojacking, but we’ve rarely mentioned the dangers of a BYOVD attack. In the past, BYOVD attacks were mostly carried out by only the most sophisticated threat actors, but they’re now becoming increasingly popular with even basic bedroom hackers. Therefore, today is the day we remedy this and provide you with a fully comprehensive look at BYOVD attacks and how you can stay safe.

The Role of Drivers within Your PC

Before we dig deep down into the mechanics of a BYOVD attack, it’s important that you understand what’s at the heart of their malicious activities: drivers. You’ve no doubt heard of drivers in passing, but it’s only the most die-hard PC user who would fully understand what they do. Their main role is as a file used to support software applications. They work by acting as a bridge between an operating system and a device e.g. between Windows and a graphics card.

Without drivers, your PC simply wouldn’t work. From your display through to your speakers and printer, there would be no way for your operating system to communicate with these devices. This makes drivers a crucial part of any PC, but it also means they’re ripe for cyberattacks.

Breaking Down a BYOVD Attack

We’re all aware of software vulnerabilities, and a BYOVD is a unique take on this method of hacking. In a BYOVD attack, threat actors will trick their victims into downloading outdated, vulnerable drivers onto their PC. This could be through phishing emails or pop-up adverts, with the main objective of getting these unsafe drivers downloaded onto a PC along with a nasty dose of malware. With these vulnerable drivers in place, threat actors can take control of the infected PC.

BYOVD attacks are dangerous for the following reasons:

Data Theft: With BYOVD attacks capable of bypassing your security software, they not only have easy access to all your data but can effortlessly transmit it to remote servers.
Install Further Malware: IT systems with vulnerabilities exploited are at risk of having further malware installed on them. So, for example, a threat actor could first gain access to your system before downloading further malware to facilitate DDoS attacks or support cryptojacking.
Damage Your Productivity: A BYOVD attack can quickly render your IT systems unusable due to the capabilities of drivers. By exploiting the deep access and reach drivers have, threat actors have the opportunity to disable network components, corrupt system files, and damage hardware.

You can find out more specifics of the impact of a BYOVD attack by checking out our article on the EDRKillShifter malware.

Protecting Your IT Systems from BYOVD Attacks

You may have been unfamiliar with BYOVD attacks, but you should now have a basic understanding of how they operate. The next step is to protect yourself by implementing these security practices:

Driver Whitelisting: this is a method whereby only authorized system users have the privileges to install drivers on your IT infrastructure. Even then, the use of Windows Defender Application Control should also be utilized to ensure that only pre-approved, digitally signed drivers can be installed.
Regular Updates: one of the simplest ways to protect against BYOVD attacks is by installing all updates and patches as soon as possible. Automating these updates allows you to guarantee that you have the freshest, most secure drivers on your system at all times.
Employee Education: BYOVD attacks are often distributed by phishing attacks, so it’s useful to educate, and regularly refresh, your employees on the telltale signs of a phishing attack. This could prove invaluable as your employees are your most important defense against cyberattacks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

A recently discovered vulnerability appears to allow threat actors to hack into your Google account, even if you change your password.

Given that there are 1.8 billion people actively using Gmail, it should come as no surprise that Google accounts represent a mouthwatering target for hackers. Google claims that their users are protected by world-class security and, on the whole, it is a secure system. No infrastructure, however, is 100% safe. Threat actors are industrious individuals and won’t rest until they’ve tried every avenue to compromise a system. Unfortunately, for Google and its users, this is exactly what’s happened.

Losing Control of Google

Google accounts are highly valuable to their owners. Packed full of apps such as Gmail and Google Drive, there’s a lot of personal data involved. A new vulnerability, attributed to a flaw in Google cookies, gives access to these accounts over to threat actors. Worst of all, this can be achieved time after time. Sure, you can try changing your password, but they will still be able to unlock your account.

The attack starts when a user unwittingly allows malware to be installed on their PC. This malware then gets to work by searching for and identifying any Google login tokens, which are typically stored in the application’s local database. These stolen tokens can then be used to trick Google’s API interface.

One of the main duties of a Google API is to help sync the various Google services across one account. So, for example, if you were logged into Google Drive, you wouldn’t have to log into Gmail as well. The threat actors exploit a vulnerability with Google cookies to create new cookies which can be used to gain unauthorized access to the compromised account. And this trick can be completed multiple times. Changing your password, naturally, would be the simple choice here. But even doing this still grants the hacker one more chance to access your account.

The vulnerability in question is currently being sold by threat actors online, with at least six hacking groups advertising it. These threat actors also claim that that this vulnerability has been redesigned to tackle the efforts Google has taken to shut this exploit down.

Keep Your Google Account Safe

No one wants to lose their Google account, aside from the loss of personal data, there’s also the sheer inconvenience of having to create a new account and updating any services associated with your original account. Accordingly, make sure you play safe by following these best practices:

Use multi-factor authentication: at present, Google hasn’t revealed whether multi-factor authentication will prevent this vulnerability from seizing control of your account. However, if you don’t have it activated, you need to make this a priority as it’s one of the simplest ways to add extra security to your account.

Do not download suspicious software: the first stepping stone for the threat actors to compromise your Google account involves installing malware on your PC. This gives them a foothold to begin stealing your Google login tokens. Therefore, you need to remain vigilant as to the software you’re downloading. The most obvious question to ask here is whether the download comes from an official source.

For more ways to secure and optimize your business technology, contact your local IT professionals.

GoDaddy Was Hacked for Three Years Straight

breach, Go Daddy, Hacking, malware, Ophtek, Web hostingbreach, go daddy, hacking, malware, Ophtek, web hostingOphtek, LLC

Apr 2023

In an admission which will severely damage their reputation, web hosting force GoDaddy has revealed its servers were under attack for several years.

With a userbase of 21 million users, GoDaddy is one of the major players when it comes to providing web hosting services. Given this popularity, GoDaddy’s servers are used by major organizations all over the world such as news outlets, bloggers and e-commerce brands to deliver content and services. And this means there’s a lot of data on the GoDaddy servers, data which is both confidential and valuable. Therefore, to a threat actor, it provides an irresistible target.

Due to the GoDaddy breach, and the business world’s reliance on websites, it’s crucial we understand the mechanics of this stealthy threat.

What Happened to GoDaddy?

The GoDaddy breach first came to its owner’s attentions in December 2022, but it soon became apparent this breach was related to similar breaches in November 2021 and October 2019. However, far from being isolated incidents, these attacks were all part of the same campaign and remained hidden within the IT infrastructure of GoDaddy.

The most recent attack, in December 2022, found the cPanel hosting servers used by GoDaddy customers compromised by threat actors. This gave the attackers full access to the settings involved in how the customers’ websites work and direct traffic. As a result of this breach, visitors to the affected websites were intermittently redirected to malicious websites. Although there is no evidence that it occurred, unauthorized access to the cPanel would also give the threat actors the opportunity to disable access to a website.

What if Your Website is Hosted by GoDaddy?

Given that the initial attacks on GoDaddy’s servers compromised login credentials and secure SSL keys for websites, the latest attack is highly embarrassing for GoDaddy. After all, which organization would want to align themselves with a web host whose servers had regularly been hacked? Nonetheless, GoDaddy has sought to reassure customers that their infrastructure is now secure and security has been enhanced.

Naturally, customers using GoDaddy’s services are going to remain wary, so it’s important they:

Monitor network activity: one of the hallmarks of the GoDaddy hack involves the redirection of traffic from the target website to malicious websites. Therefore, it’s vital you monitor the internet traffic hitting your site and analyze whether it’s reaching the intended pages or being redirected elsewhere. If you detect something unusual, it’s best to start digging deeper and get in touch with GoDaddy’s support team.

Change your password: if you’re a GoDaddy customer, it’s recommended you change your password. In fact, regardless of which web hosting service you use, it’s important that you regularly change your password to avoid falling victim to stolen login credentials.

Assess your website: due to the access which the GoDaddy breach gave the threat actors, it makes sense to go through your website and ensure nothing is amiss. For example, are your links still directing traffic to where they should be? And are there any unusual popups prompting visitors to “click here”? It may take time to complete a full sweep of your website, but it will be worth it to protect your brand and your customers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Forms of Hacking Which You May Not Be Familiar With

Free WiFi, Hacking, malicious code, malicious extensions, malicious links, malicious websites, Ophtekmalware, Ophtek, phishing, public wifi, ransomware, security, vulnerabilityOphtek, LLC

Jun 2022

All organizations are at risk of being hacked, and that’s why we’re familiar with the most common forms of hacking. But what about the lesser-known hacks?

With 300,000 new strains of malware being created every day, it comes as no surprise to discover that some of these are less familiar than others to PC users. And it’s this lack of familiarity which makes them so dangerous. Not only is it harder to be on your guard against them, but there’s also the small problem of not knowing how to remove them from an infected system. However, a little bit of education goes a long way. And that’s why we’re going to give you the lowdown on 5 forms of hacking which you may not be familiar with.

The Hacks You Need to Know About

Attack strategies such as phishing and ransomware are well known, so it’s time to learn about the lesser known cyberattacks you need to be prepared for:

SQL Injection Attacks: SQL is a common coding language used to design and manage databases, many of which are connected to a public facing website. Typically, these databases will hold significant amounts of secure data e.g. personal details and financial information. As a result, these are highly attractive targets for hackers. Attacks are made on these databases by injecting malicious SQL code and manipulating the server’s responses in numerous ways. This strategy allows hackers to gain access to unauthorized information and steal it.

Man in the Middle Attacks: using compromised IoT devices, or simply taking advantage of poorly secured public Wi-Fi, a Man in the Middle Attack allows threat actors to access your network connections. It’s a scenario which grants hackers the opportunity to monitor your communications and data transfers in real time. Therefore, confidential data can be stolen and traffic redirected with ease.

Brute Force Attacks: this is one of the oldest hacking strategies devised by hackers, but it doesn’t grab the headlines in the same way modern threats such as ransomware do. However, it remains an effective strategy, and one which is only getting more sophisticated. As the name suggests, brute force attacks launch a relentless campaign whereby a bot will try numerous login credential combinations until it finds the correct one to breach your security.

DNS Cache Poisoning: a DNS server takes domain names, such as ophtek.com, and translates them into an IP address which can be used to deliver data between two points. However, if a threat actor identifies a vulnerability in a DNS server, they can inject false data into its cache. This ‘poisoning’ of the DNS cache means that internet traffic will be directed away from its intended location, and this will most commonly be re-routed to a malicious website.

Fake Public Wi-Fi: hackers will go as far as setting up a fake public Wi-Fi which uses your company’s name or one that sounds similar. For example, a visitor to a Starbucks café, may detect a wireless network with a name such as “St@rbucks Free Wi-Fi” and assume it’s genuine. However, connecting to a public connection such as this opens a whole world of potential trouble. And, don’t forget, your own employees are also at risk of connecting their work devices to a fake Wi-Fi network, the result of which will expose your genuine network.

As with the most common forms of hacking, understanding the basics of good IT security is the most effective way to minimize the chances of these rarer attacks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Sure-fire Ways to Know You’ve Been Hacked

Cyber Security, Encryption, Hackers, Hacking, Network, Ophtek, pop upsencryption, hacking, network, Ophtek, pop ups, security, vulnerabilityOphtek, LLC

May 2022

The aim of most hackers is to be discreet, but there’s almost always a tell-tale sign they’re at work. You just have to know what you’re looking for.

Damage limitation is an essential part of cyber-security and, accordingly, the sooner you realize you’ve been hacked, the sooner you can get to work on rectifying the issue. Establishing that you’ve been hacked, however, isn’t always straightforward. Hackers are well known for their stealthy attack strategies, and, in many cases, you’re unlikely to realize that you’ve been hacked. You may, instead, simply think that your network is experiencing technical problems, and that’s why you can’t access your files, or why your PCs performance has ground to a halt. But you also need to consider that you may have been hacked.

How Do You Know You’ve Been Hacked?

There are several clear giveaways that your organization’s digital defenses have been breached, and here are five of the most sure-fire ways to know you’ve been hacked:

Your Files are Encrypted: your day-to-day IT activity will likely center around the regular usage of files e.g. Word documents and Excel spreadsheets. But what happens when you can’t access these? Firstly, your organization’s productivity will plummet and, secondly, it could indicate that you’ve been the victim of ransomware. If your files are encrypted and a message is received demanding a ransom fee to decrypt them, then you’ve been hacked.
Unusual Network Activity: regular traffic patterns should be easily identifiable on your network logs, but anything unusual should be closely scrutinized. Modern hacking methods often find malware communicating with remote locations to transmit information or download further malware. Therefore, any unknown locations that are delivering or receiving data from your organization need to be investigated.
Persistent Pop-Ups: there’s nothing more irritating than a pop-up window when you’re trying to work on something. But when these are regularly popping up, when they shouldn’t be, there’s a good chance you’ve been hacked. Often, these pop-ups will try to convince you to perform an action, such as downloading an anti-malware app due to an infection on your PC. These, of course, are fake and are simply a devious strategy to get you to download further malware on to your PC.
People Ask You If You’ve Been Hacked: one of the most obvious signs that you’ve been hacked is when people start asking you if you’ve been hacked. And this is because malware often hijacks email accounts to help spread spam. As a result, people you know – who are listed in your email address book – will be receiving spam messages direct from your email account. Naturally, these unusual messages will ring alarm bells with the recipients, and they are likely to check in with you to confirm if your email account has been hacked.
Your Credentials are Available Online: hackers like to make money by harvesting valuable login credentials, these can then be sold to other hackers who want to breach security measures and gain quick, unauthorized access to private networks. Thankfully, applications such as Google’s Password Manager can warn you when these credentials turn up in password dumps, this is a good sign to immediately change all your passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 3 … 9 Next »

What is a BYOVD Attack and How Can You Stay Safe?

Google Accounts Compromised by Cookie Vulnerability

GoDaddy Was Hacked for Three Years Straight

5 Forms of Hacking Which You May Not Be Familiar With

5 Sure-fire Ways to Know You’ve Been Hacked

Category Archives: Hacking