WordPress Sites are Quietly Downloading Malware

Hacking, Ophtek, Security, Security Threats, WordPress, , , ,
10
Dec 2019

WordPress is a popular platform for building websites, but this popularity has made it a target for hackers. And it’s now being used to launch hacks.

It’s estimated that around 75 million websites use WordPress as the backbone for their content. But not even the largest and most profitable tech companies are immune from hacking. Vulnerabilities are present in almost every piece of software ever designed. And when these vulnerabilities are discovered they will be exploited almost instantly by hackers. WordPress has fallen foul of this all too common scenario and, as a result, 100,000 web users have felt the attentions of these hackers.

Due to the ubiquity of WordPress websites it’s likely that your organization engages with them on a daily basis. It may even be that your organization’s website is hosted through WordPress. Either way, the threat presented is one you want to avoid, so let’s take a look at it.

How were the WordPress Sites Compromised?

Security experts Zscaler were the first people to identify that WordPress sites had been compromised. The nature of the hack is sophisticated, but relatively simple to pull off. After discovering a vulnerability in the ‘theme’ plugin, which is included in WordPress sites, the hackers were able to infect the sites with malicious scripts. These scripts were a form of code which redirected visitors to a Flash Player update alert. However, this urgent update was fake and all that would be downloaded was a malicious file.

The file in question was a Remote Access Trojan (RAT) which allowed remote access to the infected PC. And, with unrestrained access, the hackers were granted the opportunity to download and distribute malware as well as the chance to compromise data. But this isn’t the only way in which the malware infects PCs. Those using the Chrome browser faced an additional threat. Upon visiting the infected WordPress sites, Chrome users were prompted to download an update for the ‘PT Sans’ font. Again, this is a deceptive request and downloads the RAT.

Protecting Against the WordPress Hack

If you own a website which is built on the foundations of WordPress then it’s crucial that you update the associated content management system. This will instantly prevent your website from cultivating the hack and protect your visitors.

Unfortunately, it’s not always possible to tell when a website is using the WordPress system, so you should make sure you practice the following:

  • Scrutinize all Popups: The sheer range of dangerous popups means that they should always be scrutinized. Fake updates tend to stress an extreme urgency which is designed to tempt users into clicking them without checking. Instead, users need to take a second and consult with an IT professional to verify the update is genuine. 
  • Install Anti-Virus Software: It’s vital that your organization uses anti-virus software. Not only can it identify threats such as the WordPress hack, but they are regularly updated. This ensures that your organization is protected from all the latest threats. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Identify Fake and Scam Websites

fake websites, Hacking, malicious code, malicious websites, malware, Ophtek, scam websites, , , , ,
05
Nov 2019

We use the internet on a daily basis and visit countless websites along the way. But they’re not always the real deal. And sometimes they can be malicious.

The internet is a wonderful place and the websites that make it up can make a real difference to your business. Sadly, this opportunity is often subverted by criminals and hackers to be much more dangerous.  And, with each new step the internet takes, there are even more chances for these criminals to take advantage of. For example, online payment sites such as PayPal have allowed businesses to work closely with their customers to deliver hassle free payment methods. But, with a financial element at play, these sites have been heavily targeted.

Hackers have developed sophisticated techniques for setting up fake and scam websites, so it’s difficult to identify these fraudulent sites. However, by learning a little more about these techniques you can learn how to identify fake and scam websites.

What Do You Need to Look Out For?

There are a number of tell-tale signs adopted by fake and scam websites, so make sure you take note of the following when browsing online:

  • Always Check the URL: The address bar of your browser is one of the most important tools at your disposal when trying to identifying a fake website. The URL listed in the address bar may look genuine, but it’s crucial that you always look a little closer. A URL may read, for example, bankofamerica.com.authorization-process.com and look genuine due to the first part of the URL. But, on this occasion, bankofamerica.com is only acting as the sub-domain. The domain that you have actually visited is authorization-process.com. 
  • Secure Connections: You should only ever visit websites that have secure connections. This security is indicated by either a HTTPS prefix on a URL or the presence of a padlock image next to the URL. Without these indicators then the connection will be unsecured and your data can easily be viewed. Naturally, a genuine website will always deliver these security indicators, so if these are not present then leave the website immediately. 
  • Search Out Trust Seals: Websites that are secure pride themselves on this achievement. And this hard work is rewarded in the form of trust seals which can take the form of Google Trusted Store, Norton Secured and GeoTrust logos. A website with these, and similar, logos is trustworthy. But it’s very easy for a hacker to copy one of these logos on to any website they want. Thankfully, most trust seals can be clicked on to display verified certificate information. If this does not appear then assume that the trust seals are faked. 
  • Check the Grammar: A genuine website will have been written and proofread by professionals. But a fake website will often be designed in a rush and by people whose first language is not English. And the result is a website full of spelling mistakes. So, if you believe you’re on PayPal, but see it mistakenly spelled as PayPal then you can rest assured you’re not on the genuine site. 
  • Too Many Ads: Online ads are part and parcel of life now. But sometimes it may seem as though there are too many on a website. And this is the calling card of a fake or scam website. The excess adverts popping up are often malicious in themselves, so if you experience more than two when loading up a new page you should tread carefully and begin analyzing the web page further.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

6 Reasons Why You Should Invest in Cyber Security

Cyber Attack, Cyber Security, Hackers, Hacking, malware, Ophtek, Password Security, PC Security, Secure Website, Security, Security Threats, , , ,
23
Jul 2019

Cyber-attacks are on the rise, so protecting your business has never been more important. But what exactly are the benefits of cyber security?

We all know about the need for firewalls and anti-virus software. They provide us with a layer of defense from the legions of hackers itching to access our data. Those who are new to the world of IT, however, are unlikely to know why they need cyber security. What can it deliver? Well, let’s run through six reasons why you should invest in cyber security:

  1. Protects Your Data: Businesses work with huge amounts of data in the 21st And, whether its employee or customer data, it’s going to be sensitive. This needs to be protected to prevent identity theft or financial damage. A professional approach to cyber security will reduce this threat and protect the integrity of you data. 
  1. Maintains Productivity: While the headlines regarding cyber-attacks always focus on data and costs, they fail to look at the impact on productivity. If, for example, a ransomware attack hits your network then critical files are going to be out of action. This means that your employees will be unable to work. And the impact that this can have on your organization’s productivity can be devastating. 
  1. Financial Damage: Cyber-attacks can hit a company where it hurts: the bank balance. Ransomware demands are, naturally, the most obvious cause of financial distress, but there are others. A drop in productivity can soon lead to a drop in sales which can significantly impact your revenue streams. And there’s also the chance that irreparable damage could be caused to your hardware resulting in the need for new purchases. 
  1. Protects Your Website: One of the cornerstones of a successful marketing strategy in the 21st century is a website. Whether it’s being used to promote your services or sell them it needs to be running 24/7. It’s a crucial communication channel, but it’s also one that’s regularly targeted by hackers. With the correct level of investment in cyber security you can limit the risk of it being compromised. This keeps your website running and ensures that your marketing strategies can run smoothly. 

  1. Keeps Malware Out: Malicious software, better known as malware, is the bane of all security professionals. Capable of causing massive damage to IT infrastructures, malware is a form of hacking which embraces subterfuge and results in untold problems for the victims. It can steal data, it can slow down systems and even set up attacks on other businesses. But if you invest in cyber security then then the chances of malware activating its payload is reduced. 
  1. Provides Customer Confidence: Consumers are wary of data security more than ever in the digital age. Therefore, inspiring trust in your IT systems is essential. If you can demonstrate that you’re working with professionals to protect your customers’ data then you can inspire this trust. Not only will you be able to protect your customer’s data, but you will enhance their loyalty to your brand.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What is Hacking?

Hackers, Hacking, Hijacks, Ophtek, Security, Viruses, , , , , ,
02
Jul 2019

We all know that hacking goes on. And it certainly goes on in business. But how much do we know about it? The truth is we don’t know as much as we should.

The general consensus is that most people know what a hacker is and how they go about their business. This is why there are so many anti-hacking products available. However, using these products on their own isn’t enough to guarantee safety. In fact there is no guarantee. But you can enhance your protection significantly with an understanding of the basics of hacking. It’s important to know what a hacker is attempting to do. With this in mind you have a much better chance of preventing or resolving the hack.

What is Hacking?

Hacking causes chaos. Lots of chaos. And that’s not an understatement. But what exactly is it? It can be many things, but the basic core of hacking is to compromise devices. These can include PCs, networks and smart devices. Regardless of the device a hacker wants to gain unauthorized access to it. Sometimes this access can be used to steal data and sometimes it can be to cause sabotage. There are a wide range of techniques involved and we’ll take a look at them later.

Who are the Hackers?

The traditional image of a hacker that most people have in their minds isn’t entirely accurate. The pimply nosed, teenage hacker of cartoons may well exist in one form or another, but they’re not the only hacker out there. Due to the financial gain on offer from hacking, a number of criminal gangs are now developing sophisticated hacking methods to earn a nice income. And then there are the political gains that can be provided by hacking. There are a wide range of hackers out there, but identifying them is very difficult as they’re notoriously good at covering their tracks.

What Type of Hacks Are There?

The complexities of IT software and hardware mean that there is the potential for a variety of hacking techniques. Some of the most common methods are:

  • Ransomware: This is every organization’s worst nightmare. A relatively new form of malware, ransomware is spread through malicious emails that encourage recipients to click a link. If these links are clicked then a series of processes are executed that leave the victim’s hard drive encrypted. And the only way to decrypt the files is by paying a cryptocurrency ransom. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Warning Signs that Your Network Has Been Hacked

Cyber Security, Hackers, Hacking, Network, Ophtek, Security Threats, , , ,
11
Jun 2019

A hacked network spells trouble for any organization, so it’s crucial that you understand the warning signs which indicate your network has been hacked.

When it comes to reducing the damage caused by a hacked network then speed is of the essence. Hackers work quickly and even if you only shave a few minutes off the time taken to recognize an attack it can make a huge difference. However, the warning signs that accompany a network breach aren’t necessarily obvious due to the technology at play and the stealth tactics adopted by hackers. Thankfully, these indicators can easily be learned and it doesn’t have to be by going down the tough road of experience.

That’s why we’re going to help you get prepared a for damage limitation strategy by discussing five warning signs that your network has been hacked.

The 5 Signs of a Hacked Network

Vigilance is an essential part of keeping your network secure, but due to the complexities of IT it’s difficult to keep an eye on everything at all times. However, by understanding the following warning signs you’re putting yourself in a much better position to protect your network:

  1. Mouse Cursors Moving On Their Own: With a breached network comes the possibility that remote hackers will take control of your PC. Therefore, it’s possible for them to assume control of a desktop and being interacting with it. The most obvious sign of this is a mouse cursor moving around on its own and clicking on files/folders.
  1. Encrypted Files: Ransomware is a major problem for businesses due to the obstacles it throws up by encrypting files. And that’s why if you’re suddenly unable to open files or they’re displaying an unusual filename extension it’s quite possible you’ve been hacked. Naturally, due to the infectious nature of ransomware, you’ll want to identify this network hack before it spreads further into your organization and locks up even more files.
  1. Reports of Unusual Emails Being Sent: One of the most popular methods for spreading malware is through email. Taking advantage of contact lists in email clients, malware can soon spread itself around the world with relative ease. So, if you receive reports from contacts that your organization has been sending suspicious emails from genuine addresses then it’s time to investigate. 
  1. Increased Network Traffic: The amount of traffic that your network experiences will tend to ebb and flow depending on the time of day, but it should average itself out most days. However, when you’ve been hacked then there’s a good chance that your network traffic will skyrocket as your resources are used to power other hacks such as DDoS attacks. Therefore, keeping a close eye on your network traffic and identifying any unusual activity should be an integral part of your network security. 
  1. Security Software Disabled: Hackers like to make their attacks as easy as possible, so one of their first moves upon gaining access to a network is to disable any security software in place. This allows them to operate freely and reduce the chance of getting caught. If you notice that your anti-malware software, or indeed any application has become disabled, then it needs reporting immediately to identify who has done this and why.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4 5 6 9