The Dangers of Malware on GitHub

GitHub, malicious code, malware, Open Source Malware, Ophtek, , , ,
05
Mar 2024

GitHub is a wildly popular website for developers to create, share, and store their code, but it’s also being increasingly used to spread malware.

Launched in 2008, GitHub quickly became the number one destination for developers. Packed full of features – such as hosting open source code, bug tracking tools, and software requests – GitHub is the perfect one-stop shop for developers looking to collaborate and enhance their software. However, where there’s code, there’s also potential for malware to rear its ugly head. And, in the last few years, GitHub has been exploited by numerous threat actors.

How does GitHub Work?

GitHub is an online repository where developers can come together to pool resources and knowledge to improve their software builds. It may not be something that most of your staff are likely to log on to, but your IT team are likely to use it to manage projects they’re working on. The objective of GitHub is to create a community of friendly developers, but the open membership policy means this doesn’t always go to plan.

Why is GitHub Dangerous?

Threat actors can easily sign up for membership within a matter of minutes, and then they can begin uploading their malicious code under the pretense of being an innocent software project. Quite often, threat actors will sign up with a username previously used by another developer, this is to trick other developers into thinking this is a reputable account. The GitHub community will believe that any repositories uploaded to this account are safe, and they will download them without thinking. And this is when malware can be unknowingly unleashed on unsuspecting networks.

Threat actors are also using GitHub to host command and control servers, which allow attackers to create communication channels into infected devices. Usually, this would be indicated by an unusual domain address in your network traffic. But with GitHub’s credentials being used, this would look less suspicious, especially if you team access GitHub. It’s also convenient, for the threat actors, to use a public service where launching a command control server is much easier than building an infrastructure from scratch.

Finally, GitHub is being used as a storage space for malware, as demonstrated in this fake proof-of-concept software attack. This particular attack allowed the threat actors to exploit a known vulnerability within the Linux operating system, which is commonly used by developers working on GitHub. These attacks can even catch out the security experts, so they underline just how dangerous GitHub can be if you’re not vigilant.

How Can You Work Safely with GitHub?

Threat actors are essentially turning certain parts of GitHub into a malicious website, so it’s crucial you know how to manage this threat. The most effective step you can take is to block access to GitHub on your organization’s network. Your staff are highly unlikely to need to access GitHub anyway, so this makes sense. However, some of your IT staff, and any developers you employ, may still require access to complete their job.

GitHub, of course, isn’t the only legitimate website to be harboring malware. Huge sites such as Dropbox and Google Drive are all capable of delivering malware to unsuspecting members. Therefore, you should only ever download from trusted sources.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Forms of Hacking Which You May Not Be Familiar With

Free WiFi, Hacking, malicious code, malicious extensions, malicious links, malicious websites, Ophtek, , , , , ,
21
Jun 2022

All organizations are at risk of being hacked, and that’s why we’re familiar with the most common forms of hacking. But what about the lesser-known hacks?

With 300,000 new strains of malware being created every day, it comes as no surprise to discover that some of these are less familiar than others to PC users. And it’s this lack of familiarity which makes them so dangerous. Not only is it harder to be on your guard against them, but there’s also the small problem of not knowing how to remove them from an infected system. However, a little bit of education goes a long way. And that’s why we’re going to give you the lowdown on 5 forms of hacking which you may not be familiar with.

The Hacks You Need to Know About

Attack strategies such as phishing and ransomware are well known, so it’s time to learn about the lesser known cyberattacks you need to be prepared for:

  1. SQL Injection Attacks: SQL is a common coding language used to design and manage databases, many of which are connected to a public facing website. Typically, these databases will hold significant amounts of secure data e.g. personal details and financial information. As a result, these are highly attractive targets for hackers. Attacks are made on these databases by injecting malicious SQL code and manipulating the server’s responses in numerous ways. This strategy allows hackers to gain access to unauthorized information and steal it.
  • Fake Public Wi-Fi: hackers will go as far as setting up a fake public Wi-Fi which uses your company’s name or one that sounds similar. For example, a visitor to a Starbucks café, may detect a wireless network with a name such as “St@rbucks Free Wi-Fi” and assume it’s genuine. However, connecting to a public connection such as this opens a whole world of potential trouble. And, don’t forget, your own employees are also at risk of connecting their work devices to a fake Wi-Fi network, the result of which will expose your genuine network.

As with the most common forms of hacking, understanding the basics of good IT security is the most effective way to minimize the chances of these rarer attacks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Solid State Drives Targeted by Stubborn New Malware

Hackers, malicious code, Ophtek, solid state drive (SSD), Updates, , , ,
11
Jan 2022

A new strain of malware has been developed which allows threats to be delivered to an inaccessible area of a solid state drive (SSD).\

The attack in question is not currently active, but the possibility of this attack has been modeled and proved successful by a group of Korean security researchers. However, hackers are persistent and they have likely been investigating such an attack for some time – similar strategies have already been employed to hide malware on hard disk drives (HDD). And, thanks to the rapid rise of SSDs over the last decade, threats to their security are only going to become more common.Combatting threats that have stealth on their side is crucial for protecting your IT infrastructures, so you need to take this threat very seriously. Let’s take a look at why and how your SSDs are at risk.

How Does This New Attack Work?

The Korean researchers have found a specific vulnerability in the design of certain SSDs which makes hacking them that little bit easier. An SSD which employs flex capacity (a technique where storage devices adjust their space to enhance performance) is the main target of this latest threat. Such an SSD contains an area known as over-provisioning which is located in an inaccessible area of the SSD. This area takes up, depending on the current demand, between 7 – 25% of the SSD capacity. And this over-provisioning area is invisible to the PCs operating system.

Due to the invisible nature of this over-provisioning space, it cannot be reached by applications such anti-virus tools or user intervention. However, it’s possible to exploit the size of this ‘hidden’ area and enlarge it by manipulation through the SSD firmware manager. Not only does this allow a hacker to deposit malware here, but it gives them access to the over-provisioning space – where sensitive data may remain for several months. It’s this sophisticated attack method which makes it difficult to detect and even more difficult to remove.

What Should You Do If You Have an SSD?

It’s believed that the attack required to exploit the over-provisioning area is not currently active. But it remains a viable threat and it’s only a matter of time before a hacker formulates a successful strategy. The sophisticated nature of this exploit means that tackling such an attack is difficult for an average PC user to complete. Solving this vulnerability lies with the manufacturers of SSDs who need to rethink the design of their systems.

Ideally, real time monitoring of these hidden areas needs implementing, with a view to providing a ‘wipe’ option when the over-positioning capacity increases rapidly. Nonetheless, it remains good practice to install every update and patch which is released for your SSD. Software within the SSD software will regularly need updating and these could be used to strengthen the defense of your SSD. Therefore, prioritizing and automating updates remains important to protect your PCs.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What are Zero-Click Attacks?

malicious code, Ophtek, Pegasus spyware, Software Security Patches, zero-click attacks, , , ,
28
Dec 2021

One of the less mentioned security threats for PCs is the zero-click attack. Nonetheless, zero-click attacks are one of the most dangerous threats we face.

Traditional cyber security measures tend to focus on PC users following best practices to protect their PC. And, overall, it’s an effective approach. Understanding the importance, for example, of verifying a link in an email before clicking is crucial. But there’s only so much that individuals can do to protect themselves. If hackers can remove this ‘human’ factor from gaining access to a PC then they should, in theory, be home free. And, with a zero-click attack in their toolbox, hackers can quickly exploit even the most vigilant PC users.

How Does a Zero-Click Attack Work?

The most common technique employed in carrying out a zero-click attack is:

As you can see from the above description, at no point does the victim have any involvement. It’s this element of the strategy which makes it most troubling for PC users. The technique involved could, for example, involve a message being sent over Skype, a message which is not even opened by the recipient. Yet, the fact that it has been received on a PC means that it can unleash a malicious payload. Perhaps the most famous example of a zero-click attack is the Pegasus spyware hack which allowed hackers to gain access to users’ smartphones via a single WhatsApp message being received.

How Can You Combat Zero-Click Attacks?

It may seem difficult to protect yourself against the unprotectable and that’s why concern has been rapidly building around zero-click attacks. Thankfully, most zero-click attacks – such as Pegasus – have only targeted a tiny proportion of people, mostly government officials and high-ranking journalists. But this is far from a guarantee that you can’t fall victim to a zero-click attack.

As ever, key to protecting your PC and your devices is by installing security patches when they become available. Don’t put them off “until tomorrow” as it only takes a zero-click attack a few seconds to exploit a vulnerability. With your software and hardware running with optimal protection, it’s less likely to become another statistic of security failure. Encryption is also central to keeping your data safe should you find your device breached. Remember: all sensitive documents should be encrypted and backed up.

Final Thoughts

We’re used to malware and ransomware grabbing all the headlines, so that’s why many of us feel confident about battling these threats. But zero-click attacks are more enigmatic, a factor which works heavily in their favor. The discretion achieved by foregoing the need for user error positions zero-click attacks as a favorite of hackers. It may be a method of attack which doesn’t generate many column inches at present, but it’s likely to become more popular as hackers look at more innovative approaches. For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Identify Fake and Scam Websites

fake websites, Hacking, malicious code, malicious websites, malware, Ophtek, scam websites, , , , ,
05
Nov 2019

We use the internet on a daily basis and visit countless websites along the way. But they’re not always the real deal. And sometimes they can be malicious.

The internet is a wonderful place and the websites that make it up can make a real difference to your business. Sadly, this opportunity is often subverted by criminals and hackers to be much more dangerous.  And, with each new step the internet takes, there are even more chances for these criminals to take advantage of. For example, online payment sites such as PayPal have allowed businesses to work closely with their customers to deliver hassle free payment methods. But, with a financial element at play, these sites have been heavily targeted.

Hackers have developed sophisticated techniques for setting up fake and scam websites, so it’s difficult to identify these fraudulent sites. However, by learning a little more about these techniques you can learn how to identify fake and scam websites.

What Do You Need to Look Out For?

There are a number of tell-tale signs adopted by fake and scam websites, so make sure you take note of the following when browsing online:

  • Always Check the URL: The address bar of your browser is one of the most important tools at your disposal when trying to identifying a fake website. The URL listed in the address bar may look genuine, but it’s crucial that you always look a little closer. A URL may read, for example, bankofamerica.com.authorization-process.com and look genuine due to the first part of the URL. But, on this occasion, bankofamerica.com is only acting as the sub-domain. The domain that you have actually visited is authorization-process.com. 
  • Secure Connections: You should only ever visit websites that have secure connections. This security is indicated by either a HTTPS prefix on a URL or the presence of a padlock image next to the URL. Without these indicators then the connection will be unsecured and your data can easily be viewed. Naturally, a genuine website will always deliver these security indicators, so if these are not present then leave the website immediately. 
  • Search Out Trust Seals: Websites that are secure pride themselves on this achievement. And this hard work is rewarded in the form of trust seals which can take the form of Google Trusted Store, Norton Secured and GeoTrust logos. A website with these, and similar, logos is trustworthy. But it’s very easy for a hacker to copy one of these logos on to any website they want. Thankfully, most trust seals can be clicked on to display verified certificate information. If this does not appear then assume that the trust seals are faked. 
  • Check the Grammar: A genuine website will have been written and proofread by professionals. But a fake website will often be designed in a rush and by people whose first language is not English. And the result is a website full of spelling mistakes. So, if you believe you’re on PayPal, but see it mistakenly spelled as PayPal then you can rest assured you’re not on the genuine site. 
  • Too Many Ads: Online ads are part and parcel of life now. But sometimes it may seem as though there are too many on a website. And this is the calling card of a fake or scam website. The excess adverts popping up are often malicious in themselves, so if you experience more than two when loading up a new page you should tread carefully and begin analyzing the web page further.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2