malware Archives - Page 14 of 19

Five Signs That You’ve Been Hacked

Hacking, malware, Ophtek, Security, Security Threatshacking, malware, Ophtek, security, vulnerabilityOphtek, LLC

Dec 2020

Having your organization’s network breached is a major cyber disaster, so identifying a breach quickly is crucial. But how do you know you’ve been hacked?

Protecting your organizations networks and data is essential, but with the huge number of hacks taking place it’s not easy. And if a breach occurs this can cause multiple problems for your business such as data theft, ransomware demands and damaged networks. When it comes to these attacks then there’s one factor which is essential: speed. The sooner you realize you have been hacked, the sooner you can set about cleansing your system. Hackers may be evolving their methods to become even stealthier, but there are still certain tell-tale signs that you’ve been hacked.

You may not be aware of these indicators, so we’re going to share five signs that you’ve been hacked.

What Are the Signs of Being Hacked?

The most obvious indicators of your PC being hacked are the following:

Password Not Working: One of the simplest signs of falling victim to a hack is when your password isn’t working. Sure, there’s a chance that you’ve mistyped it or simply forgotten it, but alarm bells should start ringing if you’re convinced you’ve got it right. And, if you have activated two-factor authentication and this is also not working, it’s likely your login credentials have been breached.

Your Browser Keeps Redirecting: If you discover that your internet browser is behaving strangely then this is a sign you have been hacked. Your browser should, for example, open up with either your company home page or Google, but a hacked browser is likely to take you straight to a malicious website. Such a website will prompt you to download files in an attempt to infect your PC with malware. If this happens then you need to close the browser as soon as possible and advise an IT professional.

Your Anti-malware is Disabled: It’s unlikely that you will ever need to disable your anti-malware software, so any indication of this being disabled could signal a hack. After all, hackers want to make their life as easy as possible. Therefore, if they take control of your PC, the simplest way to download malware undetected is to disable your defenses. Make a point of regularly checking the status of your anti-malware software to stay safe.

A Mouse Cursor With a Mind of Its Own: Your mouse cursor should, if you’re not moving the mouse, stay still. You may occasionally get a small amount of movement from hardware issues, but any significant movement indicates a hack. If your PCs defenses have been breached then hackers can easily take control of your PC. And this can be evident from unauthorized activity taking place on the screen. So, if you find that applications are being launched without your permission, power off your PC and immediately get it investigated.

Your PC is Slowing Down: A PC can slow down when it’s processing multiple tasks at once, but one which is slowing down for no particular reason is one to be suspicious of. It could be, for example, that your PC has fallen victim to a botnet and your PCs processing power is being harnessed for attacks elsewhere. If, after restarting your PC, it continues to lag then it’s critical that you take the necessary measures to isolate that PC before looking deeper.

For more ways to secure and optimize your business technology, contact your local IT professionals.

PowerPepper Malware is the Master of Evasion

attachments, malware, Ophtek, PowerPepper, shell terminalsmalware, Ophtek, PowerPeppet, security, vulnerabilityOphtek, LLC

Dec 2020

There’s only one thing worse than malware and that’s malware which is difficult to detect. And PowerPepper is incredibly difficult to detect.

Discretion is one of the most crucial aspects of any form of hacking. A well-executed hack should remain invisible to the victim for as long as possible. Such a scenario allows a hacker to cause maximum damage and also gives them time to cover their tracks. Thankfully, good security practices should either eliminate this risk from happening or, where anti-malware apps are in place, provide an early warning. But hackers are well aware of these defenses and are constantly trying to outwit them.

The emergence of the PowerPepper malware demonstrates that hackers have (temporarily) succeeded in hiding their activities better than ever before.

What is PowerPepper?

PowerPepper, discovered and named by Kaspersky, is a new strain of malware which is believed to have been designed by hacking group DeathStalker. Active since 2012, DeathStalker has made a name for themselves by developing numerous strains of innovative malware. Complex delivery chains are their trademark, but what really stands out is their dedication to evading detection. And PowerPepper is the latest development in DeathStalker’s abilities.

First discovered in May 2020, PowerPepper allows hackers to carry out shell commands from a remote location. But what is a shell command? It’s not something that the average PC user will ever carry out, but a shell command allows you to control your computer by using commands entered with a keyboard through special apps such as Terminal. Naturally, this is a highly valuable app to exploit and DeathStalker have made sure that PowerPepper is not detected. It does this by filtering the clients MAC address, tailoring its processes to deceive anti-malware tools and evaluating mouse movements.

For PowerPepper to take hold, of course, it needs to get on to a victim’s PC. And it does this through a variety of spear phishing campaigns. These attacks utilize both malicious links and email attachments in a number of ways aimed at reducing detection e.g. hiding malicious code in embedded shapes in Word documents and using compiled HTML files to obscure malicious files.

How Do You Protect Your PCs?

PowerPepper has already gone through a number of changes since it was first discovered, so keeping on top of it is difficult for even the most knowledgeable PC user. However, there are plenty of preventative measures you can take:

Install all Updates: One of the surest methods to protect your PC systems is by ensuring all their software and hardware is up to date. This is easily achievable by installing all the relevant updates your system needs. The last thing that you want to present malware with is a back door entry point, so eliminate this by installing all updates.

Restrict Access to Shell Terminals: There’s little need for your PC users to have access to shell terminals, so it makes sense to restrict this access. By removing this privilege you are also removing the risk of hackers taking control of such a powerful app.

Be Wary of Attachments: Malware such as PowerPepper makes its way through the digital landscape thanks to a lack of vigilance on the part of PC users. This is most often demonstrated by opening malicious email attachments. Therefore, it’s crucial to evaluate all email attachments before opening them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Malware That Cannot Be Deleted

Kaspersky, malware, Ophtek, Security, Trojansmalware, Ophtek, security, trojanOphtek, LLC

Oct 2020

Removing malware threats from your PC is the simplest way to keep it safe from the attentions of hackers. But what happens when you can’t delete it?

Anti-malware software is fantastic at providing you with a means of removing malware from a PC. It can quickly scan your PC for threats and delete them with the minimum of fuss. But the ease with which malware can be removed has provided hackers with an appetizing challenge. What if they could create a strain of malware which couldn’t be deleted? It’s been the holy grail for malware developers since the first virus was created. And it’s a quest which has now been achieved.

A form of malware that cannot be deleted presents many problems for PC users, so let’s take a look at what it consists of.

The Invincible Malware

The unnamed malware was recently discovered by security giants Kaspersky and has left even them scratching their heads at its origin and construction. What they do know is that it’s a highly persistent threat and one that has been designed to resist deletion. It succeeds with this strategy as, rather than targeting a PC’s hard drive, it focuses its attack on a PCs motherboard. In particular, this new malware targets PC’s Unified Extensible Firmware Interface (UEFI). The approach of exploiting the UEFI is novel as it is involved in booting up a PC. Therefore, it is separate from your hard drive and will remain untouched by any operating system reinstalls.

Once the UEFI malware is in place it acts much like any conventional malware. Its first task is to create a Trojan file in the Startup folder under the name of IntelUpdate.exe. Without some in-depth investigation, the average PC user is unlikely to know this is even present. But even if it is noticed, and a user decides to delete it, the IntelUpdate app will simply reinstall once the PC is rebooted. And it’s an app which will cause your PC further troubles. IntelUpdate will not only install further malware, but it will spy on your PC activity and transmit data and files back to a command and control server which appears to be located in China.

How Do You Defeat the Undeletable?

The prospect of a malware strain which cannot be deleted may leave you wondering how you can ever be protected from it. Thankfully, it can be deleted, but not by conventional means. Security tools are now available from firms such as Kaspersky and Microsoft which scan firmware on PCs. It’s recommended that you upgrade your anti-malware tools to include this option to counter this new attack strategy. The means by which this latest malware is spread is currently unknown, but it’s recommended that you follow these security tips to maximize your defenses:

· Install all updates and patches as soon as your PC prompts you to do so · Practice vigilance when dealing with incoming emails which contain attachments and links · Make sure that your workforce understand how to create strong passwords

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Different Types of Malware to Look Out For

botnets, fileless malware, malvertising, malware, Ophtek, Ransomware, spywarebotnets, fileless malware, malvertising, malware, Ophtek, ransomware, spywareOphtek, LLC

Oct 2020

The world of malware is a complex one due to the sheer variety of forms it can take. And it’s these differences which make it difficult to deal with.

The term malware is generally used as an all-encompassing term to describe a piece of malicious software. But, over the years, many different strains of malware have emerged as hackers evolve their tools and techniques. These strategies are often put into action to help avoid detection, but sometimes these new strains are the result of changes in technology.

Regardless of the reasons for developing a new malware variant, the end result is the same: a threat to your PC.

It’s vital that these threats are countered to protect your networks and your data; the best way to secure this safety is by understanding the different types of malware.

Identifying the Most Common Malware Variants
It’s difficult to put a precise number on all the malware strains that are out in the digital wild, but these are five of the most common forms:

1. Ransomware: One of the most debilitating forms of malware, in terms of finance and productivity, ransomware has generated many headlines over the last few years. It’s a type of malware which infects PCs and encrypts crucial files. The only way to decrypt these locked files is by paying a ransom, usually demanded in an untraceable cryptocurrency, in order to obtain a key for their release.

2. Malvertising: We all find online adverts irritating, but usually all we have to do is either close or mute the advert. With malvertising, however, things are more sinister. A new take on malware, malvertising laces legitimate online adverts with malicious files . And what’s most troubling about this malware strain is that it doesn’t require any user action e.g. clicking on the advert. If the advert runs then the malware is active.

3. Botnets: Hackers like to strengthen their attacks and one of the simplest ways for them to achieve this is by infecting large numbers of PCs. By collecting together whole networks of PCs, a hacker can use these numbers, and associated processing power, to launch large attacks on other networks and websites. These botnets are created through malware attacks and are causing particular problems within IoT networks.

4. Spyware: Data is crucial to organizations and, due to its value, is also highly prized by hackers. Not only can data be used to access secure systems, but financial data is extremely valuable. Therefore, hackers are keen to steal this data; spyware represents one of the easiest methods of achieving this. Once a PC is infected with spyware it’s every action is monitored, logged and transmitted e.g. keystrokes are recorded to reveal sensitive login details.

5. Fileless Malware: One of the more recent developments in malware, fileless variants are exactly what they sound like: no files necessary. Fileless malware sidesteps the traditional route of operating within the hard drive and, instead, works within a PCs memory. This is a clever approach as anti-malware software concentrates on hard drive activity. From the relative safety of a PCs memory, fileless malware leaves little evidence of its presence.

For more ways to secure and optimize your business technology, contact your local IT professionals.

ATM Manufacturer Rocked by Malware Attack

ATM Attack, malware, Ophtek, SecurityATM Attach, malware, Ophtek, securityOphtek, LLC

Sep 2020

We all use ATMs on a regular basis and are well aware of the need for security when using them. But what happens when the manufacturer gets hacked?
The number of malware attacks and infections in 2020 are, as ever, exceptionally high. With Kaspersky blocking 726,536,269 attacks alone in the first three months it would be surprising if any PC has avoided the attentions of hackers. With a strong set of defenses, however, your PC should have remained safe and secure. But the same cannot be said for NCR Corporation, a manufacturer of ATMs. A lapse in security allowed their network to be breached by a piece of malware known as Lethic.

The fact that a major corporation’s defenses were breached is concerning enough, but what’s most troubling is that it’s located in the personal finance sector. Let’s take a look at what happened and see what we can learn.

How Did Lethic Attack NCR?

A series of computers located in a non-production lab, located outside of the US, owned by NCR have been found to be infected with the Lethic malware. Far from being a new form of malware, Lethic has been out in the digital wild since 2008. You may be wondering how such an old piece of malware can deceive modern defense systems and it’s a good question. To avoid detection, hackers simply alter the code of existing malware to change the structure detected by security systems. It’s a relatively quick method of coding which essentially gives the hacker a new piece of malware.

Lethic has, in the past, generally been used to wage spam campaigns. But it’s capable of much more thanks to its arsenal of trojan tools. These include the ability to download additional malware, data logging and remote access. This is the last thing that any company, especially one involved in ATM manufacturing, wants to leave itself open to. At the moment it’s not clear how Lethic breached NCR, but security firm Prevailion has confirmed that unauthorized data transmissions were detected for over six months. Thankfully, NCR have confirmed that the infected PCs were completely separate from any networks involved in developing ATM software or storing customer details.

Avoiding Malware Attacks

If Lethic had managed to find its way into the operating software for ATMs then NCR would have had a huge disaster on their hands. Nonetheless, all breaches need to be avoided. So, make sure that your organization always follows these best practices:

• Install Anti-Malware Software: While these systems can never claim to be effective against 100% of malware, a strong anti-malware app will stop the majority of malware in its tracks. This prevents data loss and network damage quickly and automatically.

• Think Before Clicking: Social engineering is a significant factor in deploying malware and this means that emails and the links they contain may not be what they seem. Therefore, always take the time to double check an email to confirm it is genuine.

• Always Update: Vulnerabilities in software provide the simplest route into a PC for a hacker. But you can shut off these routes by keeping on top of any software updates/patches. Always install these updates immediately to eliminate any vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 12 13 14 15 16 … 19 Next »

Category Archives: malware

What Are the Signs of Being Hacked?

What is PowerPepper?

How Do You Protect Your PCs?

The Invincible Malware

How Do You Defeat the Undeletable?

How Did Lethic Attack NCR?

Avoiding Malware Attacks