malware Archives - Page 5 of 19

Striped Fly Malware Infected 1 Million Hosts in 5 Years

install updates, malware, network security, Ophtek, screen attachments, secure firewall, Striped Flymalware, Ophtek, phishing, security, Striped Fly, updatesOphtek, LLC

Dec 2023

Malware and flies share one thing in common: they’re pesky. However, while flies help the ecosystem, the Striped Fly malware is nothing but trouble.

Striped Fly has recently hit the headlines, but Kaspersky has revealed they’ve found evidence of its malicious activity dating back to 2017. Unfortunately, no one had been aware of its true identity until now. This means Striped Fly has enjoyed a five-year campaign where not even a single security researcher knew of its existence. And Kaspersky estimate that this invisibility has allowed it to infect over one million Windows and Linux hosts.

In 2017, Striped Fly was mistakenly labelled as a cryptocurrency miner, falling under the Monero trojan family. Subsequent findings, however, have revealed that Striped Fly is much more sophisticated.

What is Striped Fly?

Striped Fly’s exact mechanism is not fully understood at present, but researchers believe they know how it operates. It’s suspected that the threat actors exploited an EternalBlue SMBv1 exploit to gain a foothold in internet facing PCs. After discovering evidence of Striped Fly within the WININIT.exe application – used to help load subsystems within Windows – Kaspersky determined that it then downloads further files.

These files typically come from online software depositories such as GitHub and BitBucket. These are used to build the final Striped Fly payload. Cleverly, Striped Fly comes with Tor network capabilities to encrypt its communications. Tor, of course, is an internet router service used to encrypt data transferred over its network. And this is part of the reason why Striped Fly remained hidden for so long.

The main talking point about Striped Fly is its sophistication and wide range of functions. Striped Fly is capable of harvesting login credentials, taking unauthorized screenshots of infected devices, stealing Wi-Fi network configuration details, transferring files to remote sources, and recording microphone output. Clearly, it poses a significant threat to all PC users.

Swatting Striped Fly Away

Striped Fly’s half-decade long campaign has proved to be highly successful. Accordingly, your organization needs to be on its guard against Striped Fly and any similar threats. Kaspersky hasn’t revealed a specific fix for Striped Fly but, as ever, vigilance and good security practices are key. So, make sure the following is part of your established cybersecurity strategy:

Install all updates: Kaspersky believe that Striped Fly was able to launch its initial attack thanks to a vulnerability it exploited. Therefore, installing all updates needs to be a priority for your organization. If there’s a hole in your defenses, you need to plug it. And a vulnerability represents a huge hole.
Screen all attachments: all email attachments should be screened as part of a vital defense process in protecting businesses against malware. Attachments can often contain a malicious payload such as phishing scams, cryptocurrency or trojans. Accordingly, employees should always know what to question before clicking an email attachment.
Use network security tools: installing firewalls and ensuring that your Wi-Fi networks are secured is a sure-fire way to protect yourself against the threat of malware. Striped Fly, after all, sought out Wi-Fi details and transmitted stolen files across compromised networks. With a secure firewall in place, this will reduce the likelihood of malware being able to operate effectively.

For more ways to secure and optimize your business technology, contact your local IT professionals.

LinkedIn Used to Spread DarkGate Malware

authenticator app, Corsair, DarkGate, Linkedin, malware, malware-as-a-service, Ophtekauthenticator app, Corsair, DarkGate, Linkedin, malware, malware-as-a-service, OphtekOphtek, LLC

Dec 2023

The threat of malware strikes the business world again, and this time it’s using LinkedIn to trick users into downloading the DarkGate malware.

LinkedIn is designed to help professionals connect with each other and build professional relationships. It’s proven to be wildly popular, with 950 million members currently registered on the platform.

But where there are huge numbers of users, there will also be large amounts of data. And this data is like catnip to threat actors. This is why fake LinkedIn posts have started appearing on the platform. These posts, as well as a campaign of direct messages, are far from informative for the users of LinkedIn. Instead, they are being used to trick LinkedIn users, primarily those who hold positions within the social media niche, to download malware.

Unveiling the Essentials of DarkGate on LinkedIn

Security experts have been aware of DarkGate since 2017, but it was considered a low-level threat due to its limited activity in the digital wild. However, this changed in June 2023, when its creator began selling it as Malware-as-a-Service package. Since then, a campaign using DarkGate has been launched by threat actors, believed to be working in Vietnam, which targets LinkedIn users.

Mostly, these users have consisted of social media managers operating in the US, the UK, and India. Using LinkedIn posts, or sending direct messages to targets, the threat actors propose that a job offer at Corsair is on the table. LinkedIn is a highly popular recruitment tool, so there’s nothing out of the ordinary with these initial contacts. However, the targets are encouraged into downloading malicious documents, such as a Word document containing a job description and a text file discussing salary details.

Within these documents are malicious links. Once clicked, these links lead to a series of scripts being launched which are used to build DarkGate. The malware’s first move is to start uninstalling security tools located on the infected system. DarkGate’s next step is to begin harvesting data from the compromised system. In particular, DarkGate appears to be targeting login credentials for Facebook business accounts, hence the focus on social media managers.

Protecting Your Credentials from DarkGate

If you’re a social media manager and regularly log on to LinkedIn, the advice is simple: stay away from any links relating to job offers for Corsair. Unfortunately, the threat actors are likely to change the details of their attack now that it’s started generating headlines. Nonetheless, you can still do the following to protect your credentials:

Never click unsolicited links: it’s important to be vigilant against unsolicited links, especially when they’re found in unsolicited direct messages. If you do receive direct messages, or even emails, containing unsolicited links, it’s best to delete them and block the sender.
Install all updates: clicking a malicious link can help threat actors exploit vulnerabilities within your PC, so you need to minimize the number of vulnerabilities which are present. The best way to achieve this is by always installing updates when prompted or making sure that automatic updates are activated.

Use an authenticator app: both LinkedIn and Facebook allow you to use an authenticator app to provide a further layer of security to your credentials. Most commonly, the sites in question will require you, after entering your login credentials, to enter a unique code generated by the app. This means that, if your login credentials are compromised, they will be next to useless to threat actors.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Safeguarding Your Business Against Social Engineering

complex passwords, malware, multi factor authentication, Ophtek, Phishing Email, Ransomware, social engineering, vulnerabilitycomplex passwords, malware, multi factor authentication, Ophtek, phishing, ransomware, social engineering, vulnerabilityOphtek, LLC

Dec 2023

One of the biggest threats to your organization’s IT comes in the form of social engineering attacks. Therefore, you need to keep your business protected.

In the digital age, there are many threats to your IT infrastructure. These can include ransomware, software vulnerabilities and malware. However, perhaps the most dangerous, and easiest to launch, attack involves social engineering. This attack relies on exploiting human psychology to gain a foothold within a targeted network. In many ways, it’s an age-old deception strategy from the physical world, but simply transferred over to the digital world. This article looks deep into the world of social engineering and should provide you with a better understanding of how to safeguard your business.

What is Social Engineering?

The main objective of social engineering, for a threat actor, is to convince individuals that divulging sensitive information or performing network actions is the right thing to do. Often, this strategy relies on phishing emails. These are emails which are sent to targets and claim to have been sent from someone they know e.g. a work colleague or a supplier. However, what the threat actor is trying to do here is either extract confidential information – such as login credentials – or encourage the target to click a malicious link.

Get Your Team to Recognize Social Engineering

Social engineering attacks will always be targeted at your employees, so this means that you need to invest in educating your employees. While an IT induction represents a good opportunity to warn them of the telltale signs of social engineering, the sheer range of social engineering strategies requires something more intensive. Accordingly, regular training courses which are followed up with refresher courses are highly recommended. Even better, sending randomised ‘spoof’ phishing emails internally can indicate which employees require tailored training.

Strengthen Your Authentication Processes

If you want to add an extra layer of defense to your IT infrastructure, strengthening your authentication processes is an excellent way of achieving this. Not only will this thwart social engineering campaigns, but it will also protect you against almost all other security threats. Therefore, make sure you focus on the following:

Integrate password rules which require your employees to create complex passwords e.g. using a mixture of case types, numbers and symbols.

Bring in multi-factor authentication to help protect your employees’ existing login credentials and place a further obstacle in the way of unauthorized access.
Put a time limit on passwords and ensure that they have to be updated within a set time e.g. every two months.

Secure Your Communication Channels

Applications such as Microsoft Outlook and Teams have revolutionized the way that businesses communicate, but they also represent a rich source of data. With this in mind, you need to secure these communication channels against the threat of social engineering. Encrypting data flowing in and out of these applications is paramount to protect the type of data that social engineering is hungry for. So, use VPN’s where possible and make sure your employees avoid using their devices on public Wi-Fi.

For more ways to secure and optimize your business technology, contact your local IT professionals.

A Remote Access Trojan (RAT) is one of the most common forms of malware you are likely to encounter, and it’s crucial you understand what they are.

It’s important for all organizations to be aware of the danger posed by a RAT in terms of cybersecurity. After all, a RAT could easily take down your entire IT infrastructure or compromise your business data. And all it takes is one mistake for your team to fall victim to a RAT. Due to the severity posed by RATs, we’re going to define what a RAT is, how they work, and the best way to defend and protect against this threat.

The Basics of a RAT

A RAT is a strain of malware which is designed to give threat actors unauthorized access and control over a victim’s PC from a remote location. This is always completed without the victim’s consent, a fact made possible by the stealthy nature of a RAT.

For a RAT to succeed, it first needs to infect the victim’s PC, and this can be achieved in the following ways:

Phishing emails may be used to send malicious attachments which, once opened, activate the RAT and allow it to access the PC it is on.
Malicious downloads may be activated by unsuspecting users who are downloading them from illegal file sharing websites.
If hardware and software is not updated regularly, there is a chance that vulnerabilities may be discovered which a RAT can exploit.

RATs are stealthy types of malware and this cloak of invisibility is put in place by changes that the RAT makes to system settings and registry entries. With this deception in place, a RAT is then able to communicate to a command and control (C&C) server located in a remote location. This C&C server allows the RAT to transmit stolen data and, at the same time, gives the threat actor the opportunity to send commands directly to the RAT.

Some notable examples of RATs are ZuroRat from 2022, NginRAT from 2021 and, more recently, the QwixxRAT attack. All of these examples share one key thing in common: their main objective is to cause digital chaos for all those who fall victim. Accordingly, your organization needs to understand how to defend themselves against these threats.

Detecting and Protecting Against RATs

Protecting your IT infrastructure is far from difficult. In fact, as long as you implement the following measures, it’s relatively easy:

Always update your antivirus and anti-malware software. These security suites have the potential to put a strong barrier in place and detect any incoming malware. However, they also rely on regular updates to keep up to date on the latest threats. Therefore, you need to make sure these are put in place to maximize your defenses.
Make sure that network monitoring solutions are implemented to combat unauthorized network access. This means that your IT team will be able to identify unusual network traffic patterns and take actions to shut this down.

Email and web filtering can seriously reduce your risk of falling victim to a RAT. These excellent pieces of software will analyze and block any malicious attachments before they have a chance to reach your email inbox.

For more ways to secure and optimize your business technology, contact your local IT professionals.

HiatusRAT Malware Returns with a Vengeance

HiatusRAT, malware, network, Ophtek, Security, Updateseducate, HiatusRAT, malware, network, Ophtek, security, updatesOphtek, LLC

Oct 2023

The HiatusRAT malware has re-emerged from its slumber to prove how resilient it is by targeting multiple organizations in Taiwan and the US.

As with most malware which is deemed successful in terms of its longevity, the threat actors launching HiatusRAT have ensured that it’s more powerful than ever. And, to strengthen its attack, they have redesigned it to escape detection. So far, the majority of the organizations targeted by this latest version of HiatusRAT have been based in Taiwan, but at least one US-based military system has also been attacked. And, with HiatusRAT seemingly operating at full throttle, it’s likely to spread even further.

Due to the potential danger contained within HiatusRAT, we’re going to take you through how it operates and how you can protect your organization.

The Lowdown on the Latest HiatusRAT Campaign

HiatusRAT was first detected back in March 2023, when it was discovered infecting the routers of various organizations in Europe and North and South America. This attack involved stealing data by hijacking email channels as well as installing a remote-access Trojan (RAT) on infected routers. It was an attack which led to significant data loss, but the malware’s activity soon dropped off. However, during this downtime, HiatusRAT has been refined and reconfigured.

Again, HiatusRAT appears to be targeting routers and similar networking devices. By redesigning HiatusRAT to target ARM and Intel hardware, the threat actors – who are currently unknown – have managed to enhance the potency of their malware. Operating with two types of servers – Tier 1 and Tier 2 – they have been able to use multiple IP addresses to transmit data to remote sources. As the attack has targeted at least one military system, it’s suspected that there may be a nation-state involved with the attack. However, as of now, security researchers have been unable to pinpoint the true motives outside of data theft.

Protecting Your Organization from HiatusRAT

You may not run an organization in the military industry, but RAT-based malware doesn’t tend to discriminate. Therefore, you need to be on your guard against HiatusRAT and other similar attacks. Remaining vigilant is crucial, and you can strengthen this vigilance by practicing the following:

Always install updates: many malware attacks are the result of an unpatched vulnerability giving threat actors free access to your IT systems. This means that installing updates, for every piece of software and hardware you use, is vital. It may feel like a time-consuming task in the short-term, but ultimately it could save your organization from data breaches and significant disruption.

Monitor network activity: HiatusRAT was observed to be transmitting data to a remote server for around two hours, and this is why monitoring network activity is so important. Occasionally, there can be a surge in network activity, but this is most often related to identifiable reasons and directed towards known destinations. However, anything out of the ordinary – such as unusual destinations and IP addresses – should immediately be investigated.
Educate your employees: one of the surest ways for malware to breach your IT infrastructure is through your employees. This means that strong IT induction programs need to be implemented and regular refresher courses conducted to solidify this knowledge.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 3 4 5 6 7 … 19 Next »

Category Archives: malware