multi factor authentication Archives

A recently discovered vulnerability appears to allow threat actors to hack into your Google account, even if you change your password.

Given that there are 1.8 billion people actively using Gmail, it should come as no surprise that Google accounts represent a mouthwatering target for hackers. Google claims that their users are protected by world-class security and, on the whole, it is a secure system. No infrastructure, however, is 100% safe. Threat actors are industrious individuals and won’t rest until they’ve tried every avenue to compromise a system. Unfortunately, for Google and its users, this is exactly what’s happened.

Losing Control of Google

Google accounts are highly valuable to their owners. Packed full of apps such as Gmail and Google Drive, there’s a lot of personal data involved. A new vulnerability, attributed to a flaw in Google cookies, gives access to these accounts over to threat actors. Worst of all, this can be achieved time after time. Sure, you can try changing your password, but they will still be able to unlock your account.

The attack starts when a user unwittingly allows malware to be installed on their PC. This malware then gets to work by searching for and identifying any Google login tokens, which are typically stored in the application’s local database. These stolen tokens can then be used to trick Google’s API interface.

One of the main duties of a Google API is to help sync the various Google services across one account. So, for example, if you were logged into Google Drive, you wouldn’t have to log into Gmail as well. The threat actors exploit a vulnerability with Google cookies to create new cookies which can be used to gain unauthorized access to the compromised account. And this trick can be completed multiple times. Changing your password, naturally, would be the simple choice here. But even doing this still grants the hacker one more chance to access your account.

The vulnerability in question is currently being sold by threat actors online, with at least six hacking groups advertising it. These threat actors also claim that that this vulnerability has been redesigned to tackle the efforts Google has taken to shut this exploit down.

Keep Your Google Account Safe

No one wants to lose their Google account, aside from the loss of personal data, there’s also the sheer inconvenience of having to create a new account and updating any services associated with your original account. Accordingly, make sure you play safe by following these best practices:

Use multi-factor authentication: at present, Google hasn’t revealed whether multi-factor authentication will prevent this vulnerability from seizing control of your account. However, if you don’t have it activated, you need to make this a priority as it’s one of the simplest ways to add extra security to your account.

Do not download suspicious software: the first stepping stone for the threat actors to compromise your Google account involves installing malware on your PC. This gives them a foothold to begin stealing your Google login tokens. Therefore, you need to remain vigilant as to the software you’re downloading. The most obvious question to ask here is whether the download comes from an official source.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Safeguarding Your Business Against Social Engineering

complex passwords, malware, multi factor authentication, Ophtek, Phishing Email, Ransomware, social engineering, vulnerabilitycomplex passwords, malware, multi factor authentication, Ophtek, phishing, ransomware, social engineering, vulnerabilityOphtek, LLC

Dec 2023

One of the biggest threats to your organization’s IT comes in the form of social engineering attacks. Therefore, you need to keep your business protected.

In the digital age, there are many threats to your IT infrastructure. These can include ransomware, software vulnerabilities and malware. However, perhaps the most dangerous, and easiest to launch, attack involves social engineering. This attack relies on exploiting human psychology to gain a foothold within a targeted network. In many ways, it’s an age-old deception strategy from the physical world, but simply transferred over to the digital world. This article looks deep into the world of social engineering and should provide you with a better understanding of how to safeguard your business.

What is Social Engineering?

The main objective of social engineering, for a threat actor, is to convince individuals that divulging sensitive information or performing network actions is the right thing to do. Often, this strategy relies on phishing emails. These are emails which are sent to targets and claim to have been sent from someone they know e.g. a work colleague or a supplier. However, what the threat actor is trying to do here is either extract confidential information – such as login credentials – or encourage the target to click a malicious link.

Get Your Team to Recognize Social Engineering

Social engineering attacks will always be targeted at your employees, so this means that you need to invest in educating your employees. While an IT induction represents a good opportunity to warn them of the telltale signs of social engineering, the sheer range of social engineering strategies requires something more intensive. Accordingly, regular training courses which are followed up with refresher courses are highly recommended. Even better, sending randomised ‘spoof’ phishing emails internally can indicate which employees require tailored training.

Strengthen Your Authentication Processes

If you want to add an extra layer of defense to your IT infrastructure, strengthening your authentication processes is an excellent way of achieving this. Not only will this thwart social engineering campaigns, but it will also protect you against almost all other security threats. Therefore, make sure you focus on the following:

Integrate password rules which require your employees to create complex passwords e.g. using a mixture of case types, numbers and symbols.

Bring in multi-factor authentication to help protect your employees’ existing login credentials and place a further obstacle in the way of unauthorized access.
Put a time limit on passwords and ensure that they have to be updated within a set time e.g. every two months.

Secure Your Communication Channels

Applications such as Microsoft Outlook and Teams have revolutionized the way that businesses communicate, but they also represent a rich source of data. With this in mind, you need to secure these communication channels against the threat of social engineering. Encrypting data flowing in and out of these applications is paramount to protect the type of data that social engineering is hungry for. So, use VPN’s where possible and make sure your employees avoid using their devices on public Wi-Fi.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Email Threads Are Being Hijacked to Spread Malware

attachments, email links, fake emails, Hijacks, multi factor authentication, Ophtek, Updatesattachments, email links, fake emails, Hijacks, multi-factor authentification, Ophtek, updatesOphtek, LLC

Apr 2022

A new method for spreading malware online has been discovered, and it involves taking advantage of email threads to deploy malware loaders.

Email threads can quickly build, especially if there are more than two participants. As such, it can be difficult to keep up with who is saying what and, crucially, who is attaching files to the thread. Accordingly, this creates the perfect scenario for threat actors to get involved and turn the situation to their advantage. And, as a result of a vulnerability in Microsoft Exchange servers, this is exactly what has been happening.

If you work in any modern organization, the chances are that you use email on, at least, an hourly basis to keep up to date with the rest of the world. Therefore, this new threat is one that you need to understand.

How Email Threads are Being Hijacked

This latest campaign is particularly deceptive and relies on the presence of unpatched Microsoft Exchange servers. This email service is commonly used by businesses to synchronize email between an Exchanger server and an email client e.g. Outlook. The vulnerability offered up by these unpatched servers allows hackers to harvest login credentials; the threat actors are then presented with the opportunity to illegally access specific email accounts. Once they are logged in, the hackers can view all the email threads that the account is involved with.

By viewing the various email threads, the hacker can then decide which is best to launch their attack through. All they have to do is choose an email thread and start replying to it. More crucially, they will also attach some infected attachments. These are packaged within a ZIP archive and comprise an ISO file which contains both a DLL file and an LNK file. Once the LNK file is activated, it will run the DLL file and activate the IcedID malware loader. IcedID is a well-known banking trojan which can steal financial information, login credentials and start the installation of further malware.

Protecting Your Emails

First and foremost, it’s vital that you install new updates as soon as they are available. This will instantly minimize the chances of vulnerabilities being exploited on your network. Fail to implement these upgrades, however, and you could fall victim to attacks such as the one we have been discussing. In addition to this, it also pays to take notice of the following:

Verify Any Email Attachments: if, in the middle of an email thread, a suspicious file attachment suddenly appears, verify it with the person it appears to have been sent by. However, do not do this over email; if the email account has been compromised then the hacker will simply confirm it is genuine. Instead, speak in-person or over the phone to the sender to get confirmation.

Use Multi-Factor Authentication: one of the simplest ways to reduce the impact of stolen login credentials is by strengthening the login procedure with multi-factor authentication. This approach will provide an extra layer of security and ensure that any threat actors will struggle to navigate their way through it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How Do You Secure a Server Room?

lock server room door, multi factor authentication, Ophtek, secure racks and cages, secure server room, server room video surveillance, Serverslock server room door, multi factor authentication, Ophtek, secure racks and cages, secure server room, servers, video surveillanceOphtek, LLC

Oct 2021

The backbone of any IT infrastructure is always the server room. It’s here that your most crucial IT tasks will be processed. And it needs to be secure.

A server room is a dedicated area within an organization which is used to house networking devices and storage servers. These are used to provide your business with the fundamentals of a fully functioning IT structure in the 21^st century. But, as with all elements of IT, security is paramount. The data storage, alone, represents a rich source of intrigue to outside parties. And the networking solutions contained within a server room offer a shortcut deep into an organization. The potential damage from a server room breach, therefore, is huge.

Securing Your Server Room

It’s important that you secure your server room to protect both yourself and your customers. Thankfully, it’s straightforward once you understand the basics of server room security. Make sure you carry out the following:

Always Use Locked Doors: The simplest step you can take to secure your server room is by ensuring that its doors are lockable. Using locks will instantly reduce access to a select few. And it’s vital that access is only allowed to those who need access. Your receptionist, for example, should have no need to hold a key to the server room. And neither should the marketing team. But your IT team should all have access to allow them to investigate any server issues.

Use Video Surveillance: A locked door may stop people gaining access to a server room, but it doesn’t necessarily stop people from trying to gain access. Intruders – or even rogue employees – could easily try to force their way in or pick the lock. The presence of a security camera, however, will not only act as a major deterrent, but it will monitor any attempts – no matter how minor – to breach the server room.

Secure Racks and Cages: The best way to organize your storage and networking servers is by using racks and cages. These structures will allow you to neatly store your devices and locate them quickly for maintenance. But these racks and cages need to be secure. Aside from the confidential data stored on these devices, the equipment typically housed in racks and cages is expensive. Accordingly, you will need to secure these housings to minimize the risk of your server equipment leaving the premises.

Multi-factor Authentication: One of the strongest security measures you can implement involves multi-factor authentication. The need for a key, for example, is a fantastic way to provide security. But what if you doubled this up with the need for a credential card or even a biometric input? This strategy minimizes the problems that can arise when a key is lost or stolen. Naturally, it may seem time consuming and expensive, but the enhanced security provided by multi-factor authentication is more than worth it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Category Archives: multi factor authentication