Based upon the Mirai botnet, a new botnet has emerged onto the digital landscape in the form of InfectedSlurs, and it’s helping to fuel DDoS attacks.  

Once again, the cause of infection behind InfectedSlurs attack are a number of zero-day vulnerabilities. These vulnerabilities – now identified as CVE-2023-49897 and CVE-2023-47565 – allowed InfectedSlurs to compromise both a series of WiFi routers and a QNAP network video recorder. The potential for data loss here is huge, but InfectedSlurs also makes sure that it hijacks infected devices and integrates them into a huge DDoS swarm. 

The InfectedSlurs Attack 

It’s believed that the attack by InfectedSlurs involved vulnerabilities which should have been addressed by firmware updates released several years ago. However, many organizations appear to still be using legacy versions of the QNAP software. And this is what’s allowed them to be compromised. It’s also been revealed that InfectedSlurs has been running in the digital wild since late 2022, so it’s had close to a year to take advantage of legacy versions. 

A security patch was launched at the start of December 2023, to provide the strongest possible protection, and users were told to perform a factory reset alongside a password change. Users have also been advised to initiate a firmware update, found within the network video recorder settings, to ensure they have the latest and most secure version in place. Again, it’s been recommended that all passwords and access privileges are verified. 

However, for the older, legacy devices which are in their end-of-life phase, there will be no further firmware updates released. In these instances, users have no alternative but to replace their devices with the latest models, which will be fully patched against all known threats. 

How Can You Prevent These Attacks? 

There are two big takeaways from the InfectedSlurs attack: 

  1. Always install software updates as soon as possible 
  1. Replace legacy devices when they have reached their end-of-life phase 

Both these points are easy to implement, but the evidence of the InfectedSlurs attack proves this is not always undertaken by organizations. However, to protect the security of your IT infrastructure, it’s crucial that this is given priority. 

InfectedSlurs was also able to execute its attack for close to a year without being detected, so what else should you be looking out for? Well, the following signs may indicate that you have fallen victim to an attack: 

  • Slow performance: one of the telltale signs of being involved in a DDoS attack is a drop in performance from the infected PC. This is because all the processing power is diverted away from the PC’s day-to-day operations and dedicated to supporting the DDoS attack. Therefore, if your PCs are running slow, and you can’t pinpoint the cause to hardware issues, there’s a chance they may have become involved in a DDoS attack. 
     
  • Unusual server patterns: if your PCs have been integrated into a DDoS swarm, it’s likely this will result in abnormal spikes in traffic related to your server. This is because DDoS attacks usually involve high volumes of traffic from multiple sources at once. So, if your server logs indicate behavior such as this, it’s important you investigate immediately to identify if the cause is known. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


A new strain of malware called Agent Raccoon has been discovered, and it appears to have been launched by nation-state threat actors.

A wide range of different organizations – based in sectors such as education, government, non-profit, and telecommunications – have fallen victim to Agent Raccoon. And these organizations aren’t based purely in the US, with attacks also discovered in African and the Middle East. Clearly, Agent Raccoon is an ambitious piece of malware and, given the nation-state approach of the attack, it’s one to be on your guard against.

How Does Agent Raccoon Work?

Although the exact identity of the threat actors behind Agent Raccoon remains unknown, security researchers have been able to detail how the malware works. Disguised as either a Microsoft OneDrive Update or Google Update, Agent Raccoon tricks unwitting victims into downloading an executing it. Once initiated, Agent Raccoon launches its backdoor attack. Using Domain Name Service protocols, Agent Raccoon can communicate directly with the command-and-control server set up by its creators.

Primarily, Agent Raccoon focuses its malicious attention on three main areas:

  • Opening up remote access to the infected PC
  • Incoming and outgoing file transfers
  • Remote command execution

However, Agent Raccoon’s activities do not appear to be set in stone. Researchers have discovered numerous variants of Agent Raccoon, suggesting that the threat actors are regularly updating it.

Can Agent Raccoon Be Stopped?

Agent Raccoon isn’t the most persistent piece of malware to have been developed, but it remains a major problem for those that it infects. As ever, maintaining strict security practices is vital for protecting your IT infrastructure. Accordingly, you need to make sure that all members of your organization are fully versed in the following:

  • Question all emails and links: even if an email appears to have been sent by a trusted source, this can easily be faked. Therefore, all incoming emails should be scrutinized closely. This means hovering your mouse cursor over any links to reveal their true destination, double checking email addresses to confirm they are correct and not a close variation, and contacting the sender of emails to double check they are genuine.
  • Only accept updates from genuine sources: software updates are an important aspect of PC security but should only even be downloaded directly from the developer. Online adverts and emails suggesting that you download these from alternative sources should never be trusted. Often, the files at the heart of these downloads are nothing but malware. So, stick to legitimate downloads and rest assured that they will be safe.
  • Monitor network traffic: Agent Raccoon communicates with a remote server and also transmits significant amounts of data. This means that you should be monitoring your network activity for any unusual traffic. If, for example, an unknown destination regularly starts connecting with your network, it could be a sign that your network has been compromised. In these situations, connections to this destination should be terminated and fully investigated.

For more ways to secure and optimize your business technology, contact your local IT professionals

Read More


The everchanging world of IT and business means that optimizing your resources has never been more important. But how do you do this effectively? 

Resource management is vital for maintaining IT operations, one small mistake and you could find your IT systems completely derailed. This means a drop in productivity, one which your competitors will be able to seize upon. But this doesn’t have to happen. Instead, you can prepare for all your potential needs and scenarios. This will ensure your organization can balance its resources and maintain a productive IT infrastructure. 

What is Capacity Planning? 

Naturally, you want your IT systems to be able to handle your existing workload, but it’s crucial they’re also optimized to deal with future demand. Accordingly, you need to be able to evaluate your current IT resources and confirm they’re suitable for your existing needs. After this, you need to forecast what your future needs are likely to be, and this can be achieved by identifying market trends or preparing for changes in demand e.g. winning new contracts. And this is exactly what capacity planning is. 

Which Resources Should You Be Looking At? 

The number of different IT resources in use at any one business are wide and varied. Nonetheless, when you’re working on a capacity planning strategy, it makes sense to concentrate on these areas first: 

  • Networks: with remote working becoming more popular, it’s important for your IT networks to be able to deal with multiple remote connections. After the lessons learned during the pandemic, where the technical demands of remote working were suddenly laid bare, organizations need to be ready. As a result, upgrading network infrastructures to deliver seamless connectivity to remote workers is paramount. 

Final Thoughts 

As the business landscape moves further into the 2020s, mastering capacity planning with IT resources should represent an essential target for all businesses. If you want your organization to achieve optimal performance and navigate the challenges of IT successfully, your capacity planning needs to start today. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


Be aware, your files are under threat from a new variant of the Phobos ransomware. And it’s being distributed by threat actors using the SmokeLoader trojan.  

The Phobos ransomware was first detected in 2017 and, since then, has gone on to be used in numerous cyber-attacks. This new variant, however, is slightly different and more sophisticated than previous incarnations. The threat actors behind the new variant are believed to be the same team behind the 8Base ransomware syndicate, a powerful cybercrime operation

As you know, any form of ransomware is dangerous, but one which is as clever and cunning as Phobos requires special attention. Luckily, Ophtek are here to provide you with all the advice you need. 

The SmokeLoader Campaign 

The SmokeLoader trojan is typically used to deliver the 8Base team’s variant of Phobos. A trojan is employed as the launchpad as Phobos, on its own, does not have the capability to breach a PC’s defenses. SmokeLoader operates by disguising itself within spam email campaigns and relies on social engineering techniques to unleash its malicious payload. Once SmokeLoader has been activated, it begins loading the Phobos ransomware. 

And Phobos presents a very persistent and effective threat. It starts by identifying target files and automatically ends any processes which are accessing the files. From here, Phobos’ next step is to disable the PC’s system recovery tool, which ensures the victim is unable to roll back their PC to a pre-infection stage. Finally, before encrypting any files, Phobos makes a point of deleting any backups and shadow copies. Rest assured that Phobos doesn’t want to give you any chance of retrieving your files without paying a ransom. 

What’s notable about this strain of Phobos is its encryption speed. Instead of fully encrypting all files, it only focuses on completing this on files under 1.5MB in size. Anything over this file size is only partially encrypted. Phobos alerts its victims to its encryption activities by issuing a ransom note on the infected system. This ransom note explains that the only way to decrypt the files is by making a payment in Bitcoin. And this payment is dependent on how quickly contact is made. 

Staying Safe from SmokeLoader and Phobos 

The financial damages arising from ransomware continue to rise and rise, so it’s crucial that you keep one step ahead of these attacks. The best way to stay safe is by following these best practices: 

  • Understand social engineering: the Phobos attack, and many other ransomware attacks, are only able to initiate themselves due to victims falling for social engineering scams. Therefore, it’s vital your staff understand what social engineering is and how to combat it. For example, if an email sounds too good to be true, it probably is. And the best thing to do with a suspicious email is to take a deep breath and think long and hard before clicking any links. 

For more ways to secure and optimize your business technology, contact your local IT professionals

Read More


Modern businesses are constantly looking to reduce their carbon footprint. One of the best ways to achieve this is with a greener IT environment. 

When it comes to the environment, digital data comes at a cost. Therefore, it’s important for businesses to evaluate their practices in order to reduce their impact on the environment. This is known as Green IT, a study and practice of the ways in which IT usage can be more environmentally friendly and sustainable. However, for many organizations, their adoption of eco-friendly practices tends to be focused on manufacturing and service elements. 

How Do You Develop Sustainable IT Practices? 

If you want to reduce the carbon footprint of your IT operations, you should start making changes in these areas: 

  • Cloud computing: one of the best ways to reduce your impact on the environment is by embracing the cloud. Due to superior hardware setups, cloud data centers use less energy than traditional in-house data solutions. And the savings are seriously impressive. It’s estimated that cloud computing can improve energy efficiency by up to 93% and, in the process, release 98% fewer greenhouse gases. 
     
  • Dark data: all businesses carry and store huge amounts of data, but does it all need to be kept? Data which is stored, but not required is referred to as dark data. Therefore, if you’re using cloud data centers, which are responsible for 2.5% of carbon dioxide emissions, to store dark data, you’re putting an unnecessary strain on the environment. The solution here is to evaluate your data governance policies and develop strategies for disposing of dark data. 
     
  • Turn your PCs off: many employees fail to shut their PCs down at the end of the day. This is the result of wanting to get home and, of course, saving time the next day when they’re logging on. However, leaving a PC running overnight not only produces carbon emissions but also shortens the lifespan of the device. This means that you are more likely to have to replace the machine, contributing towards environmental damage. Accordingly, your employees need to be educated on the importance of shutting their PC down. 
     
  • Outsourcing: if your business experiences a surge in demand, you don’t have to buy additional equipment to cope with the increased workload. Instead, you can outsource this workload, such as to a call center, to manage the demand. After all, this surge in activity may be short lived, and outsourcing represents a sustainable and more affordable option. Remember, anything which reduces the sale of new hardware will only have a positive effect  
    on the environment. 
     
  • Remote working: advances in IT technology mean that any employee with a high-speed internet connection can seamlessly connect with your IT infrastructure from home. This means a reduction in not just emissions from travel, but also a number of energy saving costs in your office. As a result, allowing employees to work from home will easily enhance your green credentials and reduce your carbon footprint. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

1 8 9 10 11 12 58