What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service, one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Despite experiencing a major obstacle a year ago, in the form of Google’s anti-malware efforts, the Glupteba malware is back.

First discovered in 2011, Glupteba is a veteran of the malware scene, although one which goes through periods of intense activity before disappearing for years at a time. A classic botnet, Glupteba has always focused on stealing data, but it has also made sure it has a backup plan in the form of targeting router exploits. Therefore, the news of its re-emergence is troubling for your IT infrastructure. And, given that Glupteba has been updated to be even stronger than ever before, you’re going to need to be on high alert.

Thankfully, we’re on hand to look at this malware and provide some critical advice on how to protect your organization.

Glupteba’s Latest Campaign

Following Google’s disruption of Glupteba’s botnet, which operated on the blockchain, Glupteba went quiet for several months. However, in June 2022 it was discovered that a new campaign had been launched, one which remains active as of this time of writing. Glupteba’s latest strategy targets Windows devices and has set its sights on harvesting data, using infected devices to mine cryptocurrency and setting up unauthorized proxies.

Glupteba is transmitted via traditional infection methods which include malicious installers (typically promoting themselves as free software installers) and through malvertising campaigns. As Glupteba is blockchain enabled, this gives it the ability to constantly change the command and control servers it uses. And, as it uses blockchain transaction data (which cannot be erased) to facilitate its attack, it’s very difficult to make a dent in the power of Glupteba’s botnet. These attacks often employ TOR services as well, a move which makes tracing the attacks next to impossible.

Staying Safe from Glupteba

One word in particular keeps being used when discussing Glupteba’s latest campaign: resilient. The source of its resilience comes from its design, one that uses deception and stealth to protect its operators and ensure it continues to spread. But this doesn’t mean you need to fall victim to Glupteba. If you make sure you follow good cybersecurity practices, you should be able to keep your IT infrastructure safe. All you have to do is:

  • Understand the threat of malvertising: the internet is full of malicious adverts, but there are ways you can make your PC safer. The simplest way to do this is by installing an ad-blocker, these will block both irritating and malicious adverts, so it’s a win-win situation. Malvertising is also known to use exploits to spread its payload, so you need to make sure your browsers are fully patched and up to date.
  • Monitor network activity: as Glupteba is a botnet, its operations are likely to lead to a spike in network traffic. And, if unauthorized proxies have been set up, this network activity is likely to go stratospheric. Therefore, you need to keep your network activity monitored to help you analyze any anomalies which may act as an early warning system.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Boxcryptor, which adds local encryption to files, is the perfect solution for ramping up file security. But now it’s being retired, where should you turn?

Starting its journey in 2011, Boxcryptor has spent over a decade providing enhanced security to cloud-based storage systems. And, for many organizations, it has proved to be a godsend in terms of file security. If, for example, you store files on a Google Drive account, they are secure to a certain degree. However, the problem is that Google still has access to the files. But this is where Boxcryptor has proved so useful, users are able to encrypt files stored in the cloud and prevent unauthorized access.

Unfortunately, since Boxcryptor was acquired by Dropbox, it has been announced that the Boxcryptor service will be discontinued. Accordingly, this has left its users scrambling for an alternative solution.

The Alternatives to Boxcryptor

It’s crucial that you retain control over the security of your files, especially those that are stored in the cloud with a third-party provider. Therefore, if you are currently using Boxcryptor, we would recommend looking into these alternatives: · Sync: Providing storage plans ranging from 1TB to unlimited storage, Sync represents a fantastic solution when it comes to storing files online. Users are able to store and share files securely thanks to the strong privacy put in place by Sync’s encryption methods. Not only can access be controlled on a granular level and expiry dates applied to specific files, but users of Sync are able to access these files from any location and on any internet compatible device.

  • IBM Security Guardium Data Encryption: IBM’s Security Guardium represents a useful alternative to Boxcryptor and comes packed full of security features. Capable of being used in databases including Microsoft SharePoint, SQL Server, Unix and NAS, Security Guardium offers high level encryption alongside multi-specific access privileges to meet the needs of your organization’s infrastructure. Security Guardium also prides itself on its real-time activity monitoring, a function which ensures that any unusual activity is instantly identified.
  • ESET Endpoint Encryption: a data security suite which promises to “protect your data, both at rest and in transit” Endpoint Encryption is an amazing option for replacing Boxcryptor. Endpoint Encryption has the capacity to encrypt not only individual files, but also entire drives to help maximize your file security. As well as encrypting files, Endpoint Encryption can also create virtual drives which are encrypted and the application’s server takes care of controlling access privileges.
  • Dell Encryption Enterprise: already known for having a reputable background in IT solutions, Dell bring their Encryption Enterprise application to the table as a viable alternative to Boxcryptor. Boasting military grade protection, Encryption Enterprise delivers a premier level of encryption through its Full Volume Encryption technology. This solution can be applied to both system drives as well as external drive, a situation which ensures your data is protected no matter where it’s located.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


With the end of 2022 fast approaching, it’s time to start looking ahead to the potential security threats that hackers are planning for 2023. 2022 has been another year packed full of ransomware, deceptive malware and unbelievable software vulnerabilities, so it should come as no surprise that more of the same lies ahead. However, threat actors are constantly evolving their techniques and strategies to stay one step ahead of your defenses. Accordingly, you need to make sure you’re keeping pace with their advances and, where possible, putting solutions in place ahead of any attacks being launched.

Preparing for cybersecurity threats in 2023 is vital if you want to keep your IT infrastructure safe for the next 12 months, so let’s look at what we’re likely to be fighting against.

What’s in Store for 2023?

There will be many threats during 2023 to look out for, but the 5 biggest cybersecurity threats you need to be aware of are:

Ransomware will push onwards and upwards: one of the biggest threats to cybersecurity over the last 10 years has been ransomware, and it’s a trend which will continue in 2023. In particular, it’s believed ransomware will move its focus towards cloud providers rather than single organizations, a move which will allow threat actors to target multiple organizations based within one platform. Additionally, due to the speed with which it can be completed, it’s likely ransomware will concentrate on file corruption as opposed to full encryption.

Artificial intelligence will become more important: whilst the potential for AI to help organizations is immense, it also has the capability to fuel cyberattacks. Polymorphic code, for example, uses AI to rapidly change its code, a skill which makes it perfect for malware to avoid being detected. AI learning is also likely to be used to help threat actors to sniff out software vulnerabilities, an opportunity which will allow hackers to focus their real-time activities elsewhere.

Internet of Things attacks to increase: the Internet of Things (IoT) is only going to get bigger during 2023 and, given the historical security issues with IoT devices, this is going to create a small-scale nightmare for your network. As a result, more emphasis is going to be needed when working with IoT devices due to the increased surface area for hackers to target e.g. regular updates and inventory checks. Supply chains to be targeted more and more: supply chain attacks are very dangerous, and 2023 is likely to see a further increase in the number of attacks launched. Much like IoT attacks, supply chain attacks open a large surface area to threat actors, a point underlined by the SolarWinds attack which exposed hundreds of organizations to a single attack. Therefore, it will be crucial that software and hardware being released is thoroughly checked by its manufacturers to avoid any security disasters.

Social engineering to start working with deepfakes: the danger of deepfakes has been well documented in the last five years, but it’s possible these are now going to be integrated into social engineering scams. Deepfakes are all about deception and, at their best, they are highly convincing. Consequently, they are perfect for adding legitimacy to emails and videos which, for example, may be pushing for you to take a call-to-action which is a smokescreen for downloading malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Companies in the US have recently found themselves under attack by the Qakbot malware, a campaign leading to numerous infections by Black Basta ransomware.

Black Basta is a ransomware group which first entered the digital waters in April 2022. Positioned as a Ransomware-as-a-Service (RaaS) group, Black Basta have been very busy in the months following their initial detection. Their attack strategy tends to focus on specific targets rather than hitting thousands of targets and hoping that some fall victim. Primarily, Black Basta have been observed to be using malware such as Qakbot and exploits including PrintNightmare to gain an initial point of entry to PC networks. From here, they ratchet up the chaos by installing ransomware.

Due to the financial risk associated with ransomware, it’s crucial your IT infrastructure is on high alert when it comes to the Black Basta attacks.

The Lowdown on Black Basta’s Campaign

At least 10 US-based companies have been attacked by Black Basta’s campaign in the last two weeks, and at the heart of its attack is a double-extortion method. Essentially, this strategy involves taking a standard ransomware attack (encrypting files and demanding a ransom) and adding further weight by threatening to publish the encrypted data on the dark web. Naturally, this is considered a very serious and aggressive threat, but exactly how does Black Basta take control of these networks in the first place? By launching a spear phishing attack, Black Basta is able to deliver a malicious disk image to unsuspecting victims which, if opened, activates Qakbot. This malware is then used to connect to a remote server and distribute Cobalt Strike, a legitimate piece of software which threat actors can use to set up numerous ‘beacons’ on a network. Once these beacons are established, Black Basta begins to steal credentials and launch ransomware attacks on the compromised network. A number of instances have also arisen where users are completely locked out of their network.

How to Protect Against Black Basta

This is far from the first ransomware attack to be launched, but it is considered a significant threat to PC users and the finances of organizations. Therefore, protecting your IT infrastructure against the Black Basta threat actors must be a major priority. As with most ransomware attacks you should be carrying out the following:

  • Be aware of social engineering: spear phishing attacks, such as those deployed by Black Basta, are incredibly deceptive and have the potential to hoodwink even the most vigilant employee. However, if your employees are encouraged to always take time to double check emails – e.g. links, uncharacteristic writing styles and unusual requests – then you will reduce your risk of falling victim to spear phishing.
  • Make multiple backups of your data: many organizations are forced into paying ransomware demands as it’s the only way to retrieve their valuable data. Backing up your data to multiple sources, however, ensures you have a copy of this data preserved. As a result, you can ignore the hackers’ demands and keep your finances looking healthier.
  • Install all updates: attacks similar to Black Basta’s recent campaign are often attributed to software vulnerabilities – such as the PrintNightmare exploit – so it makes sense to make sure all updates are installed as soon as they are available. It may feel like a small step to take, but it provides your IT network with a serious security boost.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More