The aim of most hackers is to be discreet, but there’s almost always a tell-tale sign they’re at work. You just have to know what you’re looking for.

Damage limitation is an essential part of cyber-security and, accordingly, the sooner you realize you’ve been hacked, the sooner you can get to work on rectifying the issue. Establishing that you’ve been hacked, however, isn’t always straightforward. Hackers are well known for their stealthy attack strategies, and, in many cases, you’re unlikely to realize that you’ve been hacked. You may, instead, simply think that your network is experiencing technical problems, and that’s why you can’t access your files, or why your PCs performance has ground to a halt. But you also need to consider that you may have been hacked.

How Do You Know You’ve Been Hacked?

There are several clear giveaways that your organization’s digital defenses have been breached, and here are five of the most sure-fire ways to know you’ve been hacked:

  1. Your Files are Encrypted: your day-to-day IT activity will likely center around the regular usage of files e.g. Word documents and Excel spreadsheets. But what happens when you can’t access these? Firstly, your organization’s productivity will plummet and, secondly, it could indicate that you’ve been the victim of ransomware. If your files are encrypted and a message is received demanding a ransom fee to decrypt them, then you’ve been hacked.
  2. Unusual Network Activity: regular traffic patterns should be easily identifiable on your network logs, but anything unusual should be closely scrutinized. Modern hacking methods often find malware communicating with remote locations to transmit information or download further malware. Therefore, any unknown locations that are delivering or receiving data from your organization need to be investigated.
  3. Persistent Pop-Ups: there’s nothing more irritating than a pop-up window when you’re trying to work on something. But when these are regularly popping up, when they shouldn’t be, there’s a good chance you’ve been hacked. Often, these pop-ups will try to convince you to perform an action, such as downloading an anti-malware app due to an infection on your PC. These, of course, are fake and are simply a devious strategy to get you to download further malware on to your PC.
  4. People Ask You If You’ve Been Hacked: one of the most obvious signs that you’ve been hacked is when people start asking you if you’ve been hacked. And this is because malware often hijacks email accounts to help spread spam. As a result, people you know – who are listed in your email address book – will be receiving spam messages direct from your email account. Naturally, these unusual messages will ring alarm bells with the recipients, and they are likely to check in with you to confirm if your email account has been hacked.
  5. Your Credentials are Available Online: hackers like to make money by harvesting valuable login credentials, these can then be sold to other hackers who want to breach security measures and gain quick, unauthorized access to private networks. Thankfully, applications such as Google’s Password Manager can warn you when these credentials turn up in password dumps, this is a good sign to immediately change all your passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


USB drives are vital parts of any IT system, providing external storage and simple file transfers. But they also run the risk of introducing malware to PCs.

We’ve talked in the past about USB drives which can completely destroy a PC, but this new threat is a little different. Believed to have been active in the digital wild since September 2021, Raspberry Robin (as it has been named by researchers) is a strain of malware loaded with a series of dangerous commands. Although it was first discovered in September 2021, researchers noted a sharp uptick in its activity during January 2022. Accordingly, like most malware, it’s likely that its activity will accelerate again in the future, so it’s crucial you know what to look for.

What is Raspberry Robin?

Despite sounding like a charming brand of candy, Raspberry Robin is far from sweet. Instead, it’s a form of malware which is delivered to its victims through an infected USB drive. Quite how Raspberry Robin makes its way onto these USB drives is a question which has security researchers scratching their heads. Regardless of this mystery, however, the fact remains that Raspberry Robin is there and it’s capable of causing digital chaos.

Once the infected USB drive is connected to an active PC, it uses this as a prompt to activate a shortcut link housed on the USB drive. This opens explorer.exe and, most importantly, MsiExec.exe which is used to install new programs in Windows. MsiExec.exe is then used to launch a communication channel to an external domain, from which it will receive malicious commands. Raspberry Robin also harnesses MsiExec.exe to install a malicious .DLL file, although it is yet to be established what the objective of this file is.

Another feature of Raspberry Robin’s attack strategy is to execute the Windows tool fodhelper.exe – this is used to manage features in Windows settings – and instruct rundll32.exe to, in turn, launch further malicious actions. These processes are executed with elevated admin privileges, yet do not require authorization from a User Account Control prompt. While this allows Raspberry Robin unauthorized privileges, it also highlights unusual behavior on a PC and can be used to identify the malware’s presence.

How Can You Avoid Raspberry Robin?

One of the simplest ways to minimize your risk against Raspberry Robin is to never plug unknown USB drives into a PC. Without scanning the drive thoroughly and securely, there is no way of knowing exactly what’s on there. And this can put your PC and indeed your entire IT network at risk.

Likewise, any new USB drives purchased by your organization should be tested by an IT professional on an offline network. This approach will prevent malware such as Raspberry Robin spreading throughout your IT network.

It’s also important that you practice good network monitoring. As Raspberry Robin communicates with external domains, significant traffic will be visible between your network and new, unknown locations. Identifying unusual traffic patterns such as this will allow you to investigate and take care of any concerns.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Security in business is paramount, and when it comes to IT networks it’s absolutely crucial. One of the best ways to protect your network is with a VPN.

With the number of cyberattacks in 2021 hitting new highs, protecting your IT network has never been more important. The sheer amount of secure data passing across a network in 2022 is remarkable. Accordingly, this data needs to be protected. Failure to do this will only lead to negative results: data leaks, compromised networks, and financial risk. While there are simple steps that your organization can implement, one of the strongest defense strategies is to put a virtual private network (VPN) in place.

What is a VPN?

VPNs have been around since the mid-1990s, but it wasn’t until the internet started to take off in the early-2000s that it became apparent they were necessary for businesses. Since then, they have grown in popularity with both organizations and domestic users. But what exactly is a VPN?

Well, imagine the private IT network you have at your organization. You will have full control over this network and be able to put the necessary security in place. However, what happens when one of your employees wants to connect to your network from a remote location? They won’t be able to connect directly to your network, they will need to use their own internet connection or a shared, public internet connection. As you will have no control over the security of this connection, there’s the potential for major problems.

Nonetheless, with a VPN in place, you can create a secure, encrypted connection between your remote employee and your network. Think of it as a tunnel between two points which is completely protected from any external forces. This allows data to be transferred from your network to a remote connection with peace of mind that it won’t be compromised.

The Business Benefits of a VPN

The benefits of connecting your private business network with external public networks is clear to see, but what are some of the other business benefits of a VPN? Let’s take a look:

  • Geo-locations: for a business with a global reach, the need for geo-independence with IT networks can be a necessity. Global locations, such as China, have much stronger internet access policies that you may be used to. And this can result in direct access to your organization’s network being blocked. However, a VPN will allow remote users in these locations to connect to your network as if they’re in the same state.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


You’d like to think that brand new IT equipment is as malware resistant as possible. But, as Lenovo has discovered, this isn’t always the case.

In a highly embarrassing move for the company, Lenovo has had to issue an announcement that more than 100 of their laptop models are at risk of BIOS vulnerabilities. And remember, Lenovo ship a lot of computers; in the first quarter of 2022, Lenovo shipped 18.3 million units. Therefore, the impact of these vulnerabilities has the potential to be huge.

Sadly, it’s not the first time that Lenovo has found themselves in this situation. A number of rookie errors have been made in the past such as preloading laptops with spyware and the Lenovo rootkit fiasco. Some may argue that a company of this size will always have their mistakes magnified, but the risk posed by these mistakes is significant. Accordingly, it’s important to understand what this risk is and how you can protect yourself.

What is a BIOS Vulnerability?

Once you turn a PC on, the first program to run is BIOS (Basic Input/Output System); its primary use is to start your PC and facilitate the movement of data between an operating system and any devices attached to the system e.g. keyboard, mouse and hard drive. BIOS is a crucial element of getting your operating system up and running; without BIOS, your PC simply won’t work.

We now know what BIOS is, but what does a BIOS vulnerability consist of? Well, a vulnerability is any flaw or weakness in a piece of hardware or software which can give hackers a helping hand. So, for example, with BIOS, there could be an internal control which has been coded in a way that hackers can disable security controls e.g. bypassing security certificates in a piece of hardware. This makes vulnerabilities very dangerous, particularly when the only people aware of them are the hackers.

What Have Lenovo Shipped Their Laptops With?

In total, three vulnerabilities have been discovered on Lenovo’s affected laptops. Two relate to drivers which, despite only being necessary during the laptop manufacturing process, have not been deactivated before shipping. This has granted hackers the opportunity to exploit user privileges and take control of affected machines. The final vulnerability also gives hackers elevated user privileges but also includes local access to the machine.

How Can You Protect Your Lenovo Laptops?

To check if your Lenovo laptop is one of the affected models, you should immediately head to Lenovo’s security bulletin. This will list the full range of models at risk and, thankfully, links to a patched copy of the BIOS firmware. Installing this will render the vulnerabilities redundant and ensure your laptop is safe.

Final Thoughts

Designing a PC is complex and it’s almost impossible to eliminate every single problem. However, some problems have a higher capacity for disaster. While the type of vulnerability present in the affected laptops is rarely exploited in the wild, the potential for damage remains. As ever, security patches remain the best way forwards with vulnerabilities, so ensure these are always installed as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Ophtek’s expertise and authority within the world of cybersecurity will be demonstrated at three cyber security conferences in 2022.

Every modern organization should prioritize IT as one of the most crucial elements of their day-to-day operations. Without suitable IT infrastructures in place, an organization’s scope for communication, productivity and security will be severely limited. Accordingly, Ophtek strives to turn these business aspirations into a reality for their clients. Ophtek’s success in this field has been the result of investing in talented employees and the careful stewardship of CEO Arash Shokouh.

The experience and knowledge that Ophtek has amassed over the last decade is invaluable. It’s a commodity which is severely in demand as, now more than ever, businesses need help navigating their way through cyber security issues and understanding the best IT practices to maximize productivity. And that’s why Arash Shokouh has been asked to present at three conferences in 2022 on cyber security.

Statement by President Biden on our Nation’s Cybersecurity.

A recent announcement from President Biden on the importance of Cyber Security highlights these issues:

“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.  I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.” Read his full statement here..

Cybersecurity and Infrasctucture Security Agency.

Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks.  For more information..

Where Will Arash Be Presenting?

Arash is due to speak at the following three conferences in 2022:

Given Arash’s diverse background as an inventor, holder of BS and MS degrees in computer engineering, status as a part-time professor in computer engineering and, of course, ownership of Ophtek, he is perfectly placed to share his wealth of cyber security knowledge.

Given the current landscape of cyber security, where ransomware and malware represent major, significant threats, Arash’s presentations will focus on addressing these issues and pointing towards a safer, more secure future for organizations. In particular, the content will be focused on:

  • Protecting your business from modern cyber threats and technology
  • Cyber security best practices for individuals and businesses
  • The future of IT best practices
  • Addressing cyber security compliance

The cumulative insights provided by these presentations promise to impart a strong understanding of cyber security to forward thinking businesses and Arash cannot wait to share his knowledge.

Read More