The everchanging world of IT and business means that optimizing your resources has never been more important. But how do you do this effectively? 

Resource management is vital for maintaining IT operations, one small mistake and you could find your IT systems completely derailed. This means a drop in productivity, one which your competitors will be able to seize upon. But this doesn’t have to happen. Instead, you can prepare for all your potential needs and scenarios. This will ensure your organization can balance its resources and maintain a productive IT infrastructure. 

What is Capacity Planning? 

Naturally, you want your IT systems to be able to handle your existing workload, but it’s crucial they’re also optimized to deal with future demand. Accordingly, you need to be able to evaluate your current IT resources and confirm they’re suitable for your existing needs. After this, you need to forecast what your future needs are likely to be, and this can be achieved by identifying market trends or preparing for changes in demand e.g. winning new contracts. And this is exactly what capacity planning is. 

Which Resources Should You Be Looking At? 

The number of different IT resources in use at any one business are wide and varied. Nonetheless, when you’re working on a capacity planning strategy, it makes sense to concentrate on these areas first: 

  • Networks: with remote working becoming more popular, it’s important for your IT networks to be able to deal with multiple remote connections. After the lessons learned during the pandemic, where the technical demands of remote working were suddenly laid bare, organizations need to be ready. As a result, upgrading network infrastructures to deliver seamless connectivity to remote workers is paramount. 

Final Thoughts 

As the business landscape moves further into the 2020s, mastering capacity planning with IT resources should represent an essential target for all businesses. If you want your organization to achieve optimal performance and navigate the challenges of IT successfully, your capacity planning needs to start today. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


Be aware, your files are under threat from a new variant of the Phobos ransomware. And it’s being distributed by threat actors using the SmokeLoader trojan.  

The Phobos ransomware was first detected in 2017 and, since then, has gone on to be used in numerous cyber-attacks. This new variant, however, is slightly different and more sophisticated than previous incarnations. The threat actors behind the new variant are believed to be the same team behind the 8Base ransomware syndicate, a powerful cybercrime operation

As you know, any form of ransomware is dangerous, but one which is as clever and cunning as Phobos requires special attention. Luckily, Ophtek are here to provide you with all the advice you need. 

The SmokeLoader Campaign 

The SmokeLoader trojan is typically used to deliver the 8Base team’s variant of Phobos. A trojan is employed as the launchpad as Phobos, on its own, does not have the capability to breach a PC’s defenses. SmokeLoader operates by disguising itself within spam email campaigns and relies on social engineering techniques to unleash its malicious payload. Once SmokeLoader has been activated, it begins loading the Phobos ransomware. 

And Phobos presents a very persistent and effective threat. It starts by identifying target files and automatically ends any processes which are accessing the files. From here, Phobos’ next step is to disable the PC’s system recovery tool, which ensures the victim is unable to roll back their PC to a pre-infection stage. Finally, before encrypting any files, Phobos makes a point of deleting any backups and shadow copies. Rest assured that Phobos doesn’t want to give you any chance of retrieving your files without paying a ransom. 

What’s notable about this strain of Phobos is its encryption speed. Instead of fully encrypting all files, it only focuses on completing this on files under 1.5MB in size. Anything over this file size is only partially encrypted. Phobos alerts its victims to its encryption activities by issuing a ransom note on the infected system. This ransom note explains that the only way to decrypt the files is by making a payment in Bitcoin. And this payment is dependent on how quickly contact is made. 

Staying Safe from SmokeLoader and Phobos 

The financial damages arising from ransomware continue to rise and rise, so it’s crucial that you keep one step ahead of these attacks. The best way to stay safe is by following these best practices: 

  • Understand social engineering: the Phobos attack, and many other ransomware attacks, are only able to initiate themselves due to victims falling for social engineering scams. Therefore, it’s vital your staff understand what social engineering is and how to combat it. For example, if an email sounds too good to be true, it probably is. And the best thing to do with a suspicious email is to take a deep breath and think long and hard before clicking any links. 

For more ways to secure and optimize your business technology, contact your local IT professionals

Read More


Modern businesses are constantly looking to reduce their carbon footprint. One of the best ways to achieve this is with a greener IT environment. 

When it comes to the environment, digital data comes at a cost. Therefore, it’s important for businesses to evaluate their practices in order to reduce their impact on the environment. This is known as Green IT, a study and practice of the ways in which IT usage can be more environmentally friendly and sustainable. However, for many organizations, their adoption of eco-friendly practices tends to be focused on manufacturing and service elements. 

How Do You Develop Sustainable IT Practices? 

If you want to reduce the carbon footprint of your IT operations, you should start making changes in these areas: 

  • Cloud computing: one of the best ways to reduce your impact on the environment is by embracing the cloud. Due to superior hardware setups, cloud data centers use less energy than traditional in-house data solutions. And the savings are seriously impressive. It’s estimated that cloud computing can improve energy efficiency by up to 93% and, in the process, release 98% fewer greenhouse gases. 
     
  • Dark data: all businesses carry and store huge amounts of data, but does it all need to be kept? Data which is stored, but not required is referred to as dark data. Therefore, if you’re using cloud data centers, which are responsible for 2.5% of carbon dioxide emissions, to store dark data, you’re putting an unnecessary strain on the environment. The solution here is to evaluate your data governance policies and develop strategies for disposing of dark data. 
     
  • Turn your PCs off: many employees fail to shut their PCs down at the end of the day. This is the result of wanting to get home and, of course, saving time the next day when they’re logging on. However, leaving a PC running overnight not only produces carbon emissions but also shortens the lifespan of the device. This means that you are more likely to have to replace the machine, contributing towards environmental damage. Accordingly, your employees need to be educated on the importance of shutting their PC down. 
     
  • Outsourcing: if your business experiences a surge in demand, you don’t have to buy additional equipment to cope with the increased workload. Instead, you can outsource this workload, such as to a call center, to manage the demand. After all, this surge in activity may be short lived, and outsourcing represents a sustainable and more affordable option. Remember, anything which reduces the sale of new hardware will only have a positive effect  
    on the environment. 
     
  • Remote working: advances in IT technology mean that any employee with a high-speed internet connection can seamlessly connect with your IT infrastructure from home. This means a reduction in not just emissions from travel, but also a number of energy saving costs in your office. As a result, allowing employees to work from home will easily enhance your green credentials and reduce your carbon footprint. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


Threat actors have turned to Facebook ads to unleash NodeStealer on unsuspecting victims, and they’re using scantily clad women to achieve this. 

Facebook is no stranger to finding its ad network compromised to spread malware, but what’s interesting about this latest campaign is that it primarily targets males. At the core of this attack is NodeStealer, a strain of malware which has been active for several months. However, NodeStealer has changed. At the start of its existence, it was designed in JavaScript, but it’s now being coded with the Python programming language. 

NodeStealer is part of a wider campaign, believed to have its origins in Vietnam, to steal sensitive data, and it’s more than worthy of your attention. 

How Does NodeStealer Target its Victims? 

Using marketing strategies almost as old as time, the threat actors behind NodeStealer have used the provocative lure of female flesh to entice their victims. Taking advantage of the massive reach of Facebook’s ad network, these threat actors have created adverts which contain revealing photos of young women. The objective of these adverts is to encourage people to click on them, a process which will download an archive of malicious files. 

One of these files is called Photo Album.exe but, far from containing any photos, it simply downloads a further executable file which unleashes NodeStealer. With NodeStealer running rampant on an infected system, it will begin harvesting login credentials and, in particular, it will attempt to take control of Facebook business accounts. With further business accounts compromised, NodeStealer can launch even more malicious ad campaigns and spread itself further. 

Stay Safe from the Threat of NodeStealer 

NodeStealer is a classic example of malware deceiving its victims to achieve its goal. And it’s not surprising to hear that the 18 – 65 male demographic have made up the majority of its victims. Regardless of the bait, however, NodeStealer provides us with a number of interesting lessons to learn. The most important takeaways should be: 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


Malware and flies share one thing in common: they’re pesky. However, while flies help the ecosystem, the Striped Fly malware is nothing but trouble. 

Striped Fly has recently hit the headlines, but Kaspersky has revealed they’ve found evidence of its malicious activity dating back to 2017. Unfortunately, no one had been aware of its true identity until now. This means Striped Fly has enjoyed a five-year campaign where not even a single security researcher knew of its existence. And Kaspersky estimate that this invisibility has allowed it to infect over one million Windows and Linux hosts.  

In 2017, Striped Fly was mistakenly labelled as a cryptocurrency miner, falling under the Monero trojan family. Subsequent findings, however, have revealed that Striped Fly is much more sophisticated. 

What is Striped Fly?

Striped Fly’s exact mechanism is not fully understood at present, but researchers believe they know how it operates. It’s suspected that the threat actors exploited an EternalBlue SMBv1 exploit to gain a foothold in internet facing PCs. After discovering evidence of Striped Fly within the WININIT.exe application – used to help load subsystems within Windows – Kaspersky determined that it then downloads further files. 

These files typically come from online software depositories such as GitHub and BitBucket. These are used to build the final Striped Fly payload. Cleverly, Striped Fly comes with Tor network capabilities to encrypt its communications. Tor, of course, is an internet router service used to encrypt data transferred over its network. And this is part of the reason why Striped Fly remained hidden for so long. 

The main talking point about Striped Fly is its sophistication and wide range of functions. Striped Fly is capable of harvesting login credentials, taking unauthorized screenshots of infected devices, stealing Wi-Fi network configuration details, transferring files to remote sources, and recording microphone output. Clearly, it poses a significant threat to all PC users. 

Swatting Striped Fly Away 

Striped Fly’s half-decade long campaign has proved to be highly successful. Accordingly, your organization needs to be on its guard against Striped Fly and any similar threats. Kaspersky hasn’t revealed a specific fix for Striped Fly but, as ever, vigilance and good security practices are key. So, make sure the following is part of your established cybersecurity strategy: 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More