Phishing Archives - Page 4 of 9

Interest in ChatGPT Related to New Malware Attacks

ChatGPT, cyber attacks, malware, Ophtek, Phishing, two-factor authenticationChatGPT, Cyber Attacks, malware, Ophtek, phishing, two-factor authOphtek, LLC

Jul 2023

The launch of ChatGPT and its accompanying headlines have been heard around the world. And threat actors are leveraging this interest to launch new attacks.

You don’t have to look hard to find a headline relating to ChatGPT, the latest and most intriguing AI service to be released to the public. Everyone has been talking about it and, of course, this also includes hackers. After all, anything which proves popular – such as social media and cryptocurrency – quickly becomes an attractive method of delivering malware. Now, while you and your business may not use ChatGPT daily, this latest campaign utilizes a few attack strategies you need to be aware of.

How Has ChatGPT Got Caught Up in Malware?

The massive interest generated by ChatGPT means that AI related apps are at the forefront of most internet users’ thoughts. As a result, threat actors have decided to turn this interest to their benefit with their most favored technique: deception. The attacks, which were discovered by Meta, the owners of Facebook, have involved 10 different malware families and, on Meta’s platforms alone, 1,000 malicious links relating to ChatGPT.

Two of the most notable strains detected, which appear to have originated from Vietnam hacking groups, are NodeStealer and DuckTail. NodeStealer is a JavaScript-based piece of malware which is used to steal cookies and login credentials. DuckTail, meanwhile, not only steals cookies, but also focuses on hijacking Facebook business accounts to access lucrative ad accounts. Both of these malware strains are typically spread and activated via infected files or links to malicious websites.

How Do You Stay Ahead of AI Malware?

The official and genuine ChatGPT site has already been used by threat actors to develop new malware, so there is already concern about how it can be compromised. And this latest attack, while not directly involving the app, certainly adds fuel to the fire. Deception, of course, is nothing new in the world of hacking. But the number of people who fall for the duplicitous schemes of hackers is astronomical. Therefore, you need to remain on your guard by following these best practices:

Educate yourself: Phishing scams and techniques are constantly evolving, so it’s important to understand the key basics of these attacks. Emails, for example, which include urgent or threatening language, requests for personal information, and suspicious URLs should never be trusted. Regularly educating yourself on these scams can help you avoid falling victim to malicious links and keep your online accounts secure.

Only download from safe sources: downloading files from unknown sources can put your PC at risk of malware, viruses, and other types of cyberattacks. Accordingly, only download files from reputable websites and avoid clicking on links from unknown sources. Also, emails which contain attachments, especially those from unknown senders, should immediately be quarantined. These precautions will help protect your PC and your organization’s wider IT infrastructure.

Use two-factor authentication: many of the malware strains identified in the latest round of ChatGPT-related attacks involve stealing credentials. Therefore, there’s never been a better time to implement a further layer of security in the form of two-factor authentication. While it won’t necessarily protect against session hijacks, two-factor authentication will significantly reduce the risk of unauthorized access to your accounts.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft’s OneNote Poses a Real Malware Risk

AsyncRAT, Formbook, OneNote, Ophtek, Phishing, QbotAsyncRAT, Formbook, OneNote, Ophtek, phishing, QbotOphtek, LLC

May 2023

Making notes is part and parcel of any working day, so it’s fantastic that we have apps such as Microsoft’s OneNote. Except when it opens you up to malware.

Part of the Microsoft Office suite, OneNote is an app which allows you to create notes and store them in one central location. Therefore, you can create text documents, drawings and tables on a blank canvas and then access them from any location. While it has proved popular with business users, it has also been readily adopted by threat actors for malicious means. And this is because OneNote also allows you to share its files – known as notebooks – with other users. Accordingly, malicious software has been able to spread.

How Has OneNote Been Compromised?

The malware risk with OneNote has been growing for some time and can be evidenced by the following attacks:

Qbot: Active in the digital landscape since 2007, Qbot began being passed around via OneNote notebooks in January 2023. These notebooks were distributed, at first, through a series of malicious spam email campaigns where embedded links redirected users to the malicious notebooks. However, it also turned out that existing email threads were being hijacked, with malicious notebooks being attached to trick the recipients. With Qbot activated, threat actors were able to steal data and download further malware.

AsyncRAT: Posing as Canadian fuel provider Ultramar, threat actors sent phishing emails to recipients which contained ‘invoices’ in the form of notebooks. These invoices, though, were far from genuine. In fact, all they contained was the AsyncRAT malware. And, once activated, AsyncRAT would provide remote access to threat actors. This means that they would have the power to steal data, download further malware onto infected systems and compromise networks.

Formbook: In December 2022, it was discovered that the information stealing malware Formbook had been at the heart of another OneNote campaign. Using phishing methods, the Formbook malware was observed as part of an email claiming to be a customer seeking a quote. The attached notebook file was used to activate a Windows Script File which, in turn, unleased Formbook’s malicious activity. Again, Formbook was primarily used as a data thief, stealing data from website forms, clipboards, and keystrokes.

Staying Safe from OneNote Attacks

With OneNote’s notebooks becoming a popular method for cyber-attacks, it’s crucial you understand how to deal with them. Therefore, make sure you practice the following:

Block notebook files: If your organization doesn’t use OneNote files, the best thing to do is block notebook files in your email servers. This will minimize the risk of these attachments appearing in your employees’ inboxes and ensure the malware can’t be activated.

Understand what phishing is: With over 255 million phishing attacks in just six months in 2022, it’s clear to see that phishing poses a credible threat. This means it’s vital your organization understands how phishing campaigns work and the best ways to defend against them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

CircleCI Hacked: Cookie Theft Bypasses 2FA Process

cookies, Google Authenticator, Ophtek, Phishing, Two Factor Authenticationcookies, google authenticator, Ophtek, phishing, two factor authentificationOphtek, LLC

Mar 2023

Two-factor authentication (2FA) is there to provide a high level of security, but what happens when this process is compromised?

CircleCI is a platform used by software developers to build, test and implement code. Therefore, due to the amount of confidential and potentially valuable data CircleCI holds, it’s a highly attractive target for threat actors. Thankfully, for those using CircleCI, strong security practices are in place to provide a secure environment, and one of the most important is 2FA. Nonetheless, threat actors are persistent and innovative individuals, and the presence of 2FA merely represents a challenge. And it was this obstacle hackers managed to overcome in December 2022 when they breached CircleCI.

As 2FA is such a critical element of excellent cybersecurity practices, it’s important that we understand what went wrong at CircleCI.

How 2FA Failed at CircleCI

The first sign of CircleCI becoming compromised came in early January 2023 when a user discovered that their OAuth token – used to identify customers to online platforms – had been accessed by an unauthorized party. CircleCI were unable to pinpoint how the security token had been compromised, but immediately began to randomly rotate the OAuth tokens in use by their users.

Further investigation, however, revealed how access to the OAuth tokens had been breached. A developer at CircleCI had fallen victim to a malware attack, one which focused on stealing data. Among the stolen data was a session cookie which had already been validated through the 2FA process and, therefore, ensured that anyone in possession of it could gain quick and easy access to the CircleCI network. And this is exactly what the threat actors did, stealing encryption keys, OAuth tokens and customer data.

Can You Combat a Compromised Cookie?

2FA has long been championed as one of the cornerstones of IT security, but this attack on CircleCI has brought the spotlight on to one of its glaring weaknesses. The success of the attack also highlights the popularity of this technique, which has recently been deployed against several major IT organizations. Accordingly, to protect your IT infrastructure, it’s crucial that your organization practices the following:

Be careful with emails: most malware is delivered by email, so it makes sense to treat all your emails carefully. If anything looks suspicious, then always ask an IT professional to run their eyes over it. And always verify a link embedded in an email before clicking it, you can do this by hovering your mouse cursor over the link to display the true destination.

Monitor cookies: abandoning 2FA is far from recommended, but you do need to look at how you monitor cookies. Identifying when validation processes are being carried out by cookies in new locations is vital, and once this has been identified, a new 2FA validation should be generated.

Strengthen with Google Authenticator: you can back up the security of your 2FA process by also implementing an authentication code generated by Google Authenticator. This piece of software uses an algorithm to generate a unique code on your phone which must then be entered into a prompt for the software app you are trying to access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What is Ransomware as a Service?

Ophtek, Phishing, Ransomware, Security, Suspicious links, UpdatesOphtek, phishing, ransomware, security, suspicious links, updatesOphtek, LLC

Feb 2023

There’s a lot of money to be made in hacking and threat actors are now turning it into a business with Ransomware as a Service (RaaS).

Ransomware, of course, is well known to anyone who steps online in the digital age. With the ability to encrypt your data and demand a ransom fee, it has not only generated headlines, but also caused significant headaches for business owners. And, with ransomware attacks increasing by 41% in 2022, it’s a strategy which is showing no signs of slowing up. Therefore, not only do you need to be aware of ransomware, but you also need to keep up with associated developments such as RaaS.

As RaaS has the potential to create attacks which are both wider ranging and easier than before, it’s crucial you understand how it operates

The Basics of Ransomware as a Service

We’re all aware of what ransomware is, but what is RaaS? After all, surely ransomware is the opposite of a service? Unfortunately, for PC owners, ransomware software and attacks are now available for hire in the form of RaaS. Similar to Software as a Service (Saas) – examples of which include Gmail and Netflix – RaaS allows threat actors to harness the power of hacking tools without having to design them. If, for example, a threat actor doesn’t have the time (or skills) to build a ransomware tool, what do they do? They purchase one.

Typically, RaaS kits are found on the dark web, so don’t expect to find them taking up space on Amazon. Depending on the sophistication of the RaaS, the cost of purchasing them can range between $30 – $5,000. Threat actors looking to purchase RaaS are also presented with several different purchasing options such as one-time fees, subscription tiers or even affiliate models. It’s estimated that over $10 billion exchanges hands each year – mostly in cryptocurrency – for RaaS kits.

Examples of RaaS include Black Basta, LockBit and DarkSide, with more available for those looking to unleash ransomware easily and quickly. These RaaS kits are also much more than just hacking software, they also offer user forums and dedicated support teams to help customers get the most out of their ransomware. Again, this is very similar to the way in which successful SaaS developers provide extra value for their product. However, whereas SaaS is provided by legitimate developers, RaaS tends to be created by criminal gangs with the sole intent of generating illegal funds.

Staying Safe from Ransomware as a Service

The end result of an RaaS attack is the same as a standard ransomware attack, so there’s nothing specific you need to do if an attack comes through RaaS. Instead, you just need to stick to good old fashioned ransomware security practices:

Update your software: if a vulnerability is present within your software, then there’s a risk this could be exploited, and ransomware given full access to your data. To counter this, make sure that you have automatic updates approved on your PC to keep it as secure as possible.
Don’t click suspicious links: you should only ever click a link if you know exactly what you are clicking on and where it will take you. Always hover your mouse cursor over a link to reveal its true destination. All it takes is for one malicious click to be activated to launch a ransomware attack.
Always back up your data: falling victim to a ransomware attack only means your data is lost if you haven’t backed it up. Therefore, save yourself a financial headache by making sure multiple backups are in place to minimize any data loss.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Middle East Countries Targeted by World Cup Malware

Hackers, malware, Ophtek, Phishing, World Cuphackers, malware, Ophtek, phishing, World CupOphtek, LLC

Dec 2022

The World Cup has arrived and, as ever, it is creating headlines around the world, but it’s also creating numerous opportunities for hacking groups.

Fair play should be at the heart of everything taking place on the pitch during the World Cup, which is being held in Qatar, but matters off the pitch are slightly different. Threat actors thrive on a good opportunity and the popularity of the World Cup – over 3.5 billion people watched the last World Cup final in 2018 – makes it full of potential. And it’s an opportunity which hackers have taken advantage of, with a string of malware campaigns launched before the first ball is kicked.

While these attacks have, so far, mostly targeted countries in the Middle East, it’s likely these efforts will spread globally as the tournament progresses. Therefore, you need to understand the tactics that the hackers are following.

Football Phishing Attacks Hit the Middle East

Security researchers at Trellix have discovered, in the lead up to the World Cup, a significant increase in the number of phishing attacks hitting the Middle East. These phishing campaigns have been shown to be unashamedly cashing in on the interest in the World Cup, with many of the emails claiming to originate from either departments within FIFA or even from specific team managers.

The emails being delivered to unsuspecting victims are used to tempt the recipients into clicking links which, for example, promise to take them to payment pages for match tickets. However, the true destination of these links are malicious websites. As with most malicious websites, the potential for risk is very high, and the websites involved in this latest attack have been found to be housing malware such as Emotet, Qakbot, Remcos, Quad Agent and Formbook. All these malware strains have the potential to harvest data and gain remote access to infected PCs.

How To Defend Against the World Cup Malware

Whilst the malware at the heart of this campaign may not be the most dangerous ever seen, the fact remains that it is malware. And all malware should be considered a major problem for your IT infrastructure. Accordingly, protecting yourself against these phishing campaigns, and any others in the digital wild, is paramount for your cybersecurity. Therefore, make sure you adopt these tactics into your team:

Analyze every email: if an email sounds too good to be true, it’s likely it is. Say, for example, you receive an email from a manager of one of the World Cup teams, it’s unlikely they would be contacting you directly. Likewise, if you receive an email regarding payment for something you’ve never ordered – such as World Cup tickets – you should be equally suspicious.
Use an anti-malware suite: one of the best ways to protect your organization is by installing an anti-malware suite. This is a collection of tools which provides protection against malicious websites and emails by evaluating their risk level as well as monitoring network connections and installing a firewall.
Install all updates: you can maximize your security by ensuring that all software updates are installed and in place. Taking this crucial step will maximize the security of your IT infrastructure by protecting you against software vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 6 … 9 Next »

Category Archives: Phishing