Safety Archives

State-sponsored hacking remains a serious problem for PC users around the world, and the latest headline grabber – with links to North Korea – is EarlyRAT.

A remote access trojan (RAT) is nothing new in the world of cybercrime, with the earliest examples believed to have been released in the late 1980s. However, their impact has grown significantly over the last 30 years, and this means they need to be taken seriously. There’s a culture of evolution in the world of hacking and, as a result, new RATs are always more powerful than the previous generation. And that’s why the emergence of EarlyRAT has got so many IT professionals concerned.

What is a Remote Access Trojan?

You may not be familiar with the ins and outs of a RAT, so we’re going to take a second to explain what they are and why they are so dangerous. A RAT is a malicious software program designed to provide unauthorized remote access and control over a targeted PC. They tend to be disguised as genuine files – this is why RATs are often distributed through phishing emails – but are nothing short of digital chaos.

Once installed, a RAT allows attackers to gain control of the victim’s computer, and this is all carried out remotely. This allows the threat actors to steal sensitive information, monitor user activity, execute commands, and even activate the webcam or microphone to carry out surveillance. All of these dangers put the victim at risk of data theft and further cyber-attacks.

How Does EarlyRAT Work?

EarlyRAT was first detected by security experts at Kaspersky, who were analyzing a hacking campaign from 2022. The attack was made possible due to a flaw discovered in Log4j, a Java library used to log error messages generated by applications. This vulnerability was exploited by the Andariel hacking group, a team believed to be sponsored by North Korea. Once Log4j had been compromised, Andariel was able to download malware to the victims’ PCs.

Part of this initial attack also included a phishing campaign, and it was here that EarlyRAT was first detected. Phishing documents, once activated, would download EarlyRAT from servers well known for having connections to threat actors. EarlyRAT’s first objective was to start logging system information and, after this, it would begin downloading additional malware, affecting the productivity of infected machines and stealing user credentials.

Keeping Safe from EarlyRAT

It’s important that you protect your IT infrastructure and your data, so staying one step ahead of threats like EarlyRAT is vital. To achieve this, make sure you always practice the following:

Install ALL updates: EarlyRAT’s campaign is a fine example of why installing updates is essential. All it takes is one vulnerability for malware to spread through an IT system and steal huge amounts of data. Therefore, plugging any holes in your defenses should be a priority. And installing updates as soon as possible is the best way to achieve this.

Educate your staff: phishing campaigns, as EarlyRAT has demonstrated, can cause you a severe IT headache. With this in mind, it’s crucial that your staff are well educated on the dangers posed by phishing emails. If your employees can take that important step of stopping and thinking before opening an email, they could save your IT system significant down time.

Identify malicious websites: a large number of RATs are located on malicious websites, so it’s important that you know how to spot one of these. With this knowledge at your disposal, you will be able to not only identify a malicious website, but you’ll be able to realize a link is malicious before you even click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

President Biden Launches New National Cybersecurity Strategy

Cyber Security, Internet, Joe Biden, National Cybersecurity Strategy, Ophtek, SafetyCybersecurity, internet, National Cybersecurity Strategy, Ophtek, safetyOphtek, LLC

May 2023

At the start of March 2023, a new National Cybersecurity Strategy was launched by the Biden administration. And it promises big things.

The previous National Cybersecurity Strategy was released by the Trump administration in 2018. However, since then, the world and the internet has changed significantly. An updated strategy makes sense. But what exactly does it seek to change about the way in which we access and navigate our way through the internet? Well, for one thing, it starts by stating that the Biden administration will be investing $65 million in order to provide every American with access to high-speed internet.

In terms of cybersecurity, however, the 2023 strategy tackles a much broader range of problems

The Ins and Outs of the 2023 National Cybersecurity Strategy

The paper which outlines the 2023 National Cybersecurity Strategy is 35 pages long. It’s also a complex read. But this doesn’t mean the main takeaways are exclusive to high-level IT experts. This is why we’ve decided to help you by breaking down the five pillars that the paper covers:

One of the major priorities of the 2023 strategy is to secure our critical infrastructures. This means that essential systems and networks – such as energy grids and water supply systems – are at risk from cyberattacks. And, just imagine, if a group of threat actors disrupted power supplies, it would result in a major catastrophe. Therefore, the Biden administration is aiming to foster collaboration between government agencies and other stakeholders to identify and protect against any vulnerabilities.

Strengthening our cyber defenses and disrupting threat actors has been identified as a major area for the 2023 strategy to cover. This involves developing strong cybersecurity policies, ones which can quickly detect and respond to cyber-attacks. Once developed, these policies need to be implemented as seamlessly as possible to protect our networks. Naturally, investment in technology and skilled staff will feature heavily in the success of this second pillar.

The third pillar of the new National Cybersecurity Strategy seeks to make market forces drive security and resilience. This means that companies which own personal data will be expected to develop more secure storage systems, and existing laws will be updated to protect users against the risk of software vulnerabilities. The aim of this pillar is to ensure that developers need to foster higher standards of care. The result will be a safer digital landscape.

Investment is crucial in any area seeking to make improvements, and the internet always needs improvements. Accordingly, the Biden administration is seeking to improve three key areas: computing technology, clean energy technology and biotechnology/biomanufacturing. This pillar is also concerned with strengthening the US cyber workforce through enhanced education and digital awareness.

The final pillar in the 2023 strategy focusses on the importance of international partnerships to pursue shared goals. After all, the US alone cannot stop the rise of cybercrime. Common threats need to be addressed by sharing resources and pooling knowledge. The end objective is to deliver higher levels of assurance that digital systems and platforms are safe and secure.

The latest National Cybersecurity Strategy continues the excellent foundations put in place over the last two decades. It’s a responsible step for the Biden administration to take and, at the very least, will provide peace of mind that the internet remains, on the whole, safe to use.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Out-of-Office Auto-Replies: A Major Threat to Security

Best Practices, cyber attacks, Cyber Security, Data Security, Ophtek, out-of-office, Safety, Security, spam emailemail, Ophtek, out-of-office, security, vulnerabilityOphtek, LLC

Sep 2019

If you’ve worked away from the office then it’s likely you’ve set an out-of-office auto-reply on your emails. However, this could be very dangerous.

The problem with most out-of-office auto-replies is that they’re usually teeming with sensitive data. And this is data that anyone can harvest simply by sending you an email. There’s no filter on who receives the auto-reply. It’s sent to everyone. And this opens you up to a whole world of danger.

Let’s take a closer look at what these dangers are and how you can avoid them.

The Dangers of Auto-Reply Emails

The type of out-of-office auto-reply email you’re likely to have sent in the past looks like this:

I will be out of the office during the week of October 21 – 27 at the Networking Conference in Houston, Texas. During this time please contact my assistant Ralph Smith on 555-2820 with any service-related issues. If you need to reach me directly then please call me on my cell at 555-1234 and leave a message

Peter Jones – Service Manager – Plant Manufacturing – Jones.Peter@plantmanf.com

This is an informative auto-reply and one that will help anyone that has a genuine interest in working with your business. But it also provides far too much information. It could compromise your safety and also the security of your organization. Social engineering is a criminal’s best friend and, in the above example, you have provided them with several pieces of valuable information:

Availability: It’s not recommended that you reveal where you are and how long you will be there for in an auto-reply. In the example above it advises that Peter will be away from the office and his home for a set amount of time. Criminals, therefore, could plan to rob his home or, even more audaciously, turn up at his office and try to gain access.

Signature: When you’re actively communicating with someone else in business it’s recommended to use a signature block at the end of your emails. This helps to underline who you are in the organization and the various ways you can be contacted. It’s an excellent communication tool, but only when it’s used wisely. You don’t want this information being sent to just anyone, so it’s best to remove this from your out-of-office auto-reply.

Live Email Address: When it comes to email-spam there’s nothing the spammers love more than a confirmation that their spam has landed. And, when you set up an auto-reply, this confirms to any spammer that your email address is live. This information is then logged, automatically by spam bots, and your email address added to further spam lists as a worthy target.

Chain of Command: It’s important to limit the organizational details in your out-of-office auto reply message, so revealing that, for example, Peter’s assistant is Ralph Smith is not a wise move. This not only helps to leak a further individual’s contact details, but it reveals an insight into the chain of command that’s in place. And this could allow a criminal to impersonate Ralph Smith to gain further access to your data.

Final Thoughts

The key to a safer out-of-office auto-reply is to provide minimal specifics when it comes to your excursion. You shouldn’t provide contact details and it’s safer to simply state that you’re unavailable when it comes to your location. By reducing the amount of sensitive data in your auto-reply you should be able to thwart any criminals and any security risks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Very Basics of Good IT Security

anti malware, disable employee access, email security, IT Best Practices, Ophtek, Password Security, Safety, Security, Security Threats, two factorantivirus, email, Ophtek, passwords, security, vulnerabilityOphtek, LLC

Jun 2019

Cyber-crime remains a major threat to any organization that works with IT, but the basics of IT security are often the best way to counter this threat.

It’s difficult to avoid the fact that cyber-attacks are reaching record levels. IT systems are less secure than ever and need protecting. And that’s where your organization needs to take up the baton. Protecting these systems may sound like a monumental task, but it’s a lot easier than you think. Key to success is following the basics of IT security. The simplicity behind these processes is remarkable and can make a significant difference.

It’s crucial that you know what these are, so let’s take a look at the very basics of good IT security.

Understanding the Basics

The complexity of IT systems often means they’re difficult to work with. And from this complexity comes flaws in security. The good thing is that IT security doesn’t have to be difficult. The best way you can help protect your IT system is by following these basics:

Multi-factor Authentication: A password is a fantastic way to protect your IT systems, but why should you stop there? Multi-factor authentication looks to strengthen the login process by introducing extra steps. An example of this could involve texting unique codes to mobile devices to complete the login process. This method of IT security allows you to reduce the risk of employees’ login credentials being compromised.

IT Inductions: You should never assume that new employees have a solid understanding of IT security. And that’s why your staff should always have to complete an IT induction. Not only will this familiarize them with the technology you use, but it allows you to run through the basics of cyber threats. This knowledge can make a real difference in strengthening your defenses.

Disable USB Ports: The level of damage that USB devices can cause is shocking and unbelievable. Your employees are unlikely to be aware of this threat. To them, a USB port is simply a handy device for charging their mobile device. The truth is much different. This threat can be extinguished by disabling the USB ports. This can be achieved by adjusting the USB settings for your employees.

Use Antivirus Software: It may feel like a simplistic step in IT security but antivirus software remains essential. Good antivirus software can recognize malware within milliseconds and flag it. A manual scan will never be able to match this. And your employees wouldn’t know what they were looking for. The vast databases in use and the speed in which they operate ensures that antivirus software is a must have in business.

Assign Privileges Accordingly: Different employees will need different network privileges. These variations arise from the different tasks they perform within your IT system. Certain departments, for example, will need access to one drive whilst another department will not. Understanding these differences is critical. Once the necessary privileges have been identified then you can minimize the risk of cyber-attacks spreading through the entire system.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Why Are USB Flash Drives So Dangerous?

Ophtek, Safety, Security, Thumb DriveOphtek, security, USB Flash Drive, vulnerabilityOphtek, LLC

Jun 2019

USB flash drives have been in use for two decades now and have proven highly popular due to their accessibility, but do you know how dangerous they can be?

Perfect for people on the move, flash drives allow people to carry data with them and, if necessary, they can be used to boot up PCs. As a result, even 20 years on from their initial launch, millions upon millions of flash drives are sold every year. However, this popularity has made them a target for hackers and allowed them to add yet another weapon to their arsenal.

Due to the debilitating effect that a rogue flash drive can have on your organization, we’re going to run through the dangers of USB flash drives.

Understanding the Danger

As we’ve already stated, USB flash drives can be used by hackers to help spread their chaotic attacks and that’s why you need to be aware of exactly how they do this. Here are some of the major ways they can utilize flash drives in their attacks:

Installing Malware: A USB flash drive is more than capable of holding various strains of the most dangerous malware currently available. Naturally, it only takes one of these to take down your IT infrastructure, so you need to be exceptionally careful when plugging a flash drive into your network. This threat is made much worse by the fact that flash drives are capable of automatically running their contents once plugged into a USB port, so proceeding with caution (and the advice of an IT professional) is crucial.

Stealing Data: Although a flash drive may look insignificant, it’s still capable of running applications that can log keystrokes. While this may sound relatively simple, when you look a little deeper you’ll realize that this means everything you type is recorded. This includes login details, secure communications and customer data. This can either be saved back to the flash drive or transmitted to a remote server. Either way, the impact of data theft can have severe ramifications for your organization.

Malicious Damage: Not every hacker is out to steal data or take over the processing power of your PC, but you can rest assured that they want to cause some form of damage to your business. And, sometimes, this can be as simple as damaging your PCs beyond all repair. Achieving this may sound dramatic, but the means are rather simple. It’s possible to buy devices such as the USB Killer which essentially fry the electrics of any PC it’s plugged into.

Are USB Flash Drives Safe to Use?

You’d be forgiven for thinking that flash drives are to be avoided at all costs, but the truth is that they are safe to use. However, it’s important that you always treat them as a potential security risk. Therefore, make sure that you only ever use trusted flash drives and, ideally, get these checked before installing them to your network. And, most importantly, if you find a flash drive out in the car park, make sure that it never goes anywhere near your network!

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 Next »

Category Archives: Safety

The Dangers of Auto-Reply Emails

Final Thoughts

Understanding the Basics

Understanding the Danger

Are USB Flash Drives Safe to Use?