Security Archives - Page 2 of 47

LastPass Hit by Security Incident

Hackers, LastPass, Ophtek, password manager, Password Security, Security, strong passwordshackers, LastPass, Ophtek, password manager, security, vulnerabilityOphtek, LLC

Feb 2023

What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service , one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

Change your LastPass password: your master password will be the password used to access the LastPass service, and this needs to be changed immediately. Any data breach means access has been compromised, so changing your master password is the first step to take. With your master password changed, you will instantly be reducing the risk of your passwords falling into the wrong hands.

Change all your stored passwords: the passwords stolen from LastPass are encrypted, but it makes bad sense to rely on this. Accordingly, we would recommend going through all your passwords on LastPass and changing them to new ones. With this completed, the details within the stolen password vaults will become redundant.

Make sure your LastPass password is not recycled: following a data breach, it’s always good practice to make sure your master password isn’t used on other platforms. For example, a threat actor may take your login details for LastPass and use a bot to automatically try them in thousands of different other platforms. As such, if you recycle your login credentials across platforms, you run the risk of these being compromised too.

For more ways to secure and optimize your business technology, contact your local IT professionals.

VMware Exploit Allows Hackers to Deliver Malware Package

install updates, malware, Ophtek, Security, VMware Exploit, Workspace ONEinstall updates, malware, Ophtek, security, VMware Exploit, Workspace ONEOphtek, LLC

Nov 2022

The importance of installing updates has been highlighted by VMware Users who have failed to update and found themselves at the mercy of malware attacks.

VMware is a tech company which specializes in providing both cloud computing services and virtualization technology (such as remote desktop software). Founded nearly 25 years ago, VMware has proved to be highly popular with businesses of all sizes. However, this experience doesn’t mean their software is perfect. In fact, no tech company – not even the biggest ones – can claim to create products which are 100% resistant to threat actors.

And that’s why VMware’s Workspace ONE Access service, an application which allows digital apps in an organization to be accessed on any device, has been compromised. The attack has been declared a significant one, so we’re going to take you through it.

Workspace ONE Compromised

The attack, which was discovered by security experts at Fortiguard Labs, centers around a vulnerability patched by VMware back in April 2022. However, this attack is still targeting this exploit, an indicator that the uptake of VMware’s patch has been poor. As a result, the CVE-2022-22954 vulnerability has the potential to open your PC up to all manner of malware.

If the vulnerability is still present, threat actors have the opportunity to launch remote code execution attacks against an infected PC. With the help of this foothold, the hackers have been able to download a wide range of malware to PCs and their associated networks. Examples involved in this attack have included:

Cryptoware
Ransomware
Software which removes other cryptomining apps
Malware used to spread the attack even further
Botnets

All of these campaigns are installed and operated separately, indicating that this is a well-organized attack by the unknown threat actors. Activity for the overall campaign peaked in August 2022, but it remains active as it seeks further users of Workspace ONE who have failed to patch their software.

Protecting Yourself Against Software Exploits

The impact of falling victim to the Workspace ONE vulnerability is huge as it attacks its victims on numerous fronts. Not only is there the financial risk of ransomware, but the activity of cryptoware and ransomware is going to seriously eat into the resources of your IT infrastructure. Therefore, you need to make sure you carry out the following:

Install all updates: if you are a Workspace ONE user then you need to ensure it’s fully patched and up to date. And, once this is complete, it’s crucial you make sure all your software is patched.

Monitor network activity: one of the most obvious signs of a botnet or cryptoware infection is a surge in network activity. Accordingly, it’s important to establish a benchmark for what constitutes ‘normal’ network activity within your organization. If this benchmark is breached, investigating it closer may reveal a malware attack is taking place.

Limit user access: minimizing the attack surface which a piece of malware has access to can reduce the impact of the attack. So, for example, if access to the Workspace ONE software was restricted to only those who need it, the chances of the exploit damaging the network would be reduced.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Malware Lets Hackers Log in to Windows as Anyone

ADFS secure, APT29, MagicWeb, Network, Ophtek, Security, The CloudADFS Secure, APT29, MagicWeb, network, Ophtek, security, The CloudOphtek, LLC

Sep 2022

Microsoft has announced that Windows login credentials can now be bypassed by a new strain of malware, one which is being used by Russian hackers APT29.

Logging onto Windows is the first thing we do after turning a PC on, and we do this by entering a combination of username/password credentials to gain access. This first step in security is crucial for protecting the integrity of your PC. If your credentials are highly secure, and known to no one else, it’s going to be difficult for anyone else to log on to your PC. And you certainly don’t want anyone gaining unauthorized access to your desktop. Accordingly, this has made login credentials a major target for threat actors.

This latest piece of malware, known as MagicWeb, doesn’t, however, steal your username/password combination. Instead, it’s much cleverer.

MagicWeb’s Deceptive Power

Windows passwords are hashed, and this means that although they are stored on your PC and associated servers, they are encrypted and translated into a series of unintelligible characters. So, for example, your password of PASSWORD (please don’t ever use this!) may be hashed into %fG1a:: – and these hashed passwords are completely useless. However, by entering PASSWORD into a login system, it will be translated into a hash and then matched against the stored hash to determine if it’s the correct password.

As it’s incredibly difficult to decrypt hashed passwords, threat actors must find different methods to bypass login credentials. MagicWeb does this by obtaining unauthorized access to login credentials for Active Directory Federation Services (ADFS) servers. It’s within these ADFS servers that access to systems within an organization can be processed. This access is validated by a token generated within ADFS. MagicWeb compromises this token by manipulating the claims process used to authorize any logon requests. Therefore, it can validate any Windows logon request.

Protecting Your PCs from MagicWeb

Once MagicWeb has a foothold within your ADFS servers, it can allow anyone to log on to your network with ease. Both identifying and preventing this is important for you IT infrastructure’s security. As such, you need to make sure you do the following:

Make ADFS secure: one of the most effective ways to protect your ADFS is by designing it to be secure. This is far from straightforward, but it will pay dividends down the road when it comes face-to-face with threats such as MagicWeb. Luckily, Microsoft have provided advice on the best practices for achieving this.

Isolate admin access: malware threats such as MagicWeb have the opportunity to gain unauthorized admin access, and this gives them free rein to make major changes to your IT network. It makes sense, therefore, to isolate any admin infrastructures and restrict access to as few people as possible. Also, make sure your admin infrastructure is regularly monitored for any changes, as this may indicate an attack is taking place.

Use the cloud: cloud-based security tools such as identity solution applications can make a significant difference to your security. These platforms will rarely go unpatched, whereas in-house solutions are prone to falling behind on updates and, as a result, opening security risks. Azure Active Directory, for example, will be updated as soon as a patch is available and elevate your security with ease.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Why Does Your Business Need a VPN?

Cyber Security, Online Security, Ophtek, PC Security, Security, VPNNetwork Security, Online Security, Ophtek, PC Security, security, VPNOphtek, LLC

May 2022

Security in business is paramount, and when it comes to IT networks it’s absolutely crucial. One of the best ways to protect your network is with a VPN.

With the number of cyberattacks in 2021 hitting new highs, protecting your IT network has never been more important. The sheer amount of secure data passing across a network in 2022 is remarkable. Accordingly, this data needs to be protected. Failure to do this will only lead to negative results: data leaks, compromised networks, and financial risk. While there are simple steps that your organization can implement, one of the strongest defense strategies is to put a virtual private network (VPN) in place.

What is a VPN?

VPNs have been around since the mid-1990s, but it wasn’t until the internet started to take off in the early-2000s that it became apparent they were necessary for businesses. Since then, they have grown in popularity with both organizations and domestic users. But what exactly is a VPN?

Well, imagine the private IT network you have at your organization. You will have full control over this network and be able to put the necessary security in place. However, what happens when one of your employees wants to connect to your network from a remote location? They won’t be able to connect directly to your network, they will need to use their own internet connection or a shared, public internet connection. As you will have no control over the security of this connection, there’s the potential for major problems.

Nonetheless, with a VPN in place, you can create a secure, encrypted connection between your remote employee and your network. Think of it as a tunnel between two points which is completely protected from any external forces. This allows data to be transferred from your network to a remote connection with peace of mind that it won’t be compromised.

The Business Benefits of a VPN

The benefits of connecting your private business network with external public networks is clear to see, but what are some of the other business benefits of a VPN? Let’s take a look:

Quick Access: thanks to the advent of cloud computing, all the apps that your remote worker needs can be accessed instantly through the internet. Before cloud computing was a reality, expensive networking technology would be needed to provide the full range of network services. And, with this technology, came delays in accessing applications and data sources. Now, however, employees can access everything they need within seconds.

Budget Friendly: subscription costs to VPN services are relatively cheap compared to installing and managing endpoint security. This is particularly attractive to smaller organizations for whom the technology costs of managed security may be prohibitive to their budgets. After all, with reputable VPN subscriptions costing less than $10 per month per user, a VPN represents excellent value.

Geo-locations: for a business with a global reach, the need for geo-independence with IT networks can be a necessity. Global locations, such as China, have much stronger internet access policies that you may be used to. And this can result in direct access to your organization’s network being blocked. However, a VPN will allow remote users in these locations to connect to your network as if they’re in the same state.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Cyber Attacks Increase After Russia Invades Ukraine

cyber attacks, Hackers, Ophtek, Russian Hackers, Security, UkraineCyber Attacks, hackers, Ophtek, Russian Hackers, security, UkraineOphtek, LLC

Apr 2022

The Russian invasion of Ukraine has created headlines around the world; one of the lesser-known stories to emerge has been the increase of cyber attacks.

Numerous aspects of life have changed since Ukraine was invaded by Russian forces at the end of February. Alongside the military attacks and breakdown in social infrastructure that Ukrainians have had to contend with, there have been consequences for those outside the region as well. Supply chains have broken down, the price of fuel has risen and there is widespread skepticism over global peace. And, with the internet being such an integral part of modern society, there has been a notable rise in the number of cyber attacks occurring.

An Escalation in Cyber Attacks

The ensuing chaos of a war being waged on European soil and the military might of Russia has created the perfect environment for cyber attacks to thrive. Not only has Russia been accused of using cyber attacks as part of their campaign against Ukraine, but hackers have turned the situation to their advantage by exploiting concerns over the conflict.

As early as February, Ukraine was experiencing significant attacks on its defense ministry and two major banks. These DDoS attacks were used to temporarily take down websites associated with the targets and cause panic and certainty in financial and government sectors. Within 48 hours of the conflict breaking out, it was reported that an increase of 800% in the number of cyber attacks originating in Russia had been observed. There has also been a notable increase in attacks against Ukraine from groups allying themselves with Russia, the Stormous hacking group, for example, announced that they intended to target Ukrainian organizations with ransomware.

Independent hackers have also taken advantage of the conflict to boost the emotional credentials of their campaigns. With emotions and sympathies running high across the world, hackers have exploited these concerns by using Ukraine as a key email subject to increase engagement. Spam email campaigns have also been modified to use the Ukraine conflict as emotive honeypot used to trick recipients into making donations to false organizations.

How to Prepare for Spillover Attacks

While most of these attacks have targeted organizations in Ukraine, it’s likely that these attacks will soon spillover into allies of Ukraine and, eventually, any PC on the planet. As such, it’s crucial that you remain on your guard and observe the following:

Ukraine-based red flags: the increase in spam email campaigns means that its likely you will encounter malicious links and attachments arriving in your inbox. These will typically encourage you to engage with a call to action such as visiting a site set up for donations. Eliminate this risk by only visiting official websites through the correct channels.

Allies of Ukraine will be targeted: if you deal with Ukrainian organizations then there’s a chance you will be targeted. This could be the result of cyber attacks which spread through email address books or there’s the risk that you will be directly targeted. Accordingly, you should ramp up your cyber security operations and investigate anything suspicious.

Any source of conflict has the potential to cause uncertainty in the digital landscape and, with the Russia/Ukraine conflict expected to be in place for some time, it’s vital that you protect your IT infrastructures. Not only will this maintain IT continuity, but it will provide support for organizations in Ukraine.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 … 47 Next »

Category Archives: Security