Security Archives - Page 2 of 46

VMware Exploit Allows Hackers to Deliver Malware Package

install updates, malware, Ophtek, Security, VMware Exploit, Workspace ONEinstall updates, malware, Ophtek, security, VMware Exploit, Workspace ONEOphtek, LLC

Nov 2022

The importance of installing updates has been highlighted by VMware Users who have failed to update and found themselves at the mercy of malware attacks.

VMware is a tech company which specializes in providing both cloud computing services and virtualization technology (such as remote desktop software). Founded nearly 25 years ago, VMware has proved to be highly popular with businesses of all sizes. However, this experience doesn’t mean their software is perfect. In fact, no tech company – not even the biggest ones – can claim to create products which are 100% resistant to threat actors.

And that’s why VMware’s Workspace ONE Access service, an application which allows digital apps in an organization to be accessed on any device, has been compromised. The attack has been declared a significant one, so we’re going to take you through it.

Workspace ONE Compromised

The attack, which was discovered by security experts at Fortiguard Labs, centers around a vulnerability patched by VMware back in April 2022. However, this attack is still targeting this exploit, an indicator that the uptake of VMware’s patch has been poor. As a result, the CVE-2022-22954 vulnerability has the potential to open your PC up to all manner of malware.

If the vulnerability is still present, threat actors have the opportunity to launch remote code execution attacks against an infected PC. With the help of this foothold, the hackers have been able to download a wide range of malware to PCs and their associated networks. Examples involved in this attack have included:

Cryptoware
Ransomware
Software which removes other cryptomining apps
Malware used to spread the attack even further
Botnets

All of these campaigns are installed and operated separately, indicating that this is a well-organized attack by the unknown threat actors. Activity for the overall campaign peaked in August 2022, but it remains active as it seeks further users of Workspace ONE who have failed to patch their software.

Protecting Yourself Against Software Exploits

The impact of falling victim to the Workspace ONE vulnerability is huge as it attacks its victims on numerous fronts. Not only is there the financial risk of ransomware, but the activity of cryptoware and ransomware is going to seriously eat into the resources of your IT infrastructure. Therefore, you need to make sure you carry out the following:

Install all updates: if you are a Workspace ONE user then you need to ensure it’s fully patched and up to date. And, once this is complete, it’s crucial you make sure all your software is patched.

Monitor network activity: one of the most obvious signs of a botnet or cryptoware infection is a surge in network activity. Accordingly, it’s important to establish a benchmark for what constitutes ‘normal’ network activity within your organization. If this benchmark is breached, investigating it closer may reveal a malware attack is taking place.

Limit user access: minimizing the attack surface which a piece of malware has access to can reduce the impact of the attack. So, for example, if access to the Workspace ONE software was restricted to only those who need it, the chances of the exploit damaging the network would be reduced.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Malware Lets Hackers Log in to Windows as Anyone

ADFS secure, APT29, MagicWeb, Network, Ophtek, Security, The CloudADFS Secure, APT29, MagicWeb, network, Ophtek, security, The CloudOphtek, LLC

Sep 2022

Microsoft has announced that Windows login credentials can now be bypassed by a new strain of malware, one which is being used by Russian hackers APT29.

Logging onto Windows is the first thing we do after turning a PC on, and we do this by entering a combination of username/password credentials to gain access. This first step in security is crucial for protecting the integrity of your PC. If your credentials are highly secure, and known to no one else, it’s going to be difficult for anyone else to log on to your PC. And you certainly don’t want anyone gaining unauthorized access to your desktop. Accordingly, this has made login credentials a major target for threat actors.

This latest piece of malware, known as MagicWeb, doesn’t, however, steal your username/password combination. Instead, it’s much cleverer.

MagicWeb’s Deceptive Power

Windows passwords are hashed, and this means that although they are stored on your PC and associated servers, they are encrypted and translated into a series of unintelligible characters. So, for example, your password of PASSWORD (please don’t ever use this!) may be hashed into %fG1a:: – and these hashed passwords are completely useless. However, by entering PASSWORD into a login system, it will be translated into a hash and then matched against the stored hash to determine if it’s the correct password.

As it’s incredibly difficult to decrypt hashed passwords, threat actors must find different methods to bypass login credentials. MagicWeb does this by obtaining unauthorized access to login credentials for Active Directory Federation Services (ADFS) servers. It’s within these ADFS servers that access to systems within an organization can be processed. This access is validated by a token generated within ADFS. MagicWeb compromises this token by manipulating the claims process used to authorize any logon requests. Therefore, it can validate any Windows logon request.

Protecting Your PCs from MagicWeb

Once MagicWeb has a foothold within your ADFS servers, it can allow anyone to log on to your network with ease. Both identifying and preventing this is important for you IT infrastructure’s security. As such, you need to make sure you do the following:

Make ADFS secure: one of the most effective ways to protect your ADFS is by designing it to be secure. This is far from straightforward, but it will pay dividends down the road when it comes face-to-face with threats such as MagicWeb. Luckily, Microsoft have provided advice on the best practices for achieving this.

Isolate admin access: malware threats such as MagicWeb have the opportunity to gain unauthorized admin access, and this gives them free rein to make major changes to your IT network. It makes sense, therefore, to isolate any admin infrastructures and restrict access to as few people as possible. Also, make sure your admin infrastructure is regularly monitored for any changes, as this may indicate an attack is taking place.

Use the cloud: cloud-based security tools such as identity solution applications can make a significant difference to your security. These platforms will rarely go unpatched, whereas in-house solutions are prone to falling behind on updates and, as a result, opening security risks. Azure Active Directory, for example, will be updated as soon as a patch is available and elevate your security with ease.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Why Does Your Business Need a VPN?

Cyber Security, Online Security, Ophtek, PC Security, Security, VPNNetwork Security, Online Security, Ophtek, PC Security, security, VPNOphtek, LLC

May 2022

Security in business is paramount, and when it comes to IT networks it’s absolutely crucial. One of the best ways to protect your network is with a VPN.

With the number of cyberattacks in 2021 hitting new highs, protecting your IT network has never been more important. The sheer amount of secure data passing across a network in 2022 is remarkable. Accordingly, this data needs to be protected. Failure to do this will only lead to negative results: data leaks, compromised networks, and financial risk. While there are simple steps that your organization can implement, one of the strongest defense strategies is to put a virtual private network (VPN) in place.

What is a VPN?

VPNs have been around since the mid-1990s, but it wasn’t until the internet started to take off in the early-2000s that it became apparent they were necessary for businesses. Since then, they have grown in popularity with both organizations and domestic users. But what exactly is a VPN?

Well, imagine the private IT network you have at your organization. You will have full control over this network and be able to put the necessary security in place. However, what happens when one of your employees wants to connect to your network from a remote location? They won’t be able to connect directly to your network, they will need to use their own internet connection or a shared, public internet connection. As you will have no control over the security of this connection, there’s the potential for major problems.

Nonetheless, with a VPN in place, you can create a secure, encrypted connection between your remote employee and your network. Think of it as a tunnel between two points which is completely protected from any external forces. This allows data to be transferred from your network to a remote connection with peace of mind that it won’t be compromised.

The Business Benefits of a VPN

The benefits of connecting your private business network with external public networks is clear to see, but what are some of the other business benefits of a VPN? Let’s take a look:

Quick Access: thanks to the advent of cloud computing, all the apps that your remote worker needs can be accessed instantly through the internet. Before cloud computing was a reality, expensive networking technology would be needed to provide the full range of network services. And, with this technology, came delays in accessing applications and data sources. Now, however, employees can access everything they need within seconds.

Budget Friendly: subscription costs to VPN services are relatively cheap compared to installing and managing endpoint security. This is particularly attractive to smaller organizations for whom the technology costs of managed security may be prohibitive to their budgets. After all, with reputable VPN subscriptions costing less than $10 per month per user, a VPN represents excellent value.

Geo-locations: for a business with a global reach, the need for geo-independence with IT networks can be a necessity. Global locations, such as China, have much stronger internet access policies that you may be used to. And this can result in direct access to your organization’s network being blocked. However, a VPN will allow remote users in these locations to connect to your network as if they’re in the same state.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Cyber Attacks Increase After Russia Invades Ukraine

cyber attacks, Hackers, Ophtek, Russian Hackers, Security, UkraineCyber Attacks, hackers, Ophtek, Russian Hackers, security, UkraineOphtek, LLC

Apr 2022

The Russian invasion of Ukraine has created headlines around the world; one of the lesser-known stories to emerge has been the increase of cyber attacks.

Numerous aspects of life have changed since Ukraine was invaded by Russian forces at the end of February. Alongside the military attacks and breakdown in social infrastructure that Ukrainians have had to contend with, there have been consequences for those outside the region as well. Supply chains have broken down, the price of fuel has risen and there is widespread skepticism over global peace. And, with the internet being such an integral part of modern society, there has been a notable rise in the number of cyber attacks occurring.

An Escalation in Cyber Attacks

The ensuing chaos of a war being waged on European soil and the military might of Russia has created the perfect environment for cyber attacks to thrive. Not only has Russia been accused of using cyber attacks as part of their campaign against Ukraine, but hackers have turned the situation to their advantage by exploiting concerns over the conflict.

As early as February, Ukraine was experiencing significant attacks on its defense ministry and two major banks. These DDoS attacks were used to temporarily take down websites associated with the targets and cause panic and certainty in financial and government sectors. Within 48 hours of the conflict breaking out, it was reported that an increase of 800% in the number of cyber attacks originating in Russia had been observed. There has also been a notable increase in attacks against Ukraine from groups allying themselves with Russia, the Stormous hacking group, for example, announced that they intended to target Ukrainian organizations with ransomware.

Independent hackers have also taken advantage of the conflict to boost the emotional credentials of their campaigns. With emotions and sympathies running high across the world, hackers have exploited these concerns by using Ukraine as a key email subject to increase engagement. Spam email campaigns have also been modified to use the Ukraine conflict as emotive honeypot used to trick recipients into making donations to false organizations.

How to Prepare for Spillover Attacks

While most of these attacks have targeted organizations in Ukraine, it’s likely that these attacks will soon spillover into allies of Ukraine and, eventually, any PC on the planet. As such, it’s crucial that you remain on your guard and observe the following:

Ukraine-based red flags: the increase in spam email campaigns means that its likely you will encounter malicious links and attachments arriving in your inbox. These will typically encourage you to engage with a call to action such as visiting a site set up for donations. Eliminate this risk by only visiting official websites through the correct channels.

Allies of Ukraine will be targeted: if you deal with Ukrainian organizations then there’s a chance you will be targeted. This could be the result of cyber attacks which spread through email address books or there’s the risk that you will be directly targeted. Accordingly, you should ramp up your cyber security operations and investigate anything suspicious.

Any source of conflict has the potential to cause uncertainty in the digital landscape and, with the Russia/Ukraine conflict expected to be in place for some time, it’s vital that you protect your IT infrastructures. Not only will this maintain IT continuity, but it will provide support for organizations in Ukraine.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows Update Being Used to Deliver Malware

anti malware, Lazarus, Ophtek, Security, spear phishing, UpdatesAnti Malware, Lazarus, Ophtek, security, spear phishing, updatesOphtek, LLC

Feb 2022

Updates are crucial for protecting your PC, so Windows Update is a useful ally in this objective. But what happens when it starts downloading malware?

News has emerged that hackers have exploited the Windows Update system to execute malicious code on users’ PCs. It’s an attack which is typical of hackers as it’s innovative, deceptive and dangerous. Currently, the perpetrators of the attack appear to be Lazarus, a hacking group who are backed by North Korea. Dozens of cyberattacks have been attributed to Lazarus – such as the ThreatNeedle hack – over the last decade, so it should come as no surprise that this latest attack is a serious threat.

At Ophtek, we’ve always advised you that updates are the best way to protect your PC. And this remains the case. However, this exploit of the Windows Update service provides a cautionary tale, so we’re going to take a closer look at it.

Why is Windows Update Downloading Malware?

Lazarus have chosen the Windows Update client as a facilitator in its attack as it’s a highly trusted piece of software. After all, the main consensus of updates is that they protect your PC, so why suspect Windows Update of anything else? However, it’s this type of assumption which leads to threats developing.

This latest attack employs a spear-phishing technique which uses infected Microsoft Word documents, these false email attachments claim to be offering job opportunities at the aerospace firm Lockheed Johnson. However, far from containing opportunities for the recipients, these infected documents only contain opportunities for Lazarus. Once the Word documents are opened, users are prompted to activate macros. And this allows Lazarus to automatically install a fake Windows Update link in the PCs startup folder as well as downloading a malicious .dll file.

This Windows Update link is then used to load the malicious .dll through the Windows Update client. The hackers use this approach as it’s innovative and won’t get picked up by anti-malware tools. Lazarus are then free to download as much malware as they like onto the infected PC.

How to Protect Your PCs Against this Threat

You may think that the simplest way to protect yourself is by turning off Windows Update, but we do not recommend this. The best approach involves ensuring that Windows Update can’t be exploited by Lazarus’ attack methods. And this requires you to understand the techniques involved in spear-phishing, so make sure you practice the following:

Awareness: the most important step you can take in tackling spear-phishing is by introducing awareness to your employees. Make sure that regular training is provided to educate your staff on what spear-phishing is and the ways in which it can manifest itself on a PC.

Always Check Links: spear-phishing often uses false, infected links to activate its payload, so it makes sense to always double check links before clicking. The simplest way to do this is by hovering your mouse cursor over the link in question. This will bring up a pop-up which demonstrates the true location of the link. Remember, if in doubt, always double check a link with an IT professional if you are not 100% sure it’s safe.

Use Anti-Malware Tools: a good way to keep your inbox safe from spear-phishing campaigns is by installing anti-malware tools. This software is regularly updated with details of existing and emerging threats, so it can automatically scan all incoming emails to determine if they are trustworthy.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 … 46 Next »

Category Archives: Security