The Malware That Cannot Be Deleted

Kaspersky, malware, Ophtek, Security, Trojans, , ,
27
Oct 2020

Removing malware threats from your PC is the simplest way to keep it safe from the attentions of hackers. But what happens when you can’t delete it?

Anti-malware software is fantastic at providing you with a means of removing malware from a PC. It can quickly scan your PC for threats and delete them with the minimum of fuss. But the ease with which malware can be removed has provided hackers with an appetizing challenge. What if they could create a strain of malware which couldn’t be deleted? It’s been the holy grail for malware developers since the first virus was created. And it’s a quest which has now been achieved.

A form of malware that cannot be deleted presents many problems for PC users, so let’s take a look at what it consists of.

The Invincible Malware

The unnamed malware was recently discovered by security giants Kaspersky and has left even them scratching their heads at its origin and construction. What they do know is that it’s a highly persistent threat and one that has been designed to resist deletion. It succeeds with this strategy as, rather than targeting a PC’s hard drive, it focuses its attack on a PCs motherboard. In particular, this new malware targets PC’s Unified Extensible Firmware Interface (UEFI). The approach of exploiting the UEFI is novel as it is involved in booting up a PC. Therefore, it is separate from your hard drive and will remain untouched by any operating system reinstalls.

Once the UEFI malware is in place it acts much like any conventional malware. Its first task is to create a Trojan file in the Startup folder under the name of IntelUpdate.exe. Without some in-depth investigation, the average PC user is unlikely to know this is even present. But even if it is noticed, and a user decides to delete it, the IntelUpdate app will simply reinstall once the PC is rebooted. And it’s an app which will cause your PC further troubles. IntelUpdate will not only install further malware, but it will spy on your PC activity and transmit data and files back to a command and control server which appears to be located in China.

How Do You Defeat the Undeletable?

The prospect of a malware strain which cannot be deleted may leave you wondering how you can ever be protected from it. Thankfully, it can be deleted, but not by conventional means. Security tools are now available from firms such as Kaspersky and Microsoft which scan firmware on PCs. It’s recommended that you upgrade your anti-malware tools to include this option to counter this new attack strategy. The means by which this latest malware is spread is currently unknown, but it’s recommended that you follow these security tips to maximize your defenses:

· Install all updates and patches as soon as your PC prompts you to do so · Practice vigilance when dealing with incoming emails which contain attachments and links · Make sure that your workforce understand how to create strong passwords

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

ATM Manufacturer Rocked by Malware Attack

ATM Attack, malware, Ophtek, Security, , ,
15
Sep 2020

We all use ATMs on a regular basis and are well aware of the need for security when using them. But what happens when the manufacturer gets hacked?
The number of malware attacks and infections in 2020 are, as ever, exceptionally high. With Kaspersky blocking 726,536,269 attacks alone in the first three months it would be surprising if any PC has avoided the attentions of hackers. With a strong set of defenses, however, your PC should have remained safe and secure. But the same cannot be said for NCR Corporation, a manufacturer of ATMs. A lapse in security allowed their network to be breached by a piece of malware known as Lethic.

The fact that a major corporation’s defenses were breached is concerning enough, but what’s most troubling is that it’s located in the personal finance sector. Let’s take a look at what happened and see what we can learn.

How Did Lethic Attack NCR?

A series of computers located in a non-production lab, located outside of the US, owned by NCR have been found to be infected with the Lethic malware. Far from being a new form of malware, Lethic has been out in the digital wild since 2008. You may be wondering how such an old piece of malware can deceive modern defense systems and it’s a good question. To avoid detection, hackers simply alter the code of existing malware to change the structure detected by security systems. It’s a relatively quick method of coding which essentially gives the hacker a new piece of malware.

Lethic has, in the past, generally been used to wage spam campaigns. But it’s capable of much more thanks to its arsenal of trojan tools. These include the ability to download additional malware, data logging and remote access. This is the last thing that any company, especially one involved in ATM manufacturing, wants to leave itself open to. At the moment it’s not clear how Lethic breached NCR, but security firm Prevailion has confirmed that unauthorized data transmissions were detected for over six months. Thankfully, NCR have confirmed that the infected PCs were completely separate from any networks involved in developing ATM software or storing customer details.

Avoiding Malware Attacks

If Lethic had managed to find its way into the operating software for ATMs then NCR would have had a huge disaster on their hands. Nonetheless, all breaches need to be avoided. So, make sure that your organization always follows these best practices:

Install Anti-Malware Software: While these systems can never claim to be effective against 100% of malware, a strong anti-malware app will stop the majority of malware in its tracks. This prevents data loss and network damage quickly and automatically.

Think Before Clicking: Social engineering is a significant factor in deploying malware and this means that emails and the links they contain may not be what they seem. Therefore, always take the time to double check an email to confirm it is genuine.

Always Update: Vulnerabilities in software provide the simplest route into a PC for a hacker. But you can shut off these routes by keeping on top of any software updates/patches. Always install these updates immediately to eliminate any vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Printers Patch Exposed as Vulnerable

Ophtek, patches, printer vulnerability, Security, Security Threats, Updates, upgrade, , , , , , ,
01
Sep 2020

The importance of installing updates and patches should never be underestimated. However, did you know that even these are not 100% secure?

Microsoft knows a thing or two about computers, but this doesn’t mean they are immune from mistakes and flaws. Accordingly, they regularly release patches and updates to address any vulnerabilities in their software.  A recent investigation, though, has discovered that these updates aren’t quite the safeguard consumers would expect. And, when you consider the amount of applications that Microsoft bundle with their systems, this is a matter of major concern.

Given the number of patches you are prompted to install each and every week, it’s important to understand what has happened on this occasion.

A Vulnerable Patch

The initial vulnerability in question relates to a flaw which was discovered in Windows printing services. Your first thought may be that printers are far from a security risk, but this couldn’t be further from the truth. If a device or application has any form of access to your network then it needs strong defenses. And this is why Microsoft was keen to patch a vulnerability which offered hackers a route into PC networks through print spooler software. This patch was issued in May and Microsoft believed this was the end of the story. But this story was due to run a little longer.

Researchers discovered that the impact of this initial patch could be negated by simply bypassing it. By modifying .SHD files (better known as Shadow), the researchers were able to add them into the spooler folder. This particular type of folder allows commands to be sent between a PC and a printer. Usually this is the preserve of printing documents, but the modified Shadow files allowed the researchers to send all manner of commands. It’s a scenario which had the potential to give hackers full access to a network.

How Can You Defend Against Weak Patches?

The vulnerability in question is no longer in present in systems which have since been updated, but it paints a worrying picture for PC users. If you are unable to rely on patches to give you full protection then what hope do you have?

First of all, you must, no matter what, always install all security patches. They are a crucial aspect of security and are all programmed with an objective of preventing an attack. This printer spooler fiasco demonstrates they are not perfect, but the majority are capable of fulfilling their aims. Nonetheless, being overcautious with IT security is always a good idea. Therefore, make sure you follow these simple steps:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Universities Hit by Cloud Computing Malware

Cloud, Ophtek, Security, Security Threats, ,
18
Aug 2020

Education is a crucial element of society, so attacks on this sector are very attractive to hackers. And this is why they are now targeting universities.

Universities, of course, are huge organizations packed full of students and tutors. As a result, these groups generate massive amounts of data every day. This makes these establishments massive data centers. And it’s no surprise that hackers can’t resist testing their defenses. Their latest attack has targeted a specific cloud computing provider in the form of Blackbaud and has affected a number of universities worldwide.

You may not work in a university, but all malware attacks contain important lessons we can learn from. Let’s take a closer look and find out what happened in the Blackbaud attack.

Attacking the Cloud

Blackbaud, a global provider of administrative and financial software to educational institutions, was targeted and attacked in May. The attack in question used a ransomware strategy to disrupt operations and demand a ransom. The exact source of infection has not been disclosed, but it would appear that the hackers began encrypting data immediately. However, Blackbaud mounted a quick response and were able to expel the hackers before the data was fully encrypted.

Unfortunately, a significant amount of data had already been copied by the hackers. And this data was of a particularly sensitive nature. It does not appear that any credit card details were copied, but phone numbers and donation histories were confirmed to have been duplicated. Blackbaud, therefore, was forced to pay a ransom in order for the hackers to destroy their copy.

Avoiding Ransomware Attacks

The Blackbaud attack may not have been the most devastating of malware attacks, but any breach is cause for concern. And, given that this attack targeted several large universities, the number of individuals affected is huge. As with all malware attacks, though, it’s possible to negate these attacks before they take hold. All you have to do is follow these simple practices:

  • Say No to Unverified Links: One of the hallmarks of ransomware attacks is the usage of malicious links. These links may promise to send you somewhere safe – such as your online banking page – but the true destination will be somewhere less safe. These malicious destinations are likely to attack your PC or install malware. Make sure that all links are checked and verified before clicking. 
  • Don’t Give Out Personal Data: Hackers will often facilitate their ransomware attacks by employing a social engineering strategy. The information gained from such an approach can be used by hackers to tailor phishing emails to appeal to you e.g. understanding who your phone provider is allows hackers to design emails from that specific provider. As a rule of thumb, never give out personal details to unsolicited callers. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Twitter Learns a Lesson in Spear Phishing

Ophtek, Security, Security Threats, spear phishing, Twitter, , ,
11
Aug 2020

Even the biggest tech companies are at risk of having their networks breached. Twitter, with 330 million users, is huge, but far from immune from hackers.

A recent spear phishing attack on Twitter managed to generate headlines around the world and seriously disrupt the platform’s service. The attack, which was carried out by three young men aged between 17 – 22, was remarkable in its scope and its execution. It was an unexpected breach of Twitter’s defenses and one which defied their technological prowess. But there was more to this attack than just disruption. There was also a financial sting in the tail.

You may not run a social media company, but it’s likely that your organization has a presence in this sphere. Therefore, it’s important to understand what happened.

Twitter is Breached

On the 15th July, a number of high-profile and verified Twitter accounts were taken over by hackers. The hackers used this control to not only access the accounts’ private message systems, but also download their data. Most dramatically, however, the accounts were used to post links to a Bitcoin scam. This scam claimed that if users sent Bitcoins to a specific account they would double their money. But this was far from true. Instead, the hackers made off with more than $100,000 in Bitcoin.

How did this Attack Take Place?

The Twitter breach was a textbook case of spear phishing, a strategy which involves targeting individuals and encouraging them to reveal confidential data. Graham Clark, one of the accused hackers, conducted a social engineering campaign to pass himself off as a member of Twitter’s IT team. A genuine Twitter employee fell for this deceptive ploy and handed over a set of credentials for Twitter’s customer service portal. These credentials allowed Clark and his fellow hackers to gain instant access to accounts such as Joe Biden, Elon Musk and Apple.

Lessons to be Learned

Twitter, upon discovering this attack, took immediate action by suspending all verified accounts. However, the damage had already been done and Twitter was left extremely embarrassed. Social engineering is, of course, a powerful hacking technique. And, if it’s pursued and executed numerous times, it will eventually pay off. But this doesn’t mean you are defenseless. You can easily protect your systems by reinforcing the following points:

  • Use Multi-Factor Authentication: Requesting a set of credentials to gain access to a system is a powerful defense. But requesting multiple sets of credentials is even better. And that’s why multi-factor authentication is so important. Rather than relying on just a username/password combination, it can also request a unique pin number generated to a registered phone number.
  • Understand the Spear Phishing Signs: It’s important to educate your staff on the signs of spear phishing.  Suspicious phone calls and emails requesting confidential information, for example, should immediately be challenged. It only takes a minute or two to contact a user on their direct phone or email to verify the request, so don’t fall victim to rushed demands.
  • Always Patch Your Systems: Operating systems are regularly issuing updates to address new and emerging phishing techniques. Therefore, a network which has all its software fully updated should be secure. However, many firms are guilty of leaving patches to the last minute due to time concerns. And it’s this complacency which allows hackers to get a foothold in your systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 4 5 6 7 8 47