ZuoRAT Malware: A New Threat to Routers

malware, Ophtek, router, security, Trojans, Updates, ZuoRAT Malware, , , , , , ,
05
Jul 2022

Small businesses rely on routers to keep themselves and their customers connected. But this relationship could now be at risk due to the ZuoRAT malware.

For online communication to work, data needs to move from one computer network to another. And this is exactly what a router does. By directing traffic across the internet, a router can be used to deliver emails, transfer files and stream videos between PCs. Without a router, you simply won’t be able to send or receive data. So, as you can see, they’re an essential part of any small organization’s IT network. Unfortunately, this is the type of IT necessity which hackers love to interfere with. And the ZuoRAT malware does this with a disturbingly sophisticated ease.

The Lowdown on ZuoRAT

ZuoRAT is a strain of malware which takes advantage of vulnerabilities in routers produced by the popular manufacturers Cisco, Netgear, DrayTek and Asus. By exploiting these vulnerabilities, ZuoRAT can access local area networks (LAN) and harvest network traffic from the infected devices. This information is then transmitted to a remote ‘command and control’ server, so, for example, any login credentials which pass through your router will be transmitted to the hacker’s server.

However, ZuoRAT doesn’t stop at hijacking LAN traffic; it downloads additional malware in the form of two further remote access trojans (RAT). These RATs are used to infect devices connected to the network and facilitate the spread of the infection even further. This could, in theory, lead to the infected network being converted into a botnet or, worse still, allow the spread of ransomware across the network.

Although ZuoRAT is relatively new, it has been active in the digital wild since April 2020, and this has given it plenty of time to exploit a wide range of routers. It’s also important to point out that ZuoRAT made its debut at the start of the Covid-19 pandemic. Given that it targets SOHO (small office/home office) routers, ZuoRAT was perfectly placed to attack employees who were working at home with limited IT support. As a result, it has been presented with an opportunity to steal sensitive data with relative ease.

Protecting Your Network from ZuoRAT

Due to the way in which it was designed – a custom build through the complex MIPS architecture – ZuoRAT is not detected by conventional anti-malware software. Therefore, if you own a router made by the affected manufacturers, it’s crucial that you make sure the associated software is up-to-date and fully patched. As ever, monitoring network traffic is a smart move as this will allow you to flag up any suspicious activity.

Final Thoughts

Threats such as ZuoRAT present numerous problems to organizations, most notably due to their multi-pronged attack strategy and stealthy nature. However, it also demonstrates a perfect example of why you need to manage updates relating to your IT equipment. Implementing an upgrade strategy which takes advantage of automated processes has never been more important.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How can Microsoft 365 Business Help Your Organization?

Cloud, collaboration, Microsoft, Microsoft 365, Ophtek, security, , , ,
06
Jul 2021

The way in which we work has changed radically in the last 10 years. Helping organizations get to grip with these changes is Microsoft 365 Business.

The need for flexibility within business has never been more apparent since the Covid-19 pandemic entered our lives. Thankfully, flexibility had been on the rise in business for some time. Remote working, bring your own device schemes and tailored working hours have all helped to make flexible working a reality. Traditional IT infrastructures, however, aren’t necessarily set up to deal with these arrangements. But this is where a service such as Microsoft 365 Business steps in.

What is Microsoft 365 Business?

Originally launched in 2011 as Office 365, Microsoft 365 is a collection of products and services designed by Microsoft. The service is subscription based with plans available including consumer, small business and enterprise. These plans are made available to users through cloud computing and this is what makes it invaluable for flexible working. Not only is it perfect for teamwork, but it also meets the needs of individual users.

The ‘business’ subscriptions of Microsoft 365 feature significantly more features than the consumer plan. Additional features and functions available to Microsoft 365 Business users include:

  • Microsoft 365 Apps for Business: A range of Office applications that can be used across a variety of PC, Mac and mobile devices for up to five devices per user.
  • Office 365 Enterprise: Provides users with access to the complete range of Office applications and hosted services. Full support is also available to safeguard against any technical issues.

What are the Benefits of Microsoft 365 Business?

It’s important to understand how Microsoft 365 Business can benefit your organization, so let’s take a look at the benefits on offer:

  • Enhanced Collaboration: Microsoft 365 Business was built with collaboration in mind. And it delivers this with power. The presence of Microsoft Teams allows team members to communicate and share files with ease. This is essential for collaboration, but Microsoft 365 Business also allows you to synchronize your email, contacts and calendar. An important function and one which ensures you will never miss meetings and communications again.
  • Powerful Security: The threat of malware increases with each passing day, so protecting your IT infrastructures is paramount. And Microsoft 365 Business takes the pain out of this security with its simplistic, yet powerful security options. Devices such as laptops and mobile phones can easily be remotely wiped of all data if they are lost or stolen. It’s also possible for IT teams to quickly restrict access to specific users to minimize the risk of any data loss.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Basics of Protecting Your Network

anti malware, firewall, network, Ophtek, security, two factor, , , , , ,
23
Apr 2019

Computer networks are complex pieces of technology, but, thankfully, when it comes to protecting them, the processes are relatively simple.

If you’re an organization that works with PCs then the chances are that the backbone of your IT infrastructure will be a network. Packed full of benefits that enhance accessibility, speed and communication, a PC network is crucial for productivity. However, due to the incredible amount of data being transmitted across a network, these bastions of connectivity are squarely in the targets of hackers. And that’s why it’s important that your network is protected from any external threats.

You can, of course, invest heavily in a wide range of security solutions to protect your network, but it’s vital that you make sure you follow the basics as your best defense. So, if you want to know what these are, just take a look at our guide on the basics of protecting your network.

Always Use a Firewall

Your organization’s network is private and, therefore, the last thing you want is for third parties to be accessing the network and viewing its traffic. The most popular and effective method for preventing this is by installing a firewall. A piece of software that analyses incoming and outgoing activity, a firewall is a multi-layered form of defense that can monitor network activity, report unusual behavior and enforce security policies.

Work with Two-Factor Authentication

It’s highly likely that you’re familiar with the process of using login credentials to access networks and applications, but have you ever used two –factor authentication? While the standard practice of entering a login name and a password is highly secure, two-factor authentication makes it doubly so. The concept of two-factor authentication is that users have to go through two forms of authentication to gain access to the network e.g. after entering a username and password, users must then activate a link emailed to a secure email account.

Install Anti-Malware Software

Malware is any form of malicious software that aims to exploit vulnerabilities in your PCs (and their users) to gain access to your network. Naturally, this is the last thing you want, but it’s almost impossible to manually identify every threat entering your network. Therefore, it’s essential that you install anti-malware software to help protect your network. Capable of identifying the vast majority of active threats (and regularly updated against new ones), anti-malware software provides you with peace of mind that your defenses are strong.

Segment Your Networks

A simple way to enhance the security of your network is by segmenting it into individual sub-networks. Not only does this approach enhance the performance of each ‘segment’, it also increases the security of the network as a whole. For example, if a hacker manages to gain access to one of the segments, they will only have access to that one segment. The other sub-networks will be fenced off with their own unique security measures and, therefore, make it much harder for a hacker to gain access to the entire network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

30 Million Users Do Not Like Facebook Being Hacked

Cyber Attack, Hacking, security, Security, Security Threats, , , ,
30
Oct 2018

Facebook has started to reveal more details regarding the hack they experienced in September 2018 which has put 30 million users’ data at risk.

One of the most popular websites on the planet, Facebook has managed to amass a mammoth user base which totals around 2.23 billion. As a result, Facebook is an organization which retains a near unparalleled amount of data on its servers. To say that it’s a target for hackers would be an understatement, it’s more like the holy grail for any hacker who’s ever picked up a keyboard. And now it’s been hacked.

Facebook may be a massive organization making billions of dollars in revenue every year, but this doesn’t mean they’re immune from security lapses. It’s a fact which highlights the importance of good cyber security for any organization operating in the digital sphere. Let’s take a look at what happened.

How Facebook Got Hacked

The techniques behind the Facebook hack are complex, but for a talented hacker the methods employed are relatively simple. Targeting in on three bugs in the Facebook code for the ‘View As’ section – which allows users to view their own profile as if they’re a different user – the hackers were able to obtain important ‘access tokens’. These access tokens are the pieces of code which ensure that users remain logged into Facebook without prompting for login information every time they try to access Facebook.

The hackers were able to build an initial pool of 400,000 accounts that they controlled with these access tokens. From here, the hackers began to harvest data from all these accounts and, when complete, used an automated process to hack into the accounts of friends listed on the initially compromised account. Moving from account to account in such a way ensured that the number of hacked accounts grew exponentially with the final figure totaling around 30 million hacked accounts. Sensitive and personal data, of course, is what hackers thrive on and within these 30 million accounts they found plenty.

15 million Facebook users found that the hackers were able to access their name and contact information, while another 14 million users had details compromised such as gender, current address, birth date and the last 10 places they checked in at. The remaining one million hacked accounts ‘merely’ had their access tokens compromised with no personal data being on offer to the hackers. Unfortunately, for Facebook users, it took nearly two weeks to bring the hack to a close. Unusual activity was first recorded on 14th September, but it wasn’t until 11 days later that Facebook was able to confirm an attack was taking place. Two days later the attack was shut down and new access tokens issued.

If Facebook Can Get Hacked

Facebook use their own code so, naturally, the exact hack that blighted their systems is unlikely to affect your organization. However, the vulnerability of software is a universal concern for any organization that faces the public digitally. As ever, the basics of good cyber security should be adhered to at all times such as:

  • Installing all updates at the point of issue
  • Regularly updating passwords to protect user accounts
  • Training your staff on the methods used to execute an attack

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

4 Questions You Should Ask Before Clicking an Email Link

Cyber Attack, cyber attacks, email links, malware, Phishing, Ransomware, Security, security
14
Aug 2018

We receive so many emails in business now that they’re a keen target for hackers. As a result, your organization needs to be more wary than ever with email.

The most common way for a hacker to take advantage of emails is by loading them with malicious links. These can be used to extract personal information, activate ransomware or send users to dangerous websites. And these emails are more than likely hitting your organization every day. Whilst the majority of emails with links embedded in them are genuine, it only takes one rogue email to cause severe problems.

To help you avoid the wrath of hackers, we’ve put together four questions you should ask before clicking an email link.

  1. Do You Recognize the Sender?

Trust is crucial when it comes to dealing with links contained within emails. If you don’t recognize the sender then the link should definitely be treated with caution as it could easily be a malicious link. Emails from work colleagues should be more trustworthy, but it’s always possible that their email account has been hijacked. So, even if you recognize the sender, there are still plenty of questions you need to ask.

  1. Does the Link Look Genuine?

If you received an email advising you to visit the Ophtek website then it would look something like www.ophtek.com or ophtek.com. However, if a hacker is trying to trick you into visiting a malicious website then the link may read slightly different e.g. ophtek.org or ophteksupport.com. If you’re ever unsure about the URL listed in a link then try Googling the URL and see whether it brings up a genuine website.

The other factor to look out for is whether the link written in the email is genuine. While the link could say www.ophtek.com the actual destination contained within the link could be completely different. Thankfully, you can double check this by hovering your cursor over any email link to display a popup window that lists the genuine destination.

  1. Do You Even Need to Click the Link?

A high number of malicious links prey on our worries, so, for example, emails that claim your bank account has been hacked are very common. The email will usually contain a link that promises to start an authentication process to secure your account, but these links are never genuine. More often than not, the email will reference a bank that you don’t even have an account with, so there’s absolutely no need to click any links inside it.

  1. Why is it a Shortened Link?

Shortened links may save space in emails, but there’s no reason why they should be used in business emails. More importantly, shortened links – provided by platforms such as Bit.ly and Goo.gl – are yet another way that hackers can disguise the destination of a link. Shortened links are particularly difficult to judge as, even if you hover your cursor over them, it’s impossible to tell where they will send you. Help is at hand, though, from platforms such as CheckShortURL which can expand shortened links to show their true destination.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2