SessionManager Malware Targets Microsoft Exchange Servers

IIS, malware, Ophtek, security, SessionManager, Windows vulnerability, , , , ,
12
Jul 2022

A new piece of malware has been found to be targeting Microsoft Exchange servers operated by both military and government organizations all over the world.

Discovered by security giants Kaspersky, who also gave the malware its name, SessionManager appears to have been at large since March 2021, but its existence has only just been confirmed. It’s believed that SessionManager was created by Gelsemium, a relatively new hacking group who have already conducted a number of serious cyber-attacks.

Naturally, you would expect military and government organizations to have some of the strongest cybersecurity measures in place. And they do. However, there’s not a single IT infrastructure which can be described as 100% secure. And, as SessionManager has proved, where there are vulnerabilities, there’s a way in.

How Does SessionManager Operate?

At the start of 2021, Kaspersky revealed details of ProxyLogon, a series of vulnerabilities discovered in Microsoft Exchange. As a result of these vulnerabilities, threat actors were presented with an opportunity to install malicious modules into web server software for Microsoft’s Internet Information Services (IIS). And this is exactly how the SessionManager module came to be embedded within numerous organization’s servers.

Once installed, the threat actors were able to use SessionManager to carry out the following tasks:

  • Carry out remote command execution on affected devices
  • Gain quick and easy access to email accounts within the organization
  • Install further malware to maximize the way in which servers were compromised
  • Using infected servers to manipulate traffic moving across the network

As SessionManager has managed to operate without detection for over a year, it has been able to harvest signification amounts of sensitive data and take control of high-level networks. Even after SessionManager’s discovery, security experts have been slow to move, with Kaspersky commenting that a popular file scanning service was still failing to detect SessionManager. Accordingly, SessionManager remains active in the digital wild and maintains its threat.

What If You’re Infected with SessionManager?

Even if you do discover that your network has been infected by the SessionManager module, deleting it is not enough to fully rid yourself of it. Instead, you will need to go through the following:

  • The most important step to take first is to disable your IIS environment
  • Use the IIS manager to identify all references to the SessionManager module and ensure that these are fully removed
  • Update your IIS server to eliminate any known vulnerabilities and leave it fully patched
  • Restart your IIS environment and run a final check for any traces of SessionManager

If, of course, you want to prevent vulnerability threats such as SessionManager being enabled in the first place, then you need a conscientious approach to updates. The sooner you can install a firmware upgrade or a security patch, the sooner you can plug security holes in your IT infrastructure.

Sure, we live in a fast-paced world and it’s easy to forget minor tasks such as installing upgrades, but with automate installs a viable option, there’s not really an excuse. Therefore, keep your organization’s network safe by automating updates and enjoying the peace of mind this brings.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

ZuoRAT Malware: A New Threat to Routers

malware, Ophtek, router, security, Trojans, Updates, ZuoRAT Malware, , , , , , ,
05
Jul 2022

Small businesses rely on routers to keep themselves and their customers connected. But this relationship could now be at risk due to the ZuoRAT malware.

For online communication to work, data needs to move from one computer network to another. And this is exactly what a router does. By directing traffic across the internet, a router can be used to deliver emails, transfer files and stream videos between PCs. Without a router, you simply won’t be able to send or receive data. So, as you can see, they’re an essential part of any small organization’s IT network. Unfortunately, this is the type of IT necessity which hackers love to interfere with. And the ZuoRAT malware does this with a disturbingly sophisticated ease.

The Lowdown on ZuoRAT

ZuoRAT is a strain of malware which takes advantage of vulnerabilities in routers produced by the popular manufacturers Cisco, Netgear, DrayTek and Asus. By exploiting these vulnerabilities, ZuoRAT can access local area networks (LAN) and harvest network traffic from the infected devices. This information is then transmitted to a remote ‘command and control’ server, so, for example, any login credentials which pass through your router will be transmitted to the hacker’s server.

However, ZuoRAT doesn’t stop at hijacking LAN traffic; it downloads additional malware in the form of two further remote access trojans (RAT). These RATs are used to infect devices connected to the network and facilitate the spread of the infection even further. This could, in theory, lead to the infected network being converted into a botnet or, worse still, allow the spread of ransomware across the network.

Although ZuoRAT is relatively new, it has been active in the digital wild since April 2020, and this has given it plenty of time to exploit a wide range of routers. It’s also important to point out that ZuoRAT made its debut at the start of the Covid-19 pandemic. Given that it targets SOHO (small office/home office) routers, ZuoRAT was perfectly placed to attack employees who were working at home with limited IT support. As a result, it has been presented with an opportunity to steal sensitive data with relative ease.

Protecting Your Network from ZuoRAT

Due to the way in which it was designed – a custom build through the complex MIPS architecture – ZuoRAT is not detected by conventional anti-malware software. Therefore, if you own a router made by the affected manufacturers, it’s crucial that you make sure the associated software is up-to-date and fully patched. As ever, monitoring network traffic is a smart move as this will allow you to flag up any suspicious activity.

Final Thoughts

Threats such as ZuoRAT present numerous problems to organizations, most notably due to their multi-pronged attack strategy and stealthy nature. However, it also demonstrates a perfect example of why you need to manage updates relating to your IT equipment. Implementing an upgrade strategy which takes advantage of automated processes has never been more important.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How can Microsoft 365 Business Help Your Organization?

Cloud, collaboration, Microsoft, Microsoft 365, Ophtek, security, , , ,
06
Jul 2021

The way in which we work has changed radically in the last 10 years. Helping organizations get to grip with these changes is Microsoft 365 Business.

The need for flexibility within business has never been more apparent since the Covid-19 pandemic entered our lives. Thankfully, flexibility had been on the rise in business for some time. Remote working, bring your own device schemes and tailored working hours have all helped to make flexible working a reality. Traditional IT infrastructures, however, aren’t necessarily set up to deal with these arrangements. But this is where a service such as Microsoft 365 Business steps in.

What is Microsoft 365 Business?

Originally launched in 2011 as Office 365, Microsoft 365 is a collection of products and services designed by Microsoft. The service is subscription based with plans available including consumer, small business and enterprise. These plans are made available to users through cloud computing and this is what makes it invaluable for flexible working. Not only is it perfect for teamwork, but it also meets the needs of individual users.

The ‘business’ subscriptions of Microsoft 365 feature significantly more features than the consumer plan. Additional features and functions available to Microsoft 365 Business users include:

  • Microsoft 365 Apps for Business: A range of Office applications that can be used across a variety of PC, Mac and mobile devices for up to five devices per user.
  • Office 365 Enterprise: Provides users with access to the complete range of Office applications and hosted services. Full support is also available to safeguard against any technical issues.

What are the Benefits of Microsoft 365 Business?

It’s important to understand how Microsoft 365 Business can benefit your organization, so let’s take a look at the benefits on offer:

  • Enhanced Collaboration: Microsoft 365 Business was built with collaboration in mind. And it delivers this with power. The presence of Microsoft Teams allows team members to communicate and share files with ease. This is essential for collaboration, but Microsoft 365 Business also allows you to synchronize your email, contacts and calendar. An important function and one which ensures you will never miss meetings and communications again.
  • Powerful Security: The threat of malware increases with each passing day, so protecting your IT infrastructures is paramount. And Microsoft 365 Business takes the pain out of this security with its simplistic, yet powerful security options. Devices such as laptops and mobile phones can easily be remotely wiped of all data if they are lost or stolen. It’s also possible for IT teams to quickly restrict access to specific users to minimize the risk of any data loss.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Basics of Protecting Your Network

anti malware, firewall, network, Ophtek, security, two factor, , , , , ,
23
Apr 2019

Computer networks are complex pieces of technology, but, thankfully, when it comes to protecting them, the processes are relatively simple.

If you’re an organization that works with PCs then the chances are that the backbone of your IT infrastructure will be a network. Packed full of benefits that enhance accessibility, speed and communication, a PC network is crucial for productivity. However, due to the incredible amount of data being transmitted across a network, these bastions of connectivity are squarely in the targets of hackers. And that’s why it’s important that your network is protected from any external threats.

You can, of course, invest heavily in a wide range of security solutions to protect your network, but it’s vital that you make sure you follow the basics as your best defense. So, if you want to know what these are, just take a look at our guide on the basics of protecting your network.

Always Use a Firewall

Your organization’s network is private and, therefore, the last thing you want is for third parties to be accessing the network and viewing its traffic. The most popular and effective method for preventing this is by installing a firewall. A piece of software that analyses incoming and outgoing activity, a firewall is a multi-layered form of defense that can monitor network activity, report unusual behavior and enforce security policies.

Work with Two-Factor Authentication

It’s highly likely that you’re familiar with the process of using login credentials to access networks and applications, but have you ever used two –factor authentication? While the standard practice of entering a login name and a password is highly secure, two-factor authentication makes it doubly so. The concept of two-factor authentication is that users have to go through two forms of authentication to gain access to the network e.g. after entering a username and password, users must then activate a link emailed to a secure email account.

Install Anti-Malware Software

Malware is any form of malicious software that aims to exploit vulnerabilities in your PCs (and their users) to gain access to your network. Naturally, this is the last thing you want, but it’s almost impossible to manually identify every threat entering your network. Therefore, it’s essential that you install anti-malware software to help protect your network. Capable of identifying the vast majority of active threats (and regularly updated against new ones), anti-malware software provides you with peace of mind that your defenses are strong.

Segment Your Networks

A simple way to enhance the security of your network is by segmenting it into individual sub-networks. Not only does this approach enhance the performance of each ‘segment’, it also increases the security of the network as a whole. For example, if a hacker manages to gain access to one of the segments, they will only have access to that one segment. The other sub-networks will be fenced off with their own unique security measures and, therefore, make it much harder for a hacker to gain access to the entire network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

30 Million Users Do Not Like Facebook Being Hacked

Cyber Attack, Hacking, security, Security, Security Threats, , , ,
30
Oct 2018

Facebook has started to reveal more details regarding the hack they experienced in September 2018 which has put 30 million users’ data at risk.

One of the most popular websites on the planet, Facebook has managed to amass a mammoth user base which totals around 2.23 billion. As a result, Facebook is an organization which retains a near unparalleled amount of data on its servers. To say that it’s a target for hackers would be an understatement, it’s more like the holy grail for any hacker who’s ever picked up a keyboard. And now it’s been hacked.

Facebook may be a massive organization making billions of dollars in revenue every year, but this doesn’t mean they’re immune from security lapses. It’s a fact which highlights the importance of good cyber security for any organization operating in the digital sphere. Let’s take a look at what happened.

How Facebook Got Hacked

The techniques behind the Facebook hack are complex, but for a talented hacker the methods employed are relatively simple. Targeting in on three bugs in the Facebook code for the ‘View As’ section – which allows users to view their own profile as if they’re a different user – the hackers were able to obtain important ‘access tokens’. These access tokens are the pieces of code which ensure that users remain logged into Facebook without prompting for login information every time they try to access Facebook.

The hackers were able to build an initial pool of 400,000 accounts that they controlled with these access tokens. From here, the hackers began to harvest data from all these accounts and, when complete, used an automated process to hack into the accounts of friends listed on the initially compromised account. Moving from account to account in such a way ensured that the number of hacked accounts grew exponentially with the final figure totaling around 30 million hacked accounts. Sensitive and personal data, of course, is what hackers thrive on and within these 30 million accounts they found plenty.

15 million Facebook users found that the hackers were able to access their name and contact information, while another 14 million users had details compromised such as gender, current address, birth date and the last 10 places they checked in at. The remaining one million hacked accounts ‘merely’ had their access tokens compromised with no personal data being on offer to the hackers. Unfortunately, for Facebook users, it took nearly two weeks to bring the hack to a close. Unusual activity was first recorded on 14th September, but it wasn’t until 11 days later that Facebook was able to confirm an attack was taking place. Two days later the attack was shut down and new access tokens issued.

If Facebook Can Get Hacked

Facebook use their own code so, naturally, the exact hack that blighted their systems is unlikely to affect your organization. However, the vulnerability of software is a universal concern for any organization that faces the public digitally. As ever, the basics of good cyber security should be adhered to at all times such as:

  • Installing all updates at the point of issue
  • Regularly updating passwords to protect user accounts
  • Training your staff on the methods used to execute an attack

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3