strong passwords Archives

RapperBot Malware Develops New Distribution Tricks

IoT Attacks, malware, Ophtek, RapperBot, Security, strong passwords, UpdatesIoT Attacks, malware, Ophtek, RapperBot, security, strong passwords, updatesOphtek, LLC

Jun 2023

Malware constantly evolves, and that’s why it’s a constant thorn in the side of PC users. The ever-changing RapperBot malware is a perfect example of this.

If malware was boring and lacked innovation, it wouldn’t last very long or infect many computers. It would make our lives a lot easier, but it would defeat the main objective of malware. And that is to cause chaos. Repeatedly. Therefore, malware developers are keen to extend the lifespan of their creations. This is why malware is regularly developed, to keep one step ahead. It’s the digital example of a game of cat and mouse. But the good news is that you don’t have to be the mouse.

The Lowdown on RapperBot and Its Evolution

First discovered in 2022, RapperBot started its malware career in the Internet of Things (IoT) niche. Most notably, RapperBot was observed to be using parts of the Mirai botnet code. However, RapperBot was much more than just another take on Mirai. It was much more sophisticated. Not only had its remote access capabilities been upgraded, but it could now also brute force SSH servers – these allow two PCs to communicate with each other.

This evolution has continued at pace, with security experts Fortinet and Kaspersky detecting the following changes:

After infection, further code was added into RapperBot by the developers to avoid detection. A situation which persisted even after rebooting. A remote binary downloader was later added to allow self-propagation of the malware.

The self-propagation capabilities of RapperBot were later changed to allow the malware to gain constant remote access to SSH servers which had been brute forced.

Finally, RapperBot moved its aim away from SSH servers and targeted telnet servers. Cleverly, RapperBot sidestepped the traditional technique of using huge data lists and, instead, monitored telnet prompts to determine the target device. This allowed the threat actors to identify IoT devices and quickly try their default credentials.

The Best Tips for Tackling RapperBot

IoT devices are plentiful in the modern age, and we certainly couldn’t be without them. Accordingly, we need to protect them from threats such as RapperBot and BotenaGo. You can do this by following these best tips:

Keep devices up to date: it’s crucial that you regularly update the firmware and software which supports your IoT devices. Few, if any, pieces of hardware reach consumers without some form of security flaw present. Once these flaws are detected, the manufacturer will usually release a patch or update to remove this vulnerability. Therefore, you need to install these as soon as possible, a strategy which is made easy by allowing automatic updates.

Change default passwords: Many IoT devices come with default usernames and passwords, these are often the same across every single version of that device. As such, they represent an incredible risk. This means you need to change these default credentials to strong, unique usernames and passwords before they are connected to your IT infrastructure. Additionally, enable two-factor authentication, wherever possible, to add an extra layer of security.

Network segmentation: ideally, separate networks should be created to house your IoT devices and isolate them from your core network. As IoT devices carry a certain amount of risk, it makes sense to keep them away from the majority of your IT infrastructure. This ensures that, if an IoT device does become infected, the malware can only spread so far.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Why Do You Need Different Passwords?

Ophtek, password manager, Password Security, Passwork Checkup, strong passwordsOphtek, Password Checkup, password manager, password security, strong passwordsOphtek, LLC

Mar 2023

A password is one of the simplest and strongest ways to deliver high-strength IT security, but it’s also one which has the potential to cause great damage.

We use passwords on such a regular basis that their presence has become the norm. Logging onto your PC in the morning requires a password, unlocking your PC screen is only possible with a password and signing into your webmail needs, you guessed it, a password. In fact, such is their ubiquity, one study has estimated, on average, we use 100 passwords. And remembering all of these is difficult! Therefore, it comes as no surprise that many of us use the same password across multiple platforms. But this is one of the biggest mistakes you can make in IT.

The Dangers of Recycling Passwords

It may be quick and easy to recycle your passwords, but there are some major reasons why IT professionals advise against it:

One password means multiple hacks: once a hacker gets hold of, for example, your webmail password, you can bet your bottom dollar they will try it across multiple platforms. Accordingly, if your webmail password is the same as your PayPal password then there’s a good job your account could become compromised. Ultimately, using different passwords means that you minimize the number of accounts which could be breached.

Passwords need to be complex: rather than recycling passwords, some people favor site specific passwords e.g. using ‘password123gmail’ for Gmail and then ‘password123facebook’ for Facebook. While this may be enough to outwit an automated bot, a sentient threat actor will be able to easily put 2 + 2 together and uncover your strategy. As such, you need passwords which are both unique and complex.

Different passwords are easy: one of the most surprising aspects of recycling passwords is that it’s easy to avoid going down this route. Aside from taking the time to create a complex password, there are numerous automated options to help you create one.

Creating Different Passwords

As we’ve already said, creating different passwords doesn’t have to be difficult, and you don’t even have to remember them. All you have to do is:

Use a password generator: from Google Chrome to LastPass and on to security providers such as Norton, there is plenty of choice when it comes to using technology to generate a password. These applications take your passwords to the next level and will never suggest something as simple as Qwerty123. Instead, they will generate complex passwords which include numbers, mixed case letters and symbols.

Store your passwords securely: as well as acting as a password generator, many password apps also contain or link up to password managers. These secure devices store your complex passwords and take the pain out of remembering those 16-character passwords you struggle to remember. All you have to do is authorize them to fill in your login credentials each time you go to log in.

Final Thoughts

In 2023, there’s no excuse for using the same password across multiple logins. It’s a sure fire way to maximize the impact of a security breach, so you need to take the necessary steps to prevent this. Thankfully, the presence of password generators and managers mean that your passwords can instantly be upgraded and secured.

For more ways to secure and optimize your business technology, contact your local IT professionals.

LastPass Hit by Security Incident

Hackers, LastPass, Ophtek, password manager, Password Security, Security, strong passwordshackers, LastPass, Ophtek, password manager, security, vulnerabilityOphtek, LLC

Feb 2023

What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service , one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

Change your LastPass password: your master password will be the password used to access the LastPass service, and this needs to be changed immediately. Any data breach means access has been compromised, so changing your master password is the first step to take. With your master password changed, you will instantly be reducing the risk of your passwords falling into the wrong hands.

Change all your stored passwords: the passwords stolen from LastPass are encrypted, but it makes bad sense to rely on this. Accordingly, we would recommend going through all your passwords on LastPass and changing them to new ones. With this completed, the details within the stolen password vaults will become redundant.

Make sure your LastPass password is not recycled: following a data breach, it’s always good practice to make sure your master password isn’t used on other platforms. For example, a threat actor may take your login details for LastPass and use a bot to automatically try them in thousands of different other platforms. As such, if you recycle your login credentials across platforms, you run the risk of these being compromised too.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1.2 Million GoDaddy Users Hit By Managed WordPress Hack

GoDaddy Breach, Hackers, Hacking, Ophtek, Password Security, strong passwordsGoDaddy Breach, hackers, hacking, Ophtek, password security, strong passwordsOphtek, LLC

Dec 2021

Web hosting is an integral part of how the modern internet works, but what happens when a provider finds themselves the victim of a hack?

GoDaddy is one of the most popular web hosting providers in the world with an estimated customer base of over 20 million users. Through GoDaddy it’s possible to use their Managed WordPress service to build and host WordPress websites. And, with around 64 million websites currently being powered by WordPress, it’s clear to see why GoDaddy has focused on this platform. Online popularity, however, will always put you in the targets of hackers. A recent breach of GoDaddy’s Managed WordPress service has demonstrated this by hitting 1.2 million of their customers.

How Did GoDaddy Get Hacked?

GoDaddy’s Managed WordPress environment contains huge amounts of data. Not only is there access to the source code for hosted websites, but customer’s personal data is also stored there e.g. email addresses, login credentials and site security certificates. These are data sources which have the potential to cause widespread digital devastation. Email addresses can be used to power phishing campaigns, login credentials give hackers the ability to hijack websites and manipulating security certificates can result in malware being downloaded to unsuspecting victims. But how exactly did one of the world’s most powerful web hosting providers get hacked?

The attack appears to have started in early September 2021 and stemmed from a password becoming compromised. The password in question allowed a third party to gain unauthorized access to GoDaddy’s Managed WordPress system. From here, the hackers were able to harvest the previously mentioned data. Unfortunately, for GoDaddy’s customers, it appears that the passwords being stored for Secure File Transfer Protocol were not encrypted and were available in plaintext. Naturally, this made it much easier for hackers to harvest even more data more quickly. And, worst of all, the attack was not picked up for over two months.

Preventing Similar Breaches in the Future

After discovering the hack, due to suspicious activity being detected on their servers, GoDaddy have moved swiftly to limit the damage. All affected login credentials have been reset and GoDaddy are currently issuing new site security certificates. However, the nature of this breach is a damning indictment of GoDaddy’s security measures. Passwords should be secure. The best ways to prevent such breaches taking place are:

Strong Passwords: A strong password is one that is judged difficult to guess. The best way to achieve this is by using a mixture of uppercase characters, lowercase characters, numerical characters and symbols. Mixing these different elements together minimizes the odds of a hacker guessing lucky. Additionally, don’t go for obvious password choices such as your name or your date of birth.

Regularly Change Your Passwords: Another sure-fire way to prevent your password being compromised is by changing it regularly. An ever-changing password makes it much harder for hackers to take advantage of leaked login credentials, so make sure your employees are prompted to change their passwords every month.

Don’t Write Your Passwords Down: One of the most common ways for a password to be stolen is by having it written down. This increases the risk of it being stolen compared to a password which you have memorized or stored within a secure password managed app.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Sidewalk Malware Linked to Chinese Hacking Group Grayfly

Cyber Security, Grayfly, Ophtek, Secure Socket Layer, Sidewalk Malware, strong passwords, upgrade softwareCyber Security, Grayfly, Ophtek, secure socket layer, Sidewalk Malware, SSL, strong passwords, upgrade softwareOphtek, LLC

Sep 2021

A new strain of backdoor malware has been discovered and named as Sidewalk. And the hacking group behind it – Grayfly – mean business.

Believed to have major links to China, Grayfly has been launching global cyber-attacks since 2017 and has also operated under the names of Wicked Panda and GREF. With a keen interest in espionage, Grayfly favors attacking public facing web servers. Once they have their foot in the door, the hackers being installing backdoors across the network to maximize their access. The Grayfly group represent a sophisticated threat and show few signs of letting up in their endeavors.

The Sidewalk malware, which appears to be Grayfly’s latest weapon, has been attacking servers in the US, Mexico and Asia. Accordingly, you need to be on your guard.

How Does the Sidewalk Malware Work?

Sidewalk was first discovered in August 2021 when a new piece of malware was detected by Slovakian researchers. Sidewalk, it was revealed, operates by loading plugins into breached systems to search out and log running processes. This information is then transmitted back to a remote server where hackers can analyze the infected servers in forensic detail. The researchers were keen to note that the Sidewalk malware shared many similarities to Grayfly’s previous hacking tool Crosswalk.

Sidewalk has been concentrating its efforts on a number of targets in the US, Vietnam, Mexico and Taiwan. Given the espionage nature of Grayfly’s operation, it comes as no surprise that a large proportion of the victims are involved in the telecoms industry. Grayfly start these attacks by identifying Microsoft Exchange servers which can be accessed through the public internet. With this in their sights, the hackers install a web shell which grants them the opportunity to run administrative commands on the server. From here they can dig deeper into the server and begin harvesting confidential data such as login credentials.

How Can You Protect Your Public Facing Server?

Public facing servers are crucial for any businesses which need to allow the public to access their services are online. However, as the Sidewalk malware has shown, they’re at the risk of cyber-attacks. Nonetheless, you can protect your public facing servers by practicing the following:

Monitor Logins: By using specialist security tools, you can monitor login attempts to your server. These will monitor suspicious activity such as brute force attacks and can block IP addresses suspected of being dangerous.

Only Allow Strong Passwords: Servers need to use strong passwords to thwart the efforts of hackers. Avoid making common password mistakes and always change any default passwords as soon as possible.

Use Secure Sockets Layer Certificates: Your web administration areas should always be protected by a Secure Socket Layer (SSL). These security certificates protect and encrypt information passed between two systems on the internet e.g. a website and a visitor to that website. This ensures that personal data remains secure.

Always Upgrade Your Software: One of the surest ways for a public facing server to become breached is by eliminating vulnerabilities in its design. These weak points allow hackers to gain easy access, so it’s vital these are plugged. Software and hardware manufacturers regularly release firmware and security patches, so make sure these are installed as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Category Archives: strong passwords