Updates Archives

GeoVision Devices Vulnerability Exploited by Botnet Malware

Cryptominer, firewall, GeoVision, Legacy devices, Legacy Software, Mirai botnet, Ophtek, patches, security measures, Updatescryptomining, GeoVision, legacy devices, legacy software, Mirai botnet, OphtekOphtek, LLC

Dec 2024

No software, as GeoVision has recently discovered, is 100% secure from malware, with many applications left exposed by vulnerabilities within their coding.

GeoVision develops and manufactures advanced video surveillance hardware along with the appropriate software for running it. From IP cameras through to eyeball and dome cameras, GeoVision promises to offer state-of-the-art surveillance to strengthen your security. Unfortunately, the discovery of a vulnerability within their software has demonstrated that their products are fa r from the definition of secure.

Let’s dive into what’s happened and the lessons we can take away.

Mirai Malware Strikes at the Heart of GeoVision

Legacy devices, those which are at their end-of-life stage, suffer from security problems due to a lack of updates. Once a product has reached this stage of their lifespan, developers feel it’s uneconomical to continue providing software updates and patches. The best option for consumers is to upgrade to the latest model to ensure their devices remain safe. But many consumers decide, instead, to save a few dollars and continue with their legacy products. And this is when vulnerabilities rear their ugly head.

A vulnerability has been detected in numerous GeoVisions devices – video servers, compact digital video recorders and Linux systems – which allows threat actors to run system commands on the affected devices. Not all vulnerabilities are exploited, but this one – known as CVE-2024-11120 – has already been taken advantage of. Most notably, the Mirai botnet has been detected as active on infected systems. Mirai, typically, is used to facilitate botnet attacks or carry out cryptomining activities – both of which lead to a drop in performance for affected systems.

Close to 17,000 GeoVision devices are at risk of being exploited, with close to half of these being located in the US. Potentially, threat actors could compromise crucial security devices and have a major impact on the security of businesses and their employees. At present, due to the affected devices falling under the end-of-life classification, GeoVision has not announced any plans to update the software running on them.

Navigating the Risks of Exploited Software

All hardware and software reaches a legacy status at some point, and it’s important that your business knows how to approach this. And even the most up-to-date products still require close attention to remain secure. Therefore, make sure you implement the following to keep your IT systems safe:

Install all Updates and Patches: One of your main priorities should be to regularly install all software updates to minimize the risk of vulnerabilities being exploited. These updates can easily be automated and ensure your systems are kept as secure as possible.
Conduct Regular Security Audits: It makes sense to carry out regular security audits to evaluate how secure your IT systems are. This could involve verifying that all default passwords are changed, making sure that your employees receive regular security refreshers, and monitoring network activity for unusual patterns.
Carry Out Basic Security Measures: The simplest methods are often the most effective against malware, so you need to be sure the basics are taken care of. This can range from installing firewalls and security suites on your infrastructure through to partitioning networks and limiting user privileges across your network.

For more ways to secure and optimize your business technology, contact y our local IT professionals.

CrowdStrike Causes Unprecedented Global IT Outage

Cloud Storage, CrowdStrike, cybersecurity, Ophtek, Updates, vulnerability, Windows updatecloud storage, CrownStrike, Ophtek, security, updates, vulnerability, Windows updateOphtek, LLC

Jul 2024

One of the world’s biggest ever IT failures has caused chaos for major IT infrastructures all over the world. And it was all thanks to a CrowdStrike update.

The damage was caused by a content update for Windows issued by CrowdStrike, a major player when it comes to cybersecurity firms. However, rather than providing an enhanced experience for Windows users, it resulted in many users finding that their PCs crashed. The ‘blue screen of death’ was a common sighting and numerous applications were rendered unusable. The CrowdStrike glitch wasn’t restricted to a small number of individuals either, it went all away the round and affected major organizations.

Understanding the CrowdStrike Flaw

CrowdStrike has been providing security solutions since 2011, and it now offers a wide range of security services. These are provided through cloud-based platforms and have seen CrowdStrike’s profile rise significantly. However, their recent update for their application Falcon Sensor – which analyzes active processes to identify suspicious activity – is responsible for the worldwide outage of IT systems.

Falcon Sensor runs within Windows and, as such, interacts directly with the Windows operating system. Falcon Sensor’s main objective is to protect IT systems from security attacks and system failures, but their latest update achieved the complete opposite. As a result of faulty code within the update, Falcon Sensor malfunctioned and compromised the systems it had been installed on. This led to IT systems crashing and unable to be rebooted.

CrowdStrike were quick to identify the fault as a result of their update, and reassured the global community this was not a global cyberattack. With the fault identified and isolated, CrowdStrike rapidly developed a fix. But the damage had already been done, and many systems remained offline due to the disruption.

Who Was Affected by the CrowdStrike Glitch?

The impact of the faulty CrowdStrike update was of a magnitude rarely seen in the IT world. With many IT infrastructures relying on Windows, countless systems crashed all over the world. Airport services were badly hit, and lots of airlines had to ground their planes due to IT issues. Banks and credit card providers were also affected, and numerous organizations were unable to take card payments as a result. Healthcare services, too, felt the full impact of the glitch and struggled to book appointments and allocate staff shifts.

The Aftermath of the CrowdStrike Disaster

Disruption to IT systems was still evident days after the CrowdStrike incident, and it’s expected this disruption will continue. Matters weren’t helped by the simultaneous failure of Microsoft Azure, a cloud computing platform, which also created a major outage.

While the outages were caused by a technical glitch, CrowdStrike issued an announcement the day after that cybercriminals may be targeting affected systems. Evidence in Latin America indicated CrowdStrike customers were being targeted by a malicious ZIP archive which contains HijackLoader, a module used to install various strains of malware.

Final Thoughts

Ultimately, this digital catastrophe was caused by a faulty piece of code, and Microsoft currently estimate it affected 8.5 million Windows devices. It could easily happen again and reinforces the need for good backup protocols, such as the 3-2-1 backup method. The CrowdStrike glitch may have been unforeseen, but with the correct preparation, you can minimize the impact of future incidents on your IT systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

A Remote Access Trojan (RAT) is one of the most common forms of malware you are likely to encounter, and it’s crucial you understand what they are.

It’s important for all organizations to be aware of the danger posed by a RAT in terms of cybersecurity. After all, a RAT could easily take down your entire IT infrastructure or compromise your business data. And all it takes is one mistake for your team to fall victim to a RAT. Due to the severity posed by RATs, we’re going to define what a RAT is, how they work, and the best way to defend and protect against this threat.

The Basics of a RAT

A RAT is a strain of malware which is designed to give threat actors unauthorized access and control over a victim’s PC from a remote location. This is always completed without the victim’s consent, a fact made possible by the stealthy nature of a RAT.

For a RAT to succeed, it first needs to infect the victim’s PC, and this can be achieved in the following ways:

Phishing emails may be used to send malicious attachments which, once opened, activate the RAT and allow it to access the PC it is on.
Malicious downloads may be activated by unsuspecting users who are downloading them from illegal file sharing websites.
If hardware and software is not updated regularly, there is a chance that vulnerabilities may be discovered which a RAT can exploit.

RATs are stealthy types of malware and this cloak of invisibility is put in place by changes that the RAT makes to system settings and registry entries. With this deception in place, a RAT is then able to communicate to a command and control (C&C) server located in a remote location. This C&C server allows the RAT to transmit stolen data and, at the same time, gives the threat actor the opportunity to send commands directly to the RAT.

Some notable examples of RATs are ZuroRat from 2022, NginRAT from 2021 and, more recently, the QwixxRAT attack. All of these examples share one key thing in common: their main objective is to cause digital chaos for all those who fall victim. Accordingly, your organization needs to understand how to defend themselves against these threats.

Detecting and Protecting Against RATs

Protecting your IT infrastructure is far from difficult. In fact, as long as you implement the following measures, it’s relatively easy:

Always update your antivirus and anti-malware software. These security suites have the potential to put a strong barrier in place and detect any incoming malware. However, they also rely on regular updates to keep up to date on the latest threats. Therefore, you need to make sure these are put in place to maximize your defenses.
Make sure that network monitoring solutions are implemented to combat unauthorized network access. This means that your IT team will be able to identify unusual network traffic patterns and take actions to shut this down.

Email and web filtering can seriously reduce your risk of falling victim to a RAT. These excellent pieces of software will analyze and block any malicious attachments before they have a chance to reach your email inbox.

For more ways to secure and optimize your business technology, contact your local IT professionals.

HiatusRAT Malware Returns with a Vengeance

HiatusRAT, malware, network, Ophtek, Security, Updateseducate, HiatusRAT, malware, network, Ophtek, security, updatesOphtek, LLC

Oct 2023

The HiatusRAT malware has re-emerged from its slumber to prove how resilient it is by targeting multiple organizations in Taiwan and the US.

As with most malware which is deemed successful in terms of its longevity, the threat actors launching HiatusRAT have ensured that it’s more powerful than ever. And, to strengthen its attack, they have redesigned it to escape detection. So far, the majority of the organizations targeted by this latest version of HiatusRAT have been based in Taiwan, but at least one US-based military system has also been attacked. And, with HiatusRAT seemingly operating at full throttle, it’s likely to spread even further.

Due to the potential danger contained within HiatusRAT, we’re going to take you through how it operates and how you can protect your organization.

The Lowdown on the Latest HiatusRAT Campaign

HiatusRAT was first detected back in March 2023, when it was discovered infecting the routers of various organizations in Europe and North and South America. This attack involved stealing data by hijacking email channels as well as installing a remote-access Trojan (RAT) on infected routers. It was an attack which led to significant data loss, but the malware’s activity soon dropped off. However, during this downtime, HiatusRAT has been refined and reconfigured.

Again, HiatusRAT appears to be targeting routers and similar networking devices. By redesigning HiatusRAT to target ARM and Intel hardware, the threat actors – who are currently unknown – have managed to enhance the potency of their malware. Operating with two types of servers – Tier 1 and Tier 2 – they have been able to use multiple IP addresses to transmit data to remote sources. As the attack has targeted at least one military system, it’s suspected that there may be a nation-state involved with the attack. However, as of now, security researchers have been unable to pinpoint the true motives outside of data theft.

Protecting Your Organization from HiatusRAT

You may not run an organization in the military industry, but RAT-based malware doesn’t tend to discriminate. Therefore, you need to be on your guard against HiatusRAT and other similar attacks. Remaining vigilant is crucial, and you can strengthen this vigilance by practicing the following:

Always install updates: many malware attacks are the result of an unpatched vulnerability giving threat actors free access to your IT systems. This means that installing updates, for every piece of software and hardware you use, is vital. It may feel like a time-consuming task in the short-term, but ultimately it could save your organization from data breaches and significant disruption.

Monitor network activity: HiatusRAT was observed to be transmitting data to a remote server for around two hours, and this is why monitoring network activity is so important. Occasionally, there can be a surge in network activity, but this is most often related to identifiable reasons and directed towards known destinations. However, anything out of the ordinary – such as unusual destinations and IP addresses – should immediately be investigated.
Educate your employees: one of the surest ways for malware to breach your IT infrastructure is through your employees. This means that strong IT induction programs need to be implemented and regular refresher courses conducted to solidify this knowledge.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Every business wants their IT infrastructure to be secure, so it’s crucial that you understand all your options. And two of the best are an SOC and an NOC.

A Security Operations Center (SOC) and a Network Operations Center (NOC) are exciting options for your defenses, but not everyone knows what they are. The good news is that both of these options, which can be based in-house or outsourced to external contractors, are here to protect your IT operations. And they both do this with a high level of sophistication, which ensures that cybersecurity threats are quickly identified and nullified.

How Does an SOC Protect Your IT Infrastructure?

Integrating an SOC into your cybersecurity strategies is one of the quickest ways to enhance your defenses. In short, an SOC is a dedicated team of professionals who can provide 24/7 monitoring of your IT systems. Their main duties include:

Maintenance: one of the surest ways to keep any system operating effectively is through routine and preventative maintenance. And this is a duty which an SOC will take in its stride. From initiating and installing updates through to updating firewalls and managing backup protocols, a dedicated SOC will ensure that none of these vital tasks are missed.
Creating response plans: in the case of a security incident, your organization needs to have a solid response plan ready to go. This could involve restoring data from backups, partitioning your networks, or even shutting your entire IT infrastructure down. Regardless of the strategy, you need to make sure that the perfect response plan has been formulated. And, thanks to the experience of those employed in an SOC, you can rest assured that your response minimizes disruption.
Monitoring: security incidents can strike your organization at any time of day, so it’s important that you have round-the-clock monitoring to flag up any attacks. An SOC can take care of this by not only monitoring network activity, but also analyzing it to provide a strong determination as to the threat level posed. This allows the SOC team to quickly identify potential threats and react accordingly.

Why Does Your Organization Need an NOC?

IT networks are complex, highly complex. This means that monitoring them effectively is difficult, but crucial when it comes to securing them. It’s difficult for your standard IT team to dedicate themselves to this task, so this is why the emergence of NOCs is so exciting for organizations. With an NOC supporting your IT infrastructure, you can expect 24/7 coverage in the following areas:

Network monitoring: an NOC can provide your organization with constant network monitoring and surveillance. This monitoring will cover all of the most common elements found in a network such as servers, routers, and switches. It’s an approach which is not only comprehensive, but also allows the NOC team to minimize any disruptions to your network.
Enhanced security: the main aim of a threat actor is to bypass the security of your network, and it’s very easy for them to sneak in when a vulnerability is in place. However, the presence of an NOC team means that not only will updates and patches be installed quickly, but their constant monitoring of your network will allow them to identify any unauthorized access.
Performance monitoring: given the level of competition within business in the 21^st century, your organization’s network needs to perform at a high level. Monitoring the complexities of an IT network, though, is a tough ask. But the experience of an NOC team means they can easily analyze your network performance, and then suggest plans for improving and maximizing its output.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 3 … 7 Next »

GeoVision Devices Vulnerability Exploited by Botnet Malware

What is a Remote Access Trojan?

HiatusRAT Malware Returns with a Vengeance

The Importance of an SOC and NOC in Business IT

Category Archives: Updates