Disk Wiping Malware Disguises itself as Ransomware

Apostle, Cyber Security, malware, Ophtek, Ransomware, Updates, , , ,
08
Jun 2021

Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.

The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.

Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.

How Does Apostle Wipe Disks?

The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.

The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.

How Do You Stop Your Disk Being Wiped?

The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:

  • Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.
  • Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Defense Companies Under Attack from ThreatNeedle

Hackers, macros, Ophtek, spear phishing, threatneedle, Updates, , , , ,
13
Apr 2021

Defense firms in over a dozen countries have found themselves targeted by a new backdoor threat named as ThreatNeedle. And it’s hitting firms hard.

The last thing that a defense firm wants is for their networks to be breached. Not only does it damage their reputation as a defense firm, but it puts significant data at risk. Hackers, of course, love to cause trouble, so a defense organization is the perfect target. But the hackers behind the ThreatNeedle malware are more than just a minor hacking group. The threat is believed to come from Lazarus, a secretive hacking group with ties to the North Korean government.

As this is a major threat we’re going to put ThreatNeedle under the microscope for a closer look.

What is ThreatNeedle?

ThreatNeedle takes a spear phishing approach to begin its campaign and does this by faking email addresses that look as though they belong to the target company. This move, which is relatively easy with an email server and the right software, allows the victims to be lulled into a false sense of security. This scenario is then exploited by embedding malicious links or attaching infected documents. Often, these emails have been laced with a COVID-19 theme in order to fully engage the user, but any subject may be used to rush the recipient into action.

The attackers, once the ThreatNeedle payload has been unleashed, are then able to take control of the victim’s PC. Naturally, this means that they will carry out typical hacking attacks such as:

  • Executing remote commands to run applications and download further malware
  • Send workstations into hibernation mode to disrupt IT activities
  • Log data and transmit to a remote PC where it can be archived and exploited

However, ThreatNeedle also has an innovative ace up its sleeve. Generally, if a network is segmented then malware will be limited to the segment it infects. This limits the amount of damage that can be caused to an entire network. So, for example, a set of PCs which are not connected to a network by the internet should be safe from all hacks. Unfortunately, ThreatNeedle is able to take advantage of IT department’s administrator privileges. This grants them the opportunity to access all segmented areas of a network. And it maximizes the damage they can cause.

How Do You Protect Against ThreatNeedle?

As with all malware, you don’t have to fall victim to ThreatNeedle. You just need to keep your wits about you and understand its threat. You can do this by carrying out the following:

  • Educate Staff on Phishing Emails: It’s important that your staff are fully trained on the dangers of phishing emails. Social engineering is a popular technique employed by hackers, but it can be thwarted if you know what to look for.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Understanding the Basics of Botnet Attacks

botnets, Hackers, Online Security, Ophtek, PC Maintenance, Security, Updates, , , ,
03
Nov 2020

The internet has connected us to each other in a way we would have thought impossible a few decades ago. But these massed connections can be very dangerous.

The beauty of the internet is that one PC can connect to another PC with relative ease. And these connections allow us to pool resources, share information and provide services. The foundations of almost every web service are based upon collections of PCs all working together to deliver an end result. These are often automated tasks that allow a website to continue operating correctly. But the fact that these PCs are generally left to their own devices means they aren’t actively monitored. And this situation makes them a security risk.

Known as botnets, these collections of PCs can have their cumulative power put to use for the gains of hackers.

What are Botnet Attacks?

While most botnets combine harmless coding with hardware, malicious botnets are another matter. A malicious botnet can gain access to your PC via two methods:

Regardless of the strategy involved, the end result is the same: an infection which adds your PC to the hacker’s botnet. Naturally, the more PCs added to the botnet, the more powerful it is. And, with the infection in place, the hacker will have full control of your PC. This allows them to carry out the following tasks:

  • Spread across the rest of your organization’s PCs by executing malware in order to swell the numbers of the botnet
  • Loading fake adverts in your internet browser designed to trick you into providing financial details to malicious websites
  • Use the cumulative processing power of all the PCs in a botnet to carry out DDoS campaigns in order to take websites down
  • Generating spam emails to be automatically sent from your organization’s email server

How Can You Protect Against Botnets?

As you can tell, a botnet attack will do your organization no favors and will cause untold damage to other businesses it targets. Therefore, you need to put these precautions into place:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Printers Patch Exposed as Vulnerable

Ophtek, patches, printer vulnerability, Security, Security Threats, Updates, upgrade, , , , , , ,
01
Sep 2020

The importance of installing updates and patches should never be underestimated. However, did you know that even these are not 100% secure?

Microsoft knows a thing or two about computers, but this doesn’t mean they are immune from mistakes and flaws. Accordingly, they regularly release patches and updates to address any vulnerabilities in their software.  A recent investigation, though, has discovered that these updates aren’t quite the safeguard consumers would expect. And, when you consider the amount of applications that Microsoft bundle with their systems, this is a matter of major concern.

Given the number of patches you are prompted to install each and every week, it’s important to understand what has happened on this occasion.

A Vulnerable Patch

The initial vulnerability in question relates to a flaw which was discovered in Windows printing services. Your first thought may be that printers are far from a security risk, but this couldn’t be further from the truth. If a device or application has any form of access to your network then it needs strong defenses. And this is why Microsoft was keen to patch a vulnerability which offered hackers a route into PC networks through print spooler software. This patch was issued in May and Microsoft believed this was the end of the story. But this story was due to run a little longer.

Researchers discovered that the impact of this initial patch could be negated by simply bypassing it. By modifying .SHD files (better known as Shadow), the researchers were able to add them into the spooler folder. This particular type of folder allows commands to be sent between a PC and a printer. Usually this is the preserve of printing documents, but the modified Shadow files allowed the researchers to send all manner of commands. It’s a scenario which had the potential to give hackers full access to a network.

How Can You Defend Against Weak Patches?

The vulnerability in question is no longer in present in systems which have since been updated, but it paints a worrying picture for PC users. If you are unable to rely on patches to give you full protection then what hope do you have?

First of all, you must, no matter what, always install all security patches. They are a crucial aspect of security and are all programmed with an objective of preventing an attack. This printer spooler fiasco demonstrates they are not perfect, but the majority are capable of fulfilling their aims. Nonetheless, being overcautious with IT security is always a good idea. Therefore, make sure you follow these simple steps:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Best Ways to Keep Your PC Organized

Best Practices, Ophtek, Organize, PC, Security, Updates, , , , ,
30
Jun 2020

The workplace can be a very stressful environment, so it’s vital that you keep organized. Key to this organization is a PC which doesn’t cause you stress.

It’s likely that your PC is your most important tool at work. After all, they can do almost anything from creative tasks through to data handling and communicating. But this is only possible if your PC remains organized. A badly organized PC will not only hinder your productivity, but it can have a negative impact on the health of your system.

The best workplaces avoid these shortcomings by making sure that employees follow simple, yet effective methods for organizing their PCs. And, as luck would have it, we’re going to share these with you today.

Keeping Your PC Organized

You don’t need a degree in computer science to keep your PC organized. You just need to follow these best practices:

  • Tidy Up Your Desktop: A cluttered desktop quickly becomes difficult to navigate, so it’s crucial that you keep it tidy. Ideally, your desktop should only ever contain shortcuts to the apps you use the most. Saving random files to your desktop may seem quick in the short term, but, in the long term, it makes finding everything on your desktop more difficult. 
  • Audit Your Files: No two files are the same and, accordingly, they will all have different lifespans in terms of usefulness. A spreadsheet on outgoing costs, for example, is likely to be something you regularly use. But a spreadsheet detailing a one off order is going to experience less usage. Therefore, it’s a good idea to regularly go through your files and see which can be archived and which should be kept on your system. This will free up storage on your PC and allow you to find useful files more quickly. 
  • Use a Structured Folder System: Structure is the backbone of all organization and, as a result, it should be integrated into your folder system. And this should be more extensive that just moving everything into My Documents. Everyone, of course, will need and want a different system as our brains all work differently. But what’s crucial is that you breakdown all your files into their simplest terms e.g. specific client names and then into increasingly specific folders such as customer orders, correspondence and contact details. 

Final Thoughts

A well- organized PC allows an employee to work to their full potential. It’s essential that all your employees are in this position as it will provide a massive boost to your productivity. Best of all, the most effective solutions are also some of the easiest to implement. However, consistency is crucial when it comes to organization, so make sure these best practices are regularly followed.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 3 4 5 6 7