Updates Archives - Page 5 of 7

Database of 26 Million Stolen Passwords Discovered

Cyber Security, Data Security, Ophtek, Password Security, Two Factor Authentication, UpdatesCyber Security, Data Security, Ophtek, password security, two factor authenticationOphtek, LLC

Jun 2021

Passwords are one of the most common security measures, but they’re still considered a risk. And 26 million stolen passwords have just been found.

We all use passwords on a regular basis throughout our working day. Logging on to remote servers and online platforms all require a set of login credentials. And, on the whole, they provide an adequate level of security. But security which is considered only adequate will always remain a tempting prospect to hackers. Login credentials will typically consist of only two pieces of information: username and password. Naturally, with only two data values required – which can be entered from any keyboard – login credentials represent some major security concerns.

That’s why the discovery of this database, containing 26 million sources of information, is considered a major alert.

What’s in the Database?

Coming in at a huge 1.2TB, the database – which was discovered by NordLocker – contains the following:

26 million login credentials
2 billion browser cookies
1.1 million email addresses
6.6 million various files including Word, PDF and image files

These numbers are, of course, huge. And it’s a safe bet that some serious data has been compromised along the way. It has also been revealed that the malware made a point of creating an image file by taking a screenshot via active webcams on infected devices. This, again, is troubling as it underlines the danger contained within the malware for compromising personal data.

The actual malware behind these data harvests is currently unknown. It is believed, however, that its method of attack is fairly standard. Upon infection, the malware will connect to a remote server where it can transmit any stolen data. The compromised data, as NordLocker found, was being hosted on a cloud-based hosting service and has now been taken down. But it’s likely that this database has already been traded and is out in the digital wild.

How Do You Protect Yourself?

Attacks such as this are sadly commonplace in the modern age, but there is a lot that you can do to protect your organization’s data:

Use Two-Factor Authentication: The combination of a username and password may seem strong, but it can be made even stronger by two-factor authentication. This additional layer of security requires the use of a unique piece of data transmitted to a device separate from your IT network.

Install All Updates: The attack in question could easily have been caused by a vulnerability put in place by outdated technology. Both software and hardware require regular updates to patch any issues that may be discovered post-launch. And it’s your responsibility to install these as soon as possible to close any potential back door attacks.

Regularly Monitor Network Activity: If significant amounts of data are being stolen and transmitted to a remote server, this activity will be associated with a rise in outgoing network activity. Therefore, it pays to keep a close eye on any spikes in traffic to minimize the impact of any breach.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Disk Wiping Malware Disguises itself as Ransomware

Apostle, Cyber Security, malware, Ophtek, Ransomware, UpdatesApostle, malware, Ophtek, ransomware, securityOphtek, LLC

Jun 2021

Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.

The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.

Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.

How Does Apostle Wipe Disks?

The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.

The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.

How Do You Stop Your Disk Being Wiped?

The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:

Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.

Train Your Staff on Social Engineering Attacks: The dangers of social engineering are very real and represent a simple way for hackers to get a foothold in your network. Understanding this threat and how to protect yourself against it is vital.

Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Defense Companies Under Attack from ThreatNeedle

Hackers, macros, Ophtek, spear phishing, threatneedle, Updateshacker, macros, Ophtek, spear phishing, threatneedle, updatesOphtek, LLC

Apr 2021

Defense firms in over a dozen countries have found themselves targeted by a new backdoor threat named as ThreatNeedle. And it’s hitting firms hard.

The last thing that a defense firm wants is for their networks to be breached. Not only does it damage their reputation as a defense firm, but it puts significant data at risk. Hackers, of course, love to cause trouble, so a defense organization is the perfect target. But the hackers behind the ThreatNeedle malware are more than just a minor hacking group. The threat is believed to come from Lazarus, a secretive hacking group with ties to the North Korean government.

As this is a major threat we’re going to put ThreatNeedle under the microscope for a closer look.

What is ThreatNeedle?

ThreatNeedle takes a spear phishing approach to begin its campaign and does this by faking email addresses that look as though they belong to the target company. This move, which is relatively easy with an email server and the right software, allows the victims to be lulled into a false sense of security. This scenario is then exploited by embedding malicious links or attaching infected documents. Often, these emails have been laced with a COVID-19 theme in order to fully engage the user, but any subject may be used to rush the recipient into action.

The attackers, once the ThreatNeedle payload has been unleashed, are then able to take control of the victim’s PC. Naturally, this means that they will carry out typical hacking attacks such as:

Executing remote commands to run applications and download further malware
Send workstations into hibernation mode to disrupt IT activities
Log data and transmit to a remote PC where it can be archived and exploited

However, ThreatNeedle also has an innovative ace up its sleeve. Generally, if a network is segmented then malware will be limited to the segment it infects. This limits the amount of damage that can be caused to an entire network. So, for example, a set of PCs which are not connected to a network by the internet should be safe from all hacks. Unfortunately, ThreatNeedle is able to take advantage of IT department’s administrator privileges. This grants them the opportunity to access all segmented areas of a network. And it maximizes the damage they can cause.

How Do You Protect Against ThreatNeedle?

As with all malware, you don’t have to fall victim to ThreatNeedle. You just need to keep your wits about you and understand its threat. You can do this by carrying out the following:

Disable Macros: The ThreatNeedle emails rely on macros being executed within infected documents. But, if you disable Macros across your organization, the malware will not be able to run. This will stop ThreatNeedle at the earliest opportunity.

Educate Staff on Phishing Emails: It’s important that your staff are fully trained on the dangers of phishing emails. Social engineering is a popular technique employed by hackers, but it can be thwarted if you know what to look for.

Always Install Updates: ThreatNeedle, as far as researchers are aware, does not exploit any vulnerabilities in software or hardware. But this doesn’t mean it can’t or won’t in the future. Either way, it always pays to be proactive with installing updates to protect your PC.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Understanding the Basics of Botnet Attacks

botnets, Hackers, Online Security, Ophtek, PC Maintenance, Security, Updatesbotnets, Ophtek, security, updates, vulnerabilityOphtek, LLC

Nov 2020

The internet has connected us to each other in a way we would have thought impossible a few decades ago. But these massed connections can be very dangerous.

The beauty of the internet is that one PC can connect to another PC with relative ease. And these connections allow us to pool resources, share information and provide services. The foundations of almost every web service are based upon collections of PCs all working together to deliver an end result. These are often automated tasks that allow a website to continue operating correctly. But the fact that these PCs are generally left to their own devices means they aren’t actively monitored. And this situation makes them a security risk.

Known as botnets, these collections of PCs can have their cumulative power put to use for the gains of hackers.

What are Botnet Attacks?

While most botnets combine harmless coding with hardware, malicious botnets are another matter. A malicious botnet can gain access to your PC via two methods:

A targeted attack such as an infected email or password breach
The discovery of a vulnerability in your PC by an automated code which crawls the internet in search of such weaknesses

Regardless of the strategy involved, the end result is the same: an infection which adds your PC to the hacker’s botnet. Naturally, the more PCs added to the botnet, the more powerful it is. And, with the infection in place, the hacker will have full control of your PC. This allows them to carry out the following tasks:

Spread across the rest of your organization’s PCs by executing malware in order to swell the numbers of the botnet
Loading fake adverts in your internet browser designed to trick you into providing financial details to malicious websites
Use the cumulative processing power of all the PCs in a botnet to carry out DDoS campaigns in order to take websites down
Generating spam emails to be automatically sent from your organization’s email server

How Can You Protect Against Botnets?

As you can tell, a botnet attack will do your organization no favors and will cause untold damage to other businesses it targets. Therefore, you need to put these precautions into place:

Make sure that your internet traffic is monitored in terms of both what is entering and leaving your network. Any unusual levels of internet traffic are often an indicator that a botnet is either attacking you or you have become part of a botnet.
Install all updates to prevent falling victim to any vulnerabilities. Hackers regularly unleash web crawling bots that automatically scan online PCs for these vulnerabilities. With all updates in place, however, you are minimizing this risk.
Practice best email security practices such as not opening attachments that look suspicious or from senders you don’t recognize. Remember, all it takes is one infected email to bring your organization to a halt.
Use internet security software to help protect your PC as comprehensively as possible. Tools such as Kaspersky and McAfee’s security suites can provide warnings against visiting malicious websites and infected email attachments – two sure-fire ways of falling victim to a botnet.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft Printers Patch Exposed as Vulnerable

Ophtek, patches, printer vulnerability, Security, Security Threats, Updates, upgradeOphtek, patches, printer, security, update, Upgrade, vulnerability, Windows vulnerabilityOphtek, LLC

Sep 2020

The importance of installing updates and patches should never be underestimated. However, did you know that even these are not 100% secure?

Microsoft knows a thing or two about computers, but this doesn’t mean they are immune from mistakes and flaws. Accordingly, they regularly release patches and updates to address any vulnerabilities in their software. A recent investigation, though, has discovered that these updates aren’t quite the safeguard consumers would expect. And, when you consider the amount of applications that Microsoft bundle with their systems, this is a matter of major concern.

Given the number of patches you are prompted to install each and every week, it’s important to understand what has happened on this occasion.

A Vulnerable Patch

The initial vulnerability in question relates to a flaw which was discovered in Windows printing services. Your first thought may be that printers are far from a security risk, but this couldn’t be further from the truth. If a device or application has any form of access to your network then it needs strong defenses. And this is why Microsoft was keen to patch a vulnerability which offered hackers a route into PC networks through print spooler software. This patch was issued in May and Microsoft believed this was the end of the story. But this story was due to run a little longer.

Researchers discovered that the impact of this initial patch could be negated by simply bypassing it. By modifying .SHD files (better known as Shadow), the researchers were able to add them into the spooler folder. This particular type of folder allows commands to be sent between a PC and a printer. Usually this is the preserve of printing documents, but the modified Shadow files allowed the researchers to send all manner of commands. It’s a scenario which had the potential to give hackers full access to a network.

How Can You Defend Against Weak Patches?

The vulnerability in question is no longer in present in systems which have since been updated, but it paints a worrying picture for PC users. If you are unable to rely on patches to give you full protection then what hope do you have?

First of all, you must, no matter what, always install all security patches. They are a crucial aspect of security and are all programmed with an objective of preventing an attack. This printer spooler fiasco demonstrates they are not perfect, but the majority are capable of fulfilling their aims. Nonetheless, being overcautious with IT security is always a good idea. Therefore, make sure you follow these simple steps:

Section your network into different sections which each have different password requirements. This will minimize the amount of data at risk.

Each employee will only need access to certain areas of your system. Granting them full access to the network will only increase the risk of it becoming compromised.

Embrace multi-factor authentication as it has the potential to stop hackers gaining access to your systems almost instantly.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 3 4 5 6 7 Next »

Category Archives: Updates

What are Botnet Attacks?

How Can You Protect Against Botnets?

A Vulnerable Patch

How Can You Defend Against Weak Patches?