Russian hackers are using a fake PDF decryption tool to trick innocent PC users into downloading Spica, a new strain of malware.

Discovered by Google’s Threat Analysis Group (TAG), Spica is a backdoor malware which has not been identified previously. It’s believed that the malware is the result of ColdRiver, a Russian hacking team with a proven track record in deploying malware. The attack, as with so many contemporary threats, is delivered by email and relies on malicious PDF files. Now, with close to 350 billion emails sent per day in 2023, it’s clear that email is hugely popular. And it’s estimated there are 2.5 trillion PDF files currently in circulation. Therefore, the chances of your business running into a similar attack is high.

The Threat of Spica

The Spica attack begins when the threat actors send a series of PDF files to their targets. Using phishing email techniques, they attempt to trick the targets into believing that these have been sent by legitimate contacts. These files appear encrypted and, if the target bites, they will email back to say they can’t open the files. This is where the threat actors are able to launch their payload.

By sending a malicious link back to the target, the threat actors can trick them into downloading what they claim is a decryption tool. However, this executable tool – going under the name of Proton-decryptor.exe – is far from helpful. Instead, it will provide backdoor access to the target’s PC. With this access in place, the malware can communicate with a control-and-command server to receive further instructions.

And Spica comes loaded with a wide range of weaponry. As well as being capable of launching internal shell commands on the infected PC, it’s also programmed to steal browser cookies, send and receive files, and create a persistent presence on the machine. Google believes that there are multiple variants of Spica, and the current targets of the malware seem to be high ranking officials in non-governmental organizations and former members of NATO governments.

Shielding Yourself from the Threat of Spica

While your organization may not be listed high on ColdRiver’s target list, the attack methods are familiar and could easily be launched against you at some point in the future. Therefore, it’s in your best interests to integrate the following advice into your cybersecurity measures:

  • Check for spelling/grammar errors: phishing emails are prone to poor grammar and spelling, especially when they originate from non-English speakers. Accordingly, poorly composed emails should be scrutinized closely. Also, watch out for generic and unusual greetings such as “Dear customer” as these may indicate that the email is part of a mass-campaign against unknown targets.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Businesses should always be trying to optimize their IT infrastructure. After all, not only will this improve efficiency, but it will also cut costs. 

In the dynamic and competitive landscape of business, a highly tuned IT infrastructure can be the difference between success and mediocrity. Therefore, if you truly want an infrastructure which fosters both smooth daily operations and capacity for growth, you need to start optimizing your operations. This may sound like a monumental task, but luckily Ophtek are here to help make this job easier with 5 ways to optimize your business IT infrastructure.  

1. Strengthen Your Cybersecurity 

In a world of ever evolving cyber threats, it’s crucial that your IT infrastructure is secure. Therefore, you need to start by strengthening your existing cybersecurity protocols. Begin by conducting regular security audits to ensure that you can monitor your defenses in real time. This means that, for example, if your firewall is no longer adequate against contemporary threats, you will know that it needs replacing with a more suitable solution. Additionally, never underestimate the impact of employee training programs to teach them the best security practices. 

2. Calibrate Your Network Configuration 

Maintaining a smooth flow of data across an organization’s network is essential. Accordingly, you should be mindful of fine tuning your network settings to achieve this. Optimizing your bandwidth usage and reducing latency are two of the most important steps you can take to improve performance. Sometimes, this will be as simple as simply adjusting network settings to cope with demand, but if a prolonged and heavy demand is forecast, investing in more sophisticated hardware may be required. 

3. Be Energy Efficient 

IT infrastructures use a lot of energy, and this can lead to significant outgoings in energy costs. Therefore, researching and investing in energy efficient hardware is one of the best practices you can implement. So, for example, if you invest in more energy efficient data centers, not only will you benefit from lower running costs, you will also be spending less on cooling the data centers. And, best of all, as well as helping your finances, it also enhances your green credentials and benefits the environment. 

4. Automate Routine Tasks 

One of the best ways to optimize your IT operations is by automating repetitive and routine tasks. This approach can be applied to numerous tasks such as software updates, network monitoring and security tasks. As well as saving time, automation eliminates the risk of human error. This means that your IT demands are completed more efficiently and your human resources can be allocated to more complex activities which cannot be automated. 

5. Never Forget Scalability 

Finally, it’s vital that you design your IT infrastructure with scalability in mind. Business requirements can change rapidly, and your IT operations need to keep pace with them. This can cover increased demand for user numbers, application changes, or data volume. Whatever the requirements, your IT architecture needs to be able to adapt to these changes if you want your business to grow. So, make sure you thoroughly assess your existing and future needs, embrace cloud computing, and monitor your infrastructure’s performance. 

For more ways to secure and optimize your business technology, contact your local IT professionals

Read More


With cyber-attacks showing no signs of slowing up, it’s more important than ever before to make sure your organization’s IT systems are protected. 

Luckily, this doesn’t necessarily involve huge amounts of investment. In fact, some of the most effective ways to protect your IT infrastructure are the simplest. But not ever business realizes this, and this is why so many find themselves falling victim to cybercriminals. Therefore, it’s crucial that you start implementing the best solutions for protecting your organization. 

How Do You Keep the Cybercriminals at Bay? 

To help you get started with securing your defenses, we’ve put together 5 easy ways to improve your organization’s cybersecurity: 

  1. Two-factor authentication: passwords are an amazing method of protection, and this is why they have been used as a security measure for decades. However, a breached password is of little use when it comes to securing your IT systems. Therefore, implementing two-factor authentication should be a major priority. This extra layer of security involves a user receiving a unique code – via registered text or email – to confirm their identity after entering their login credentials. This means that, even if a password is stolen, there is a further security hurdle to overcome. 
  1. Training as a team: training sessions are essential when it comes to educating your staff on the dangers of malware and threat actors. However, one-to-one IT induction processes aren’t enough. You also need to develop programs which train your team as a whole. Studies have shown that group learning is more effective and this is exactly what you need when building your IT defenses. 
  1. Secure your networks with a VPN: one of the best ways to protect your organization’s data and internet connections is by using a virtual private network (VPN). A VPN establishes secure connections between remote employees and the organization’s network, maximizing data privacy and preventing data breaches. It does this by encrypting data transmissions, shielding sensitive information from hackers, and preventing unauthorized access. Combined with tunneling protocols and authentication mechanisms, a VPN will help you create a secure digital barrier. 
  1. Create backups: many cyberattacks, particularly ransomware campaigns, focus on stealing and restricting access to data. This is why backups should form a major part of your IT defenses. By creating multiple backups – see our guide to the 3-2-1 backup method – you are essentially creating a safety net for your business in the event of a data breach. While it may not mitigate every negative impact of a data breach – such as customer data being leaked – it will minimize the risks of data loss.  
  1. Secure your Wi-Fi network: there’s absolutely no need for your Wi-Fi network to be publicly visible. By advertising the presence of your Wi-Fi network, you are inviting threat actors to test your defenses. Therefore, you need to not only secure and encrypt your Wi-Fi network, but also hide it from public view. This can be achieved by instructing your router to never broadcast its network name, also known as the Service Set Identifier (SSID). 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


We’re already halfway through 2023 and threat actors are showing no signs of slowing up, but just where is cybersecurity heading?

It may feel as though you’re waging a never-ending battle against hackers and, well, that’s exactly what you’re doing. However, the strategies and techniques of threat actors has changed significantly in the last two decades. Back in 2003, for example, ransomware was less prevalent, but now it’s a major player in terms of cyber-attacks. Therefore, it’s always good to keep one step ahead of the hackers and understand where they are likely to go next.

What Will Future Cyber Attacks Look Like?

The future of cybersecurity will be concerned with maintaining defenses against existing threats and tackling new, innovative strategies launched by threat actors. These attacks are expected to be based in the following categories:

Artificial Intelligence: the impact of artificial intelligence (AI) has been huge in the last couple of years, just look at the interest generated by ChatGPT in 2023. However, the power to cause damage with AI is causing just as many headlines. You can, for example, ask AI systems to help generate code to build computer programs. The exact same code which is used to build malware. This means that designing and executing malware could be easier than ever before, and lead to a surge in new attacks.

Remote working: since the pandemic, more and more employees have been working remotely. While this is convenient, and has been shown to enhance productivity, it also increases the risk of falling victim to malware. Although many remote workers connect to their employers through a VPN, they are often accessing this through devices which aren’t secure. Also, as they will not have colleagues directly around them to offer advice, employees will be more vulnerable to, for example, clicking a malicious link.

Phishing: threat actors have been launching phishing attacks for nearly 20 years, and this means that many PC users can easily spot a phishing email. But this doesn’t mean we’re safe. Instead, it’s likely that future attacks will be more sophisticated to be successful. Taking advantage of AI and machine learning, threat actors will be able to craft phishing emails which are both engaging and convincing. This will allow their attacks to be more successful and harvest more stolen data.

Cryptojacking: despite several significant attacks, cryptojacking is yet to hit the mainstream PC user in the same way that ransomware has. Nonetheless, cryptojacking attacks are on the rise. Accordingly, PC users are likely to become more familiar with them in the next few years. Cryptojacking, as the name suggests, involves hijacking a PC and using its computing resources to mine cryptocurrencies. Due to the huge amount of processing power required to mine cryptocurrency, these attacks target entire networks and can grind them to a halt.

Final Thoughts

These four attack strategies may not be troubling you every day, but they could soon become regular headaches. That’s why you need to adopt a proactive approach to cybersecurity. Make sure that you

keep updated on the latest threats, regularly review your security measures, and ensure that your staff are fully trained in cybersecurity best practices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


WordPad, a basic yet popular word processor, is the latest Windows app to fall victim to a vulnerability exploited by threat actors. 
 
Bundled free with almost every version of Windows since Windows 95, WordPad has remained popular thanks to its simplicity. Less complex than Microsoft Word and more advanced than the basic Notepad app, WordPad gives users an effective word processing tool. However, it’s now an app which carries a real threat to your IT security. Due to a flaw in WordPad’s design, threat actors have started to abuse this vulnerability by launching a DLL hijacking attack. 

Everything You Need to Know about the WordPad Hack 

You may not be familiar with DLL hijacking, so we’ll start by looking at this form of attack. DLL files are library files which can be used by multiple programs all at the same time. This makes it a highly flexible and efficient file, one which can reduce disk space and maximize memory usage. When Windows launches an app, it searches through default folders for DLLs and, if they are required, automatically loads them. What’s important to note, however, is that Windows will always give priority to loading DLLs located in the same folder as the app being launched. 

DLL hijacking abuses this process by inserting malicious DLLs in the app’s parent folder. Therefore, Windows will automatically load this malicious file instead of the genuine one. This allows threat actors to guarantee their malware can be launched long after they have left the system. And this is exactly what has happened with WordPad. The hackers begin their attack by using a phishing email to trick users into downloading a file, one which contains the WordPad executable and a malicious DLL with the name of edputil.dll. Launching the WordPad file will automatically trigger the loading of the malicious DLL file. 

This infected version of edputil.dll runs in the background and uses QBot, a notorious piece of malware, to not only steal data, but also download further malware. The infected PC is then used to spread the attack throughout its entire network.  

Writing QBot into History  

While this form of attack is far from new, it has proved successful. Accordingly, it’s important that we hammer home the basics of good cybersecurity, with a particular emphasis on phishing attacks: 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More