Linus Sebastian, owner of popular YouTube channel Linus Tech Tips, has revealed how he woke at 3am in the morning to find his channel hacked. 
 
Linus Tech Tips is a YouTube channel which delivers technology-based content to over 15 million subscribers. Driven by Sebastian’s passion for technology, the channel has been running for 15 years and proven to be wildly successful. So, not surprisingly, it made a tempting target for hackers. As well as Linus Tech Tips, two other channels associated with Sebastian – TechLinked and Techquickie – were also compromised in this attack. 
 
While your organization may not run a YouTube channel, the method in which Linus Tech Tips was hacked could be applied to any IT system. Therefore, it’s crucial that we learn about session hijacking. 

What Happened to Linus Tech Tips

Alarm bells started ringing for Sebastian when he was woken at 3am to reports of his channels being hacked. New videos had been loaded and were being streamed as live events. But, far from being productions sanctioned by Sebastian, they were rogue videos featuring crypto scam videos apparently endorsed by Elon Musk. 

Desperately, Sebastian repeatedly tried to change his passwords, but it made no difference; the videos continued to be streamed. Sebastian was equally puzzled as to why the associated 2FA processes hadn’t been activated. Eventually, he discovered the attack was the result of session hijacking. 

A member of Sebastian’s team had downloaded what appeared to be a PDF relating to a sponsorship deal, but the file was laced with malware. Not only did the malware start stealing data, but it also retrieved session tokens. You may not be familiar with session tokens but, effectively, these are the authorization files which keep you logged into websites. So, when you return to that website, you don’t have to re-enter your login credentials each time. Unfortunately, for Sebastian, it gave the threat actors full and unauthorized access to his YouTube channels. 

How Do You Prevent Session Hijacking? 

Once it had been established that compromised session tokens were behind the breach, YouTube was able to swiftly secure Sebastian’s channels. Nonetheless, the ease with which the threat actors managed to bypass login credentials and 2FA is troubling. This means it’s vital you follow these best practices to protect against session hijacking: 

  • Understand what malware is: the attack on Linus Tech Tips was the result of malware and social engineering combining to deliver a sucker punch. Accordingly, educating your staff through comprehensive and regular refresher courses should be a priority. This will allow your staff to identify threats before they are activated and protect your IT systems from being compromised. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 


Read More


In an admission which will severely damage their reputation, web hosting force GoDaddy has revealed its servers were under attack for several years.

With a userbase of 21 million users, GoDaddy is one of the major players when it comes to providing web hosting services. Given this popularity, GoDaddy’s servers are used by major organizations all over the world such as news outlets, bloggers and e-commerce brands to deliver content and services. And this means there’s a lot of data on the GoDaddy servers, data which is both confidential and valuable. Therefore, to a threat actor, it provides an irresistible target.

Due to the GoDaddy breach, and the business world’s reliance on websites, it’s crucial we understand the mechanics of this stealthy threat.

What Happened to GoDaddy?

The GoDaddy breach first came to its owner’s attentions in December 2022, but it soon became apparent this breach was related to similar breaches in November 2021 and October 2019. However, far from being isolated incidents, these attacks were all part of the same campaign and remained hidden within the IT infrastructure of GoDaddy.

The most recent attack, in December 2022, found the cPanel hosting servers used by GoDaddy customers compromised by threat actors. This gave the attackers full access to the settings involved in how the customers’ websites work and direct traffic. As a result of this breach, visitors to the affected websites were intermittently redirected to malicious websites. Although there is no evidence that it occurred, unauthorized access to the cPanel would also give the threat actors the opportunity to disable access to a website.

What if Your Website is Hosted by GoDaddy?

Given that the initial attacks on GoDaddy’s servers compromised login credentials and secure SSL keys for websites, the latest attack is highly embarrassing for GoDaddy. After all, which organization would want to align themselves with a web host whose servers had regularly been hacked? Nonetheless, GoDaddy has sought to reassure customers that their infrastructure is now secure and security has been enhanced.

Naturally, customers using GoDaddy’s services are going to remain wary, so it’s important they:

  • Change your password: if you’re a GoDaddy customer, it’s recommended you change your password. In fact, regardless of which web hosting service you use, it’s important that you regularly change your password to avoid falling victim to stolen login credentials.
  • Assess your website: due to the access which the GoDaddy breach gave the threat actors, it makes sense to go through your website and ensure nothing is amiss. For example, are your links still directing traffic to where they should be? And are there any unusual popups prompting visitors to “click here”? It may take time to complete a full sweep of your website, but it will be worth it to protect your brand and your customers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Search engines are the gateway to the internet, but there’s a very real chance they may just be serving up malware each time you use them.

We all use search engines on a daily basis – with Google being the most popular choice – and, to be honest, we probably take them for granted in terms of security. However, the FBI is now warning that search engine results may represent a significant threat to the security of your PC. As with most security threats, this new technique relies on deception; in this instance, the threat actors are harnessing the power of search engine advertisements.

Due to our reliance on search engines, it’s important we understand the nature of this latest threat. And, to help you protect your IT infrastructure, we’re going to take you through the basics of this attack.

Malware by Advertising

Whenever you put a search request into, for example, Google, you will receive a long list of search results. The higher a result is, the more clicks it’s likely to get from people searching for that term. Search engines understand the importance of ranking high in their results and, therefore, they make it possible for people to pay to advertise at the very top of the search results. These advertisements look almost identical to the organic search results, with only a small “Ad” tag next to them. Accordingly, these can easily be mistaken for organic search results.

Despite many of these advertisements being legitimate, and merely paying to skip to the top of the search results page, the FBI has discovered many of these advertisements are linked to malware. Threat actors are purchasing advertising space which appears to be for genuine companies, such as finance platforms, and using very similar URLs to tempt people into clicking their link. However, these links are simply a way to redirect people to sites looking to distribute malware. Worse still, the advertisements used will often display a URL to a genuine site, but redirect you to an altogether different site.

Stay Safe from Fake Ads

The last thing you want to do is fall victim to a fake ad, after all you may simply be searching for somewhere to go and have lunch. Therefore, it pays to stay safe and know how to protect yourself from fake search engine ads. You can do this by practicing the following:

  • Check that top result: remember, it’s important you know what you’re clicking on, so make sure you double check any results at the top of Google. While, for example, it may look like a search result for Bank of America, the actual URL within the result may be slightly different e.g bank0famerica.com. And, if you click on it, you could quickly find yourself on a malicious site.
  • Block Google ads: it’s possible to block Google ads from appearing in the search engine results page, all you have to do is install an ad-blocker such as Blockzilla. These apps filter incoming web pages – including search engines – and ensure any intrusive ads or promoted posts are blocked.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Social engineering has been a threat for some time, so threat actors have been looking for new ways to deceive PC users. And this is what IceBreaker does.

A backdoor threat, IceBreaker is a new malware variant whose origins are currently unknown. However, regardless of who’s behind IceBreaker, the fact remains that it’s a very real and dangerous threat to PC users. Currently, IceBreaker’s presence has mostly been observed in the gaming and gambling industries. The chances of IceBreaker moving into other industries is, as ever, highly likely.

It’s early days for IceBreaker – with the malware’s first detection coming in September 2022 – so it’s high time you get acquainted with it and put up your defenses.

What is IceBreaker?

As with all social engineering attacks, IceBreaker starts with a threat actor directly contacting an organization they have targeted. This contact is initiated through a live chat session, usually hosted on the organization’s website. Posing as a customer who is having technical problems, the threat actor eventually offers to send the chat agent a screenshot of the problem they are experiencing.

This screenshot – usually hosted on a fake website (or sometimes DropBox) – appears to be a .jpg file but is actually a .zip file. Contained within this .zip file is a shortcut file which, once clicked, downloads the IceBreaker malware. Cleverly, the shortcut file is still disguised as a picture file to deceive the target. Clicking this shortcut will not only download IceBreaker but also install and activate it, all without any user prompts.

With IceBreaker activated, the threat actor can use the malware’s JavaScript processes to conduct a number of attacks. Processes observed in attacks so far have included data harvesting, activating background processes and running scripts from remote locations to maximize the damage. So, as you can tell, IceBreaker is a significant problem.

How Do You Tackle IceBreaker?

Currently, one of the major problems with the IceBreaker attack is that many anti-malware tools fail to recognize it as dangerous. In fact, as of this time of writing, VirusTotal reports only 4 out of 60 scanners will detect IceBreaker. However, this doesn’t mean you can’t protect yourself from IceBreaker and similar attacks, just make sure you do following:

  • Combat social engineering: your staff need to be educated on the dangers of social engineering, even those who are simply manning your live chat. Clicking links from unknown parties is a major no-no when it comes to cybersecurity and should never be considered. Even if the person urging your staff member to click a link which appears harmless, it could easily compromise your entire IT infrastructure.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


We all use USB devices daily, but these innovative and simple devices also make the perfect environment for the PlugX malware to take hold.

USB devices are installed and ready to use within seconds of being plugged into a PC, a setup procedure which is a marked improvement on the traditional approach of installing via a CD. In fact, since the 1990s, USB connections have become ubiquitous in the hardware market. One of the most popular USB devices is the portable drive, a simple way of transferring data from one PC to another. However, USB drives have always represented a security risk and it’s this risk which PlugX is now exploiting.

How Did PlugX Get onto USB Drives?

First gaining notoriety around 15 years ago, PlugX is far from a new and mysterious strain of malware. However, it remains a viable threat when it comes to spreading malware and infecting systems.

This recent attack started with a popular Windows debugging tool called x64dbg being hijacked and manipulated by threat actors. Using the 32-bit version of x64dbg (x32dbg.exe), the threat actors execute a malicious file they have created called x32bridge.dat. Once activated, x32bridge.dat infects the resident PC and, more importantly, searchew out any USB drives connected to it. The PlugX malware is then loaded onto this USB drive.

To cover its tracks, PlugX uses a Unicode character technique to prevent the true contents and structure of the USB drive being displayed by Windows Explorer. A shortcut .LNK file is then installed in the root directory of the USB drive, which appears to be a link to the USB drive and even copys the device’s name. However, the link actually activates the PlugX malware from a hidden directory on the USB drive and allows it to search out other USB drives attached to the PC. And each time this drive is connected to a new PC, the infection process begins again.

PlugX, of course, does much more than simply spread from PC to PC without causing any damage. In fact, PlugX has the capability to launch the following attacks:

  • Keystroke logging
  • Screen captures
  • Managing processes on PCs
  • Rebooting the system
  • Remote control of the keyboard and mouse
  • Copying PDF and Word documents from the infected PC to the USB’s hidden directories

How Do You Pull the Plug on PlugX?

PlugX is currently difficult to detect due to the way in which it works, with only 11 out of 5U9 anti-malware tools currently detecting it according to Virus Total. Therefore, it’s a tough slice of malware to contend with. Nonetheless, you can minimize the risk it presents to your organization by:

  • Blocking access to USB storage drives: it’s a good idea to restrict access to USB storage drives by employees. After all, there’s little reason why they should be removing data from a company PC. Accordingly, you can block employee access to USB drives through your administration settings, effectively rendering USB ports as unusable. If an employee does need to transfer data, make this an action only privileged users can process.
  • Monitor network activity: PlugX falls under the category of being a Remote Access Trojan, so it’s likely that unusual network activity will be caused by the threat actors connecting to infected PCs. As such, any network activity which involves connections to unknown destinations should immediately be halted and investigated.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

1 8 9 10 11 12 30