malware Archives - Page 13 of 29

New Form of Malware is Sneakily Avoiding Detection

anti malware, Cyber Security, malware, OpenSUpdater, Ophtek, PC Security, PhishingAnti- malware, Cyber Security, malware, Ophtek, OpthSUpdater, PC Security, phishingOphtek, LLC

Sep 2021

Anti-malware tools provide a firm level of defense against hackers, but what happens when the malware can bypass detection tools?

Around 300,000 new pieces of malware are created daily, so it’s important that we can protect ourselves against this constant threat. Anti-malware tools such as Kaspersky and even in-built Windows security systems are crucial for providing this protection. Accordingly, you should find that your systems remain protected for most of the time. However, hackers are industrious individuals and are constantly looking to evolve their techniques. As a result of this ongoing adaptation, it appears that hackers have found a way around current detection methods.

The threat comes in the form of the OpenSUpdater and is one that you need to take seriously.

What is OpenSUpdater?

Digital signatures are used online to demonstrate that code is legitimate and accepted by Windows security checks. They are an important part of online security, but this has made them a viable target for hackers. In the case of OpenSUpdater, their online code samples are carrying manipulated security certificates which, despite these manipulations, are passed as authentic by Windows. More importantly, security tools which use OpenSSL decoding are unable to detect these malicious changes.

OpenSUpdater is free to bypass security measures and avoid being labelled as malware which is quarantined and deleted. The malware’s main method of attack is through riskware campaigns. This involves injecting malicious ads into the browsers of those infected and downloading further malware. The majority of targets so far have been found in the US and the malware typically bundled in with illegal downloads such as cracked software.

How Can You Protect Against OpenSUpdater?

This latest malware threat was detected by Google’s security researchers and has since been reported to Microsoft. A specific fix has not been announced yet, but hopefully something will be implemented shortly. In the meantime, however, it’s vital that you take steps to protect yourself. In particular, make sure you focus on the following:

Minimize User Privileges: There’s no real need for employees to be downloading software onto their workstations. All the tools they need should be readily available. However, some employees are likely to be tempted by things they see online, particularly the promise of quick fixes. The best way to reduce the risk of downloading malware is by eliminating download privileges for all but the IT team.

Educate on Phishing Techniques: Phishing is a dangerous hacking technique which uses email to push social engineering attacks. By instilling a threat of urgency to act upon an email’s call to action – such as ‘click here to download a vital security tool’ – hackers are able to deceive victims into downloading all kinds of malware. Thankfully, through continued training, your employees should be able to recognize phishing emails quickly and hit the delete button even quicker.

Do Not Abandon Detection Tools: Despite the ability of OpenSUpdater to bypass detection tools, this does not mean that these tools should be resigned to the scrapheap. They still play an essential role in providing digital security options and should remain in place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Fake Legal Complaints Packed with Malware

DDoS Attack, Legal Complaints, malware, Ophtek, SecurityDDoS Attack, legal complaints, malware, Ophtek, securityOphtek, LLC

Sep 2021

The threat of legal proceedings always produces a sense of instant anxiety. But this is soon multiplied when it turns out to be a malware attack.

A recent threat to your IT security has been launched by cybercriminals intent on playing on your anxieties. Using a combination of legal threats and malicious links, the hackers aim is to get the BazaLoader malware downloaded to your IT network. The hacker’s strategy, as we’ll see, is one that has been encountered before and demonstrates the everchanging approaches employed by hackers. But what exactly is this new threat? And, more importantly, how do you protect yourself from it?

The Threat of Legal Action

With a generous helping of audacity, this latest attack is launched by the hackers contacting organizations to inform them that their website is involved in a DDoS attack. Rather than being sent from one email address to another, however, the hackers send their communications via the contact forms on websites.

The messages inform the website owners that it appears their website has been hacked and that files on its server are now being used to direct DDoS attacks. The sender of the message, of course, claims that their website is the victim of this DDoS attack. A link is included in the communications which directs the recipients to a Google Drive URL where, it is claimed, instructions to rectify the DDoS attack are housed. But clicking on this link will only set up an automatic download of BazaLoader.

The BazaLoader malware is, as the name suggests, a ‘loader’ form of malware. It’s typically used to download and activate additional malware such as ransomware. This compromises your system even further and, in the case of ransomware, imposes financial demands on your organization. The entire attack is remarkably similar to recent messages sent regarding fake DMCA claims surrounding copyright infringement.

How to Protect Yourself

Naturally, with the information provided above, you should know to tread carefully around any such communications. But, as you can see, the hackers are likely to change their strategy in the future. Therefore, you need to remain on your guard and practice the following:

Check for Unusual Internet Activity: If your internet server has been integrated into a DDoS attack then you should be able to verify this. All you need to do is check your outgoing internet activity. Higher than normal levels of activity directed towards unknown destinations could indicate your involvement in a DDoS campaign. If everything is normal, then communications suggesting you are should be scrutinized closely.

Consider the Claim: Contact that suggests you have committed some form of illegal act should be verified before acting on it. Seeking legal advice is an option, but it’s also important to employ common sense. A legal threat will never suggest that you click a link to access details of the offense. Details should clearly be stated in initial communications. Accordingly, think twice before clicking any links.

Educate Your Staff on Social Engineering: Attacks such as the BazaLoader one rely on social engineering. This has become a popular strategy for hackers and it’s important that your staff can identify the tell-tale signs. Make a point of regularly refreshing their knowledge to ensure they remain vigilant.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Dangerous Power of the Prometheus Malware

antivirus software, Cyber Security, email security, malware, Ophtek, Prometheus MalwareAntivirus software, Cyber Security, email security, malware, Ophtek, Prometheus MalwareOphtek, LLC

Aug 2021

Malware-as-a-service (MaaS) provides a powerful malware solution for hackers. And Prometheus is the perfect example of such an infrastructure.

There’s money in everything and hacking is no different. But rather than extorting funds through ransomware, hackers can also design MaaS to generate some quick cash. MaaS takes the pain out of designing your own malware by offering a ready-made solution. And all you need to do is a pay a fee to use it. Typically, MaaS will give the user access to software which can distribute malware through malicious campaigns; this is exactly what Prometheus does.

As Prometheus, and all forms of MaaS, is so powerful, it’s important that you understand what it is and how to tackle it.

How Does Prometheus Work?

Prometheus has been available to purchase for a year now, with a subscription costing $250 per month. It uses two main attack strategies:

Distributing MS Word and Excel documents which are infected with malware
Using malicious links to divert victims to phishing websites

Subscribers to the Prometheus MaaS are given a central control panel from where they can launch their campaigns. From here they are able to configure various parameters to tailor their attacks e.g. targeting specific email addresses with a malicious call-to-action. Prometheus can also be used to assess potential victims. Using infected websites, Prometheus can collect data on visitors – such as IP address and user details – to assess which method of attack is best to launch. It’s a sophisticated form of hacking and one that requires high levels of awareness to combat.

It’s estimated that over 3,000 email addresses have been targeted by Prometheus as of this writing. These targets have included individuals in Europe and a number of government agencies and businesses in the US. While 3,000 potential victims may sound relatively small, it’s clearly best for every one of them to avoid it. And it is possible.

How to Combat Prometheus

Prometheus uses traditional methods to infect PCs with its malicious payloads, so it’s easy to avoid becoming a victim. All you need to do is practice the following:

Check All Emails: Malicious emails are very good at hiding the fact that they are malicious. Therefore, it always pays to quickly verify every email. Is the email address correct or is it a strange variation e.g. security@micros0ft.com? Is there an unusual and urgent call-to-action in the email such as a “click here before you lose access to your account” link? Anything suspicious should be queried with your IT team immediately.

Verify Links: It’s very easy to insert a malicious link into an email or website, so these need to be verified before clicking. For example, a link could be displayed as www.bankofamerica.com but hovering your cursor over this link will reveal the genuine destination. And this could be redirecting you towards a malicious website, so always verify your links.

Scan All Email Attachments: Many antivirus software packages offer email attachment scans as one of their features. And it’s crucial that you activate this tool. Incoming email attachments will be scanned before they arrive in your inbox for any malicious content. Alerts will be activated when malicious files are identified and quarantined to protect your IT systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

3 Million Windows PCs at Risk of Login Credential Theft

attachments, email links, malware, Ophtek, Updates, Windows PCattachments, links, Login, malware, Ophtek, updates, Windows PCOphtek, LLC

Jul 2021

Login credentials are a sure-fire way to protect your IT systems. But hackers are now using a new piece of malware to steal them from your organization.

User ID / Password combinations have been a cornerstone of IT security since the earliest days of computers. Traditionally, it was almost impossible to guess both of these values. The only option a hacker had was to literally look over the shoulder of the user as they entered the details. But a lot has changed in the way we use computers since then. And the possibilities created by the internet mean that hackers can now steal login credentials from anywhere in the world. All they need is some malware and a potential victim.

A new piece of malware has recently been discovered which has been used in a large scale attack, so it’s important we take a closer look.

What is this Latest Attack?

This latest malware – discovered by Nord Security and currently unnamed – to hit the digital headlines is classified as a Trojan. As the name suggests, a Trojan is a piece of malware which disguises itself as genuine software, but contains malicious code. Little is known about the origins of this latest malware or its exact mechanisms, but its strength is beyond question. This has been demonstrated by the malware carrying out the following:

Infecting three million Windows PCs
Stealing 1.2TB of data which includes email addresses, cookies and over six million individual files
Using infected PCs in-built webcams to take photos of the victims

How Do You Avoid Falling Victim to Malware?

Malware is a complex threat to tackle due to the ease with which it can be constructed by hackers. This allows the hacker to give their malware an individual blueprint with unique features that are difficult to detect. Even the best defenses in the world can easily fall victim to malware. Nonetheless, you are far from helpless when it comes to combatting the threat of malware. To help strengthen your defenses, make the following part of your security structure:

Always Verify Links: Almost every website and email will contain at least one link. But these links can easily be disguised to contain something nasty. A link may, for example, claim to take you to a Microsoft security fix, but the true destination within the link may be for a malicious website. Therefore, always make sure you hover your cursor over links to reveal their true destination.

Double Check Email Attachments: Highly powerful malware can easily be packed into a small file and delivered as an email attachment. Accordingly, you need to be suspicious of all files entering your organization. Even if an email is received from a reputable source you need to remain vigilant. Genuine email addresses can easily be hacked and used to spread malware. If something doesn’t feel right about an email then check with an IT professional.

Install all Updates: All software and hardware is prone to vulnerabilities due to the amount of code involved in their operation. And these vulnerabilities provide hackers with quick and easy access to your IT systems. Thankfully, manufacturers regularly issue security patches to plug these holes. Make sure that these are always installed quickly to minimize any risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Disk Wiping Malware Disguises itself as Ransomware

Apostle, Cyber Security, malware, Ophtek, Ransomware, UpdatesApostle, malware, Ophtek, ransomware, securityOphtek, LLC

Jun 2021

Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.

The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.

Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.

How Does Apostle Wipe Disks?

The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.

The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.

How Do You Stop Your Disk Being Wiped?

The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:

Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.

Train Your Staff on Social Engineering Attacks: The dangers of social engineering are very real and represent a simple way for hackers to get a foothold in your network. Understanding this threat and how to protect yourself against it is vital.

Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 11 12 13 14 15 … 29 Next »

Tag Archives: malware