Panda Malware Continues to Thrive and Make Money

malware, Ophtek, Panda Malware, Security, , , ,
08
Oct 2019

One of the biggest threats to data security over the last few years has been crypto-malware. And, as the Panda malware proves, it can be a persistent danger.

We may think of pandas as gentle, beautiful creatures but that notion only applies when we’re talking about mammals. When it comes to malware, Panda is far from gentle. The malware in question has been active in the digital landscape since 2018 and, since then, has managed to secure close to $100,000 in cryptocurrency ransoms. And it has achieved this by constantly reinventing itself and modifying its structure. Staying one step ahead of the security experts is crucial for malware and Panda has done this with aplomb.

Understanding the motives and mechanics of Panda is important in strengthening your organization’s security, so let’s take a closer look at how it works.

What is Panda?

First identified in 2018, Panda is a form of malware which combines crypto-malware with remote administration tools (RATs) to render any infected PC under complete control of the hacker. Not only is the victim at the risk of having their data encrypted, but there’s the added danger of unauthorized access to their PC at any time. Panda achieves all of this by exploiting web applications, spreading via infected Word documents and unauthorized downloads by compromised websites. Web applications that have been found to be infected include a wide variety of industries such as social media, financial, web services and digital analytics.

How has Panda Managed to Persist?

Most malware has a relatively short lifespan due to design flaws and the talents of security experts, but Panda has persisted for over a year now. It owes this longevity to its coders and the speed at which they evolve Panda. The malware has always been an expert in stealth and this has allowed it to escape the attentions of antivirus software. Most concerning, however, is the number of additions that have been added to Panda’s arsenal since it first appeared. Reports have indicated that Panda now includes highly sophisticated exploit tools originally designed by the NSA. It’s that most dangerous form of malware: one that continues to grow in strength.

Protecting Your Business from Panda

Panda is a dangerous piece of malware, but it’s not one that you need to live in fear of. Instead, make sure you remain vigilant by implementing the following:

  • Regular training for your staff is essential in keeping your defenses as strong as possible. The knowledge that these training sessions provide is invaluable for keeping your staff up to date on current threats.
  • Crypto-malware’s main objective is to encrypt your data and then demand a ransom. Therefore it’s important that you establish a backup routine that ensures your files are kept securely in more than one location.
  • Monitor any unusual network activity. Panda may be highly skilled when it comes to stealth, but its operation is likely to lead to unusual traffic in and out of your network. Identifying this early on may allow you to limit the damage caused.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

New Domen Malware is Highly Advanced and Dangerous

Domen, malware, Ophtek, pop ups, Security, Security Threats, , , ,
24
Sep 2019

There’s only one thing worse than malware: clever malware. If it’s clever then it will to be difficult to detect and remove. And Domen is exactly that.

You probably haven’t heard of Domen before, but that’s because it’s a brand new toolkit. And it’s a toolkit which is fiendishly clever. What a hacker classes as ‘good’ malware is one that is deceptive and skilled in the art of subterfuge. If it can adapt to different scenarios and conditions that it’s even better. And, again, Domen ticks these boxes.

It certainly doesn’t sound appealing, does it? And I’ll bet my bottom dollar that you don’t want your organization to fall victim to it. Well, to help you avoid the perils of Domen, let’s hold it up to the light and see what we can make of it.

What is Domen?

Social engineering is a key part of the modern hacker’s arsenal, so it’s no surprise to see Domen clutching it so closely to its digital chest. A toolkit, of course, is much more than one single application. As the name suggests, it’s packed full of different applications that can work individually or side by side to maximize its impact. Domen is most likely to be found housed within the code of a compromised website – sites based upon WordPress are particularly affected – where it lurks discreetly and quietly.

However, Domen will not lurk discreetly for long. Nonetheless, when it does make an appearance it takes a keen eye to spot that anything is amiss. The infected website will generate a pop-up window that contains a link to a malicious download. This download will initiate a PowerShell attack that leaves your PC at the mercy of hackers who will gain full control of it. Dangerous pop-up windows are nothing new, but Domen differs in that it’s adaptive to the PC it’s attacking.

Domen has been designed so that it identifies the operating system, the user’s location and their browser. It’s at this point that the social engineering aspect comes into play. Domen uses this unique data to tailor a specific pop-up window that urges the user to download a necessary update. So, for example, if you’re using a Chrome browser then a pop-up will appear for a Chrome update.  And, if you’re based in France, for example, the content will be written in French.

Protecting Your Organization from Domen

It’s important that you practice vigilance when working with PCs as malware is so prevalent in the digital age. Evidence of malware such as Domen being present can include:

  • Your default browser homepage changing to something new without your authorization
  • New software installed and loading at startup
  • Evidence of remote access to your PC taking place

Thankfully, the PowerShell attack – initiated by the download of a .hta file – can be thwarted by protecting yourself with any good cyber-security suite. The tools contained with these suites should be able to identify the malicious .hta file and prevent it from executing on your PC. However, this can all be prevented by being vigilant and ignoring any suspicious pop-ups.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What are the Dangers of Rootkits?

Hackers, Ophtek, Rootkit, Security, , ,
27
Aug 2019

What’s worse than one piece of malware? Multiple strains of malware. And, when you encounter a rootkit, this is exactly what you’re faced with.

Rootkits are a very serious form of malware. They’re not a new method of hacking, they have been present for close to 30 years now, but they’re still notoriously difficult to treat. There are many dangers associated with rootkits with the primary concerns being that they remain hidden on PCs and grant remote access to hackers.

Understanding what a rootkit is can be complex, but we’re going to break it down into the basics for you. And, with this on your side, your organization should become that little bit securer.

What is a Rootkit?

Rootkits are a collection of tools that allow hackers to gain unauthorized access to a PC. They’re stealthy pieces of kit that can evade security software, so detecting that a rootkit has infected your system is a task all of its own. The major threat, however, comes from the payload within a rootkit. The contents of a rootkit can include the following:

  • Keystroke loggers
  • Ransomware
  • Trojans
  • Bot software for initiating DDoS attacks

And, once it has been activated, a rootkit will commonly set up a backdoor exploit. This allows the hacker to gain access, without detection, to an infected PC as and when they want. Not only will this allow the hacker to take control of the PC, but it also grants them the opportunity to download further malware to the workstation.

How are Rootkits Spread?

Rootkits are clearly a formidable foe to encounter, but how do they spread? Rootkits, as with most forms of malware, favor the standard distribution methods:

  • Email: Rootkits are most commonly found on emails as attachments, but email also has the potential to contain links to malicious websites. 
  • USB Drives: The relatively small size of a rootkit makes them perfect for loading on to USB devices such as flash drives. These can then be uploaded seamlessly to a PC once plugged in. 
  • Vulnerabilities: Hackers are often able to gain access to a PC due to vulnerabilities in the OS or a particular piece of software on that system. These vulnerabilities will often allow unauthorized access and the chance to install rootkits without detection.

How Do You Protect Against Rootkits?

The last thing that your organization wants is to fall victim to a rootkit. Their stealthy nature makes them difficult to detect and thoroughly removing every trace of their multiple payload is time consuming.

Therefore, you need to set up a system of best practices that look to minimize the risk of unleashing a rootkit on your network. Make sure that the following is in place:

  • Carry out IT Inductions: It’s crucial that all employees are put through an IT induction when they join your organization.
  • Install all Updates: Rootkits often take hold of system through the exploitation of vulnerabilities. If you make sure that system updates are installed as soon as possible then you minimize the risk of these exploits.
  • Work with Anti-Malware Software: You can’t identify every type of rootkit with anti-malware software, but you can identify a large number of them before they take hold. And this software is also capable of identifying malicious websites before they are accessed.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows Hit by New Enabler Malware

Cyber Security, malware, Ophtek, Security, Security Threats, , , ,
20
Aug 2019

Malware is well known for infecting systems and causing major problems from the second it’s executed. But certain strains of malware act as an enabler.

Security researchers have recently discovered one of these enablers and dubbed it SystemBC. It’s important to stress that SystemBC isn’t an immediate attack. However, it’s just as dangerous as your everyday malware. If not more dangerous. And this is why understanding how an enabler works is crucial for the security of your organization.

It’s always important, where PC security is concerned, to be proactive. So, to help you enhance your organization’s defenses, we’re going to run over the principles of the SystemBC malware.

What is the SystemBC Malware?

The simplest definition of SystemBC is that it enables other malware to unleash attacks. But how does it do this? The answer lies within SOCKS5 proxies. The average PC user will be unaware of what SOCKS5 proxies are, but this doesn’t mean they are impossible to understand. SOCKS5 is a method of internet communication that takes place between a client and a server. And it’s most commonly used in authorizing access to servers.

SystemBC takes advantage of these SOCKS5 proxies to overcome security systems and exploit vulnerabilities. The main method of exploitation is to illegally access a server and then install a command and control (C&C) server. With this C&C in place, SystemBC has the ability to cloak traffic and activity from other malware which can then spread outwards through the server.

How is SystemBC Distributed?

SystemBC has, at the time of writing, been discovered in both the Fallout and RIG exploit kits. These kits allow hackers to package together several different exploits in one product. These assorted exploits can work in synchronicity with each other or independently. And this makes them very dangerous. The Fallout and RIG exploit kits tend to focus on vulnerabilities in Flash and Internet Explorer, an approach which is exceptionally common when it comes to hacking.

Protecting Your Organization from SystemBC

The key to protecting your server from the threat of SystemBC is by being vigilant. Software patches remain the number one preventative measure when it comes to combating vulnerabilities. Software developers release these on a fairly regular basis, but also in emergencies when major vulnerabilities are discovered. And they need to be installed immediately. An exposed entry point to your network is a major threat to your security and plugging it is crucial.

One of the major problems facing organizations, in terms of IT security, is the use of legacy systems. These are systems which no longer receive support from their developers. If a vulnerability is discovered in such a system then it will remain there. It will not be resolved. Therefore, it’s vital that your organization regularly assesses the suitability of your PC systems for engaging with the internet. If a particular part of your network is no longer supported then it’s time to replace it. Otherwise you could soon find malware such as SystemBC making its home on your server.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

6 Reasons Why You Should Invest in Cyber Security

Cyber Attack, Cyber Security, Hackers, Hacking, malware, Ophtek, Password Security, PC Security, Secure Website, Security, Security Threats, , , ,
23
Jul 2019

Cyber-attacks are on the rise, so protecting your business has never been more important. But what exactly are the benefits of cyber security?

We all know about the need for firewalls and anti-virus software. They provide us with a layer of defense from the legions of hackers itching to access our data. Those who are new to the world of IT, however, are unlikely to know why they need cyber security. What can it deliver? Well, let’s run through six reasons why you should invest in cyber security:

  1. Protects Your Data: Businesses work with huge amounts of data in the 21st And, whether its employee or customer data, it’s going to be sensitive. This needs to be protected to prevent identity theft or financial damage. A professional approach to cyber security will reduce this threat and protect the integrity of you data. 
  1. Maintains Productivity: While the headlines regarding cyber-attacks always focus on data and costs, they fail to look at the impact on productivity. If, for example, a ransomware attack hits your network then critical files are going to be out of action. This means that your employees will be unable to work. And the impact that this can have on your organization’s productivity can be devastating. 
  1. Financial Damage: Cyber-attacks can hit a company where it hurts: the bank balance. Ransomware demands are, naturally, the most obvious cause of financial distress, but there are others. A drop in productivity can soon lead to a drop in sales which can significantly impact your revenue streams. And there’s also the chance that irreparable damage could be caused to your hardware resulting in the need for new purchases. 
  1. Protects Your Website: One of the cornerstones of a successful marketing strategy in the 21st century is a website. Whether it’s being used to promote your services or sell them it needs to be running 24/7. It’s a crucial communication channel, but it’s also one that’s regularly targeted by hackers. With the correct level of investment in cyber security you can limit the risk of it being compromised. This keeps your website running and ensures that your marketing strategies can run smoothly. 

  1. Keeps Malware Out: Malicious software, better known as malware, is the bane of all security professionals. Capable of causing massive damage to IT infrastructures, malware is a form of hacking which embraces subterfuge and results in untold problems for the victims. It can steal data, it can slow down systems and even set up attacks on other businesses. But if you invest in cyber security then then the chances of malware activating its payload is reduced. 
  1. Provides Customer Confidence: Consumers are wary of data security more than ever in the digital age. Therefore, inspiring trust in your IT systems is essential. If you can demonstrate that you’re working with professionals to protect your customers’ data then you can inspire this trust. Not only will you be able to protect your customer’s data, but you will enhance their loyalty to your brand.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 16 17 18 19 20 29