We’re already halfway through 2023 and threat actors are showing no signs of slowing up, but just where is cybersecurity heading?

It may feel as though you’re waging a never-ending battle against hackers and, well, that’s exactly what you’re doing. However, the strategies and techniques of threat actors has changed significantly in the last two decades. Back in 2003, for example, ransomware was less prevalent, but now it’s a major player in terms of cyber-attacks. Therefore, it’s always good to keep one step ahead of the hackers and understand where they are likely to go next.

What Will Future Cyber Attacks Look Like?

The future of cybersecurity will be concerned with maintaining defenses against existing threats and tackling new, innovative strategies launched by threat actors. These attacks are expected to be based in the following categories:

Artificial Intelligence: the impact of artificial intelligence (AI) has been huge in the last couple of years, just look at the interest generated by ChatGPT in 2023. However, the power to cause damage with AI is causing just as many headlines. You can, for example, ask AI systems to help generate code to build computer programs. The exact same code which is used to build malware. This means that designing and executing malware could be easier than ever before, and lead to a surge in new attacks.

Remote working: since the pandemic, more and more employees have been working remotely. While this is convenient, and has been shown to enhance productivity, it also increases the risk of falling victim to malware. Although many remote workers connect to their employers through a VPN, they are often accessing this through devices which aren’t secure. Also, as they will not have colleagues directly around them to offer advice, employees will be more vulnerable to, for example, clicking a malicious link.

Phishing: threat actors have been launching phishing attacks for nearly 20 years, and this means that many PC users can easily spot a phishing email. But this doesn’t mean we’re safe. Instead, it’s likely that future attacks will be more sophisticated to be successful. Taking advantage of AI and machine learning, threat actors will be able to craft phishing emails which are both engaging and convincing. This will allow their attacks to be more successful and harvest more stolen data.

Cryptojacking: despite several significant attacks, cryptojacking is yet to hit the mainstream PC user in the same way that ransomware has. Nonetheless, cryptojacking attacks are on the rise. Accordingly, PC users are likely to become more familiar with them in the next few years. Cryptojacking, as the name suggests, involves hijacking a PC and using its computing resources to mine cryptocurrencies. Due to the huge amount of processing power required to mine cryptocurrency, these attacks target entire networks and can grind them to a halt.

Final Thoughts

These four attack strategies may not be troubling you every day, but they could soon become regular headaches. That’s why you need to adopt a proactive approach to cybersecurity. Make sure that you

keep updated on the latest threats, regularly review your security measures, and ensure that your staff are fully trained in cybersecurity best practices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


E-commerce means big business in the 21st century and it proves a highly attractive target to threat actors, as online sellers are now finding out. 

Such is the size of the e-commerce industry – estimated to hit $4.11 trillion in 2023 – threat actors have many reasons for attacking online merchants. Taking control of a seller’s account will instantly provide hackers with a treasure chest of personal information about their customers e.g. payment methods, personal identifiers, and email addresses. It’s also common for threat actors to lace these compromised inventories and shops with malicious JavaScript code, this can then record credit card details during the checkout process. 

Therefore, this latest attack, which uses the Vidar malware to advance its payload, is one that you need to be aware of. 

How is Vidar Causing Havoc in the Digital Aisles? 

The attack launched against online sellers uses a combination of social engineering and phishing emails to deceive its targets. Threat actors are posing as disgruntled customers who claim to have had large amounts of money deducted from their bank without an order being processed. Using a bit.ly URL – which is typically used to shorten long URLs, but also hides the true destination of the link – the sender of the email advises the merchant to investigate a screenshot of their bank account. This, they claim, will show proof that funds have been taken. 
 
Clicking this link will take the victim to a malicious website designed to look like a genuine Google Drive account. Here, the victim is encouraged to download a .PDF of the bank statement which the sender claims will demonstrate that an illegal transaction has taken place. However, rather than downloading a .PDF, the victim will instead download a file called bank_statement.scr. And this file contains the Vidar malware. 

Vidar was first discovered in 2018 and its method of attack is well known. A classic data miner, Vidar will steal information such as passwords, browser cookies, text files, and also take screenshots of the infected PC. After uploading this data to a remote location, the threat actors can easily download this information and use it to exploit the victim further e.g. sell login credentials on the dark web or access other user accounts using the same information. 

Taking Vidar Back to the Store 

If you believe that your PC has been breached by Vidar, the good news is that most anti-virus tools will pick it up and eradicate it from your system. Nonetheless, it’s always better to not get infected in the first place. Therefore, make sure you follow these best practices to avoid falling victim to Vidar: 

Pick up on suspicious language: phishing emails are full of telltale signs, but you need to know what you’re looking for. Firstly, look out for urgency, fear, and excitement-inducing words. Secondly, watch for requests to disclose personal information or click on suspicious links. And, finally, pay attention to poor grammar or spelling errors. 

Only download from trusted sources: it’s advisable to only download files from sources you can verify are genuine. Downloading files from customers, even if they are genuine, should be avoided wherever possible. These files could, as the Vidar attack has shown, contain anything. In a scenario where you need verification, always turn to an IT professional. 

Use anti-phishing tools: installing anti-phishing software is a good way to enhance your protection against phishing attacks. These tools can be implemented as either browser extensions or part of a security suite. Once they detect an attempt at phishing, they will block the content and present you with a warning in its place. 

For more ways to secure and optimize your business technology, contact your local IT professionals

Read More


WordPad, a basic yet popular word processor, is the latest Windows app to fall victim to a vulnerability exploited by threat actors. 
 
Bundled free with almost every version of Windows since Windows 95, WordPad has remained popular thanks to its simplicity. Less complex than Microsoft Word and more advanced than the basic Notepad app, WordPad gives users an effective word processing tool. However, it’s now an app which carries a real threat to your IT security. Due to a flaw in WordPad’s design, threat actors have started to abuse this vulnerability by launching a DLL hijacking attack. 

Everything You Need to Know about the WordPad Hack 

You may not be familiar with DLL hijacking, so we’ll start by looking at this form of attack. DLL files are library files which can be used by multiple programs all at the same time. This makes it a highly flexible and efficient file, one which can reduce disk space and maximize memory usage. When Windows launches an app, it searches through default folders for DLLs and, if they are required, automatically loads them. What’s important to note, however, is that Windows will always give priority to loading DLLs located in the same folder as the app being launched. 

DLL hijacking abuses this process by inserting malicious DLLs in the app’s parent folder. Therefore, Windows will automatically load this malicious file instead of the genuine one. This allows threat actors to guarantee their malware can be launched long after they have left the system. And this is exactly what has happened with WordPad. The hackers begin their attack by using a phishing email to trick users into downloading a file, one which contains the WordPad executable and a malicious DLL with the name of edputil.dll. Launching the WordPad file will automatically trigger the loading of the malicious DLL file. 

This infected version of edputil.dll runs in the background and uses QBot, a notorious piece of malware, to not only steal data, but also download further malware. The infected PC is then used to spread the attack throughout its entire network.  

Writing QBot into History  

While this form of attack is far from new, it has proved successful. Accordingly, it’s important that we hammer home the basics of good cybersecurity, with a particular emphasis on phishing attacks: 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


In today’s business environment, optimizing PC productivity is essential for organizations to stay competitive. And, to do this, you need the right tools. 

PCs have transformed the way we do business, but it’s important that we constantly move forward and avoid becoming complacent. There are always better ways to do things, more effective procedures and, often, easier solutions to our problems. And implementing these into your organization’s day-to-day operations will always pay dividends in terms of productivity and competitiveness. The best way to achieve this is by adopting the most essential tools for business PCs. 

The Most Essential Tools You Need for Business PCs 

Take a look at any software catalogue and you’re going to struggle to know where to start. The sheer range of available apps and tools is endless. But we’re going to give you a helping hand. So, if you want to raise your business game and get the most out of your PCs, make sure you work with the following tools: 

  • Communication: strong communication and collaboration tools have become crucial in the last decade, most noticeably during and after the Covid-19 pandemic. Thankfully, modern software development allows seamless teamwork to be a reality no matter how scattered your team are. Tools like Slack, Microsoft Teams, or Google Workspace provide real-time messaging, video conferencing and file sharing capabilities. This means your teams can communicate and work together effectively. 
     
  • Productivity suites: every business needs to arm themselves with a fully functioning productivity suite. The most common examples of these tools are Microsoft Office 365 and Google Workspace. With these suites integrated into your PCs, your employees will be able to access a wide range of applications such as word processing, spreadsheets, presentations, and email. Best of all, these platforms can be accessed remotely, making them incredibly flexible and perfect for remote employees. 
     
  • Time and task management: keeping on top of your workload is the number one problem that every employee faces daily. But it doesn’t need to be a struggle. You can quickly minimize this burden by adopting time management tools which will boost your productivity. Todoist, Toggl and Microsoft Outlook all allow you to organize tasks, set priorities, manage schedules, and track time spent on different activities. Your employees, therefore, can break their workload down into manageable tasks and track their progress. 
     
  • Workflow automation: tools such as Microsoft Power Automate and Zapier can accelerate your organization’s productivity by automating repetitive tasks. Therefore, you could set up email processes which automatically save attachments to the cloud. Or, you could program updates to be emailed to your warehouse once new orders are received. Ultimately, these tools will save your employees time, minimize errors and allow your team to focus on their core duties. 

Final Thoughts 

Due to the current economic crisis, making competitive gains – no matter how small – has never been more important. Accordingly, adopting the software tools covered above, could make a significant difference to your organization’s productivity. 
 
For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More