Ophtek Archives - Page 25 of 59

Cuba Ransomware Collects Over $40 Million in Ransom Fees

Backup, Cuba ransomware, Ophtek, Phishing, Ransomware, Updatesbackup, cuba ransomware, Ophtek, phishing, ransomware, updatesOphtek, LLC

Aug 2022

Using a new remote access trojan, threat actors behind the Cuba ransomware have amassed ransom payments estimated to be close to $44 million.

Over the past five years, countless headlines have been generated by the damage caused by ransomware attacks. Not only do they compromise access to your organization’s data, but they also have the potential to inflict painful financial damage. To make matters worse, these attacks are evolving to become more powerful and harder to prevent. In fact, on many occasions (and as we’ll see with the Cuba ransomware) these evolutions will take place over a matter of months.

Ransomware, therefore, is a very real threat to your organization’s IT network, so it’s important that you understand exactly how the Cuba ransomware operates.

What is the Cuba Ransomware?

Cuba was first detected in late 2019 before disappearing from the frontline and returning two years later in November 2021. Evidence of the Cuba ransomware has been detected in around 60 ransomware attacks, with 40 of these victims revealed to be US-based. Cuba is delivered to PCs through the Hancitor loader, a type of malware which is used to download and execute additional malware e.g. remote access trojans. Hancitor makes its way onto PCs through a variety of means such as phishing emails, stolen login credentials and software vulnerabilities.

Since Cuba first emerged onto the digital landscape, it has undergone a series of significant changes. The most notable changes have seen it terminating more processes before it locks files, widening the range of file types it encrypts and, believe it or not, enhancing its support options for victims wanting to pay. Cuba has also been observed operating a backdoor trojan called ROMCOM RAT, a piece of malware which deletes files and logs data to a remote server.

Protecting Yourself Against the Cuba Ransomware

With Cuba collecting ransom payments of over $40 million, it’s clear to see Cuba is a dangerously effective threat. It’s also important to point out there is currently no known decryption tool available to combat Cuba’s encryption methods. Accordingly, you need to be on your guard against this threat and any similar attacks. Therefore, make sure you practice the following:

Beware of phishing emails: one of the most common attack methods employed by hackers, phishing emails use social engineering techniques to pressure you into clicking links and downloading files. However, following the instructions within a phishing email are a guaranteed one-way ticket to having your PC compromised. Always check, double check, and then ask an IT professional to evaluate any suspicious links or documents you receive.

Have a strong backup game: if your files become encrypted by Cuba then the only option you have for unlocking your files is to pay a ransom fee or restore the files from a secure backup. When it comes to backups, there are a variety of options available and it pays to implement multiple backup strategies to preserve your data.

Install updates: Cuba has the power to exploit software vulnerabilities to gain unauthorized access to computer networks, so it’s crucial that you always install updates as soon as possible. The install process for updates can feel time consuming, but when you have the option to automate these installations, there’s no reason this shouldn’t take place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Malware Spies on Gmail and AOL Inboxes

malicious browser extension, Ophtek, Phishing Email, SHARPEXT, Volexitymalicious browser extension, Ophtek, phishing email, SHARPEXT, VolexityOphtek, LLC

Aug 2022

Webmail remains a crucial way in which you can keep on top of your digital communication, but what happens when people start spying on it?

While AOL email addresses are far from a popular choice in 2021, there are still significant numbers in use. Gmail, however, is much more in demand, with an estimated 1.8 billion users. So, it doesn’t take a genius to see why these platforms would turn a hacker’s head. Protecting such huge amounts of data, therefore, should be paramount. Unfortunately, both AOL and Gmail have fallen short in this respect due to a malicious browser extension. And the main impact of this is that their users have found their webmail accounts compromised.

With such significant data passing through webmail accounts, it’s important that you understand any relevant threats. This slice of malware – dubbed SHARPEXT – is the perfect example of one you need to be on your guard against, so let’s take a look at it.

How Does SHARPEXT Peer Over Your Shoulder?

The infected browser extensions are believed to target three specific browsers: Chrome, Edge and Naver Whale (a South Korean browser). Judging by the evidence on offer, security researchers have determined that SHARPEXT is the work of a North Korean cybercrime group known as SharpTongue. Once the malicious browser extension is activated, it works in a novel way. Whereas similar strains of malware focus on harvesting login credentials, SHARPEXT browses its victims mail and extracts individual emails from the inbox.

You may be wondering how the SHARPEXT extension finds its way into your browser, after all, who would knowingly install a sophisticated piece of spyware on their PC? Well, as ever, it’s down to a stealthy approach by the threat actors. After sending the victim an infected document, SharpTongue use social engineering techniques to convince the recipient to open it; this installs the spyware in the background, where it remains unseen by antivirus software.

How Do You Avoid the Threat of SHARPEXT?

No one wants their email compromised and, for an organization, this can be particularly troubling due to the data at risk. And SHARPEXT is unlikely to be the last attack which uses similar techniques. Therefore, it’s vital that you know how to protect yourself and your PC against it:

Understand the threat of phishing emails: it’s important that your staff know how to identify a phishing email; these are one of the most common methods employed by hackers to compromise PCs. A phishing attack can be activated in seconds and, in a worst-case scenario, turn over complete control of a PC or network to a hacker.

Block any SHARPEXT identifiers: the coding used within SHARPEXT is innovative as it uses coding unfamiliar to security tools. Thankfully, security experts Volexity have compiled a list of identifying code which IT professionals can use to identify extensions running SHARPEXT.

Restrict the Installation of Extensions: in a work-based setting, there’s little reason for your employees to be installing browser extensions onto their PCs. Accordingly, it makes sense for your organization to restrict who can install extensions. If a specific extension is required, then an employee should submit a request to their IT team.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Office Macros Disabled: What the Hackers Did Next

email security, malicious websites, Office Macros, Ophtek, threatneedleemail security, malicious websites, Office Macros, Ophtek, threatneedleOphtek, LLC

Aug 2022

One of the best ways to infect a PC has, until now, been through Office macros. But, now that they’re disabled by default, what are the hackers going to do?

The numbers of hacks that have involved Office macros over the last 20 years is mindboggling. And they have involved some major attacks, such as ThreatNeedle, during this period. Accordingly, Microsoft decided that 2022 would be the year the security risk of macros was put to bed once and for all. This, as you would imagine, has put a major thorn in the side of hackers. Nonetheless, hackers are as determined as they are malicious. Therefore, they have had to refine their attack strategies and adopt new methods.

And it’s crucial that you know what they have up their sleeves.

How Have Hackers Adapted their Attacks?

Now the exploits offered by internet macros have been greatly diminished, hackers have evolved their techniques to maintain a sting in their tail.

Most notably, a significant rise in container-based attacks has been observed, but what are container-based attacks? Well, container files are any files which allow multiple data sources to be embedded in one file e.g. a .zip or .rar file can contain numerous files which are all compressed into one ‘container’ file. So, a threat actor could, for example, deliver a .zip file packed full of malware as an email attachment.

HTML smuggling has also been adopted as a popular alternative to Office macros. This form of attack involves a threat actor ‘smuggling’ infected scripts into web pages and/or associated HTML attachments. All it takes for the scripts to be activated on a victim’s PC is for the HTML to be loaded into their browser. Therefore, simply visiting a website is enough to download and activate malware, and the innocent party would have no idea an attack was unfolding in front of them.

Another increase in popularity has been noted in the form of infected .lnk files. These are files which act as shortcuts/links and, while they can be used to direct users to safe URLs, they have the potential to forward victims onto malicious websites and initiate unsafe downloads.

How Can You Keep Pace With These Techniques?

You may be able to breathe slightly easier now that macros have been disabled by default, but you need to remain alert. Make sure you counter the new threats above by practicing the following:

Always be wary of attachments: any email attachment should still receive the same amount of scrutiny. Regardless of whether it’s from a colleague or an unknown sender, there’s a risk that it may be malicious. So, before you open any attachment, evaluate how genuine it is and, if any doubt remains, refer it to your IT team to take a closer look.

Make sure websites are safe: most modern security suites will evaluate websites before your browser loads them up. For example, if a website is deemed malicious, your security suite should prompt you to confirm if you wish to continue. However, the presence of any prompt should immediately ring alarm bells. And, as you’ve probably guessed, it’s best to get any red flags verified by an IT professional before proceeding.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The 5 Biggest IT Security Mistakes

attachments, Backup, Data Security, Hackers, Ophtek, Password Securityattachements, backup, Data Security, hackers, Ophtek, password securityOphtek, LLC

Aug 2022

Almost all cyber-attacks are due a common denominator: a mistake. We aren’t perfect, of course, but we can limit number of IT security mistakes we make.

Working on a PC is far from straightforward and, as a result, the sheer number of complex routines you must work through leaves plenty of room for mistakes. At the same time, all a hacker needs to take control of your system is a few milliseconds. Accordingly, even the smallest security mistake can leave your PC at the mercy of a hacker. However, by understanding what the most common, and usually simplest, IT security mistakes are, you can strengthen your IT defenses almost immediately.

Start Eliminating These Mistakes Today

If you want to make sure your IT infrastructure is safe from hackers, then you need to avoid these five IT security mistakes:

Not locking your screen: you may trust your work colleagues, but the fact remains that numerous people will enter your organization’s premises throughout the day. Some may be familiar, some may not. And that’s why it’s crucial you lock your screen. All you have to do is hit the Windows button and the L key; your screen will be locked with a password and the contents of your PC immediately protected.

Underestimating your value as a target: threat actors are malicious and, although they are certainly interested in big targets, they’re equally likely to target smaller organizations too. Additionally, many cyber-attacks are automated and don’t discriminate against who they attack. Therefore, never assume that your small business is of no concern to hackers. Remain vigilant and practice good IT security.

Passwords on Post-it notes: we all know that remembering passwords is difficult, but the biggest mistake you can make is by writing your password on a Post-it note. And then sticking it to your monitor. Sure, it’s convenient for you, but it’s also highly convenient for anyone looking to compromise your PC. Instead, create passwords you can easily remember, but are difficult for anyone else to crack.

Not backing up effectively: when it comes to IT, the range of backup options available in 2022 is plentiful. From on-site storage, to external cloud storage and even onto good old fashioned optical drives, there are numerous options. And it’s important that you use more than one backup option to protect your data, this will ensure it’s available when you need it. Remember: failing to maintain an effective backup process will seriously hurt your recovery time in the event of a cyber-attack.

Assuming email attachments are safe: ever since email became a mainstay of modern communications, it has carried a huge risk of delivering malware through email attachments. Most concerning of all, these infected attachments may be sent by email contacts you consider safe, it could even be your colleague sitting next to you. Threat actors can easily take control of a victim’s email address book and email malware under the guise of the victim’s email address. And that’s why you should evaluate every email you receive.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Sality Malware Delivers More than Recovered Passwords

block social media, download privileges, malware, Ophtek, password recovery, Sality, social media advertisingadvertising, download, malware, Ophtek, password security, Sality, social mediaOphtek, LLC

Jul 2022

Forgetting a password is frustrating, so the promise of a password recovery tool is tempting. Until, that is, you find out it’s packed full of malware.

If something online sounds too good to be true, then it usually is – see the numerous adverts on YouTube which promise to make you $50k a month with minimal effort. And this is exactly the case with the Sality malware. Naturally, Sality doesn’t advertise itself as malware. Instead, it bundles itself stealthily, as a hidden extra, alongside a password recovery tool for Programmable Logic Controllers (PLC) and Industrial Control Systems (ICS). Whilst the tool does indeed help you to extract passwords, the presence of Sality opens a whole world of digital pain.

The Lowdown on Sality

Sality, in its earliest form, is believed to have been online for nearly 20 years, so it’s certainly not a new threat. However, over the years, its evolution has led to its modern variant becoming a nasty piece of malware. At present, it’s making its way into people’s PCs thanks to relatively crude, yet tempting adverts on social media sites. Advertising itself as a free download, the tool will retrieve passwords for PLC and ICS – through a vulnerability in the system’s firmware – but it also activates the Sality malware.

To understand how Sality operates, you first need to know what a peer-to-peer (P2P) botnet is. Used to generate huge amounts of processing power – usually for cracking passwords or mining cryptocurrency – a P2P botnet obtains this power by hijacking large numbers of PCs. These hijacked PCs are then forced to work together on the same task – after all, 1,000 PCs mining cryptocurrency are going to achieve their objective a lot quicker than a single PC. It appears that Sality is currently focused on cryptocurrency, but there is nothing to stop threat actors unleashing more powerful attacks e.g. taking entire IT systems down.

How Do You Handle a Sality Infection?

While Sality may have been around for some time, it hasn’t learned every trick in the book. For example, not only will it throttle an infected PCs performance by using 100% of its CPU, it also triggers numerous Windows Defender alerts. However, it does have enough sense to scan any PC it lands on for anti-virus software before shutting down any identified tools. Therefore, it’s crucial that you follow preventative approaches to avoid Sality:

Do Not Trust Online Adverts: legitimate password recovery tools are unlikely to be advertised on social media sites. If you have forgotten your password, then you should contact the software developers for advice. Alternatively, you can create secure backups of your passwords with an app such as Google’s Password Manager.
Remove Download Privileges: almost every malware threat involves a malicious download and, as such, it makes sense for your organization to limit the number of downloads taking place. By limiting download privileges to, for example, line managers, you will minimize the chances of malware being downloaded by mistake.
Block Social Media: if you want to make sure that you are specifically limiting the risk of Sality, you can simply block access to social media sites from within your organization’s network. However, be aware that Sality is likely to be lurking elsewhere on the internet.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 23 24 25 26 27 … 59 Next »

Tag Archives: Ophtek