Ophtek Archives - Page 29 of 57

Solid State Drives Targeted by Stubborn New Malware

Hackers, malicious code, Ophtek, solid state drive (SSD), Updateshackers, malicious code, Ophtek, solid state drive (SSD), updateOphtek, LLC

Jan 2022

A new strain of malware has been developed which allows threats to be delivered to an inaccessible area of a solid state drive (SSD).\

The attack in question is not currently active, but the possibility of this attack has been modeled and proved successful by a group of Korean security researchers. However, hackers are persistent and they have likely been investigating such an attack for some time – similar strategies have already been employed to hide malware on hard disk drives (HDD). And, thanks to the rapid rise of SSDs over the last decade, threats to their security are only going to become more common.Combatting threats that have stealth on their side is crucial for protecting your IT infrastructures, so you need to take this threat very seriously. Let’s take a look at why and how your SSDs are at risk.

How Does This New Attack Work?

The Korean researchers have found a specific vulnerability in the design of certain SSDs which makes hacking them that little bit easier. An SSD which employs flex capacity (a technique where storage devices adjust their space to enhance performance) is the main target of this latest threat. Such an SSD contains an area known as over-provisioning which is located in an inaccessible area of the SSD. This area takes up, depending on the current demand, between 7 – 25% of the SSD capacity. And this over-provisioning area is invisible to the PCs operating system.

Due to the invisible nature of this over-provisioning space, it cannot be reached by applications such anti-virus tools or user intervention. However, it’s possible to exploit the size of this ‘hidden’ area and enlarge it by manipulation through the SSD firmware manager. Not only does this allow a hacker to deposit malware here, but it gives them access to the over-provisioning space – where sensitive data may remain for several months. It’s this sophisticated attack method which makes it difficult to detect and even more difficult to remove.

What Should You Do If You Have an SSD?

It’s believed that the attack required to exploit the over-provisioning area is not currently active. But it remains a viable threat and it’s only a matter of time before a hacker formulates a successful strategy. The sophisticated nature of this exploit means that tackling such an attack is difficult for an average PC user to complete. Solving this vulnerability lies with the manufacturers of SSDs who need to rethink the design of their systems.

Ideally, real time monitoring of these hidden areas needs implementing, with a view to providing a ‘wipe’ option when the over-positioning capacity increases rapidly. Nonetheless, it remains good practice to install every update and patch which is released for your SSD. Software within the SSD software will regularly need updating and these could be used to strengthen the defense of your SSD. Therefore, prioritizing and automating updates remains important to protect your PCs.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Malware Found in Illegal Downloads of Spider-Man Film

cryptojacking, firewall, malware, mining malware, moreno, Ophtek, torrentscryptojacking, firewall, malware, mining malware, moreno, Ophtek, torrentsOphtek, LLC

Jan 2022

Hackers have decided to cash in on the popularity of Spider-Man by infecting copies of his latest movie with cryptocurrency mining malware.

Going to the movies is an expensive activity these days and, as a result, many people are turning to illegal torrents. These torrents are shared by hundreds of different people, each sharing the entire film as a file, with downloaders able to download parts of the file from these multiple sources. It may sound like the perfect answer to paying and queuing at the movies, but it’s an act which infringes copyright and is 100% illegal. And, of course, there’s the little matter of malware being bundled into these torrents. Nonetheless, it’s estimated that around 28 million users download and share illegal files every day.

Illegal downloads are here to stay, so it’s important that you understand the dangers they carry in terms of cybersecurity. And the Spider-Man example is the perfect place to start.

Using Spider-Man to Spread Malware

The latest Spider-Man movie is ‘Spider-Man: No Way Home’ and it was released to theatres in December 2021. Within days of the movie’s premiere, poor quality copies – often filmed from within a theatre – started appearing on torrent sites such as The Pirate Bay. However, there were also torrents available which contained a nasty surprise. Several torrents which claimed to be of No Way Home contained a file with the name of ‘spiderman_net_putidmoi.torrent.exe’ – ‘net_putidmoi’ being Russian for No Way Home.

But far from presenting you with a copy of the new Spider-Man movie, activating this file would launch cryptocurrency mining malware. The malware automatically added exceptions to Windows Defender in order to avoid detection on the infected system. With this concealment in place, the malware could then harvest the PCs processing power to mine a cryptocurrency known as Monero. While mining cryptocurrency is legal, the hijacking of PCs to power this process is highly illegal and dangerous.

How Do You Avoid These Types of Infection?

The malware involved in the Spider-Man hack has not been shown to compromise any personal information. But it will slow your PC down. And a more dangerous piece of malware could easily start compromising your data. Therefore, it’s essential that you avoid falling victim to malware hidden in torrents. The best way to stay safe is:

Don’t Download Torrents: the simplest way to avoid malware within illegal torrents is to avoid downloading them. It’s much safer for your PC (and your criminal record) to visit official sources and pay the required amount for songs, software and movies.

Always Use a Firewall: Although the Spider-Man malware is clever enough to write exceptions into Windows Defender, many similar strains of malware are not as clever. And that’s why it’s crucial that you always run a firewall, these can instantly stop malware operating on your PC.

Investigate Sluggish PC Activity: if your PC is regularly grinding to a halt and struggling to complete simple processes, there’s a good chance it’s been hijacked. Restarting your PC in Safe Mode and running anti-malware software is the best way to start ruling out an infection.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What are Zero-Click Attacks?

malicious code, Ophtek, Pegasus spyware, Software Security Patches, zero-click attacksmalicious code, Ophtek, pegasus spyware, Software security patches, zero-click attacksOphtek, LLC

Dec 2021

One of the less mentioned security threats for PCs is the zero-click attack. Nonetheless, zero-click attacks are one of the most dangerous threats we face.

Traditional cyber security measures tend to focus on PC users following best practices to protect their PC. And, overall, it’s an effective approach. Understanding the importance, for example, of verifying a link in an email before clicking is crucial. But there’s only so much that individuals can do to protect themselves. If hackers can remove this ‘human’ factor from gaining access to a PC then they should, in theory, be home free. And, with a zero-click attack in their toolbox, hackers can quickly exploit even the most vigilant PC users.

How Does a Zero-Click Attack Work?

The most common technique employed in carrying out a zero-click attack is:

A hacker codes a section of malicious data which is then sent to a victim over a wireless connection; the intended target can be either hardware or software. This chunk of data is used to activate a vulnerability in the target. The hacker is then free to gain unauthorized access to the affected device/application. And, using a series of predefined actions, further damage can then be caused e.g. downloading further malware and stealing data.

As you can see from the above description, at no point does the victim have any involvement. It’s this element of the strategy which makes it most troubling for PC users. The technique involved could, for example, involve a message being sent over Skype, a message which is not even opened by the recipient. Yet, the fact that it has been received on a PC means that it can unleash a malicious payload. Perhaps the most famous example of a zero-click attack is the Pegasus spyware hack which allowed hackers to gain access to users’ smartphones via a single WhatsApp message being received.

How Can You Combat Zero-Click Attacks?

It may seem difficult to protect yourself against the unprotectable and that’s why concern has been rapidly building around zero-click attacks. Thankfully, most zero-click attacks – such as Pegasus – have only targeted a tiny proportion of people, mostly government officials and high-ranking journalists. But this is far from a guarantee that you can’t fall victim to a zero-click attack.

As ever, key to protecting your PC and your devices is by installing security patches when they become available. Don’t put them off “until tomorrow” as it only takes a zero-click attack a few seconds to exploit a vulnerability. With your software and hardware running with optimal protection, it’s less likely to become another statistic of security failure. Encryption is also central to keeping your data safe should you find your device breached. Remember: all sensitive documents should be encrypted and backed up.

Final Thoughts

We’re used to malware and ransomware grabbing all the headlines, so that’s why many of us feel confident about battling these threats. But zero-click attacks are more enigmatic, a factor which works heavily in their favor. The discretion achieved by foregoing the need for user error positions zero-click attacks as a favorite of hackers. It may be a method of attack which doesn’t generate many column inches at present, but it’s likely to become more popular as hackers look at more innovative approaches. For more ways to secure and optimize your business technology, contact your local IT professionals.

E-Commerce Servers Targeted by NginRAT Malware

Hackers, malware, NginRat Malware, Ophtek, Securityhackers, malware, NginRat Malware, Ophtek, securityOphtek, LLC

Dec 2021

Hackers are attracted to big, successful targets. And, online, you don’t get much bigger than e-commerce, so that’s where the NginRAT malware comes in.

The e-commerce industry is one of the most lucrative sectors online. Not surprisingly, hackers have been targeting this industry since the earliest online transactions took place. As the e-commerce landscape has provided such a long running target, hackers have developed their attack methods significantly in this niche. And this means that it’s getting harder and harder to protect against them. NginRAT is the latest development in this area, and it’s already launched attacks against e-commerce servers in the US, France and Germany.

The threat of NginRAT is very real and it’s one which demands your attention. Therefore, it’s important that you know what you’re dealing with and what you can do about it. And that’s why we’re going to take a closer look at it today.

What is the NginRAT Malware?

The name NginRAT may sound unusual, but the naming procedure employed here is relatively simple:

Ngin: This part of the name refers to the Nginx servers where NginRAT hides in order to avoid detection.

RAT: The second part of the NginRAT name stands for Remote Access Trojan. This means it is a malware strain which uses back door access to provide remote access to an infected machine.

NginRAT, itself, is actually delivered to victims through another piece of malware known as CronRAT. Once NginRAT has been deployed on a host server, it begins modifying the functionality of this host in order to hijack the Nginx application. This not only allows NginRAT to remain cloaked from security tools, but also lets it inject itself into Nginx web server use. From here, NginRAT is in a position where it can record user data. Now, as Nginx servers are typically used in e-commerce, this means that the hackers can steal sensitive data such as credit card details.

Can You Detect and Remove NginRAT?

The NginRAT is considered a sophisticated piece of malware and it’s unlikely that your average anti-malware tool is going to detect it. However, while it may be sophisticated, it’s far from unbeatable. Security researchers have discovered that it uses two specific variables to launch itself within Nginx servers: LD_PRELOAD and LD_L1BRARY_PATH. For the average PC user, identifying these variables will be beyond their scope. But an IT professional should be able to isolate these processes and begin a removal process.

Final Thoughts

If your organization is involved in the world of e-commerce, then it pays to be vigilant against malware such as NginRAT. The potential damage that a RAT can cause is immeasurable. Aside from the financial repercussions for yourselves and your customers, there is also the reputational damage to contend with. Unfortunately, tackling the NginRAT malware is far from easy. Investing in server monitoring services will not act as a comprehensive band-aid, but it will improve your chances of detecting any malicious activity. For more ways to secure and optimize your business technology, contact your local IT professionals.

Log4Shell Vulnerability Hits Major Web Services

Hackers, Javascript, Log4Shell, Ophtek, Software Security Patches, zero-dayhackers, Java, Log4Shell, Ophtek, software secuirty patches, zero dayOphtek, LLC

Dec 2021

A new zero-day exploit has been discovered which could easily disrupt the services of several major online platforms such as Twitter, Minecraft and Steam.

The vulnerability, which has been named Log4Shell, was recently discovered by LunaSec’s security researchers. It was first located within the Minecraft platform, which is operated by Microsoft, and has since been found in many other online services. The exploit was found in an open source logging utility known as Apache Log4j, an essential tool which is necessary in most Java-based apps and servers. It’s estimated that thousands of companies are likely to be at risk due to this vulnerability.

Vulnerabilities remain a major threat for every organization that employs an IT infrastructure, so we’re going to take a closer look at Log4Shell to see what lessons can be learned.

How Does the Log4Shell Vulnerability Work?

Log4Shell is known as a zero-day exploit and this means that it’s a natural vulnerability, likely due to an oversight on the original coders, which has been discovered but not yet patched. Hackers are determined individuals and are constantly focusing their efforts on analyzing software for vulnerabilities. Once a vulnerability is discovered, hackers can take advantage of it and, for example, gain unauthorized access to web servers. And, if like Apache Log4j, it’s a widely used utility, the hackers can replicate this attack against numerous organizations.

Web monitoring services have detected that around 100 hosts are actively scanning the internet to identify services which are running Apache Log4j. This scanning process is automated, so it can be left running continuously. Once platforms running Apache Log4j are identified, hackers have a relatively easy victim in their sights. All it would take is for the exploit to be taken advantage of and, very quickly, the hackers would be able to move deeper into the IT infrastructures of some major online businesses.

Protecting Yourself Against Vulnerabilities

Vulnerabilities such as Log4Shell are, unfortunately, inevitable due to the complexity of building software. Open source software, in particular, is difficult to police once it has been released and, of course, human error means nothing will ever be 100% secure. No specific damage has, as of this time of writing, been associated with the Log4Shell exploit, but the number of individuals at risk is very concerning. Thankfully, Apache have quickly developed a security patch for Log4j which will counter the vulnerability once it is installed.

The key takeaway from the Log4Shell vulnerability is that security patches are crucial. These need to be installed as soon as possible to mitigate any potential security breaches. However, there are other steps you can take minimize your risk:

Monitor your network activity for any unusual spikes in traffic or unknown destinations making connections. These indicators could be evidence that your infrastructure has been exploited.

Installing a strong firewall will allow you to restrict the flow of internet traffic in and out of your organization. A fully configurated firewall should quickly put the brakes on any unauthorized access to your network.

Protect devices on your network by using powerful security tools. These will provide you with a number of options for limiting the movements of hackers through your network if they manage to gain access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 27 28 29 30 31 … 57 Next »

Tag Archives: Ophtek