E-Commerce Servers Targeted by NginRAT Malware

Hackers, malware, NginRat Malware, Ophtek, Security, , , ,
21
Dec 2021

Hackers are attracted to big, successful targets. And, online, you don’t get much bigger than e-commerce, so that’s where the NginRAT malware comes in.

The e-commerce industry is one of the most lucrative sectors online. Not surprisingly, hackers have been targeting this industry since the earliest online transactions took place. As the e-commerce landscape has provided such a long running target, hackers have developed their attack methods significantly in this niche. And this means that it’s getting harder and harder to protect against them. NginRAT is the latest development in this area, and it’s already launched attacks against e-commerce servers in the US, France and Germany.

The threat of NginRAT is very real and it’s one which demands your attention. Therefore, it’s important that you know what you’re dealing with and what you can do about it. And that’s why we’re going to take a closer look at it today.

What is the NginRAT Malware?

The name NginRAT may sound unusual, but the naming procedure employed here is relatively simple:

  • Ngin: This part of the name refers to the Nginx servers where NginRAT hides in order to avoid detection.
  • RAT: The second part of the NginRAT name stands for Remote Access Trojan. This means it is a malware strain which uses back door access to provide remote access to an infected machine.

NginRAT, itself, is actually delivered to victims through another piece of malware known as CronRAT. Once NginRAT has been deployed on a host server, it begins modifying the functionality of this host in order to hijack the Nginx application. This not only allows NginRAT to remain cloaked from security tools, but also lets it inject itself into Nginx web server use. From here, NginRAT is in a position where it can record user data. Now, as Nginx servers are typically used in e-commerce, this means that the hackers can steal sensitive data such as credit card details.

Can You Detect and Remove NginRAT?

The NginRAT is considered a sophisticated piece of malware and it’s unlikely that your average anti-malware tool is going to detect it. However, while it may be sophisticated, it’s far from unbeatable. Security researchers have discovered that it uses two specific variables to launch itself within Nginx servers: LD_PRELOAD and LD_L1BRARY_PATH. For the average PC user, identifying these variables will be beyond their scope. But an IT professional should be able to isolate these processes and begin a removal process.

Final Thoughts

If your organization is involved in the world of e-commerce, then it pays to be vigilant against malware such as NginRAT. The potential damage that a RAT can cause is immeasurable. Aside from the financial repercussions for yourselves and your customers, there is also the reputational damage to contend with. Unfortunately, tackling the NginRAT malware is far from easy. Investing in server monitoring services will not act as a comprehensive band-aid, but it will improve your chances of detecting any malicious activity. For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Log4Shell Vulnerability Hits Major Web Services

Hackers, Javascript, Log4Shell, Ophtek, Software Security Patches, zero-day, , , , ,
13
Dec 2021

A new zero-day exploit has been discovered which could easily disrupt the services of several major online platforms such as Twitter, Minecraft and Steam.

The vulnerability, which has been named Log4Shell, was recently discovered by LunaSec’s security researchers. It was first located within the Minecraft platform, which is operated by Microsoft, and has since been found in many other online services. The exploit was found in an open source logging utility known as Apache Log4j, an essential tool which is necessary in most Java-based apps and servers. It’s estimated that thousands of companies are likely to be at risk due to this vulnerability.

Vulnerabilities remain a major threat for every organization that employs an IT infrastructure, so we’re going to take a closer look at Log4Shell to see what lessons can be learned.

How Does the Log4Shell Vulnerability Work?

Log4Shell is known as a zero-day exploit and this means that it’s a natural vulnerability, likely due to an oversight on the original coders, which has been discovered but not yet patched. Hackers are determined individuals and are constantly focusing their efforts on analyzing software for vulnerabilities. Once a vulnerability is discovered, hackers can take advantage of it and, for example, gain unauthorized access to web servers. And, if like Apache Log4j, it’s a widely used utility, the hackers can replicate this attack against numerous organizations.

Web monitoring services have detected that around 100 hosts are actively scanning the internet to identify services which are running Apache Log4j. This scanning process is automated, so it can be left running continuously. Once platforms running Apache Log4j are identified, hackers have a relatively easy victim in their sights. All it would take is for the exploit to be taken advantage of and, very quickly, the hackers would be able to move deeper into the IT infrastructures of some major online businesses.

Protecting Yourself Against Vulnerabilities

Vulnerabilities such as Log4Shell are, unfortunately, inevitable due to the complexity of building software. Open source software, in particular, is difficult to police once it has been released and, of course, human error means nothing will ever be 100% secure. No specific damage has, as of this time of writing, been associated with the Log4Shell exploit, but the number of individuals at risk is very concerning. Thankfully, Apache have quickly developed a security patch for Log4j which will counter the vulnerability once it is installed.

The key takeaway from the Log4Shell vulnerability is that security patches are crucial. These need to be installed as soon as possible to mitigate any potential security breaches. However, there are other steps you can take minimize your risk:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

1.2 Million GoDaddy Users Hit By Managed WordPress Hack

GoDaddy Breach, Hackers, Hacking, Ophtek, Password Security, strong passwords, , , , ,
07
Dec 2021

Web hosting is an integral part of how the modern internet works, but what happens when a provider finds themselves the victim of a hack?

GoDaddy is one of the most popular web hosting providers in the world with an estimated customer base of over 20 million users. Through GoDaddy it’s possible to use their Managed WordPress service to build and host WordPress websites. And, with around 64 million websites currently being powered by WordPress, it’s clear to see why GoDaddy has focused on this platform. Online popularity, however, will always put you in the targets of hackers. A recent breach of GoDaddy’s Managed WordPress service has demonstrated this by hitting 1.2 million of their customers.

How Did GoDaddy Get Hacked?

GoDaddy’s Managed WordPress environment contains huge amounts of data. Not only is there access to the source code for hosted websites, but customer’s personal data is also stored there e.g. email addresses, login credentials and site security certificates. These are data sources which have the potential to cause widespread digital devastation. Email addresses can be used to power phishing campaigns, login credentials give hackers the ability to hijack websites and manipulating security certificates can result in malware being downloaded to unsuspecting victims. But how exactly did one of the world’s most powerful web hosting providers get hacked?

The attack appears to have started in early September 2021 and stemmed from a password becoming compromised. The password in question allowed a third party to gain unauthorized access to GoDaddy’s Managed WordPress system. From here, the hackers were able to harvest the previously mentioned data. Unfortunately, for GoDaddy’s customers, it appears that the passwords being stored for Secure File Transfer Protocol were not encrypted and were available in plaintext. Naturally, this made it much easier for hackers to harvest even more data more quickly. And, worst of all, the attack was not picked up for over two months.

Preventing Similar Breaches in the Future

After discovering the hack, due to suspicious activity being detected on their servers, GoDaddy have moved swiftly to limit the damage. All affected login credentials have been reset and GoDaddy are currently issuing new site security certificates. However, the nature of this breach is a damning indictment of GoDaddy’s security measures. Passwords should be secure. The best ways to prevent such breaches taking place are:

  • Strong Passwords: A strong password is one that is judged difficult to guess. The best way to achieve this is by using a mixture of uppercase characters, lowercase characters, numerical characters and symbols. Mixing these different elements together minimizes the odds of a hacker guessing lucky. Additionally, don’t go for obvious password choices such as your name or your date of birth.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What is Zero Trust Security?

access control, Network, Ophtek, Security, Zero Trust, , , ,
30
Nov 2021

With the digital world awash with malware, viruses and vulnerabilities, it’s hard to avoid security breaches. But does zero trust security have the answer?

Hundreds of thousands of new malware strains are created daily; the chances, therefore, of your organization being targeted are high. Typically, we use measures such as security education to enhance vigilance and tools such as anti-malware software to minimize breaches. But neither of these are 100% secure. In fact, no one security measure can ever be 100%. It’s possible, though, to maximize your security by introducing additional security measures. And this is where zero trust security can make a big difference.

The Lowdown on Zero Trust

When users log on to corporate networks, they are usually assigned a certain level of access control. This allows them to access the parts of the network that are required for them to do their job. So, for example, an employee in the finance department would have access to invoicing systems whereas this would be restricted to those in the marketing department. Such an approach allows you to limit unauthorized access to sensitive data. But the zero trust model takes things a step further.

Zero trust’s guiding ethos is one of “never trust, always verify” and it takes a hardline approach to access privileges. Rather than assuming that a device in a specific location should automatically be granted access to the network in that area, zero trust access demands verification every time resources are accessed. Instead of providing an element of trust, there is zero trust – hence the name of the model. It’s an approach which requires checking both the identity and health of the devices requesting access alongside mutual authentication.

How Can Zero Trust Help?

A significant number of security breaches are down to human error e.g. opening a malicious email attachment. But zero trust work to eliminate (or at the very least, minimize) this human error by bringing access control to the table. External devices, for example, can’t gain access to a secure network by using stolen network credentials – they need to prove that the device in question is authorized and that the user can provide authentication. Not only does this limit unauthorized external access to your network, but it limits the number of internal users who can access data which is unnecessary to their role.

Final Thoughts

Access control has been in place with IT infrastructures for decades, but the hardline model of zero trust access is one that all businesses should be shifting towards. In particular, large businesses with a multitude of different departments and employees are particularly at risk of security breaches. But this is only the case if all employees have access to the same resources. Questioning the integrity of specific devices – and foregoing any assumptions based upon location – is crucial when it comes to protecting your network.

If your organization does not already practice the zero trust model for access, then it’s time to get started. Plan your model by dividing your networks into specific sections and detailing who needs access to each one. You can then start putting additional security in place – such as two factor authentication – to strengthen your network and keep your data as safe as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Millions of Routers and IoT Devices Targeted by BotenaGo

BotenaGo, Cyber Security, Internet Traffic, IoT Attacks, Ophtek, router, Software Security Patches, , , , , ,
23
Nov 2021

Routers and Internet of Things (IoT) devices are essential when it comes to modern business. But this has made them a target for the BotenaGo malware.

Wireless technology is in place in almost every business in the world. The presence of routers allows PCs to connect to the internet and enhance their capabilities. IoT devices, meanwhile, bring wireless functionality to business such as wireless access to printers and data storage. Both routers and IoT devices, therefore, present an enticing opportunity to hackers. Compromising just one of these devices grants backdoor access to IT infrastructures. And this is where they can really cause your organization some damage.

BotenaGo is an innovative new strain of malware which has routers and IoT devices in their targets, so it’s crucial that you learn a little more about it.

What is BotenaGo?

The BotenaGo malware is difficult detect, but it appears that it’s hiding in plain sight. BotenaGo is written in Google’s popular Golang programming language, a process which has become steadily popular with hackers. Golang allows programmers to use the same code across different systems, so this saves significant time when coding. Malware, such as BotenaGo, coded in Golang can, therefore, spread across multiple operating systems with the same code.

BotenaGo is programmed to identify 30 different vulnerabilities and this is why so many routers and IoT devices are at risk. The malware starts by scanning the internet for vulnerable devices and then activates the available exploits. BotenaGo’s next step is to create backdoor on the infected devices, this is typically opened on ports 31421 and 19412. This allows the hackers to take control of the device. Further malware and DDoS attacks can then be launched using the victim’s internet connection.

How to Stay Safe

Malware which uses malicious links and attachments is easy to combat as it requires users to action the payload. The techniques used by BotenaGo, however, rely on system vulnerabilities that the average PC user will be unable to identify. Furthermore, current anti-virus software seems unable to detect BotenaGo. But there are ways you can protect yourself:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 29 30 31 32 33 59