phishing Archives - Page 3 of 11

A Remote Access Trojan (RAT) is one of the most common forms of malware you are likely to encounter, and it’s crucial you understand what they are.

It’s important for all organizations to be aware of the danger posed by a RAT in terms of cybersecurity. After all, a RAT could easily take down your entire IT infrastructure or compromise your business data. And all it takes is one mistake for your team to fall victim to a RAT. Due to the severity posed by RATs, we’re going to define what a RAT is, how they work, and the best way to defend and protect against this threat.

The Basics of a RAT

A RAT is a strain of malware which is designed to give threat actors unauthorized access and control over a victim’s PC from a remote location. This is always completed without the victim’s consent, a fact made possible by the stealthy nature of a RAT.

For a RAT to succeed, it first needs to infect the victim’s PC, and this can be achieved in the following ways:

Phishing emails may be used to send malicious attachments which, once opened, activate the RAT and allow it to access the PC it is on.
Malicious downloads may be activated by unsuspecting users who are downloading them from illegal file sharing websites.
If hardware and software is not updated regularly, there is a chance that vulnerabilities may be discovered which a RAT can exploit.

RATs are stealthy types of malware and this cloak of invisibility is put in place by changes that the RAT makes to system settings and registry entries. With this deception in place, a RAT is then able to communicate to a command and control (C&C) server located in a remote location. This C&C server allows the RAT to transmit stolen data and, at the same time, gives the threat actor the opportunity to send commands directly to the RAT.

Some notable examples of RATs are ZuroRat from 2022, NginRAT from 2021 and, more recently, the QwixxRAT attack. All of these examples share one key thing in common: their main objective is to cause digital chaos for all those who fall victim. Accordingly, your organization needs to understand how to defend themselves against these threats.

Detecting and Protecting Against RATs

Protecting your IT infrastructure is far from difficult. In fact, as long as you implement the following measures, it’s relatively easy:

Always update your antivirus and anti-malware software. These security suites have the potential to put a strong barrier in place and detect any incoming malware. However, they also rely on regular updates to keep up to date on the latest threats. Therefore, you need to make sure these are put in place to maximize your defenses.
Make sure that network monitoring solutions are implemented to combat unauthorized network access. This means that your IT team will be able to identify unusual network traffic patterns and take actions to shut this down.

Email and web filtering can seriously reduce your risk of falling victim to a RAT. These excellent pieces of software will analyze and block any malicious attachments before they have a chance to reach your email inbox.

For more ways to secure and optimize your business technology, contact your local IT professionals.

SapphireStealer: The Threat of Open Source Malware

antivirus software, firewall, Open Source Malware, Ophtek, Phishing, SapphireStealerAntivirus software, firewall, open source malware, Ophtek, phishing, SapphirStealerOphtek, LLC

Oct 2023

Malware which can be enhanced always poses a huge risk to PC users, and the rise of open source malware like SapphireStealer is magnifying this problem.

Open source programs are those which have had their source code put online and made available not only for use, but also modification. This approach is usually chosen with the main objective being public, open collaboration between coders, and the resulting programs made available to the public for free. It’s the very definition of what the internet was created for, but this doesn’t mean these intentions are always well meaning. And the story of SapphireStealer makes for the perfect evidence.

What is SapphireStealer?

The name of SapphireStealer is somewhat of a giveaway in terms of what this malware does, it’s an information stealer. SapphireStealer was first published to GitHub (an online and public source code repository) towards the end of 2022. And it proved to be a hit. As well as being simple enough for basic hackers to launch attacks, SapphireStealer was open source and could be tinkered with by fellow hackers.

SapphireStealer originally started life with a basic set of capabilities, it would grab popular files – such as Word documents and image files – before emailing them to the hacker behind the attack. However, it wasn’t perfect, and there was plenty of room for improvement. It was a fantastic opportunity for the hacking community to see how they could enhance SapphireStealer. And this was exactly what they did.

By January 2023, new variants of SapphireStealer were detected which could steal a wider range of files, and this stolen data could now be relayed through Discord and Telegram servers. And, as it remained open source, anyone on the internet could now access these more robust and dangerous variants. SapphireStealer appears to infect victims through a variety of methods:

Infected email attachments
Malvertising
Social engineering
Illegal downloads

Minimizing the Threat of SapphireStealer

At present, SapphireStealer is relatively basic in terms of the threat it carries. It isn’t going to cause financial damage like, for example, ransomware will. However, it has evolved rapidly in less than a year, and its risk level is only going to rise higher. The fact that open source malware is proving so popular also indicates that more threat actors are going to enter the digital arena. Therefore, you need to make sure you IT infrastructures are heavily guarded:

Use a firewall: a tried and trusted security measure, a firewall puts a digital barrier between your organization and the internet. This means that you can monitor incoming and outgoing traffic and put filters in place to mitigate attacks and allow access to trusted users.
Make sure your employees are aware: SapphireStealer relies on a number of well-known infection methods, but these aren’t necessarily well-known to the average PC user. Accordingly, your employees need to understand the most basic attack methods and how to identify them e.g. the telltale signs of a phishing email.
Install antivirus software: it may seem like a no-brainer, but many organizations fail to put an effective antivirus suite at the forefront of their defenses. Even free antivirus software, such as Kaspersky Free, can make a significant difference to your digital safety.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Healthcare Organizations Targeted by new Lazarus Attack

Backup Strategies, Data Security, Lazarus, North Korea, Ophtek, Phishing, QuiteRATbackup, North Korea, Ophtek, phishing, QuiteRAT, security, updatesOphtek, LLC

Oct 2023

Healthcare organizations across the United States and Europe have recently found themselves targeted by Lazarus, the North Korean hacking group.

Lazarus, who are believed to have ties to the North Korean government, are well known in the world of cybersecurity. In 2022, Lazarus were rumored to have stolen a total of $1.7 billion worth of cryptocurrency across the year. So, yes, Lazarus is a force to be reckoned with. As their latest attack targets organizations rich in sensitive data, it’s important to understand their methods and determine the lessons that can be learned.

What Is Lazarus’ Latest Campaign?

At the heart of this new attack by Lazarus is the ManageEngine ServiceDesk. This management suite is used to help organizations manage their entire IT infrastructure. From networks and servers through to mobile devices and applications, ManageEngine helps make life easier for IT teams. It’s a highly popular management suite, with numerous Fortune 100 businesses implementing it. For healthcare organizations, it’s a crucial service which allows them to stay productive and support their IT systems.

However, as with all, applications, ManageEngine is not 100% secure. The CVE-2022-47966 vulnerability, which was discovered in January 2023, was first exploited by threat actors in February of the same year. This vulnerability allowed the deployment of QuiteRAT, a new and complex brand of malware. QuiteRAT let the threat actors steal data relating to the compromised device and, cleverly, allowed QuiteRAT to “sleep” in order to appear dormant and stay off the radars of security professionals.

Another part of the attack also involves a new strain of malware dubbed CollectionRAT, which has the ability to perform typical remote access trojan tasks such as executing commands on a compromised system. As with previous campaigns, this latest strike utilizes many of the trademark Lazarus tactics and innovations. For example, by using open-source tools to create CollectionRAT, the threat actors are able to launch their attacks more quickly and without raising the alarm immediately.

How Do You Protect Your Organization from Lazarus?

Naturally, the most obvious way to protect your IT infrastructure from Lazarus is to be prompt with installing software patches. Lazarus appears to have infiltrated these healthcare organizations due to a known vulnerability, so patching any holes within your IT systems is essential. Luckily, many updates, such as Windows, can be set to automatic and ensures that your applications are as secure as they can be.

Hacking groups, however, don’t rely solely on vulnerabilities to launch their attacks. In fact, they will deploy almost every technique you can think of to launch an attack. The best practices to stay safe from these are:

Create backups: when confronted with any form of malware, there’s a good chance that your business data will be at risk or being compromised or even permanently erased. Therefore, it’s important that your organization creates regular backups to preserve your data and productivity. One of the most comprehensive methods you should use is the 3-2-1 backup method.
Educate your staff on phishing: staff awareness of phishing is crucial due to the rising risk of phishing and social engineering attacks. Recognizing the telltale signs of a phishing email prevents the chances of data breaches and compromised credentials. This will result in a securer IT landscape for your organization and protect your networks and data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft Teams at Risk of Letting Malware In

install updates, malware, Microsoft Teams, Ophtek, Phishing, securitymalware, Microsoft Teams, Ophtek, phishing, security, updatesOphtek, LLC

Aug 2023

Microsoft Teams has experienced a surge in popularity among businesses since the pandemic, and this makes it a highly prized target for hackers.

Businesses find Microsoft Teams a powerful tool as it allows employees to work remotely, communicate and be productive. And it’s all through one app. This is why it’s a fantastic business solution and used by 280 million people. Naturally, the size of this audience is going to turn a threat actor’s head. Where there are high numbers of users, there’s an opportunity for malware to be successful. And that’s why the discovery of a vulnerability in Teams has caused so much concern.

The Vulnerability Lying Within Microsoft Teams

One of the main uses of Teams is as a communication tool, a nd this means that the potential for spreading malware via file transfers and linked hard drives is high. But this newly discovered vulnerability is very different. Therefore, it’s important you understand the threat it poses.

Now, Microsoft Teams allows you to communicate with a wide range of people within your organization. It also allows you to communicate with external parties e.g. subcontractors, clients and facility management teams. Usually, these external users are unable to transmit files to other organizations through Teams. And this is a good thing, as it lowers the risk of malware being sent between businesses.

However, the security protocols which are in place to stop unauthorized file sending can, it turns out, be compromised. Once this vulnerability is exploited, a threat actor can start sending malware direct to the Teams inbox of staff within that business. Often, the threat actors are increasing the chances of their attack being successful by setting up similar email addresses to that of their target. All it takes is for one employee to open the malware and it can start to spread.

While the incoming message will still be tagged as “External”, the busy nature of many employees’ days means that it’s likely this message will be ignored. Also, this method of attack is relatively new. Users are well drilled in the telltale signs of a phishing email, but a Teams instant message is very different. Accordingly, the risk of falling victim to this attack is concerning.

Staying Safe on Microsoft Teams

Curiously, Microsoft has advised that this vulnerability doesn’t, at present, warrant fixing. No doubt, at some point, it will be patched, but for now you should remain cautious. To help strengthen your defenses, make sure you practice the following:

Always update: there’s never an excuse for not carrying out software updates once they are available. It’s the quickest and simplest way to plug weak points in your cyber defenses, so, if they are not already in place, setting up automatic updates should be your priority.

Warn your staff: make sure that your staff are aware of this new threat to minimize the risk of your business falling victim. You can achieve this by sending out email updates to your staff and also updating your IT induction process to cover this new form of attack.

Reduce your availability: it’s possible to limit your communication through Teams to specific domains only. Again, this reduces your risk by ensuring that your staff can only communicate with trusted sources and not threat actors operating from similar, yet malicious domains.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Ukraine’s Military Hacked by Russian Backed USB Malware

malware, Ophtek, Phishing, Pteredo, Russian Hackers, Shuckworm, Ukraine, USB_malwaremalware, Ophtek, phishing, Pterodo, Russia, Shuckworm, Ukraine, USB_MalwareOphtek, LLC

Aug 2023

The news footage may focus on military strikes, but, behind the war in Ukraine, cyberattacks are being utilised as a major weapon by Russia.

Government-backed cyberattacks are nothing new, and they will continue to be utilized as part of global espionage campaigns for the foreseeable future. However, while these attacks are unlikely to be aimed at small businesses, the methods and techniques employed are likely to trickle down into the arsenal of smaller hackers. Therefore, in the near future, these powerful attacks could regularly be launched against your business.

At Ophtek, we pride ourselves on keeping our clients up to date on contemporary threats. But we also strive to keep you one step ahead of the hackers. And that’s why we’re going to take you through this latest attack.

Understanding the Mechanics of this Military Hack

Warfare has always relied on much more than just weapons, intelligence has always been equally important. And, with the rise of technology in the digital age, compromising IT equipment has proven to be highly rewarding in the pursuit of sensitive information. This latest attack, which has links with Russia’s FSB security service, has been launched by Shuckworm, a Russian threat actor with a long history of attacks.

February 2023 saw Shuckworm intensifying their attacks against Ukraine, a campaign which has been running for several years. Most notably, Shuckworm have been developing new malware in conjunction with command-and-control servers. Central to these attacks has been a strain of malware called Pterodo. Developed by Shuckworm, Pterodo is a backdoor attack which is executed when malicious USB drives are installed onto PCs. The first step that Pterodo takes is to install shortcut links on the infected PC, with these links given names such as evidence.rtf.lnk in order to tempt users into clicking them.

Clicking these links will install Pterodo on the user’s PC and allow Pterodo to spread through any connected drives and download further malware. To cover its tracks, Pterodo uses a number of innovative approaches. Numerous variants of Pterodo have been developed to bypass identification tools and, in order to conceal their identity, the related command-and-control servers regularly rotate their IP addresses. W hile the USB route for launching this attack appears to be Shuckworm’s preferred method, there is also evidence that it’s being spread through phishing emails.

How Do You Beat Military Backed Hackers?

Threat actors which receive government support are very powerful, but it doesn’t mean they are unbeatable. In fact, this latest attack by Shuckworm can easily be deflected by practicing the following:

Be wary of USB drives: USB drive attacks have been commonplace for many years, so it’s important that you don’t let your guard down. Mysterious USB drives which arrive in the mail or are found out in the parking lot should be fully scrutinized and never plugged into your PCs. As well as compromising data security, malicious USB drives also have the potential to destroy your PC.

Understand the hallmarks of phishing: businesses need to be vigilant against phishing campaigns in order to protect their IT infrastructure. Therefore, make sure your employees know how to identify telltale signs of phishing emails: misspellings, generic greetings, urgent demands, suspicious attachments/links, and email addresses with slight variations. If your team can stay alert to these threats, then you stand a much better chance of protecting your data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 … 11 Next »

Tag Archives: phishing