phishing Archives - Page 5 of 14

Safeguarding Your Business Against Social Engineering

complex passwords, malware, multi factor authentication, Ophtek, Phishing Email, Ransomware, social engineering, vulnerabilitycomplex passwords, malware, multi factor authentication, Ophtek, phishing, ransomware, social engineering, vulnerabilityOphtek, LLC

Dec 2023

One of the biggest threats to your organization’s IT comes in the form of social engineering attacks. Therefore, you need to keep your business protected.

In the digital age, there are many threats to your IT infrastructure. These can include ransomware, software vulnerabilities and malware. However, perhaps the most dangerous, and easiest to launch, attack involves social engineering. This attack relies on exploiting human psychology to gain a foothold within a targeted network. In many ways, it’s an age-old deception strategy from the physical world, but simply transferred over to the digital world. This article looks deep into the world of social engineering and should provide you with a better understanding of how to safeguard your business.

What is Social Engineering?

The main objective of social engineering, for a threat actor, is to convince individuals that divulging sensitive information or performing network actions is the right thing to do. Often, this strategy relies on phishing emails. These are emails which are sent to targets and claim to have been sent from someone they know e.g. a work colleague or a supplier. However, what the threat actor is trying to do here is either extract confidential information – such as login credentials – or encourage the target to click a malicious link.

Get Your Team to Recognize Social Engineering

Social engineering attacks will always be targeted at your employees, so this means that you need to invest in educating your employees. While an IT induction represents a good opportunity to warn them of the telltale signs of social engineering, the sheer range of social engineering strategies requires something more intensive. Accordingly, regular training courses which are followed up with refresher courses are highly recommended. Even better, sending randomised ‘spoof’ phishing emails internally can indicate which employees require tailored training.

Strengthen Your Authentication Processes

If you want to add an extra layer of defense to your IT infrastructure, strengthening your authentication processes is an excellent way of achieving this. Not only will this thwart social engineering campaigns, but it will also protect you against almost all other security threats. Therefore, make sure you focus on the following:

Integrate password rules which require your employees to create complex passwords e.g. using a mixture of case types, numbers and symbols.

Bring in multi-factor authentication to help protect your employees’ existing login credentials and place a further obstacle in the way of unauthorized access.
Put a time limit on passwords and ensure that they have to be updated within a set time e.g. every two months.

Secure Your Communication Channels

Applications such as Microsoft Outlook and Teams have revolutionized the way that businesses communicate, but they also represent a rich source of data. With this in mind, you need to secure these communication channels against the threat of social engineering. Encrypting data flowing in and out of these applications is paramount to protect the type of data that social engineering is hungry for. So, use VPN’s where possible and make sure your employees avoid using their devices on public Wi-Fi.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Latin America Banks Targeted by BBTok Malware Variant

anti malware, antivirus software, banking malware, banking trojan, BBTok Malware, firewall, Ophtek, Phishing Emailanti-malware, antivirus, banking malware, BBTok, firewall, malware, Ophtek, phishingOphtek, LLC

Nov 2023

Back in 2020, a new banking trojan by the name of BBTok emerged into the digital landscape and was responsible for numerous attacks. And now it’s back.

Banks in Brazil and Mexico appear to be the main targets of BBTok’s new campaign, and it’s a variant which is far more powerful than any of its previous incarnations. Its main deceptive threat is that it is able to spoof the interfaces of 40 different banks in Brazil and Mexico. This means that it’s perfectly placed to harvest sensitive data. In particular, this new strain of BBTok is deceiving victims into disclosing their credit card details and authentication codes. This gives the campaign a financial angle and highlights the serious threat it poses.

How Does BBTok Launch Its Attacks?

BBTok’s latest strategy begins with a phishing email, one that contains a malicious link which kickstarts the attack by launching the malware alongside a dummy document. BBTok is particularly successful as it has been coded to deal with multiple versions of Windows, and it also tailors the content of the attack to both the victim’s country and operating system. BBTok also allows the threat actors behind it to execute remote commands and steal data without the victim being aware.

Most notably, however, is the way in which BBTok replicates the interface of numerous banking websites – such as Citibank and HSBC – to truly deceive the victim. Appearing to be genuine at first glance, these interfaces are used to trick victims into entering security codes and passwords associated with their accounts. This gives the threat actors full access to their financial data and, more disturbingly, full control over their finances. This means that unauthorized payments and bank transfers can quickly land the victim in severe financial trouble.

How to Stay Safe from Banking Malware

In an increasingly digital world, where we all make numerous financial transactions online every week, it’s important to remain guarded against banking malware. As well as the financial damage that malware such as BBTok can cause, it can also create a foothold for threat actors to delve deep into your networks. And this represents a major threat to the security of both your data and your customer’s data. Accordingly, you need to stay safe, and here are some crucial tips to help you:

Beware of phishing emails: your employees should always be cautious when opening emails or clicking on links from unknown sources. As with BBTok, many banking trojans spread through phishing emails which trick you in to visiting fake banking websites. This provides threat actors with the perfect opportunity to harvest your credentials. Therefore, make sure that your employees know how to quickly identify a phishing email and what to do with them.
Install a firewall: putting a firewall in front of your network is a vital step in strengthening your digital defenses. Firewalls act as keen-eyed gatekeepers who scrutinize incoming and outgoing traffic, this allows them to determine whether traffic is trusted and whether any alarms need to be raised. Banking trojans, of course, often transmit stolen data out of your network, so a firewall is the perfect way to identify and prevent this activity.
Strong endpoint security: to protect your network against malware, it’s essential that you employ robust cybersecurity measures throughout your business. In particular, employee workstations and mobile devices are most at risk, so installing advanced antivirus and anti-malware software here should be a priority.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Major US Casinos Hit by Ransomware

BlackCat, educate team, MGM, Ophtek, Phishing, protection, Ransomware-as-a-Service, social engineeringBlackCat, educate team, MGM, Ophtek, phishing, protection, ransomware as a service, social engineeringOphtek, LLC

Nov 2023

A major ransomware attack on the MGM brand of casinos has led to the firm’s IT systems having to be shut down.

The ransomware-as-a-service hacking group BlackCat has taken responsibility for the attack, and it’s an attack which has caused major issues for MGM. IT systems responsible for processing electronic payments, digital key cards, parking systems and ATMs have all been impacted by this attack. While the attack is considered major, it was executed by the simplest of means. As ever, this attack on MGM contains some important lessons for organizations to learn and enforce.

How Were the MGM Casinos Hacked?

The MGM attack was made possible by the use of social engineering techniques. In particular, BlackCat identified an MGM employee by scouring related profiles on LinkedIn. With this information at their disposal, the threat actors contacted the MGM help desk and used this employee’s details as their way into the system. The exact nature of the breach, for security reasons, has not been disclosed, but it’s believed that it only took 10 minutes for BlackCat’s strategy to be successful.

BlackCat, with full access to MGM’s IT infrastructure, set about issuing demands to MGM through a secure communication channel they had put in place. However, MGM refused to pay any of the ransom fees demanded by BlackCat. Instead, on the recommendations of their security team, MGM began shutting their Okta servers – used for authorization processes – down.

However, BlackCat were able to remain active on the network due to the administrator privileges that they had gained during the attack. And, in response, BlackCat set about compromising over 100 hypervisors – applications which are used to manage virtual machines located on a PC – and encrypting the data contained on them.

BlackCat, again, brought their ransom demand to the table and also threatened to launch further attacks if this was not met.

How Could MGM Have Protected Their IT Systems?

As a thriving, world-famous organization, MGM could have done without the headlines relating to the attack by BlackCat. And, as with all social engineering attacks, this could have easily been avoided if MGM had practiced the following:

Be skeptical: unsolicited requests for information should always be treated with caution. If personal information is being requested, then always question the person, even if they appear to be legitimate, asking for the information. More importantly, take steps to verify their identity through official channels to confirm their authenticity.
Educate your team: it’s important that you familiarize your team with the most common social engineering tactics such as phishing emails and baiting. Awareness of these techniques will allow your staff to recognize these manipulative techniques before they can execute their malicious payloads.
Protect personal information: it’s crucial that you always protect sensitive data such as passwords, financial details, and personal identification. Avoid sharing such information with strangers or unverified individuals, such as on social media sites – as social engineers often harvest these channels to discover vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

A Remote Access Trojan (RAT) is one of the most common forms of malware you are likely to encounter, and it’s crucial you understand what they are.

It’s important for all organizations to be aware of the danger posed by a RAT in terms of cybersecurity. After all, a RAT could easily take down your entire IT infrastructure or compromise your business data. And all it takes is one mistake for your team to fall victim to a RAT. Due to the severity posed by RATs, we’re going to define what a RAT is, how they work, and the best way to defend and protect against this threat.

The Basics of a RAT

A RAT is a strain of malware which is designed to give threat actors unauthorized access and control over a victim’s PC from a remote location. This is always completed without the victim’s consent, a fact made possible by the stealthy nature of a RAT.

For a RAT to succeed, it first needs to infect the victim’s PC, and this can be achieved in the following ways:

Phishing emails may be used to send malicious attachments which, once opened, activate the RAT and allow it to access the PC it is on.
Malicious downloads may be activated by unsuspecting users who are downloading them from illegal file sharing websites.
If hardware and software is not updated regularly, there is a chance that vulnerabilities may be discovered which a RAT can exploit.

RATs are stealthy types of malware and this cloak of invisibility is put in place by changes that the RAT makes to system settings and registry entries. With this deception in place, a RAT is then able to communicate to a command and control (C&C) server located in a remote location. This C&C server allows the RAT to transmit stolen data and, at the same time, gives the threat actor the opportunity to send commands directly to the RAT.

Some notable examples of RATs are ZuroRat from 2022, NginRAT from 2021 and, more recently, the QwixxRAT attack. All of these examples share one key thing in common: their main objective is to cause digital chaos for all those who fall victim. Accordingly, your organization needs to understand how to defend themselves against these threats.

Detecting and Protecting Against RATs

Protecting your IT infrastructure is far from difficult. In fact, as long as you implement the following measures, it’s relatively easy:

Always update your antivirus and anti-malware software. These security suites have the potential to put a strong barrier in place and detect any incoming malware. However, they also rely on regular updates to keep up to date on the latest threats. Therefore, you need to make sure these are put in place to maximize your defenses.
Make sure that network monitoring solutions are implemented to combat unauthorized network access. This means that your IT team will be able to identify unusual network traffic patterns and take actions to shut this down.

Email and web filtering can seriously reduce your risk of falling victim to a RAT. These excellent pieces of software will analyze and block any malicious attachments before they have a chance to reach your email inbox.

For more ways to secure and optimize your business technology, contact your local IT professionals.

SapphireStealer: The Threat of Open Source Malware

antivirus software, firewall, Open Source Malware, Ophtek, Phishing, SapphireStealerAntivirus software, firewall, open source malware, Ophtek, phishing, SapphirStealerOphtek, LLC

Oct 2023

Malware which can be enhanced always poses a huge risk to PC users, and the rise of open source malware like SapphireStealer is magnifying this problem.

Open source programs are those which have had their source code put online and made available not only for use, but also modification. This approach is usually chosen with the main objective being public, open collaboration between coders, and the resulting programs made available to the public for free. It’s the very definition of what the internet was created for, but this doesn’t mean these intentions are always well meaning. And the story of SapphireStealer makes for the perfect evidence.

What is SapphireStealer?

The name of SapphireStealer is somewhat of a giveaway in terms of what this malware does, it’s an information stealer. SapphireStealer was first published to GitHub (an online and public source code repository) towards the end of 2022. And it proved to be a hit. As well as being simple enough for basic hackers to launch attacks, SapphireStealer was open source and could be tinkered with by fellow hackers.

SapphireStealer originally started life with a basic set of capabilities, it would grab popular files – such as Word documents and image files – before emailing them to the hacker behind the attack. However, it wasn’t perfect, and there was plenty of room for improvement. It was a fantastic opportunity for the hacking community to see how they could enhance SapphireStealer. And this was exactly what they did.

By January 2023, new variants of SapphireStealer were detected which could steal a wider range of files, and this stolen data could now be relayed through Discord and Telegram servers. And, as it remained open source, anyone on the internet could now access these more robust and dangerous variants. SapphireStealer appears to infect victims through a variety of methods:

Infected email attachments
Malvertising
Social engineering
Illegal downloads

Minimizing the Threat of SapphireStealer

At present, SapphireStealer is relatively basic in terms of the threat it carries. It isn’t going to cause financial damage like, for example, ransomware will. However, it has evolved rapidly in less than a year, and its risk level is only going to rise higher. The fact that open source malware is proving so popular also indicates that more threat actors are going to enter the digital arena. Therefore, you need to make sure you IT infrastructures are heavily guarded:

Use a firewall: a tried and trusted security measure, a firewall puts a digital barrier between your organization and the internet. This means that you can monitor incoming and outgoing traffic and put filters in place to mitigate attacks and allow access to trusted users.
Make sure your employees are aware: SapphireStealer relies on a number of well-known infection methods, but these aren’t necessarily well-known to the average PC user. Accordingly, your employees need to understand the most basic attack methods and how to identify them e.g. the telltale signs of a phishing email.
Install antivirus software: it may seem like a no-brainer, but many organizations fail to put an effective antivirus suite at the forefront of their defenses. Even free antivirus software, such as Kaspersky Free, can make a significant difference to your digital safety.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 3 4 5 6 7 … 14 Next »

Tag Archives: phishing