phishing Archives - Page 7 of 12

New Phishing Scam Uses a Photo from the Webb Telescope

GO#WEBBFUSCATOR, network activity, Ophtek, Phishing, SMACS 0723, Updates, Webb TelescopeGO#WEBBFUSCATOR, network, Ophtek, phishing, SMACS 0723, updatesOphtek, LLC

Sep 2022

A new malware threat has been discovered which uses the public excitement around the Webb telescope to deliver a phishing scam.

The first image to be released by the Webb telescope project was entitled SMACS 0723, and its new, stunning view of the galaxy created headlines around the world. However, it’s this level of interest which has led to hackers using it as bait. The image is used as part of an email phishing scam and, unfortunately, fails to highlight the wonders of space. Instead, it compromises a PC and leaves it at risk of further attacks.

Phishing scams are a contemporary irritant in the IT security world, so we’re going to delve deeper into this one and see what we can do to help protect your PC.

The Threat from Outer Space

This latest strain of malware has been given the rather complex name of GO#WEBBFUSCATOR but the way in which it operates is simple. Security experts Securonix have discovered a phishing email – described as one promoting satellite service plans – which contains an infected Microsoft Office document. If this document is downloaded and opened, the malware will – if Word macros are enabled – begin to release its payload.

The malware begins by downloading the SMACS 0723 image, but this image is far from innocent as it contains hidden Base64 code. With this code activated, the infected PC is then systematically tested for vulnerabilities and weaknesses. Once these have been detected and analyzed, the hackers begin a campaign of exploitation to take control of the PC. It’s also interesting to note that the computer language behind this malicious code is constructed from Go, a cross-platform language which highlights the scope of the threat actors behind GO#WEBBFUSCATOR.

Staying Safe on Planet Earth

The number of vulnerabilities this malware targets, along with its deceptive approach, make it a powerful weapon for hackers. Therefore, protecting yourself against its dangers is paramount and you must make sure you:

Be mindful of phishing scams: the main threat that phishing scams employ is to push a sense of urgency or offering something that sounds too good to be true. Always double check any incoming emails for any links or attachments which appear suspicious e.g. hover your mouse cursor over links to discover the true URL destination.

Install all updates: threats such as GO#WEBBFUSCATOR rely on vulnerabilities being present on an infected system to unleash their full potential. The best way to combat this threat is by ensuring all updates are installed as soon as possible, ideally by setting up automatic updates. This approach minimizes the amount of damage that can be caused by malware which has gained unauthorized access.

Monitor network activity: once malware such as GO#WEBBFUSCATOR has made its way onto your PC, it’s likely that you will notice a surge in unusual activity on your network e.g. increased traffic and downloads. And this is likely to be one of the only signs you receive, so it pays to keep a close eye on any spikes in network activity.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

Cuba Ransomware Collects Over $40 Million in Ransom Fees

Backup, Cuba ransomware, Ophtek, Phishing, Ransomware, Updatesbackup, cuba ransomware, Ophtek, phishing, ransomware, updatesOphtek, LLC

Aug 2022

Using a new remote access trojan, threat actors behind the Cuba ransomware have amassed ransom payments estimated to be close to $44 million.

Over the past five years, countless headlines have been generated by the damage caused by ransomware attacks. Not only do they compromise access to your organization’s data, but they also have the potential to inflict painful financial damage. To make matters worse, these attacks are evolving to become more powerful and harder to prevent. In fact, on many occasions (and as we’ll see with the Cuba ransomware) these evolutions will take place over a matter of months.

Ransomware, therefore, is a very real threat to your organization’s IT network, so it’s important that you understand exactly how the Cuba ransomware operates.

What is the Cuba Ransomware?

Cuba was first detected in late 2019 before disappearing from the frontline and returning two years later in November 2021. Evidence of the Cuba ransomware has been detected in around 60 ransomware attacks, with 40 of these victims revealed to be US-based. Cuba is delivered to PCs through the Hancitor loader, a type of malware which is used to download and execute additional malware e.g. remote access trojans. Hancitor makes its way onto PCs through a variety of means such as phishing emails, stolen login credentials and software vulnerabilities.

Since Cuba first emerged onto the digital landscape, it has undergone a series of significant changes. The most notable changes have seen it terminating more processes before it locks files, widening the range of file types it encrypts and, believe it or not, enhancing its support options for victims wanting to pay. Cuba has also been observed operating a backdoor trojan called ROMCOM RAT, a piece of malware which deletes files and logs data to a remote server.

Protecting Yourself Against the Cuba Ransomware

With Cuba collecting ransom payments of over $40 million, it’s clear to see Cuba is a dangerously effective threat. It’s also important to point out there is currently no known decryption tool available to combat Cuba’s encryption methods. Accordingly, you need to be on your guard against this threat and any similar attacks. Therefore, make sure you practice the following:

Beware of phishing emails: one of the most common attack methods employed by hackers, phishing emails use social engineering techniques to pressure you into clicking links and downloading files. However, following the instructions within a phishing email are a guaranteed one-way ticket to having your PC compromised. Always check, double check, and then ask an IT professional to evaluate any suspicious links or documents you receive.

Have a strong backup game: if your files become encrypted by Cuba then the only option you have for unlocking your files is to pay a ransom fee or restore the files from a secure backup. When it comes to backups, there are a variety of options available and it pays to implement multiple backup strategies to preserve your data.

Install updates: Cuba has the power to exploit software vulnerabilities to gain unauthorized access to computer networks, so it’s crucial that you always install updates as soon as possible. The install process for updates can feel time consuming, but when you have the option to automate these installations, there’s no reason this shouldn’t take place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Forms of Hacking Which You May Not Be Familiar With

Free WiFi, Hacking, malicious code, malicious extensions, malicious links, malicious websites, Ophtekmalware, Ophtek, phishing, public wifi, ransomware, security, vulnerabilityOphtek, LLC

Jun 2022

All organizations are at risk of being hacked, and that’s why we’re familiar with the most common forms of hacking. But what about the lesser-known hacks?

With 300,000 new strains of malware being created every day, it comes as no surprise to discover that some of these are less familiar than others to PC users. And it’s this lack of familiarity which makes them so dangerous. Not only is it harder to be on your guard against them, but there’s also the small problem of not knowing how to remove them from an infected system. However, a little bit of education goes a long way. And that’s why we’re going to give you the lowdown on 5 forms of hacking which you may not be familiar with.

The Hacks You Need to Know About

Attack strategies such as phishing and ransomware are well known, so it’s time to learn about the lesser known cyberattacks you need to be prepared for:

SQL Injection Attacks: SQL is a common coding language used to design and manage databases, many of which are connected to a public facing website. Typically, these databases will hold significant amounts of secure data e.g. personal details and financial information. As a result, these are highly attractive targets for hackers. Attacks are made on these databases by injecting malicious SQL code and manipulating the server’s responses in numerous ways. This strategy allows hackers to gain access to unauthorized information and steal it.

Man in the Middle Attacks: using compromised IoT devices, or simply taking advantage of poorly secured public Wi-Fi, a Man in the Middle Attack allows threat actors to access your network connections. It’s a scenario which grants hackers the opportunity to monitor your communications and data transfers in real time. Therefore, confidential data can be stolen and traffic redirected with ease.

Brute Force Attacks: this is one of the oldest hacking strategies devised by hackers, but it doesn’t grab the headlines in the same way modern threats such as ransomware do. However, it remains an effective strategy, and one which is only getting more sophisticated. As the name suggests, brute force attacks launch a relentless campaign whereby a bot will try numerous login credential combinations until it finds the correct one to breach your security.

DNS Cache Poisoning: a DNS server takes domain names, such as ophtek.com, and translates them into an IP address which can be used to deliver data between two points. However, if a threat actor identifies a vulnerability in a DNS server, they can inject false data into its cache. This ‘poisoning’ of the DNS cache means that internet traffic will be directed away from its intended location, and this will most commonly be re-routed to a malicious website.

Fake Public Wi-Fi: hackers will go as far as setting up a fake public Wi-Fi which uses your company’s name or one that sounds similar. For example, a visitor to a Starbucks café, may detect a wireless network with a name such as “St@rbucks Free Wi-Fi” and assume it’s genuine. However, connecting to a public connection such as this opens a whole world of potential trouble. And, don’t forget, your own employees are also at risk of connecting their work devices to a fake Wi-Fi network, the result of which will expose your genuine network.

As with the most common forms of hacking, understanding the basics of good IT security is the most effective way to minimize the chances of these rarer attacks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Hello XD Ransomware is no Laughing Matter

Data Backup, Hello XD, Ophtek, Phishing, Ransomware, Russian Hackerbackup data, Hello XD, Ophtek, phishing, ransomware, Russian HackerOphtek, LLC

Jun 2022

The Hello XD ransomware was first spotted in the digital wild back in November 2021, but recent research indicates that it’s becoming more virulent.

There’s no such as ‘good’ ransomware, but it’s not unreasonable to describe Hello XD as ‘disastrous’ due to its enhanced capabilities. Whereas, previously, Hello XD focused its efforts on the standard ransomware practice of encrypting files, its evolved form now includes a backdoor feature. This enhanced functionality allows the transfer of data from infected PCs to external sources. Combined with its ransomware feature, this new form of Hello XD represents a huge security risk.

Ransomware is a highly problematic attack, and it’s one which your organization needs to avoid at all costs. Hello XD is the latest in a long line of ransomware attacks and, as ever, it could save you a fortune by understanding how it operates.

Hello XD Steps Up Its Game

Spread through various phishing techniques, Hello XD operates in the following manner once it arrives on a PC:

Hello XD’s first step is to disable shadow copy capabilities, this means that system snapshots cannot be saved or accessed. System recovery, therefore, can’t be used to counter the impact of Hello XD.

The infected system’s hard drive is then encrypted by Hello XD, all files are encrypted with a .hello extension and rendered inaccessible.

A ransom note is issued to the victim through a text file which instructs them to communicate with the threat actors through the TOX chat system. Featuring strong end-to-end encryption, TOX provides a cloak of secrecy for the hackers while they communicate with their victims.

Hello XD’s final move is to use its backdoor functionality – a program named Microbackdor – to steal files, wipe any evidence of the PC being compromised and execute remote commands.

Clearly, Hello XD packs a powerful punch and has the capability to bring your organizations IT operations to a halt. It is believed that Hello XD has been designed by X4K, a Russian-speaking hacker who has been advertising his wares on various hacking forums. It’s also likely that X4K will enhance Hello XD’s capabilities even further for future attacks, so it’s crucial you remain alert.

How Do You Say Goodbye to Hello XD?

The best way to avoid falling victim to Hello XD is by practicing the following:

Understand phishing techniques: Hello XD, and many other forms of ransomware, use phishing strategies such as mass emails to snare their victims. Emails, for example, which instill a sense of urgency over financial matters can be used to encourage users to open malicious attachments. However, if your employees understand the tell-tale signs of social engineering, they will be better placed to avoid falling victim to phishing attacks.

Keep backups offline: it’s essential that you keep backups of your data and system snapshots offline to retain control over your data. While this will not stop a ransomware attack, it does provide your organization with a solution if they are attacked. A threat actor will be unable to encrypt offline files, and this ensures that you can restore your data without paying a ransom.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Form of Malware is Sneakily Avoiding Detection

anti malware, Cyber Security, malware, OpenSUpdater, Ophtek, PC Security, PhishingAnti- malware, Cyber Security, malware, Ophtek, OpthSUpdater, PC Security, phishingOphtek, LLC

Sep 2021

Anti-malware tools provide a firm level of defense against hackers, but what happens when the malware can bypass detection tools?

Around 300,000 new pieces of malware are created daily, so it’s important that we can protect ourselves against this constant threat. Anti-malware tools such as Kaspersky and even in-built Windows security systems are crucial for providing this protection. Accordingly, you should find that your systems remain protected for most of the time. However, hackers are industrious individuals and are constantly looking to evolve their techniques. As a result of this ongoing adaptation, it appears that hackers have found a way around current detection methods.

The threat comes in the form of the OpenSUpdater and is one that you need to take seriously.

What is OpenSUpdater?

Digital signatures are used online to demonstrate that code is legitimate and accepted by Windows security checks. They are an important part of online security, but this has made them a viable target for hackers. In the case of OpenSUpdater, their online code samples are carrying manipulated security certificates which, despite these manipulations, are passed as authentic by Windows. More importantly, security tools which use OpenSSL decoding are unable to detect these malicious changes.

OpenSUpdater is free to bypass security measures and avoid being labelled as malware which is quarantined and deleted. The malware’s main method of attack is through riskware campaigns. This involves injecting malicious ads into the browsers of those infected and downloading further malware. The majority of targets so far have been found in the US and the malware typically bundled in with illegal downloads such as cracked software.

How Can You Protect Against OpenSUpdater?

This latest malware threat was detected by Google’s security researchers and has since been reported to Microsoft. A specific fix has not been announced yet, but hopefully something will be implemented shortly. In the meantime, however, it’s vital that you take steps to protect yourself. In particular, make sure you focus on the following:

Minimize User Privileges: There’s no real need for employees to be downloading software onto their workstations. All the tools they need should be readily available. However, some employees are likely to be tempted by things they see online, particularly the promise of quick fixes. The best way to reduce the risk of downloading malware is by eliminating download privileges for all but the IT team.

Educate on Phishing Techniques: Phishing is a dangerous hacking technique which uses email to push social engineering attacks. By instilling a threat of urgency to act upon an email’s call to action – such as ‘click here to download a vital security tool’ – hackers are able to deceive victims into downloading all kinds of malware. Thankfully, through continued training, your employees should be able to recognize phishing emails quickly and hit the delete button even quicker.

Do Not Abandon Detection Tools: Despite the ability of OpenSUpdater to bypass detection tools, this does not mean that these tools should be resigned to the scrapheap. They still play an essential role in providing digital security options and should remain in place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 5 6 7 8 9 … 12 Next »

Tag Archives: phishing