PowerPepper Malware is the Master of Evasion

attachments, malware, Ophtek, PowerPepper, shell terminals, , , ,
15
Dec 2020

There’s only one thing worse than malware and that’s malware which is difficult to detect. And PowerPepper is incredibly difficult to detect. 

Discretion is one of the most crucial aspects of any form of hacking. A well-executed hack should remain invisible to the victim for as long as possible. Such a scenario allows a hacker to cause maximum damage and also gives them time to cover their tracks. Thankfully, good security practices should either eliminate this risk from happening or, where anti-malware apps are in place, provide an early warning. But hackers are well aware of these defenses and are constantly trying to outwit them. 

The emergence of the PowerPepper malware demonstrates that hackers have (temporarily) succeeded in hiding their activities better than ever before. 

What is PowerPepper? 

PowerPepper, discovered and named by Kaspersky, is a new strain of malware which is believed to have been designed by hacking group DeathStalker. Active since 2012, DeathStalker has made a name for themselves by developing numerous strains of innovative malware. Complex delivery chains are their trademark, but what really stands out is their dedication to evading detection. And PowerPepper is the latest development in DeathStalker’s abilities. 

First discovered in May 2020, PowerPepper allows hackers to carry out shell commands from a remote location. But what is a shell command? It’s not something that the average PC user will ever carry out, but a shell command allows you to control your computer by using commands entered with a keyboard through special apps such as Terminal. Naturally, this is a highly valuable app to exploit and DeathStalker have made sure that PowerPepper is not detected. It does this by filtering the clients MAC address, tailoring its processes to deceive anti-malware tools and evaluating mouse movements. 

For PowerPepper to take hold, of course, it needs to get on to a victim’s PC. And it does this through a variety of spear phishing campaigns. These attacks utilize both malicious links and email attachments in a number of ways aimed at reducing detection e.g. hiding malicious code in embedded shapes in Word documents and using compiled HTML files to obscure malicious files. 

How Do You Protect Your PCs? 

PowerPepper has already gone through a number of changes since it was first discovered, so keeping on top of it is difficult for even the most knowledgeable PC user. However, there are plenty of preventative measures you can take: 

  • Install all Updates: One of the surest methods to protect your PC systems is by ensuring all their software and hardware is up to date. This is easily achievable by installing all the relevant updates your system needs. The last thing that you want to present malware with is a back door entry point, so eliminate this by installing all updates.

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Google’s Password Checkup Aims to Secure Your Passwords

Ophtek, Password Security, Passwork Checkup, Security, , , , , ,
01
Dec 2020

Passwords are crucial in IT security and will remain relevant for the near future. But Google’s Password Checkup shows there’s always room for improvement. 

We all have a long list of passwords that we use to access various IT apps and services. They’re perhaps the simplest, but most effective step you can take in thwarting hackers. Without a password it’s almost impossible to gain unauthorized access to an IT system. That’s why social engineering and phishing emails have become so popular with hackers. And one of the major problems with passwords is that computer users have a tendency to recycle the same passwords for different IT systems.  

Passwords, therefore, have a number of flaws. Thankfully, Google have designed the Password Checkup app to verify the security of your passwords. 

What is Password Checkup?  

It’s difficult to keep up to date with the sheer number of passwords we use on a daily basis. The simplest way to combat this is to write all your passwords down, but this is one of the biggest password mistakes you can make. Now, instead of writing these passwords down, you can store them in your Chrome browser. As long as you’re running a Google account which is synced to your Chrome browser, you will be able to securely store your passwords. Naturally, this is useful for auto-complete password functions – although even this is risky – but the functionality doesn’t stop here. 

The most exciting and useful feature of Password Checkup is that it will automatically tell you if your login details have been breached. A sophisticated and clever password manager, Password Checkup is linked to a database containing in excess of four billion login credentials. These username/password combinations have all, at some point, been leaked online in large scale hacks. This could potentially mean that, for example, your existing Gmail credentials are visible online for anyone to see. With Password Checkup on your side, however, you will receive an alert in your Chrome browser that your login details have been breached. 

And, going back to the fact that many of us recycle our passwords, these Password Checkup alerts serve as a nudge to use unique passwords. After all, if a hacker knows that you have used the password “abc123” on your Gmail account, there’s every chance you may have used the same password on your Facebook account. Anything that reduces the time taken to breach an account is a win for hackers and you need to minimize this wherever possible. 

How to Use Password Checkup 

Password Checkup originally started as a standalone Chrome add-on and this continued to work until September 2020. The reason for retiring this add-on was down to Google deciding to build Password Checkup into the Chrome browser as an integral component. Therefore, the only way to access the Password Checkup service now is by using an up to date version of Chrome. You must, of course, sign into your Chrome browser with a Google account in order for your details to sync. Ultimately, using Password Checkup will make your online experience safer and securer. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Understanding the Basics of Botnet Attacks

botnets, Hackers, Online Security, Ophtek, PC Maintenance, Security, Updates, , , ,
03
Nov 2020

The internet has connected us to each other in a way we would have thought impossible a few decades ago. But these massed connections can be very dangerous.

The beauty of the internet is that one PC can connect to another PC with relative ease. And these connections allow us to pool resources, share information and provide services. The foundations of almost every web service are based upon collections of PCs all working together to deliver an end result. These are often automated tasks that allow a website to continue operating correctly. But the fact that these PCs are generally left to their own devices means they aren’t actively monitored. And this situation makes them a security risk.

Known as botnets, these collections of PCs can have their cumulative power put to use for the gains of hackers.

What are Botnet Attacks?

While most botnets combine harmless coding with hardware, malicious botnets are another matter. A malicious botnet can gain access to your PC via two methods:

Regardless of the strategy involved, the end result is the same: an infection which adds your PC to the hacker’s botnet. Naturally, the more PCs added to the botnet, the more powerful it is. And, with the infection in place, the hacker will have full control of your PC. This allows them to carry out the following tasks:

  • Spread across the rest of your organization’s PCs by executing malware in order to swell the numbers of the botnet
  • Loading fake adverts in your internet browser designed to trick you into providing financial details to malicious websites
  • Use the cumulative processing power of all the PCs in a botnet to carry out DDoS campaigns in order to take websites down
  • Generating spam emails to be automatically sent from your organization’s email server

How Can You Protect Against Botnets?

As you can tell, a botnet attack will do your organization no favors and will cause untold damage to other businesses it targets. Therefore, you need to put these precautions into place:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Malware That Cannot Be Deleted

Kaspersky, malware, Ophtek, Security, Trojans, , ,
27
Oct 2020

Removing malware threats from your PC is the simplest way to keep it safe from the attentions of hackers. But what happens when you can’t delete it?

Anti-malware software is fantastic at providing you with a means of removing malware from a PC. It can quickly scan your PC for threats and delete them with the minimum of fuss. But the ease with which malware can be removed has provided hackers with an appetizing challenge. What if they could create a strain of malware which couldn’t be deleted? It’s been the holy grail for malware developers since the first virus was created. And it’s a quest which has now been achieved.

A form of malware that cannot be deleted presents many problems for PC users, so let’s take a look at what it consists of.

The Invincible Malware

The unnamed malware was recently discovered by security giants Kaspersky and has left even them scratching their heads at its origin and construction. What they do know is that it’s a highly persistent threat and one that has been designed to resist deletion. It succeeds with this strategy as, rather than targeting a PC’s hard drive, it focuses its attack on a PCs motherboard. In particular, this new malware targets PC’s Unified Extensible Firmware Interface (UEFI). The approach of exploiting the UEFI is novel as it is involved in booting up a PC. Therefore, it is separate from your hard drive and will remain untouched by any operating system reinstalls.

Once the UEFI malware is in place it acts much like any conventional malware. Its first task is to create a Trojan file in the Startup folder under the name of IntelUpdate.exe. Without some in-depth investigation, the average PC user is unlikely to know this is even present. But even if it is noticed, and a user decides to delete it, the IntelUpdate app will simply reinstall once the PC is rebooted. And it’s an app which will cause your PC further troubles. IntelUpdate will not only install further malware, but it will spy on your PC activity and transmit data and files back to a command and control server which appears to be located in China.

How Do You Defeat the Undeletable?

The prospect of a malware strain which cannot be deleted may leave you wondering how you can ever be protected from it. Thankfully, it can be deleted, but not by conventional means. Security tools are now available from firms such as Kaspersky and Microsoft which scan firmware on PCs. It’s recommended that you upgrade your anti-malware tools to include this option to counter this new attack strategy. The means by which this latest malware is spread is currently unknown, but it’s recommended that you follow these security tips to maximize your defenses:

· Install all updates and patches as soon as your PC prompts you to do so · Practice vigilance when dealing with incoming emails which contain attachments and links · Make sure that your workforce understand how to create strong passwords

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Zerologon is the Latest Microsoft Vulnerability

Ophtek, patches, PC Security, Windows vulnerability, Zerologon, , , ,
13
Oct 2020

Microsoft may be one of the leading names in PC technology, but hackers have recently exposed their Zerologon vulnerability.

A vulnerability is a flaw within a PC which can be exploited and used to gain access to the PC in question. These vulnerabilities can be found in both software and hardware, so pretty much everything on your PC is at risk. Thankfully, the majority of your PC’s apps and components will be secure. But PCs are complex pieces of machinery. The sheer amount of coding involved means that it’s inevitable that mistakes will be made and gaps not plugged. And this is what hackers spend half their lives looking for.

Protecting your PCs is a crucial part of any organization’s security, so we’re going to take a closer look at the Zerologon vulnerability.

What is Zerologon?

Zerologon is not an app or piece of hardware that you will find in your PC, it’s simply the name that has been assigned to this new vulnerability. To understand what the Zerologon flaw is would require degree-level knowledge of how PC software works. But we can describe it in layman’s terms. If a PC is logging on to a specific type of server – one that uses NT LAN Manager – then it performs a specific logon process. But where part of the code behind this logon should contain a random number it actually contains four zeros. And it’s these four zeros that give the vulnerability its name.

How is Zerologon Exploited?

Hackers can exploit the Zerologon flaw within seconds as the number of encryption keys needed to decipher the four zero text is relatively small. With access to a PC account secured, the hacker is then able to begin changing passwords within the network. It’s a strategy which, as well as being quick, also grants full control of the PC. This means that a hacker with unauthorized access has the potential to start injecting malware – such as ransomware – onto the network. And this is where your problems will really begin.

Can You Patch Zerologon?

The good news is that Microsoft has quickly released a patch to address the Zerologon vulnerability. Installing this patch should be labeled a priority to protect your organization’s network. The average time taken on install a patch is between 60 – 150 days which is far too slow. All it takes to install the Zerologon patch is a few seconds, so there are few excuses for delaying it. The best rule of thumb, when it comes to patches, is to install them immediately to nullify any threats.

Final Thoughts

As long as software and hardware is being designed then there will be flaws in their build. Designers are only human and mistakes will happen. Vulnerabilities may be inevitable, but your networks don’t need to fall foul of them. While a PC user will be the last party to know about the emergence of a threat such as Zerologon, they can help their case by installing any patches as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 8 9 10 11 12 48