security Archives - Page 2 of 49

CrowdStrike Causes Unprecedented Global IT Outage

Cloud Storage, CrowdStrike, cybersecurity, Ophtek, Updates, vulnerability, Windows updatecloud storage, CrownStrike, Ophtek, security, updates, vulnerability, Windows updateOphtek, LLC

Jul 2024

One of the world’s biggest ever IT failures has caused chaos for major IT infrastructures all over the world. And it was all thanks to a CrowdStrike update.

The damage was caused by a content update for Windows issued by CrowdStrike, a major player when it comes to cybersecurity firms. However, rather than providing an enhanced experience for Windows users, it resulted in many users finding that their PCs crashed. The ‘blue screen of death’ was a common sighting and numerous applications were rendered unusable. The CrowdStrike glitch wasn’t restricted to a small number of individuals either, it went all away the round and affected major organizations.

Understanding the CrowdStrike Flaw

CrowdStrike has been providing security solutions since 2011, and it now offers a wide range of security services. These are provided through cloud-based platforms and have seen CrowdStrike’s profile rise significantly. However, their recent update for their application Falcon Sensor – which analyzes active processes to identify suspicious activity – is responsible for the worldwide outage of IT systems.

Falcon Sensor runs within Windows and, as such, interacts directly with the Windows operating system. Falcon Sensor’s main objective is to protect IT systems from security attacks and system failures, but their latest update achieved the complete opposite. As a result of faulty code within the update, Falcon Sensor malfunctioned and compromised the systems it had been installed on. This led to IT systems crashing and unable to be rebooted.

CrowdStrike were quick to identify the fault as a result of their update, and reassured the global community this was not a global cyberattack. With the fault identified and isolated, CrowdStrike rapidly developed a fix. But the damage had already been done, and many systems remained offline due to the disruption.

Who Was Affected by the CrowdStrike Glitch?

The impact of the faulty CrowdStrike update was of a magnitude rarely seen in the IT world. With many IT infrastructures relying on Windows, countless systems crashed all over the world. Airport services were badly hit, and lots of airlines had to ground their planes due to IT issues. Banks and credit card providers were also affected, and numerous organizations were unable to take card payments as a result. Healthcare services, too, felt the full impact of the glitch and struggled to book appointments and allocate staff shifts.

The Aftermath of the CrowdStrike Disaster

Disruption to IT systems was still evident days after the CrowdStrike incident, and it’s expected this disruption will continue. Matters weren’t helped by the simultaneous failure of Microsoft Azure, a cloud computing platform, which also created a major outage.

While the outages were caused by a technical glitch, CrowdStrike issued an announcement the day after that cybercriminals may be targeting affected systems. Evidence in Latin America indicated CrowdStrike customers were being targeted by a malicious ZIP archive which contains HijackLoader, a module used to install various strains of malware.

Final Thoughts

Ultimately, this digital catastrophe was caused by a faulty piece of code, and Microsoft currently estimate it affected 8.5 million Windows devices. It could easily happen again and reinforces the need for good backup protocols, such as the 3-2-1 backup method. The CrowdStrike glitch may have been unforeseen, but with the correct preparation, you can minimize the impact of future incidents on your IT systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Snowflake Passwords Leaked Online Due to Malware

default settings, info-stealing malware, malware, multi factor authentication, offline backups, Ophtek, security audits, Snowflakebackup, malware, Ophtek, security, Snowflake, updatesOphtek, LLC

Jul 2024

Snowflake, a cloud data analysis company, has found itself under attack from malware, with the result that its customers passwords have been leaked online.

A leading cloud data platform, Snowflake was founded in 2012 and has experienced a rapid rise in the industry, with its current revenue estimated at $2.8 billion. This success has been founded upon innovative data analytics solutions and a number of leading clients such as Santander, Dropbox, and Comcast. For threat actors, Snowflake represents a tempting target, both in terms of the sheer amount of data they hold and financial value. And this is clearly why Snowflake has been attacked.

With threat actors claiming to have stolen hundreds of millions of customer records from Snowflake environments, the attack is clearly a significant one. Perhaps the most interesting aspect of the attack is that it appears to result from a lack of multi-factor authentication.

Cracking the Snowflake Infrastructure

Live Nation, a popular ticket sales service, was the first company to announce that their stolen data had been hosted on the Snowflake platform. Other Snowflake customers have come forwards to acknowledge a breach but are yet to name Snowflake as the hosts for this data. The attack appears to have been fueled by info-stealing malware, with the attack targeting PCs which had access to their organization’s Snowflake network.

How the initial attack was instigated remains unclear, but Snowflake has revealed that a demo account, protected with nothing more than a username/password combination, had been recently compromised. Whether this gave the threat actors direct access to Snowflake customer accounts is unknown, although it does point towards the threat actors establishing an early foothold. Snowflake has also disclosed that each customer is put in charge of their own security, and multi-factor authentication isn’t automatically enabled. This, Snowflake states, is how threat actors succeeded in hacking the compromised accounts.

Snowflake has advised all of its customers to switch on multi-factor authentication, but it appears to be too late for many. Whole lists of Snowflake customer credentials can be found available on illegal websites, with this data including email addresses alongside username/password combinations. Ticketmaster, another ticket sales platform, has been reported of having close to 560 million customer records compromised. This is a huge data breach, and one which has deservedly earned headlines.

The Importance of Multi-Factor Authentication

For Snowflake to have selected multi-factor authentication as an optional function, rather than a default security measure, is negligent. Regardless of this negligence, it’s also the responsibility of the compromised accounts to double check the available security measures. Therefore, to stay safe in the future, always carry out the following when working with external hosting providers for your data:

Always Check Default Settings: you can’t assume your default security settings are suitable for your organization, so always double check them before going live. For Snowflake customers, understanding multi-factor authentication wasn’t in place as default, could have avoided these data breaches.
Regular Security Audits: check with your hosts that regular security audits and penetration testing forms part of your agreement. These tests can help identify vulnerabilities and allow you to implement security measures, protecting the security of your network and data.
Schedule Offline Backups: while cloud computing offers fantastic benefits for backups, you should never rely solely on cloud networks. Instead, utilize offline backups as part of your backup strategy. These can be kept on site and, in the case of a network breach, will remain off-limits to external threat actors and ensure your data is preserved.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Best Ways to Secure Your Digital Documents

Backup, Data Breach, Data Security, digital documents, Ophtek, password protection, strong passwords, windows encryptionbackup, digital documents, Ophtek, password protection, security, strong passwords, vulnerability, windows encriptionOphtek, LLC

May 2024

Every business relies on digital documents, but the threat of data breaches and cyberattacks mean these documents must be correctly secured.

There are many types of documents a business uses daily such as Word, Excel, PDF, and digital images. All of these can contain sensitive information, and it’s no surprise threat actors want to get their hands on them. Not only can a threat actor use these to compromise other accounts, but they can cause real financial damage with them. Accordingly, it makes sense to secure your organization’s digital documents to keep them safe.

Securing Your Digital Documents

Your business may contain numerous files in different locations, but the good news is that securing all of them is straightforward. Just make sure you follow these best practices:

Password Protection: the simplest way to secure your digital documents is by implementing password protection. A common security measure for decades, passwords put a major barrier in the way of unauthorized access. Not all files can be password protected, but common files such as Microsoft 365 documents and Adobe PDF documents can.
Use Strong Passwords: central to good password protection is strong passwords. Never use passwords which are easy to guess e.g. using “password” or “admin”. Instead, always use passwords which combine upper and lower case characters with numbers and symbols. It’s also recommended that passwords are longer than 8 characters and different passwords should be used for different documents.

Restrict Access: it’s important to remember not every employee needs access to every single file within your organization. Your marketing team, for example, doesn’t need access to your finance team’s documents and vice-versa. Accordingly, you need to restrict access to only those who need it. The best way to achieve this is by setting up ‘restricted’ drives for each team to store their department-specific documents.
Use Windows Encryption: compromised devices present a goldmine of data for threat actors, but it’s possible to avoid this disaster by encrypting your devices. Yes, if you’re running Windows 10/11 Pro or Enterprise versions, it’s possible to encrypt data and provide access only to those with authorization. This is easy to put in place and, if Windows encryption is not available on the device, you may still be able to use BitLocker encryption to encrypt it.
Always Create Backups: in the event of a ransomware attack, your organization could find all of its documents encrypted and inaccessible. This is why creating backups is the surest way to enhance the security of your digital documents. The preferred method for executing this is with the 3-2-1 backup method, as this provides you with multiple copies in different locations. Complete loss of your data is minimized and there’s no need to pay any ransom fees.

Final Thoughts

All it takes is for a single file to be compromised by threat actors to cause major damage, so it’s crucial that you prioritize securing your digital documents. Putting the suggestions above into practice is relatively easy, and it ensures your data remains safe. So, don’t delay, secure your digital documents today and benefit from the peace of mind it provides.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Striped Fly Malware Infected 1 Million Hosts in 5 Years

install updates, malware, network security, Ophtek, screen attachments, secure firewall, Striped Flymalware, Ophtek, phishing, security, Striped Fly, updatesOphtek, LLC

Dec 2023

Malware and flies share one thing in common: they’re pesky. However, while flies help the ecosystem, the Striped Fly malware is nothing but trouble.

Striped Fly has recently hit the headlines, but Kaspersky has revealed they’ve found evidence of its malicious activity dating back to 2017. Unfortunately, no one had been aware of its true identity until now. This means Striped Fly has enjoyed a five-year campaign where not even a single security researcher knew of its existence. And Kaspersky estimate that this invisibility has allowed it to infect over one million Windows and Linux hosts.

In 2017, Striped Fly was mistakenly labelled as a cryptocurrency miner, falling under the Monero trojan family. Subsequent findings, however, have revealed that Striped Fly is much more sophisticated.

What is Striped Fly?

Striped Fly’s exact mechanism is not fully understood at present, but researchers believe they know how it operates. It’s suspected that the threat actors exploited an EternalBlue SMBv1 exploit to gain a foothold in internet facing PCs. After discovering evidence of Striped Fly within the WININIT.exe application – used to help load subsystems within Windows – Kaspersky determined that it then downloads further files.

These files typically come from online software depositories such as GitHub and BitBucket. These are used to build the final Striped Fly payload. Cleverly, Striped Fly comes with Tor network capabilities to encrypt its communications. Tor, of course, is an internet router service used to encrypt data transferred over its network. And this is part of the reason why Striped Fly remained hidden for so long.

The main talking point about Striped Fly is its sophistication and wide range of functions. Striped Fly is capable of harvesting login credentials, taking unauthorized screenshots of infected devices, stealing Wi-Fi network configuration details, transferring files to remote sources, and recording microphone output. Clearly, it poses a significant threat to all PC users.

Swatting Striped Fly Away

Striped Fly’s half-decade long campaign has proved to be highly successful. Accordingly, your organization needs to be on its guard against Striped Fly and any similar threats. Kaspersky hasn’t revealed a specific fix for Striped Fly but, as ever, vigilance and good security practices are key. So, make sure the following is part of your established cybersecurity strategy:

Install all updates: Kaspersky believe that Striped Fly was able to launch its initial attack thanks to a vulnerability it exploited. Therefore, installing all updates needs to be a priority for your organization. If there’s a hole in your defenses, you need to plug it. And a vulnerability represents a huge hole.
Screen all attachments: all email attachments should be screened as part of a vital defense process in protecting businesses against malware. Attachments can often contain a malicious payload such as phishing scams, cryptocurrency or trojans. Accordingly, employees should always know what to question before clicking an email attachment.
Use network security tools: installing firewalls and ensuring that your Wi-Fi networks are secured is a sure-fire way to protect yourself against the threat of malware. Striped Fly, after all, sought out Wi-Fi details and transmitted stolen files across compromised networks. With a secure firewall in place, this will reduce the likelihood of malware being able to operate effectively.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Healthcare Organizations Targeted by new Lazarus Attack

Backup Strategies, Data Security, Lazarus, North Korea, Ophtek, Phishing, QuiteRATbackup, North Korea, Ophtek, phishing, QuiteRAT, security, updatesOphtek, LLC

Oct 2023

Healthcare organizations across the United States and Europe have recently found themselves targeted by Lazarus, the North Korean hacking group.

Lazarus, who are believed to have ties to the North Korean government, are well known in the world of cybersecurity. In 2022, Lazarus were rumored to have stolen a total of $1.7 billion worth of cryptocurrency across the year. So, yes, Lazarus is a force to be reckoned with. As their latest attack targets organizations rich in sensitive data, it’s important to understand their methods and determine the lessons that can be learned.

What Is Lazarus’ Latest Campaign?

At the heart of this new attack by Lazarus is the ManageEngine ServiceDesk. This management suite is used to help organizations manage their entire IT infrastructure. From networks and servers through to mobile devices and applications, ManageEngine helps make life easier for IT teams. It’s a highly popular management suite, with numerous Fortune 100 businesses implementing it. For healthcare organizations, it’s a crucial service which allows them to stay productive and support their IT systems.

However, as with all, applications, ManageEngine is not 100% secure. The CVE-2022-47966 vulnerability, which was discovered in January 2023, was first exploited by threat actors in February of the same year. This vulnerability allowed the deployment of QuiteRAT, a new and complex brand of malware. QuiteRAT let the threat actors steal data relating to the compromised device and, cleverly, allowed QuiteRAT to “sleep” in order to appear dormant and stay off the radars of security professionals.

Another part of the attack also involves a new strain of malware dubbed CollectionRAT, which has the ability to perform typical remote access trojan tasks such as executing commands on a compromised system. As with previous campaigns, this latest strike utilizes many of the trademark Lazarus tactics and innovations. For example, by using open-source tools to create CollectionRAT, the threat actors are able to launch their attacks more quickly and without raising the alarm immediately.

How Do You Protect Your Organization from Lazarus?

Naturally, the most obvious way to protect your IT infrastructure from Lazarus is to be prompt with installing software patches. Lazarus appears to have infiltrated these healthcare organizations due to a known vulnerability, so patching any holes within your IT systems is essential. Luckily, many updates, such as Windows, can be set to automatic and ensures that your applications are as secure as they can be.

Hacking groups, however, don’t rely solely on vulnerabilities to launch their attacks. In fact, they will deploy almost every technique you can think of to launch an attack. The best practices to stay safe from these are:

Create backups: when confronted with any form of malware, there’s a good chance that your business data will be at risk or being compromised or even permanently erased. Therefore, it’s important that your organization creates regular backups to preserve your data and productivity. One of the most comprehensive methods you should use is the 3-2-1 backup method.
Educate your staff on phishing: staff awareness of phishing is crucial due to the rising risk of phishing and social engineering attacks. Recognizing the telltale signs of a phishing email prevents the chances of data breaches and compromised credentials. This will result in a securer IT landscape for your organization and protect your networks and data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 … 49 Next »

Tag Archives: security