security Archives - Page 3 of 48

Malware Makes Its Way into Search Engine Ads

Google, google ads, malware, Online Security, Ophtekgoogle, Google ads, malware, Ophtek, securityOphtek, LLC

Apr 2023

Search engines are the gateway to the internet, but there’s a very real chance they may just be serving up malware each time you use them.

We all use search engines on a daily basis – with Google being the most popular choice – and, to be honest, we probably take them for granted in terms of security. However, the FBI is now warning that search engine results may represent a significant threat to the security of your PC. As with most security threats, this new technique relies on deception; in this instance, the threat actors are harnessing the power of search engine advertisements.

Due to our reliance on search engines, it’s important we understand the nature of this latest threat. And, to help you protect your IT infrastructure, we’re going to take you through the basics of this attack.

Malware by Advertising

Whenever you put a search request into, for example, Google, you will receive a long list of search results. The higher a result is, the more clicks it’s likely to get from people searching for that term. Search engines understand the importance of ranking high in their results and, therefore, they make it possible for people to pay to advertise at the very top of the search results. These advertisements look almost identical to the organic search results, with only a small “Ad” tag next to them. Accordingly, these can easily be mistaken for organic search results.

Despite many of these advertisements being legitimate, and merely paying to skip to the top of the search results page, the FBI has discovered many of these advertisements are linked to malware. Threat actors are purchasing advertising space which appears to be for genuine companies, such as finance platforms, and using very similar URLs to tempt people into clicking their link. However, these links are simply a way to redirect people to sites looking to distribute malware. Worse still, the advertisements used will often display a URL to a genuine site, but redirect you to an altogether different site.

Stay Safe from Fake Ads

The last thing you want to do is fall victim to a fake ad, after all you may simply be searching for somewhere to go and have lunch. Therefore, it pays to stay safe and know how to protect yourself from fake search engine ads. You can do this by practicing the following:

Check that top result: remember, it’s important you know what you’re clicking on, so make sure you double check any results at the top of Google. While, for example, it may look like a search result for Bank of America, the actual URL within the result may be slightly different e.g bank0famerica.com. And, if you click on it, you could quickly find yourself on a malicious site.

Always hover: the simplest way to determine the true destination of a link within search engine results is by hovering your mouse cursor over it. This will bring up a pop-up message which displays exactly where the link is going to take you.

Block Google ads: it’s possible to block Google ads from appearing in the search engine results page, all you have to do is install an ad-blocker such as Blockzilla. These apps filter incoming web pages – including search engines – and ensure any intrusive ads or promoted posts are blocked.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What is Ransomware as a Service?

Ophtek, Phishing, Ransomware, Security, Suspicious links, UpdatesOphtek, phishing, ransomware, security, suspicious links, updatesOphtek, LLC

Feb 2023

There’s a lot of money to be made in hacking and threat actors are now turning it into a business with Ransomware as a Service (RaaS).

Ransomware, of course, is well known to anyone who steps online in the digital age. With the ability to encrypt your data and demand a ransom fee, it has not only generated headlines, but also caused significant headaches for business owners. And, with ransomware attacks increasing by 41% in 2022, it’s a strategy which is showing no signs of slowing up. Therefore, not only do you need to be aware of ransomware, but you also need to keep up with associated developments such as RaaS.

As RaaS has the potential to create attacks which are both wider ranging and easier than before, it’s crucial you understand how it operates

The Basics of Ransomware as a Service

We’re all aware of what ransomware is, but what is RaaS? After all, surely ransomware is the opposite of a service? Unfortunately, for PC owners, ransomware software and attacks are now available for hire in the form of RaaS. Similar to Software as a Service (Saas) – examples of which include Gmail and Netflix – RaaS allows threat actors to harness the power of hacking tools without having to design them. If, for example, a threat actor doesn’t have the time (or skills) to build a ransomware tool, what do they do? They purchase one.

Typically, RaaS kits are found on the dark web, so don’t expect to find them taking up space on Amazon. Depending on the sophistication of the RaaS, the cost of purchasing them can range between $30 – $5,000. Threat actors looking to purchase RaaS are also presented with several different purchasing options such as one-time fees, subscription tiers or even affiliate models. It’s estimated that over $10 billion exchanges hands each year – mostly in cryptocurrency – for RaaS kits.

Examples of RaaS include Black Basta, LockBit and DarkSide, with more available for those looking to unleash ransomware easily and quickly. These RaaS kits are also much more than just hacking software, they also offer user forums and dedicated support teams to help customers get the most out of their ransomware. Again, this is very similar to the way in which successful SaaS developers provide extra value for their product. However, whereas SaaS is provided by legitimate developers, RaaS tends to be created by criminal gangs with the sole intent of generating illegal funds.

Staying Safe from Ransomware as a Service

The end result of an RaaS attack is the same as a standard ransomware attack, so there’s nothing specific you need to do if an attack comes through RaaS. Instead, you just need to stick to good old fashioned ransomware security practices:

Update your software: if a vulnerability is present within your software, then there’s a risk this could be exploited, and ransomware given full access to your data. To counter this, make sure that you have automatic updates approved on your PC to keep it as secure as possible.
Don’t click suspicious links: you should only ever click a link if you know exactly what you are clicking on and where it will take you. Always hover your mouse cursor over a link to reveal its true destination. All it takes is for one malicious click to be activated to launch a ransomware attack.
Always back up your data: falling victim to a ransomware attack only means your data is lost if you haven’t backed it up. Therefore, save yourself a financial headache by making sure multiple backups are in place to minimize any data loss.

For more ways to secure and optimize your business technology, contact your local IT professionals.

LastPass Hit by Security Incident

Hackers, LastPass, Ophtek, password manager, Password Security, Security, strong passwordshackers, LastPass, Ophtek, password manager, security, vulnerabilityOphtek, LLC

Feb 2023

What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service , one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

Change your LastPass password: your master password will be the password used to access the LastPass service, and this needs to be changed immediately. Any data breach means access has been compromised, so changing your master password is the first step to take. With your master password changed, you will instantly be reducing the risk of your passwords falling into the wrong hands.

Change all your stored passwords: the passwords stolen from LastPass are encrypted, but it makes bad sense to rely on this. Accordingly, we would recommend going through all your passwords on LastPass and changing them to new ones. With this completed, the details within the stolen password vaults will become redundant.

Make sure your LastPass password is not recycled: following a data breach, it’s always good practice to make sure your master password isn’t used on other platforms. For example, a threat actor may take your login details for LastPass and use a bot to automatically try them in thousands of different other platforms. As such, if you recycle your login credentials across platforms, you run the risk of these being compromised too.

For more ways to secure and optimize your business technology, contact your local IT professionals.

VMware Exploit Allows Hackers to Deliver Malware Package

install updates, malware, Ophtek, Security, VMware Exploit, Workspace ONEinstall updates, malware, Ophtek, security, VMware Exploit, Workspace ONEOphtek, LLC

Nov 2022

The importance of installing updates has been highlighted by VMware Users who have failed to update and found themselves at the mercy of malware attacks.

VMware is a tech company which specializes in providing both cloud computing services and virtualization technology (such as remote desktop software). Founded nearly 25 years ago, VMware has proved to be highly popular with businesses of all sizes. However, this experience doesn’t mean their software is perfect. In fact, no tech company – not even the biggest ones – can claim to create products which are 100% resistant to threat actors.

And that’s why VMware’s Workspace ONE Access service, an application which allows digital apps in an organization to be accessed on any device, has been compromised. The attack has been declared a significant one, so we’re going to take you through it.

Workspace ONE Compromised

The attack, which was discovered by security experts at Fortiguard Labs, centers around a vulnerability patched by VMware back in April 2022. However, this attack is still targeting this exploit, an indicator that the uptake of VMware’s patch has been poor. As a result, the CVE-2022-22954 vulnerability has the potential to open your PC up to all manner of malware.

If the vulnerability is still present, threat actors have the opportunity to launch remote code execution attacks against an infected PC. With the help of this foothold, the hackers have been able to download a wide range of malware to PCs and their associated networks. Examples involved in this attack have included:

Cryptoware
Ransomware
Software which removes other cryptomining apps
Malware used to spread the attack even further
Botnets

All of these campaigns are installed and operated separately, indicating that this is a well-organized attack by the unknown threat actors. Activity for the overall campaign peaked in August 2022, but it remains active as it seeks further users of Workspace ONE who have failed to patch their software.

Protecting Yourself Against Software Exploits

The impact of falling victim to the Workspace ONE vulnerability is huge as it attacks its victims on numerous fronts. Not only is there the financial risk of ransomware, but the activity of cryptoware and ransomware is going to seriously eat into the resources of your IT infrastructure. Therefore, you need to make sure you carry out the following:

Install all updates: if you are a Workspace ONE user then you need to ensure it’s fully patched and up to date. And, once this is complete, it’s crucial you make sure all your software is patched.

Monitor network activity: one of the most obvious signs of a botnet or cryptoware infection is a surge in network activity. Accordingly, it’s important to establish a benchmark for what constitutes ‘normal’ network activity within your organization. If this benchmark is breached, investigating it closer may reveal a malware attack is taking place.

Limit user access: minimizing the attack surface which a piece of malware has access to can reduce the impact of the attack. So, for example, if access to the Workspace ONE software was restricted to only those who need it, the chances of the exploit damaging the network would be reduced.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Stealer Malware Hidden in Fake Zoom Sites

Cyber Security, Data Security, malware, Ophtek, stealer malware, zoomCyber Security, Data Security, malware, Ophtek, security, stealer malware, zoomOphtek, LLC

Oct 2022

Six malicious websites have been discovered which claim to offer downloads of Zoom, but contain nothing but the Vidar stealer malware.

The popularity of Zoom – a video meeting application – has exploded in the post-Covid landscape we find ourselves living in. No longer do people need to travel for face-to-face meetings, they can now be conveniently arranged and carried out over video. Accordingly, the demand for Zoom is huge, with around 485 million downloads completed since 2020. Due to this popularity, a gang of cybercriminals have decided to use Zoom as the bait for downloading the Vidar stealer.

As your employees are likely to consider a Zoom install safe, it’s important that we delve a little deeper and demonstrate why it may be far from safe.

Beware of Fake Zoom Sites

Vidar has been an active threat for some time now, but this latest attack is a new campaign and carries a number of unique threats. The six sites, discovered by Cyble Research, use a variety of URLs such as ‘zoom-download’ and ‘zoomus’ to appear legitimate. And, if you visit one of these sites, the visual aesthetics are remarkably similar to the official Zoom website, but this is where all similarities end.

Attempting to download the Zoom application from these malicious sites will, instead, redirect you to a GitHub file depository. From here, two files will be downloaded to your temporary folder:

ZOOMIN~1.exe: this is a genuine Zoom installer which is included to create a front that nothing untoward is taking place.

Decoder.exe: this is the malicious file which injects Vidar’s ability to steal into the Microsoft Build Engine. With this infection in place, Vidar is then able to contact remote Command and Control servers and begin transmitting data from the infected PC.

Like most stealer malware, Vidar concentrates on extracting confidential data such as login credentials, network details and whether any further vulnerabilities are present in the IT infrastructure. If vulnerabilities are detected, then it’s highly likely these will be logged and sold by criminal gangs. Protecting yourself against Vidar, therefore, is crucial.

How to Avoid Having Your Data Stolen

The mechanics of the Vidar Zoom threat are relatively common in the world of malware, so it’s likely you will run into a similar threat at some point. The best way to protect your PCs is by following these practices:

Always Verify Websites: Vidar’s latest attack relies on poor judgement from its intended victims, the main error coming when they assume that the malicious website is genuine. Many antivirus suites contain tools which allow search results to be rated as to their level of safety, and there is also the option for these tools to present warning screens before accessing sites deemed unsafe. If these are unavailable, and you need to download some software, reach out to your IT team instead.

Install Updates: Vidar is keen on logging any vulnerabilities contained within your PC, so it makes sense to limit these vulnerabilities. The best way to achieve this is by always installing updates as soon as they are available.

Segment Your Network: to protect your data, it makes sense to adopt network segmentation. This procedure divides your network into different segments and allows you to keep them separate. Therefore, if one segment is breached, the others will remain protected, and this allows you to limit the spread of the malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 … 48 Next »

Tag Archives: security