Malware constantly evolves, and that’s why it’s a constant thorn in the side of PC users. The ever-changing RapperBot malware is a perfect example of this. 

If malware was boring and lacked innovation, it wouldn’t last very long or infect many computers. It would make our lives a lot easier, but it would defeat the main objective of malware. And that is to cause chaos. Repeatedly. Therefore, malware developers are keen to extend the lifespan of their creations. This is why malware is regularly developed, to keep one step ahead. It’s the digital example of a game of cat and mouse. But the good news is that you don’t have to be the mouse. 

The Lowdown on RapperBot and Its Evolution 

First discovered in 2022, RapperBot started its malware career in the Internet of Things (IoT) niche. Most notably, RapperBot was observed to be using parts of the Mirai botnet code. However, RapperBot was much more than just another take on Mirai. It was much more sophisticated. Not only had its remote access capabilities been upgraded, but it could now also brute force SSH servers – these allow two PCs to communicate with each other. 

This evolution has continued at pace, with security experts Fortinet and Kaspersky detecting the following changes: 

  • After infection, further code was added into RapperBot by the developers to avoid detection. A situation which persisted even after rebooting. A remote binary downloader was later added to allow self-propagation of the malware. 
  • The self-propagation capabilities of RapperBot were later changed to allow the malware to gain constant remote access to SSH servers which had been brute forced. 
  • Finally, RapperBot moved its aim away from SSH servers and targeted telnet servers. Cleverly, RapperBot sidestepped the traditional technique of using huge data lists and, instead, monitored telnet prompts to determine the target device. This allowed the threat actors to identify IoT devices and quickly try their default credentials. 

The Best Tips for Tackling RapperBot 

IoT devices are plentiful in the modern age, and we certainly couldn’t be without them. Accordingly, we need to protect them from threats such as RapperBot and BotenaGo. You can do this by following these best tips: 

  1. Keep devices up to date: it’s crucial that you regularly update the firmware and software which supports your IoT devices. Few, if any, pieces of hardware reach consumers without some form of security flaw present. Once these flaws are detected, the manufacturer will usually release a patch or update to remove this vulnerability. Therefore, you need to install these as soon as possible, a strategy which is made easy by allowing automatic updates. 
  1. Change default passwords: Many IoT devices come with default usernames and passwords, these are often the same across every single version of that device. As such, they represent an incredible risk. This means you need to change these default credentials to strong, unique usernames and passwords before they are connected to your IT infrastructure. Additionally, enable two-factor authentication, wherever possible, to add an extra layer of security. 
  1. Network segmentation: ideally, separate networks should be created to house your IoT devices and isolate them from your core network. As IoT devices carry a certain amount of risk, it makes sense to keep them away from the majority of your IT infrastructure. This ensures that, if an IoT device does become infected, the malware can only spread so far. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


Search engines are the gateway to the internet, but there’s a very real chance they may just be serving up malware each time you use them.

We all use search engines on a daily basis – with Google being the most popular choice – and, to be honest, we probably take them for granted in terms of security. However, the FBI is now warning that search engine results may represent a significant threat to the security of your PC. As with most security threats, this new technique relies on deception; in this instance, the threat actors are harnessing the power of search engine advertisements.

Due to our reliance on search engines, it’s important we understand the nature of this latest threat. And, to help you protect your IT infrastructure, we’re going to take you through the basics of this attack.

Malware by Advertising

Whenever you put a search request into, for example, Google, you will receive a long list of search results. The higher a result is, the more clicks it’s likely to get from people searching for that term. Search engines understand the importance of ranking high in their results and, therefore, they make it possible for people to pay to advertise at the very top of the search results. These advertisements look almost identical to the organic search results, with only a small “Ad” tag next to them. Accordingly, these can easily be mistaken for organic search results.

Despite many of these advertisements being legitimate, and merely paying to skip to the top of the search results page, the FBI has discovered many of these advertisements are linked to malware. Threat actors are purchasing advertising space which appears to be for genuine companies, such as finance platforms, and using very similar URLs to tempt people into clicking their link. However, these links are simply a way to redirect people to sites looking to distribute malware. Worse still, the advertisements used will often display a URL to a genuine site, but redirect you to an altogether different site.

Stay Safe from Fake Ads

The last thing you want to do is fall victim to a fake ad, after all you may simply be searching for somewhere to go and have lunch. Therefore, it pays to stay safe and know how to protect yourself from fake search engine ads. You can do this by practicing the following:

  • Check that top result: remember, it’s important you know what you’re clicking on, so make sure you double check any results at the top of Google. While, for example, it may look like a search result for Bank of America, the actual URL within the result may be slightly different e.g bank0famerica.com. And, if you click on it, you could quickly find yourself on a malicious site.
  • Block Google ads: it’s possible to block Google ads from appearing in the search engine results page, all you have to do is install an ad-blocker such as Blockzilla. These apps filter incoming web pages – including search engines – and ensure any intrusive ads or promoted posts are blocked.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


There’s a lot of money to be made in hacking and threat actors are now turning it into a business with Ransomware as a Service (RaaS).

Ransomware, of course, is well known to anyone who steps online in the digital age. With the ability to encrypt your data and demand a ransom fee, it has not only generated headlines, but also caused significant headaches for business owners. And, with ransomware attacks increasing by 41% in 2022, it’s a strategy which is showing no signs of slowing up. Therefore, not only do you need to be aware of ransomware, but you also need to keep up with associated developments such as RaaS.

As RaaS has the potential to create attacks which are both wider ranging and easier than before, it’s crucial you understand how it operates

The Basics of Ransomware as a Service

We’re all aware of what ransomware is, but what is RaaS? After all, surely ransomware is the opposite of a service? Unfortunately, for PC owners, ransomware software and attacks are now available for hire in the form of RaaS. Similar to Software as a Service (Saas) – examples of which include Gmail and Netflix – RaaS allows threat actors to harness the power of hacking tools without having to design them. If, for example, a threat actor doesn’t have the time (or skills) to build a ransomware tool, what do they do? They purchase one.

Typically, RaaS kits are found on the dark web, so don’t expect to find them taking up space on Amazon. Depending on the sophistication of the RaaS, the cost of purchasing them can range between $30 – $5,000. Threat actors looking to purchase RaaS are also presented with several different purchasing options such as one-time fees, subscription tiers or even affiliate models. It’s estimated that over $10 billion exchanges hands each year – mostly in cryptocurrency – for RaaS kits.

Examples of RaaS include Black Basta, LockBit and DarkSide, with more available for those looking to unleash ransomware easily and quickly. These RaaS kits are also much more than just hacking software, they also offer user forums and dedicated support teams to help customers get the most out of their ransomware. Again, this is very similar to the way in which successful SaaS developers provide extra value for their product. However, whereas SaaS is provided by legitimate developers, RaaS tends to be created by criminal gangs with the sole intent of generating illegal funds.

Staying Safe from Ransomware as a Service

The end result of an RaaS attack is the same as a standard ransomware attack, so there’s nothing specific you need to do if an attack comes through RaaS. Instead, you just need to stick to good old fashioned ransomware security practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service, one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The importance of installing updates has been highlighted by VMware Users who have failed to update and found themselves at the mercy of malware attacks.

VMware is a tech company which specializes in providing both cloud computing services and virtualization technology (such as remote desktop software). Founded nearly 25 years ago, VMware has proved to be highly popular with businesses of all sizes. However, this experience doesn’t mean their software is perfect. In fact, no tech company – not even the biggest ones – can claim to create products which are 100% resistant to threat actors.

And that’s why VMware’s Workspace ONE Access service, an application which allows digital apps in an organization to be accessed on any device, has been compromised. The attack has been declared a significant one, so we’re going to take you through it.

Workspace ONE Compromised

The attack, which was discovered by security experts at Fortiguard Labs, centers around a vulnerability patched by VMware back in April 2022. However, this attack is still targeting this exploit, an indicator that the uptake of VMware’s patch has been poor. As a result, the CVE-2022-22954 vulnerability has the potential to open your PC up to all manner of malware.

If the vulnerability is still present, threat actors have the opportunity to launch remote code execution attacks against an infected PC. With the help of this foothold, the hackers have been able to download a wide range of malware to PCs and their associated networks. Examples involved in this attack have included:

  • Cryptoware
  • Ransomware
  • Software which removes other cryptomining apps
  • Malware used to spread the attack even further
  • Botnets

All of these campaigns are installed and operated separately, indicating that this is a well-organized attack by the unknown threat actors. Activity for the overall campaign peaked in August 2022, but it remains active as it seeks further users of Workspace ONE who have failed to patch their software.

Protecting Yourself Against Software Exploits

The impact of falling victim to the Workspace ONE vulnerability is huge as it attacks its victims on numerous fronts. Not only is there the financial risk of ransomware, but the activity of cryptoware and ransomware is going to seriously eat into the resources of your IT infrastructure. Therefore, you need to make sure you carry out the following:

  • Install all updates: if you are a Workspace ONE user then you need to ensure it’s fully patched and up to date. And, once this is complete, it’s crucial you make sure all your software is patched.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More