Cyber Attacks Increase After Russia Invades Ukraine

cyber attacks, Hackers, Ophtek, Russian Hackers, Security, Ukraine, , , , ,
05
Apr 2022

The Russian invasion of Ukraine has created headlines around the world; one of the lesser-known stories to emerge has been the increase of cyber attacks.

Numerous aspects of life have changed since Ukraine was invaded by Russian forces at the end of February. Alongside the military attacks and breakdown in social infrastructure that Ukrainians have had to contend with, there have been consequences for those outside the region as well. Supply chains have broken down, the price of fuel has risen and there is widespread skepticism over global peace. And, with the internet being such an integral part of modern society, there has been a notable rise in the number of cyber attacks occurring.

An Escalation in Cyber Attacks

The ensuing chaos of a war being waged on European soil and the military might of Russia has created the perfect environment for cyber attacks to thrive. Not only has Russia been accused of using cyber attacks as part of their campaign against Ukraine, but hackers have turned the situation to their advantage by exploiting concerns over the conflict.

As early as February, Ukraine was experiencing significant attacks on its defense ministry and two major banks. These DDoS attacks were used to temporarily take down websites associated with the targets and cause panic and certainty in financial and government sectors. Within 48 hours of the conflict breaking out, it was reported that an increase of 800% in the number of cyber attacks originating in Russia had been observed. There has also been a notable increase in attacks against Ukraine from groups allying themselves with Russia, the Stormous hacking group, for example, announced that they intended to target Ukrainian organizations with ransomware.

Independent hackers have also taken advantage of the conflict to boost the emotional credentials of their campaigns. With emotions and sympathies running high across the world, hackers have exploited these concerns by using Ukraine as a key email subject to increase engagement. Spam email campaigns have also been modified to use the Ukraine conflict as emotive honeypot used to trick recipients into making donations to false organizations.

How to Prepare for Spillover Attacks

While most of these attacks have targeted organizations in Ukraine, it’s likely that these attacks will soon spillover into allies of Ukraine and, eventually, any PC on the planet. As such, it’s crucial that you remain on your guard and observe the following:

Any source of conflict has the potential to cause uncertainty in the digital landscape and, with the Russia/Ukraine conflict expected to be in place for some time, it’s vital that you protect your IT infrastructures. Not only will this maintain IT continuity, but it will provide support for organizations in Ukraine.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Social Engineering Used to Hack into Camera Firm

Cyber Security, Employee Training, malware, Ophtek, Password Security, social engineering, , , , ,
22
Mar 2022

Social engineering is one of the modern menaces of online life, and this has been demonstrated by a recent malware attack on a Swedish camera firm.

Axis Communications, who manufacture network and security cameras, are the company at the centre of this recent attack. The organization announced that they had been the victims of what they described as an “IT-related intrusion” and advised that, as a result, they had temporarily closed their public-facing services online. Naturally, the attack caused great disruption to Axis; it also brought to light a number of shortfalls in cyber-security, namely the impact of social engineering.

What is Social Engineering?

Social engineering is a form of hacking which involves using various methods of deception to glean information from the victims. So, for example, an employee who receives an email, from what appears to the organization’s IT department but is from a fake email address, asking for confirmation of their login credentials is a form of social engineering. And these incidents of social engineering don’t have to take place online, simply telling someone your mother’s maiden name – a popular choice for password recovery questions – is another example.

This image has an empty alt attribute; its file name is bus-cyber-attack2-lrg-960x480.jpg

How The Axis Attack Happened

The exact details of the Axis attack are yet to be released as the company are conducting a forensic investigation intoexactly what happened. Nonetheless, they have revealed the following details:

  • Several methods of social engineering were used in order to gain access to the Axis network, these were successful despite the presence of security procedures such as multi-factor authentication.
  • Advanced hacking techniques were used by the hackers – once they had breached the network – to enhance their credentials and gain high-level access to restricted areas.
  • Internal directory services were compromised by this unauthorized access.
  • While no ransomware was detected, there was evidence that malware had been downloaded to the Axis network.

Following concerns of suspicious network activity, and the employment of IT security experts, all external connectivity to the Axis network was closed down.

How to Protect Yourself from Social Engineering

It can be difficult to tackle the highly polished social engineering methods employed by hackers, but following the practices below can make a real difference:

  • Always Think: slowing down and assessing the situation is crucial when it comes to social engineering. If someone has asked you for sensitive information, such as password details, ask yourself why the need this and what could they do with it? Internal sources – such as managers and IT departments – will never ask for this, so guard your password carefully and, to clarify the situation, speak face-to face with the person who has apparently asked for it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

China Based Hackers Up Their Game with Daxin Malware

backdoor access, China, Daxin Malware, educate, exforel, monitor, Ophtek, PC Security, xforel, , , , , , ,
15
Mar 2022

China has been a long-term participant in upping the potential of malware, but it appears they have reached a new peak with their Daxin malware.

In a quite remarkable statistic, it’s estimated that nearly half of all PCs in China are infected with malware. Clearly, the distribution of malware within the country is a hardened campaign and, not surprisingly, China is also responsible for producing some major malware designers. And, despite all their ‘successes’ in the world of hacking, they aren’t about to rest on their laurels. Researchers from Symantec have discovered that the Daxin malware represents a sophisticated threat to PCs all over the world.

New malware threats emerge every day, but occasionally a head-turner appears on the scene, and it pays to take notice of it.

What is Daxin?

The earliest evidence of Daxin, in its most basic form, dates back to November 2013 when it was first discovered in a number of cyber-attacks e.g. versions of the Exforel malware. Given the time that has elapsed since then, Daxin has evolved into a highly sophisticated hacking tool.

Using an infected Windows kernel driver, Daxin’s main objective is to establish backdoor access on any PC that it infects. Once this has been established, Daxin strives to keep its presence hidden through a number of stealthy processes. It does this by implementing advanced communication techniques to hide itself within normal network traffic. Daxin is also capable of sending single commands across entire networks which have been infected, this allows it to work at a devastating pace and inflict maximum damage.

One of the most sophisticated aspects of Daxin is that it can hijack TCP/IP sessions; this means that it can identify patterns in internet traffic and use this knowledge to disconnect legitimate users and ‘steal’ their pathway. Not only does this give hackers unauthorized access, but it also allows them to blend into seemingly normal traffic and remain undetected. While Daxin is certainly a sophisticated piece of code, it also employs more traditional techniques such as downloading further malware and spreading this throughout infected networks.

How Do You Beat Daxin?

The precise details of Daxin’s infection methodology haven’t, as of yet, been revealed, so it’s difficult to give a definitive answer on the best way to protect your PC. Nonetheless, these best security practices should provide you with a significant level of protection:

  • Always Use Official Upgrades: one of the most crucial elements of protecting a PC is by installing updates, but you need to make sure these are genuine. Accordingly, head straight to the manufacturer of specific hardware/software to guarantee you are downloading the correct updates.
  • Monitor Network Traffic: while Daxin is certainly stealthy when it comes to network activity, it still makes sense to monitor your network. Anything which looks even slightly suspicious should be scrutinized closely and a contingency plan activated to reduce potential damage.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows Update Being Used to Deliver Malware

anti malware, Lazarus, Ophtek, Security, spear phishing, Updates, , , , ,
08
Feb 2022

Updates are crucial for protecting your PC, so Windows Update is a useful ally in this objective. But what happens when it starts downloading malware?

News has emerged that hackers have exploited the Windows Update system to execute malicious code on users’ PCs. It’s an attack which is typical of hackers as it’s innovative, deceptive and dangerous. Currently, the perpetrators of the attack appear to be Lazarus, a hacking group who are backed by North Korea. Dozens of cyberattacks have been attributed to Lazarus – such as the ThreatNeedle hack – over the last decade, so it should come as no surprise that this latest attack is a serious threat.

At Ophtek, we’ve always advised you that updates are the best way to protect your PC. And this remains the case. However, this exploit of the Windows Update service provides a cautionary tale, so we’re going to take a closer look at it.

Why is Windows Update Downloading Malware?

Lazarus have chosen the Windows Update client as a facilitator in its attack as it’s a highly trusted piece of software. After all, the main consensus of updates is that they protect your PC, so why suspect Windows Update of anything else? However, it’s this type of assumption which leads to threats developing.

This latest attack employs a spear-phishing technique which uses infected Microsoft Word documents, these false email attachments claim to be offering job opportunities at the aerospace firm Lockheed Johnson. However, far from containing opportunities for the recipients, these infected documents only contain opportunities for Lazarus. Once the Word documents are opened, users are prompted to activate macros. And this allows Lazarus to automatically install a fake Windows Update link in the PCs startup folder as well as downloading a malicious .dll file.

This Windows Update link is then used to load the malicious .dll through the Windows Update client. The hackers use this approach as it’s innovative and won’t get picked up by anti-malware tools. Lazarus are then free to download as much malware as they like onto the infected PC.

How to Protect Your PCs Against this Threat

You may think that the simplest way to protect yourself is by turning off Windows Update, but we do not recommend this. The best approach involves ensuring that Windows Update can’t be exploited by Lazarus’ attack methods. And this requires you to understand the techniques involved in spear-phishing, so make sure you practice the following:

  • Awareness: the most important step you can take in tackling spear-phishing is by introducing awareness to your employees. Make sure that regular training is provided to educate your staff on what spear-phishing is and the ways in which it can manifest itself on a PC.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows 11 Is Here and There Are Plenty of Changes

Microsoft, Microsoft 365, Ophtek, power automate, Security, teams, upgrade, upgrade software, widgets, Windows 11, Windows Task Scheduler, , , , , , , ,
01
Feb 2022

The latest version of Microsoft’s operating system Windows has now been rolled out; and Windows 11 comes with plenty of changes for PC users.

Windows 10 was released in 2015 and, since then, there have been many changes in IT. While Windows 10 is still more than capable of dealing with modern IT, there always comes a point where an overhaul is needed. And this is why Windows 11 has been released. It’s available as a free upgrade to anyone currently running Windows 10 and contains both updated applications and functionality.

Upgrading to a new operating system has always represented a major shift in the way that PCs operate, so it’s important to understand what happens when you hit that ‘install’ button.

Why Are Upgrades Necessary?

Taking advantage of operating system upgrades allows you to harness numerous benefits. Firstly, an older operating system is always up against a ticking clock of being discontinued. Once support has been discontinued, an older operating system is more at risk of security threats. Secondly, new operating systems are better positioned to cope with the demands of modern IT. Therefore, installing an upgraded version ensures you have a better user experience.

What’s Changed with Windows 11?

As with all previous upgrades on Windows, there are a significant number of changes. Many of these are unlikely to be noticed by your average PC user, but others will be more obvious. The most important changes are:

  • Microsoft Teams: during the Covid-19 pandemic, Microsoft Teams became a valuable tool for employees to communicate through. But it had never been an in-built part of the Windows operating system. Starting with Windows 11, however, it is now included by default.
  • Power Automate: Windows 11 has a new feature called Power Automate which allows PC users to program ‘flows’ which create automated tasks such as notifying team members when new files are added to a specific location.
  • Widgets: the interface of Windows 11 now allows you to harness the power of widgets, a type of software which has been common on mobile devices for some time. These new desktop widgets allow you to install widgets which provide information “at a glance” on a slide-out menu such as calendar updates.
  • Security: one of the major security features of Windows 11 is that it will only run on new machines. Therefore, if your hardware is starting to look even slightly old, it’s unlikely Windows 11 will run on it. This means that Microsoft is setting a strong baseline to ensure PCs running Windows 11 are as up to date as possible. Built on top of this security foundation are several background security processes including updated stack protection and enhanced bootup security.
  • Interface Design: the most notable changes in Windows 11 relate to the visual aesthetics of the interface. The start menu has been overhauled to provide quicker access to the apps you need, notifications are now grouped together to make accessing them quicker and File Explorer has been redesigned to look smarter and more intuitive.

Final Thoughts

Installing updated software is always recommended to ensure your PC is running with the best protection and functionality. And upgrading to Windows 11 is no different. It’s an essential upgrade and one which, although certain features will require some adjustment time, will provide you with enhanced productivity and a smoother user experience.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 4 5 6 7 8 48