security Archives - Page 7 of 50

Why Does Your Business Need a VPN?

Cyber Security, Online Security, Ophtek, PC Security, Security, VPNNetwork Security, Online Security, Ophtek, PC Security, security, VPNOphtek, LLC

May 2022

Security in business is paramount, and when it comes to IT networks it’s absolutely crucial. One of the best ways to protect your network is with a VPN.

With the number of cyberattacks in 2021 hitting new highs, protecting your IT network has never been more important. The sheer amount of secure data passing across a network in 2022 is remarkable. Accordingly, this data needs to be protected. Failure to do this will only lead to negative results: data leaks, compromised networks, and financial risk. While there are simple steps that your organization can implement, one of the strongest defense strategies is to put a virtual private network (VPN) in place.

What is a VPN?

VPNs have been around since the mid-1990s, but it wasn’t until the internet started to take off in the early-2000s that it became apparent they were necessary for businesses. Since then, they have grown in popularity with both organizations and domestic users. But what exactly is a VPN?

Well, imagine the private IT network you have at your organization. You will have full control over this network and be able to put the necessary security in place. However, what happens when one of your employees wants to connect to your network from a remote location? They won’t be able to connect directly to your network, they will need to use their own internet connection or a shared, public internet connection. As you will have no control over the security of this connection, there’s the potential for major problems.

Nonetheless, with a VPN in place, you can create a secure, encrypted connection between your remote employee and your network. Think of it as a tunnel between two points which is completely protected from any external forces. This allows data to be transferred from your network to a remote connection with peace of mind that it won’t be compromised.

The Business Benefits of a VPN

The benefits of connecting your private business network with external public networks is clear to see, but what are some of the other business benefits of a VPN? Let’s take a look:

Quick Access: thanks to the advent of cloud computing, all the apps that your remote worker needs can be accessed instantly through the internet. Before cloud computing was a reality, expensive networking technology would be needed to provide the full range of network services. And, with this technology, came delays in accessing applications and data sources. Now, however, employees can access everything they need within seconds.

Budget Friendly: subscription costs to VPN services are relatively cheap compared to installing and managing endpoint security. This is particularly attractive to smaller organizations for whom the technology costs of managed security may be prohibitive to their budgets. After all, with reputable VPN subscriptions costing less than $10 per month per user, a VPN represents excellent value.

Geo-locations: for a business with a global reach, the need for geo-independence with IT networks can be a necessity. Global locations, such as China, have much stronger internet access policies that you may be used to. And this can result in direct access to your organization’s network being blocked. However, a VPN will allow remote users in these locations to connect to your network as if they’re in the same state.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Cyber Attacks Increase After Russia Invades Ukraine

cyber attacks, Hackers, Ophtek, Russian Hackers, Security, UkraineCyber Attacks, hackers, Ophtek, Russian Hackers, security, UkraineOphtek, LLC

Apr 2022

The Russian invasion of Ukraine has created headlines around the world; one of the lesser-known stories to emerge has been the increase of cyber attacks.

Numerous aspects of life have changed since Ukraine was invaded by Russian forces at the end of February. Alongside the military attacks and breakdown in social infrastructure that Ukrainians have had to contend with, there have been consequences for those outside the region as well. Supply chains have broken down, the price of fuel has risen and there is widespread skepticism over global peace. And, with the internet being such an integral part of modern society, there has been a notable rise in the number of cyber attacks occurring.

An Escalation in Cyber Attacks

The ensuing chaos of a war being waged on European soil and the military might of Russia has created the perfect environment for cyber attacks to thrive. Not only has Russia been accused of using cyber attacks as part of their campaign against Ukraine, but hackers have turned the situation to their advantage by exploiting concerns over the conflict.

As early as February, Ukraine was experiencing significant attacks on its defense ministry and two major banks. These DDoS attacks were used to temporarily take down websites associated with the targets and cause panic and certainty in financial and government sectors. Within 48 hours of the conflict breaking out, it was reported that an increase of 800% in the number of cyber attacks originating in Russia had been observed. There has also been a notable increase in attacks against Ukraine from groups allying themselves with Russia, the Stormous hacking group, for example, announced that they intended to target Ukrainian organizations with ransomware.

Independent hackers have also taken advantage of the conflict to boost the emotional credentials of their campaigns. With emotions and sympathies running high across the world, hackers have exploited these concerns by using Ukraine as a key email subject to increase engagement. Spam email campaigns have also been modified to use the Ukraine conflict as emotive honeypot used to trick recipients into making donations to false organizations.

How to Prepare for Spillover Attacks

While most of these attacks have targeted organizations in Ukraine, it’s likely that these attacks will soon spillover into allies of Ukraine and, eventually, any PC on the planet. As such, it’s crucial that you remain on your guard and observe the following:

Ukraine-based red flags: the increase in spam email campaigns means that its likely you will encounter malicious links and attachments arriving in your inbox. These will typically encourage you to engage with a call to action such as visiting a site set up for donations. Eliminate this risk by only visiting official websites through the correct channels.

Allies of Ukraine will be targeted: if you deal with Ukrainian organizations then there’s a chance you will be targeted. This could be the result of cyber attacks which spread through email address books or there’s the risk that you will be directly targeted. Accordingly, you should ramp up your cyber security operations and investigate anything suspicious.

Any source of conflict has the potential to cause uncertainty in the digital landscape and, with the Russia/Ukraine conflict expected to be in place for some time, it’s vital that you protect your IT infrastructures. Not only will this maintain IT continuity, but it will provide support for organizations in Ukraine.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Social Engineering Used to Hack into Camera Firm

Cyber Security, Employee Training, malware, Ophtek, Password Security, social engineeringmalware, Ophtek, passwords, security, social engineering, TrainingOphtek, LLC

Mar 2022

Social engineering is one of the modern menaces of online life, and this has been demonstrated by a recent malware attack on a Swedish camera firm.

Axis Communications, who manufacture network and security cameras, are the company at the centre of this recent attack. The organization announced that they had been the victims of what they described as an “IT-related intrusion” and advised that, as a result, they had temporarily closed their public-facing services online. Naturally, the attack caused great disruption to Axis; it also brought to light a number of shortfalls in cyber-security, namely the impact of social engineering.

What is Social Engineering?

Social engineering is a form of hacking which involves using various methods of deception to glean information from the victims. So, for example, an employee who receives an email, from what appears to the organization’s IT department but is from a fake email address, asking for confirmation of their login credentials is a form of social engineering. And these incidents of social engineering don’t have to take place online, simply telling someone your mother’s maiden name – a popular choice for password recovery questions – is another example.

This image has an empty alt attribute; its file name is bus-cyber-attack2-lrg-960x480.jpg

How The Axis Attack Happened

The exact details of the Axis attack are yet to be released as the company are conducting a forensic investigation intoexactly what happened. Nonetheless, they have revealed the following details:

Several methods of social engineering were used in order to gain access to the Axis network, these were successful despite the presence of security procedures such as multi-factor authentication.
Advanced hacking techniques were used by the hackers – once they had breached the network – to enhance their credentials and gain high-level access to restricted areas.
Internal directory services were compromised by this unauthorized access.
While no ransomware was detected, there was evidence that malware had been downloaded to the Axis network.

Following concerns of suspicious network activity, and the employment of IT security experts, all external connectivity to the Axis network was closed down.

How to Protect Yourself from Social Engineering

It can be difficult to tackle the highly polished social engineering methods employed by hackers, but following the practices below can make a real difference:

Always Think: slowing down and assessing the situation is crucial when it comes to social engineering. If someone has asked you for sensitive information, such as password details, ask yourself why the need this and what could they do with it? Internal sources – such as managers and IT departments – will never ask for this, so guard your password carefully and, to clarify the situation, speak face-to face with the person who has apparently asked for it.

Regular Staff Training: it’s important that your staff understand the tell-tale signs of social engineering, so make sure that you arrange regular training/refresher courses to keep their knowledge up to date. After all, social engineering is all about the deception, and identifying this can be difficult. But, with the correct knowledge, your staff should be able to protect themselves and your organization.

For more ways to secure and optimize your business technology, contact your local IT professionals.

China has been a long-term participant in upping the potential of malware, but it appears they have reached a new peak with their Daxin malware.

In a quite remarkable statistic, it’s estimated that nearly half of all PCs in China are infected with malware. Clearly, the distribution of malware within the country is a hardened campaign and, not surprisingly, China is also responsible for producing some major malware designers. And, despite all their ‘successes’ in the world of hacking, they aren’t about to rest on their laurels. Researchers from Symantec have discovered that the Daxin malware represents a sophisticated threat to PCs all over the world.

New malware threats emerge every day, but occasionally a head-turner appears on the scene, and it pays to take notice of it.

What is Daxin?

The earliest evidence of Daxin, in its most basic form, dates back to November 2013 when it was first discovered in a number of cyber-attacks e.g. versions of the Exforel malware. Given the time that has elapsed since then, Daxin has evolved into a highly sophisticated hacking tool.

Using an infected Windows kernel driver, Daxin’s main objective is to establish backdoor access on any PC that it infects. Once this has been established, Daxin strives to keep its presence hidden through a number of stealthy processes. It does this by implementing advanced communication techniques to hide itself within normal network traffic. Daxin is also capable of sending single commands across entire networks which have been infected, this allows it to work at a devastating pace and inflict maximum damage.

One of the most sophisticated aspects of Daxin is that it can hijack TCP/IP sessions; this means that it can identify patterns in internet traffic and use this knowledge to disconnect legitimate users and ‘steal’ their pathway. Not only does this give hackers unauthorized access, but it also allows them to blend into seemingly normal traffic and remain undetected. While Daxin is certainly a sophisticated piece of code, it also employs more traditional techniques such as downloading further malware and spreading this throughout infected networks.

How Do You Beat Daxin?

The precise details of Daxin’s infection methodology haven’t, as of yet, been revealed, so it’s difficult to give a definitive answer on the best way to protect your PC. Nonetheless, these best security practices should provide you with a significant level of protection:

Always Use Official Upgrades: one of the most crucial elements of protecting a PC is by installing updates, but you need to make sure these are genuine. Accordingly, head straight to the manufacturer of specific hardware/software to guarantee you are downloading the correct updates.

Monitor Network Traffic: while Daxin is certainly stealthy when it comes to network activity, it still makes sense to monitor your network. Anything which looks even slightly suspicious should be scrutinized closely and a contingency plan activated to reduce potential damage.

Educate Your Staff: the simplest route into your network is through your employees, and hackers know this. Hence, malicious email campaigns remain one of the most common attack strategies for hackers. However, with comprehensive IT inductions coupled with regular refresher training, your organization should be able to reduce the threat.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows Update Being Used to Deliver Malware

anti malware, Lazarus, Ophtek, Security, spear phishing, UpdatesAnti Malware, Lazarus, Ophtek, security, spear phishing, updatesOphtek, LLC

Feb 2022

Updates are crucial for protecting your PC, so Windows Update is a useful ally in this objective. But what happens when it starts downloading malware?

News has emerged that hackers have exploited the Windows Update system to execute malicious code on users’ PCs. It’s an attack which is typical of hackers as it’s innovative, deceptive and dangerous. Currently, the perpetrators of the attack appear to be Lazarus, a hacking group who are backed by North Korea. Dozens of cyberattacks have been attributed to Lazarus – such as the ThreatNeedle hack – over the last decade, so it should come as no surprise that this latest attack is a serious threat.

At Ophtek, we’ve always advised you that updates are the best way to protect your PC. And this remains the case. However, this exploit of the Windows Update service provides a cautionary tale, so we’re going to take a closer look at it.

Why is Windows Update Downloading Malware?

Lazarus have chosen the Windows Update client as a facilitator in its attack as it’s a highly trusted piece of software. After all, the main consensus of updates is that they protect your PC, so why suspect Windows Update of anything else? However, it’s this type of assumption which leads to threats developing.

This latest attack employs a spear-phishing technique which uses infected Microsoft Word documents, these false email attachments claim to be offering job opportunities at the aerospace firm Lockheed Johnson. However, far from containing opportunities for the recipients, these infected documents only contain opportunities for Lazarus. Once the Word documents are opened, users are prompted to activate macros. And this allows Lazarus to automatically install a fake Windows Update link in the PCs startup folder as well as downloading a malicious .dll file.

This Windows Update link is then used to load the malicious .dll through the Windows Update client. The hackers use this approach as it’s innovative and won’t get picked up by anti-malware tools. Lazarus are then free to download as much malware as they like onto the infected PC.

How to Protect Your PCs Against this Threat

You may think that the simplest way to protect yourself is by turning off Windows Update, but we do not recommend this. The best approach involves ensuring that Windows Update can’t be exploited by Lazarus’ attack methods. And this requires you to understand the techniques involved in spear-phishing, so make sure you practice the following:

Awareness: the most important step you can take in tackling spear-phishing is by introducing awareness to your employees. Make sure that regular training is provided to educate your staff on what spear-phishing is and the ways in which it can manifest itself on a PC.

Always Check Links: spear-phishing often uses false, infected links to activate its payload, so it makes sense to always double check links before clicking. The simplest way to do this is by hovering your mouse cursor over the link in question. This will bring up a pop-up which demonstrates the true location of the link. Remember, if in doubt, always double check a link with an IT professional if you are not 100% sure it’s safe.

Use Anti-Malware Tools: a good way to keep your inbox safe from spear-phishing campaigns is by installing anti-malware tools. This software is regularly updated with details of existing and emerging threats, so it can automatically scan all incoming emails to determine if they are trustworthy.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 5 6 7 8 9 … 50 Next »

Tag Archives: security