security Archives - Page 8 of 48

Fake Legal Complaints Packed with Malware

DDoS Attack, Legal Complaints, malware, Ophtek, SecurityDDoS Attack, legal complaints, malware, Ophtek, securityOphtek, LLC

Sep 2021

The threat of legal proceedings always produces a sense of instant anxiety. But this is soon multiplied when it turns out to be a malware attack.

A recent threat to your IT security has been launched by cybercriminals intent on playing on your anxieties. Using a combination of legal threats and malicious links, the hackers aim is to get the BazaLoader malware downloaded to your IT network. The hacker’s strategy, as we’ll see, is one that has been encountered before and demonstrates the everchanging approaches employed by hackers. But what exactly is this new threat? And, more importantly, how do you protect yourself from it?

The Threat of Legal Action

With a generous helping of audacity, this latest attack is launched by the hackers contacting organizations to inform them that their website is involved in a DDoS attack. Rather than being sent from one email address to another, however, the hackers send their communications via the contact forms on websites.

The messages inform the website owners that it appears their website has been hacked and that files on its server are now being used to direct DDoS attacks. The sender of the message, of course, claims that their website is the victim of this DDoS attack. A link is included in the communications which directs the recipients to a Google Drive URL where, it is claimed, instructions to rectify the DDoS attack are housed. But clicking on this link will only set up an automatic download of BazaLoader.

The BazaLoader malware is, as the name suggests, a ‘loader’ form of malware. It’s typically used to download and activate additional malware such as ransomware. This compromises your system even further and, in the case of ransomware, imposes financial demands on your organization. The entire attack is remarkably similar to recent messages sent regarding fake DMCA claims surrounding copyright infringement.

How to Protect Yourself

Naturally, with the information provided above, you should know to tread carefully around any such communications. But, as you can see, the hackers are likely to change their strategy in the future. Therefore, you need to remain on your guard and practice the following:

Check for Unusual Internet Activity: If your internet server has been integrated into a DDoS attack then you should be able to verify this. All you need to do is check your outgoing internet activity. Higher than normal levels of activity directed towards unknown destinations could indicate your involvement in a DDoS campaign. If everything is normal, then communications suggesting you are should be scrutinized closely.

Consider the Claim: Contact that suggests you have committed some form of illegal act should be verified before acting on it. Seeking legal advice is an option, but it’s also important to employ common sense. A legal threat will never suggest that you click a link to access details of the offense. Details should clearly be stated in initial communications. Accordingly, think twice before clicking any links.

Educate Your Staff on Social Engineering: Attacks such as the BazaLoader one rely on social engineering. This has become a popular strategy for hackers and it’s important that your staff can identify the tell-tale signs. Make a point of regularly refreshing their knowledge to ensure they remain vigilant.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows Print Spooler Vulnerability Accidentally Leaked

Cyber Security, Microsoft, Network, Ophtek, patches, print spooler, zero-daymicrosoft, network, Ophtek, patch, print spooler, security, zero-dayOphtek, LLC

Jul 2021

If a hacker can find a software vulnerability, then it grants them easy access to a PC. This is even easier when a vulnerability is leaked by researchers.

Security researchers are constantly searching for software and hardware vulnerabilities. But where researchers and hackers differ is their intent. A security researcher wants to legitimately identify vulnerabilities so that they can be secured and lessons learned for the future. However, a Chinese technology firm by the name of Sangfor recently revealed details of an unknown Windows vulnerability in Print Spooler. And, unfortunately, Microsoft hadn’t managed to patch it.

What is a Zero-Day Vulnerability?

The type of vulnerability found in Print Spooler is known as a zero-day vulnerability. This name refers to the number of days a software vendor has had to patch a vulnerability and the percentage chance that a user has of being protected. And this is why zero-day vulnerabilities are so dangerous. There is no immediate protection available, so hackers are given free rein to cause widespread chaos.

What is the Print Spooler Vulnerability?

The design of the Print Spooler vulnerability – whose exploit code was listed within Sangfor’s paper – has the potential to cause numerous issues. The specifics of this exploit allow hackers to obtain full system access privileges. This is achieved by granting them permission to load malicious drivers into any servers containing this vulnerability. With full control of an IT network, hackers can then download further malware, steal data and operate infected workstations from a remote location. And, although a patch was recently released for vulnerabilities in Print Spooler, this particular exploit was not identified by Microsoft.

How Do You Protect Against Vulnerabilities?

As of the time of this article, Microsoft do not have a patch available for what has been dubbed the PrintNightmare vulnerability. This is concerning as it provides a significant amount of risk to Windows users. While it is certain that Microsoft will release a security patch, the fact remains that – as revealed by Microsoft – attacks using this exploit have already been identified. Therefore, you need to know how to protect your IT systems:

Disable Print Spooler: In the case of the PrintNightmare vulnerability, you can eliminate the risk is by temporarily disabling the print spooler. This does, however, remove the ability for your organization to print across its network.

Monitor Network Activity: If your IT system has been exploited through a vulnerability then it’s likely there will be an increase in network activity. This will be most visible in outgoing traffic as the hackers will likely be transmitting data to a remote server. An increase in data output to an unknown location should ring alarm bells and indicate that something is wrong.

Always Install Patches: The best way to secure your IT infrastructure is to install all patches as soon as they’re available. New vulnerabilities are discovered every day, so it’s vital that you treat any newly released patches as a priority. A swift approach to these relatively hassle-free installs can be the difference between a secure system and one which is breached.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How can Microsoft 365 Business Help Your Organization?

Cloud, collaboration, Microsoft, Microsoft 365, Ophtek, securitycloud, collaboration, Microsoft 365, Ophtek, securityOphtek, LLC

Jul 2021

The way in which we work has changed radically in the last 10 years. Helping organizations get to grip with these changes is Microsoft 365 Business.

The need for flexibility within business has never been more apparent since the Covid-19 pandemic entered our lives. Thankfully, flexibility had been on the rise in business for some time. Remote working, bring your own device schemes and tailored working hours have all helped to make flexible working a reality. Traditional IT infrastructures, however, aren’t necessarily set up to deal with these arrangements. But this is where a service such as Microsoft 365 Business steps in.

What is Microsoft 365 Business?

Originally launched in 2011 as Office 365, Microsoft 365 is a collection of products and services designed by Microsoft. The service is subscription based with plans available including consumer, small business and enterprise. These plans are made available to users through cloud computing and this is what makes it invaluable for flexible working. Not only is it perfect for teamwork, but it also meets the needs of individual users.

The ‘business’ subscriptions of Microsoft 365 feature significantly more features than the consumer plan. Additional features and functions available to Microsoft 365 Business users include:

Microsoft 365 Apps for Business: A range of Office applications that can be used across a variety of PC, Mac and mobile devices for up to five devices per user.

Office 365 Enterprise: Provides users with access to the complete range of Office applications and hosted services. Full support is also available to safeguard against any technical issues.

What are the Benefits of Microsoft 365 Business?

It’s important to understand how Microsoft 365 Business can benefit your organization, so let’s take a look at the benefits on offer:

Easy Access: Thanks to the magic of cloud computing, users can use Microsoft 365 Business no matter where they are. As long as there’s an internet connection available, users can connect from a mobile device, laptop or desktop. Therefore, users can access crucial data and complete important tasks more easily than ever before. This allows your organization to remain productive 24/7 and ensures that tasks can be completed on time.

Enhanced Collaboration: Microsoft 365 Business was built with collaboration in mind. And it delivers this with power. The presence of Microsoft Teams allows team members to communicate and share files with ease. This is essential for collaboration, but Microsoft 365 Business also allows you to synchronize your email, contacts and calendar. An important function and one which ensures you will never miss meetings and communications again.

Powerful Security: The threat of malware increases with each passing day, so protecting your IT infrastructures is paramount. And Microsoft 365 Business takes the pain out of this security with its simplistic, yet powerful security options. Devices such as laptops and mobile phones can easily be remotely wiped of all data if they are lost or stolen. It’s also possible for IT teams to quickly restrict access to specific users to minimize the risk of any data loss.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Disk Wiping Malware Disguises itself as Ransomware

Apostle, Cyber Security, malware, Ophtek, Ransomware, UpdatesApostle, malware, Ophtek, ransomware, securityOphtek, LLC

Jun 2021

Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.

The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.

Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.

How Does Apostle Wipe Disks?

The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.

The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.

How Do You Stop Your Disk Being Wiped?

The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:

Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.

Train Your Staff on Social Engineering Attacks: The dangers of social engineering are very real and represent a simple way for hackers to get a foothold in your network. Understanding this threat and how to protect yourself against it is vital.

Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What Should You Do AFTER a Data Breach?

Data Breach, data recovery, Data Security, Hackers, Hacking, Ophtekdata breach, hackers, Ophtek, securityOphtek, LLC

May 2021

One of IT security’s main aims is to avoid data breaches. However, breaches are inevitable in the modern age. Therefore, you need to know how to recover.

The impact of a data breach can be huge and catastrophic for all involved; organizations and their clients can be equally affected when data is stolen. And, in many cases, the clients are the ones who have the most to lose e.g financial and personal data being leaked and spread by hackers. Accordingly, if your organization finds itself in the unenvious position of experiencing a data breach, there is a lot of work to do.

A data breach is a stressful event and cleaning up afterwards can be a real struggle. But, with our tips on what you need to do after a data breach, you should find it a little easier.

Coping with a Data Breach

Once a data breach is confirmed then it’s crucial that you carry out the following:

Identify the Stolen Data: Understanding exactly what has been breached is vital when it comes to evaluating the extent of the attack. As long as you have a suitable set of defenses in place, you should have access to intrusion detection systems. These tools will provide an insight into which files were accessed and what the hackers did with them e.g. deleted or copied them. Putting this picture together will allow you to determine your next steps.

Prepare a Fix and Test It: A data breach indicates that there is a hole in your defenses, so you should act quickly to plug this. It may involve installing a security patch or it may require a more in-depth response from your IT team. Whatever the solution, you need to put it in to place as soon as possible. This will protect your data and limit any further damage. But you need to make sure this fix works. Test the solution several times to guarantee that the attacker cannot launch the same attack again.

Advise All Your Customers: It’s essential that, once your fix has been established, you inform your customers of what has happened. Naturally, they will be anxious as the phrase “data breach” carry a certain amount of dread. Honesty, therefore, is the best policy. Advise your customers of the data that has been breached and how it could affect them. This may be as simple as asking them to change their passwords, but could also extend to contacting their financial providers if the relevant information has been compromised.

Evaluate and Build Stronger Defenses: The one benefit (and we’re using that verb lightly) of a data breach is that it prompts you to strengthen your IT defenses. Your organization will need to carry out a full investigation to understand exactly what happened. Was, for example, the breach able to succeed due to out-of-date software? Or was it down to a lack of staff training on the dangers of social engineering? Regardless of the cause, the solution will need to be determined and put in place to prevent future breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 6 7 8 9 10 … 48 Next »

Tag Archives: security