social engineering Archives - Page 2 of 2

Linus Tech Tips Falls Victim to Session Hijack

Linus Tech Tips, malware, Ophtek, Public WiFi, Session Hijack, social engineering, System UpdatesLinus Tech Tips, malware, Ophtek, public wifi, session hijack, social engineering, system updatesOphtek, LLC

May 2023

Linus Sebastian, owner of popular YouTube channel Linus Tech Tips, has revealed how he woke at 3am in the morning to find his channel hacked.

Linus Tech Tips is a YouTube channel which delivers technology-based content to over 15 million subscribers. Driven by Sebastian’s passion for technology, the channel has been running for 15 years and proven to be wildly successful. So, not surprisingly, it made a tempting target for hackers. As well as Linus Tech Tips, two other channels associated with Sebastian – TechLinked and Techquickie – were also compromised in this attack.

While your organization may not run a YouTube channel, the method in which Linus Tech Tips was hacked could be applied to any IT system. Therefore, it’s crucial that we learn about session hijacking.

What Happened to Linus Tech Tips

Alarm bells started ringing for Sebastian when he was woken at 3am to reports of his channels being hacked. New videos had been loaded and were being streamed as live events. But, far from being productions sanctioned by Sebastian, they were rogue videos featuring crypto scam videos apparently endorsed by Elon Musk.

Desperately, Sebastian repeatedly tried to change his passwords, but it made no difference; the videos continued to be streamed. Sebastian was equally puzzled as to why the associated 2FA processes hadn’t been activated. Eventually, he discovered the attack was the result of session hijacking.

A member of Sebastian’s team had downloaded what appeared to be a PDF relating to a sponsorship deal, but the file was laced with malware. Not only did the malware start stealing data, but it also retrieved session tokens. You may not be familiar with session tokens but, effectively, these are the authorization files which keep you logged into websites. So, when you return to that website, you don’t have to re-enter your login credentials each time. Unfortunately, for Sebastian, it gave the threat actors full and unauthorized access to his YouTube channels.

How Do You Prevent Session Hijacking?

Once it had been established that compromised session tokens were behind the breach, YouTube was able to swiftly secure Sebastian’s channels. Nonetheless, the ease with which the threat actors managed to bypass login credentials and 2FA is troubling. This means it’s vital you follow these best practices to protect against session hijacking:

Understand what malware is: the attack on Linus Tech Tips was the result of malware and social engineering combining to deliver a sucker punch. Accordingly, educating your staff through comprehensive and regular refresher courses should be a priority. This will allow your staff to identify threats before they are activated and protect your IT systems from being compromised.

Don’t use public WiFi: unsecure networks such as public WiFi found in cafes and airports pose a significant risk to your data, and this includes sessions tokens. Therefore, unless you have access to a VPN, where your data will be encrypted, you should avoid connecting to public WiFi.

Perform system updates: the malware behind session hijacking will often take advantage of vulnerabilities in software. Consequently, this should act as the perfect motivation to keep your software updated. The simplest way to achieve this is by setting up automatic updates, this will ensure your software’s security is maximized as soon as updates are released.

For more ways to secure and optimize your business technology, contact your local IT professionals.

IceBreaker Malware Uses New Social Engineering Angle

Gambling, Gamers, IceBreaker, malware, Ophtek, social engineeringGambling, Gamers, IceBreaker, malware, Ophtek, social engineeringOphtek, LLC

Apr 2023

Social engineering has been a threat for some time, so threat actors have been looking for new ways to deceive PC users. And this is what IceBreaker does.

A backdoor threat, IceBreaker is a new malware variant whose origins are currently unknown. However, regardless of who’s behind IceBreaker, the fact remains that it’s a very real and dangerous threat to PC users. Currently, IceBreaker’s presence has mostly been observed in the gaming and gambling industries. The chances of IceBreaker moving into other industries is, as ever, highly likely.

It’s early days for IceBreaker – with the malware’s first detection coming in September 2022 – so it’s high time you get acquainted with it and put up your defenses.

What is IceBreaker?

As with all social engineering attacks, IceBreaker starts with a threat actor directly contacting an organization they have targeted. This contact is initiated through a live chat session, usually hosted on the organization’s website. Posing as a customer who is having technical problems, the threat actor eventually offers to send the chat agent a screenshot of the problem they are experiencing.

This screenshot – usually hosted on a fake website (or sometimes DropBox) – appears to be a .jpg file but is actually a .zip file. Contained within this .zip file is a shortcut file which, once clicked, downloads the IceBreaker malware. Cleverly, the shortcut file is still disguised as a picture file to deceive the target. Clicking this shortcut will not only download IceBreaker but also install and activate it, all without any user prompts.

With IceBreaker activated, the threat actor can use the malware’s JavaScript processes to conduct a number of attacks. Processes observed in attacks so far have included data harvesting, activating background processes and running scripts from remote locations to maximize the damage. So, as you can tell, IceBreaker is a significant problem.

How Do You Tackle IceBreaker?

Currently, one of the major problems with the IceBreaker attack is that many anti-malware tools fail to recognize it as dangerous. In fact, as of this time of writing, VirusTotal reports only 4 out of 60 scanners will detect IceBreaker. However, this doesn’t mean you can’t protect yourself from IceBreaker and similar attacks, just make sure you do following:

Monitor compromised tools: if you suspect you have been attacked with IceBreaker then it’s a good idea to monitor the PC tools it can compromise. Therefore, check for new shortcut files, search for unusual activity involving msiexec.exe and any unauthorized use of tsocks.exe. Anything discovered which relates to these tools is a potential indicator of IceBreaker being active.

Combat social engineering: your staff need to be educated on the dangers of social engineering, even those who are simply manning your live chat. Clicking links from unknown parties is a major no-no when it comes to cybersecurity and should never be considered. Even if the person urging your staff member to click a link which appears harmless, it could easily compromise your entire IT infrastructure.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Cybersecurity Threats to Look Out For in 2023

Artificial Intelligence, Cyber Security, IOT, Ophtek, Ransomware, social engineeringartificial intelligence, Cyber Security, IoT, Ophtek, ransomware, social engineeringOphtek, LLC

Jan 2023

With the end of 2022 fast approaching, it’s time to start looking ahead to the potential security threats that hackers are planning for 2023. 2022 has been another year packed full of ransomware, deceptive malware and unbelievable software vulnerabilities, so it should come as no surprise that more of the same lies ahead. However, threat actors are constantly evolving their techniques and strategies to stay one step ahead of your defenses. Accordingly, you need to make sure you’re keeping pace with their advances and, where possible, putting solutions in place ahead of any attacks being launched.

Preparing for cybersecurity threats in 2023 is vital if you want to keep your IT infrastructure safe for the next 12 months, so let’s look at what we’re likely to be fighting against.

What’s in Store for 2023?

There will be many threats during 2023 to look out for, but the 5 biggest cybersecurity threats you need to be aware of are:

Ransomware will push onwards and upwards: one of the biggest threats to cybersecurity over the last 10 years has been ransomware, and it’s a trend which will continue in 2023. In particular, it’s believed ransomware will move its focus towards cloud providers rather than single organizations, a move which will allow threat actors to target multiple organizations based within one platform. Additionally, due to the speed with which it can be completed, it’s likely ransomware will concentrate on file corruption as opposed to full encryption.

Artificial intelligence will become more important: whilst the potential for AI to help organizations is immense, it also has the capability to fuel cyberattacks. Polymorphic code, for example, uses AI to rapidly change its code, a skill which makes it perfect for malware to avoid being detected. AI learning is also likely to be used to help threat actors to sniff out software vulnerabilities, an opportunity which will allow hackers to focus their real-time activities elsewhere.

Internet of Things attacks to increase: the Internet of Things (IoT) is only going to get bigger during 2023 and, given the historical security issues with IoT devices, this is going to create a small-scale nightmare for your network. As a result, more emphasis is going to be needed when working with IoT devices due to the increased surface area for hackers to target e.g. regular updates and inventory checks. Supply chains to be targeted more and more: supply chain attacks are very dangerous, and 2023 is likely to see a further increase in the number of attacks launched. Much like IoT attacks, supply chain attacks open a large surface area to threat actors, a point underlined by the SolarWinds attack which exposed hundreds of organizations to a single attack. Therefore, it will be crucial that software and hardware being released is thoroughly checked by its manufacturers to avoid any security disasters.

Social engineering to start working with deepfakes: the danger of deepfakes has been well documented in the last five years, but it’s possible these are now going to be integrated into social engineering scams. Deepfakes are all about deception and, at their best, they are highly convincing. Consequently, they are perfect for adding legitimacy to emails and videos which, for example, may be pushing for you to take a call-to-action which is a smokescreen for downloading malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Social Engineering Used to Hack into Camera Firm

Cyber Security, Employee Training, malware, Ophtek, Password Security, social engineeringmalware, Ophtek, passwords, security, social engineering, TrainingOphtek, LLC

Mar 2022

Social engineering is one of the modern menaces of online life, and this has been demonstrated by a recent malware attack on a Swedish camera firm.

Axis Communications, who manufacture network and security cameras, are the company at the centre of this recent attack. The organization announced that they had been the victims of what they described as an “IT-related intrusion” and advised that, as a result, they had temporarily closed their public-facing services online. Naturally, the attack caused great disruption to Axis; it also brought to light a number of shortfalls in cyber-security, namely the impact of social engineering.

What is Social Engineering?

Social engineering is a form of hacking which involves using various methods of deception to glean information from the victims. So, for example, an employee who receives an email, from what appears to the organization’s IT department but is from a fake email address, asking for confirmation of their login credentials is a form of social engineering. And these incidents of social engineering don’t have to take place online, simply telling someone your mother’s maiden name – a popular choice for password recovery questions – is another example.

This image has an empty alt attribute; its file name is bus-cyber-attack2-lrg-960x480.jpg

How The Axis Attack Happened

The exact details of the Axis attack are yet to be released as the company are conducting a forensic investigation intoexactly what happened. Nonetheless, they have revealed the following details:

Several methods of social engineering were used in order to gain access to the Axis network, these were successful despite the presence of security procedures such as multi-factor authentication.
Advanced hacking techniques were used by the hackers – once they had breached the network – to enhance their credentials and gain high-level access to restricted areas.
Internal directory services were compromised by this unauthorized access.
While no ransomware was detected, there was evidence that malware had been downloaded to the Axis network.

Following concerns of suspicious network activity, and the employment of IT security experts, all external connectivity to the Axis network was closed down.

How to Protect Yourself from Social Engineering

It can be difficult to tackle the highly polished social engineering methods employed by hackers, but following the practices below can make a real difference:

Always Think: slowing down and assessing the situation is crucial when it comes to social engineering. If someone has asked you for sensitive information, such as password details, ask yourself why the need this and what could they do with it? Internal sources – such as managers and IT departments – will never ask for this, so guard your password carefully and, to clarify the situation, speak face-to face with the person who has apparently asked for it.

Regular Staff Training: it’s important that your staff understand the tell-tale signs of social engineering, so make sure that you arrange regular training/refresher courses to keep their knowledge up to date. After all, social engineering is all about the deception, and identifying this can be difficult. But, with the correct knowledge, your staff should be able to protect themselves and your organization.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How to Protect Yourself against Social Engineering

Hacking, Ophtek, Phishing, Phishing Email, Security Threats, social engineeringhackers, Ophtek, phishing, security, social engineeringOphtek, LLC

Aug 2020

Hackers thrive upon deception and the result of this endeavor is social engineering. It’s a powerful tactic and one you need to protect yourself from.

Social engineering has been used to deploy attacks such as the Coronavirus malware and the recent attack on high profile Twitter accounts. The method is intriguing due to its sophistication and its human element. Rather than relying on complex coding techniques to outwit computer systems, social engineering takes advantage of human naivety. More importantly, however, is the sheer destruction that it can cause.

The world is a perilous place at the best times, but now more than ever we need to make sure we protect ourselves and our businesses. One of the best ways to get started is by reinforcing the barricades against social engineering.

What is Social Engineering?

Manipulation is, in a word, exactly what social engineering is. But you’re going to need a little more information than that, so let’s take a closer look.
Social engineering is a process in which one party seeks to deceive individuals into revealing sensitive information. When it comes to the world of IT this sensitive data tends to relate to login credentials, but can also involve transferring sensitive documents such as employee records. These attacks are commonly executed through the use of phishing emails, but this is not the only technique. It’s possible for hackers to carry out social engineering attacks over the telephone and even face to face.

The Best Ways to Protect Yourself

Protecting yourself against social engineering takes a concerted effort. You can’t rely on software alone to protect you. Luckily, you can strengthen your personal defenses by practicing the following:

• Take Your Time: Social engineering relies on a lack of caution on the victim’s part. Therefore, it’s crucial that you always take your time when it comes to any form of communication. A social engineer will do their best to force you into making a quick decision e.g. clicking a link or disclosing your password. To counter this, evaluate all requests and press for answers if you feel even slightly suspicious.

• Use Email Filters: There have been great advances made in email filters over the course of the last 20 years. Where these junk filters once had relatively little use they are now highly intelligent. Enabling your email filters will enhance your security and prevent the majority of phishing emails making their way into your inbox. This reduces your risk and stops you from engaging with a social engineer.

• Too Good to Be True: As with all areas of life, if something sounds too good to be true then it makes sense to be suspicious. After all, it’s unlikely that a representative for an African prince wants to deposit millions of dollars into your bank account. And, if they did, why would they require your social security number? And your workplace login credentials? As a rule of thumb, if it sounds like a scam then it probably is and should be deleted.

• Is the Source Genuine: If an email says that it’s from your bank then this doesn’t mean it’s from your bank. Likewise, a phone call from your HR team isn’t necessarily genuine. Hackers specialize in trickery and deception, so they won’t shy away from such blatant and direct approaches. Always check every request for details such genuine URL details (by hovering over a link) and only transmitting sensitive data to internal email addresses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2

Tag Archives: social engineering

What is Social Engineering?

The Best Ways to Protect Yourself