A recently discovered vulnerability appears to allow threat actors to hack into your Google account, even if you change your password. 

Given that there are 1.8 billion people actively using Gmail, it should come as no surprise that Google accounts represent a mouthwatering target for hackers. Google claims that their users are protected by world-class security and, on the whole, it is a secure system. No infrastructure, however, is 100% safe. Threat actors are industrious individuals and won’t rest until they’ve tried every avenue to compromise a system. Unfortunately, for Google and its users, this is exactly what’s happened. 

Losing Control of Google 

Google accounts are highly valuable to their owners. Packed full of apps such as Gmail and Google Drive, there’s a lot of personal data involved. A new vulnerability, attributed to a flaw in Google cookies, gives access to these accounts over to threat actors. Worst of all, this can be achieved time after time. Sure, you can try changing your password, but they will still be able to unlock your account. 

The attack starts when a user unwittingly allows malware to be installed on their PC. This malware then gets to work by searching for and identifying any Google login tokens, which are typically stored in the application’s local database. These stolen tokens can then be used to trick Google’s API interface. 

One of the main duties of a Google API is to help sync the various Google services across one account. So, for example, if you were logged into Google Drive, you wouldn’t have to log into Gmail as well. The threat actors exploit a vulnerability with Google cookies to create new cookies which can be used to gain unauthorized access to the compromised account. And this trick can be completed multiple times. Changing your password, naturally, would be the simple choice here. But even doing this still grants the hacker one more chance to access your account. 

The vulnerability in question is currently being sold by threat actors online, with at least six hacking groups advertising it. These threat actors also claim that that this vulnerability has been redesigned to tackle the efforts Google has taken to shut this exploit down. 

Keep Your Google Account Safe 

No one wants to lose their Google account, aside from the loss of personal data, there’s also the sheer inconvenience of having to create a new account and updating any services associated with your original account. Accordingly, make sure you play safe by following these best practices: 

  • Use multi-factor authentication: at present, Google hasn’t revealed whether multi-factor authentication will prevent this vulnerability from seizing control of your account. However, if you don’t have it activated, you need to make this a priority as it’s one of the simplest ways to add extra security to your account. 
  • Do not download suspicious software: the first stepping stone for the threat actors to compromise your Google account involves installing malware on your PC. This gives them a foothold to begin stealing your Google login tokens. Therefore, you need to remain vigilant as to the software you’re downloading. The most obvious question to ask here is whether the download comes from an official source. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


There’s a lot of money to be made in hacking and threat actors are now turning it into a business with Ransomware as a Service (RaaS).

Ransomware, of course, is well known to anyone who steps online in the digital age. With the ability to encrypt your data and demand a ransom fee, it has not only generated headlines, but also caused significant headaches for business owners. And, with ransomware attacks increasing by 41% in 2022, it’s a strategy which is showing no signs of slowing up. Therefore, not only do you need to be aware of ransomware, but you also need to keep up with associated developments such as RaaS.

As RaaS has the potential to create attacks which are both wider ranging and easier than before, it’s crucial you understand how it operates

The Basics of Ransomware as a Service

We’re all aware of what ransomware is, but what is RaaS? After all, surely ransomware is the opposite of a service? Unfortunately, for PC owners, ransomware software and attacks are now available for hire in the form of RaaS. Similar to Software as a Service (Saas) – examples of which include Gmail and Netflix – RaaS allows threat actors to harness the power of hacking tools without having to design them. If, for example, a threat actor doesn’t have the time (or skills) to build a ransomware tool, what do they do? They purchase one.

Typically, RaaS kits are found on the dark web, so don’t expect to find them taking up space on Amazon. Depending on the sophistication of the RaaS, the cost of purchasing them can range between $30 – $5,000. Threat actors looking to purchase RaaS are also presented with several different purchasing options such as one-time fees, subscription tiers or even affiliate models. It’s estimated that over $10 billion exchanges hands each year – mostly in cryptocurrency – for RaaS kits.

Examples of RaaS include Black Basta, LockBit and DarkSide, with more available for those looking to unleash ransomware easily and quickly. These RaaS kits are also much more than just hacking software, they also offer user forums and dedicated support teams to help customers get the most out of their ransomware. Again, this is very similar to the way in which successful SaaS developers provide extra value for their product. However, whereas SaaS is provided by legitimate developers, RaaS tends to be created by criminal gangs with the sole intent of generating illegal funds.

Staying Safe from Ransomware as a Service

The end result of an RaaS attack is the same as a standard ransomware attack, so there’s nothing specific you need to do if an attack comes through RaaS. Instead, you just need to stick to good old fashioned ransomware security practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Windows 11 is Microsoft’s latest operating system and PC users should download it as soon as possible. But how do you know your download is legitimate?

Over the last few months, users of Windows 10 will have been prompted to upgrade their operating system to Windows 11. As the upgrade is free, it makes sense to take advantage of this. Not only are there new features and functionality, but there is also an enhanced level of security when running Windows 11. However, not everyone has taken the step of downloading and installing this new version of Windows. As a result of this hesitance, hackers have decided to throw their hat into the ring by setting up a malicious website which promises Windows 11, but delivers malware.

Malicious Promises

The malicious website at the center of the story was ‘windows-upgraded.com’ and, thankfully, it has now been deactivated. Nonetheless, it was live for some time and had the capacity to cause damage to any IT systems it managed to infect. Therefore, we’re going to look at how it operated and the tell-tale signs you need to look for.

By creating a genuine looking website, which used Microsoft’s trademark presentation style, the hackers were able to convince visitors that it was legitimate. A large “download now” button was prominently placed and, when clicked, it would appear to be downloading the Windows 11 upgrade files. However, while the file being downloaded was named ‘Windows11InstallationAssistant.exe’, the true identity of the download was very different.

Visitors who had gone through with the download would actually be downloading a malware tool known as RedLine Stealer. This piece of malware is a classic data thief and, as such, targets sensitive data including login credentials, credit card details and cryptocurrency data. All three of these data types have the potential to cause major damage when they fall into the wrong hands, so the ‘windows-upgraded’ website was considered a significant threat.

The link to this website was spread by several different campaigns. Spam emails, forum posts and instant messaging systems were all used to point potential victims towards ‘windows-upgraded.com’ and, as with all malware campaigns, the hackers knew that a small percentage would click the infected links without investigating further.

Protecting Your PC from Malicious Websites

Although the ‘windows-upgraded.com’ website has now been closed, it’s likely that similar websites will soon be set up to replace it. And, again, people will fall victim to it. But you don’t have to see the security of your data be compromised. By following the advice below, you should be able to remain safe:

  • Always Use Official Upgrades: if, for example, you are upgrading a Microsoft product, you need to make sure it’s an official upgrade. A new version of Windows will only be available through an official Microsoft website or the ‘check for updates’ section of Windows. Other sources may look genuine, but it’s likely their offerings are far from legitimate.
  • Check Suspicious Links: all links need to be double checked to make sure they are genuine. While a link may look as though it’s taking you, for example, to an official Microsoft website, the data contained within that link may be sending you somewhere else. But, if you hover your mouse cursor over a link, a popup window will display the true location of the link. Alternatively, if you are suspicious of a link, you can always copy and paste it into a Google search to identify any stories relating to its security credentials.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More