updates Archives - Page 2 of 9

State-sponsored hacking remains a serious problem for PC users around the world, and the latest headline grabber – with links to North Korea – is EarlyRAT.

A remote access trojan (RAT) is nothing new in the world of cybercrime, with the earliest examples believed to have been released in the late 1980s. However, their impact has grown significantly over the last 30 years, and this means they need to be taken seriously. There’s a culture of evolution in the world of hacking and, as a result, new RATs are always more powerful than the previous generation. And that’s why the emergence of EarlyRAT has got so many IT professionals concerned.

What is a Remote Access Trojan?

You may not be familiar with the ins and outs of a RAT, so we’re going to take a second to explain what they are and why they are so dangerous. A RAT is a malicious software program designed to provide unauthorized remote access and control over a targeted PC. They tend to be disguised as genuine files – this is why RATs are often distributed through phishing emails – but are nothing short of digital chaos.

Once installed, a RAT allows attackers to gain control of the victim’s computer, and this is all carried out remotely. This allows the threat actors to steal sensitive information, monitor user activity, execute commands, and even activate the webcam or microphone to carry out surveillance. All of these dangers put the victim at risk of data theft and further cyber-attacks.

How Does EarlyRAT Work?

EarlyRAT was first detected by security experts at Kaspersky, who were analyzing a hacking campaign from 2022. The attack was made possible due to a flaw discovered in Log4j, a Java library used to log error messages generated by applications. This vulnerability was exploited by the Andariel hacking group, a team believed to be sponsored by North Korea. Once Log4j had been compromised, Andariel was able to download malware to the victims’ PCs.

Part of this initial attack also included a phishing campaign, and it was here that EarlyRAT was first detected. Phishing documents, once activated, would download EarlyRAT from servers well known for having connections to threat actors. EarlyRAT’s first objective was to start logging system information and, after this, it would begin downloading additional malware, affecting the productivity of infected machines and stealing user credentials.

Keeping Safe from EarlyRAT

It’s important that you protect your IT infrastructure and your data, so staying one step ahead of threats like EarlyRAT is vital. To achieve this, make sure you always practice the following:

Install ALL updates: EarlyRAT’s campaign is a fine example of why installing updates is essential. All it takes is one vulnerability for malware to spread through an IT system and steal huge amounts of data. Therefore, plugging any holes in your defenses should be a priority. And installing updates as soon as possible is the best way to achieve this.

Educate your staff: phishing campaigns, as EarlyRAT has demonstrated, can cause you a severe IT headache. With this in mind, it’s crucial that your staff are well educated on the dangers posed by phishing emails. If your employees can take that important step of stopping and thinking before opening an email, they could save your IT system significant down time.

Identify malicious websites: a large number of RATs are located on malicious websites, so it’s important that you know how to spot one of these. With this knowledge at your disposal, you will be able to not only identify a malicious website, but you’ll be able to realize a link is malicious before you even click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Security Experts Targeted by Malware on GitHub

GitHub, Hackers, install updates, malicious websites, malware, Ophtek, POC, proof of conceptGitHub, hackers, malware, Ophtek, POC, security, updates, vulnerabilityOphtek, LLC

Sep 2023

It’s always important to be cautious online, but it’s easy for people to fall victim to malware. Even security experts can fall for the tricks of hackers.

Yes, even those skilled and highly experienced security researchers can find themselves on the receiving end of malware. The most recent piece of evidence for this phenomena is an attack which is as brazen as it is powerful. It revolves around a piece of bait left, by threat actors, on GitHub, an online repository for developers to store and share their code. And it was a piece of code, disguised as a highly tempting piece of software for a security expert, which led to many of these professionals being left embarrassed.

How Were the Experts Fooled?

The GitHub attack involved a piece of software being made available which claimed to be a proof-of-concept (POC). Typically, a POC is a demonstration of a software project, and is used to determine how feasible the project is and the potential of its long-term success. For a security researcher, a POC is a useful way to test for security vulnerabilities, and this is why they are frequently downloaded and analyzed.

However, this specific ‘POC’ proved to be little more than malware in disguise. Within the fake POC structure was a malware downloader, which was used to download malware and set off a chain of malicious events. Once the malware was downloaded, it began by executing a Linux script to automate specific commands. This allowed the threat actors to start stealing data, which was automatically downloaded to a remote location, by scraping the entire directory of the infected PC.

The fake POC also allowed the threat actors to gain full access to any of the infected systems. This was achieved by adding their secure shell (a protocol for operating network services) to the authorized keys file on the infected system. All of this was made possible, for the threat actors, due to a vulnerability – known as CVE-2023-35829 – discovered in the Linux operating system, an OS usually used by software developers.

Avoid the Mistakes of the Experts

You may be thinking that, if a security expert can fall victim to malware, what hope do you have in the face of targeted attacks? However, as we know, nobody is 100% immune from the efforts of threat actors, and this includes security researchers. As ever, vigilance is key to maintaining the security of your IT infrastructure:

Always update: the surest way to minimize the risk of your PC being infected is to always install updates. No piece of software, due to the sheer amount of coding involved, is going to be free from mistakes. However, developers are keen to patch these mistakes as soon as they are aware of them, hence the issuing of security patches. Therefore, it makes sense to install these as soon as they are available.

Be wary of malicious websites: while GitHub is far from malicious, the people using it often are. This means you should always do some research on what you’re downloading and who you’re downloading it from. So, for example, try Googling the username of whoever is offering you a download, and see whether there are any trustworthy results or otherwise. Alternatively, ask an IT professional to take a look and assess the risk – contrary to the GitHub attack, they can usually spot malware from a mile away.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft Teams at Risk of Letting Malware In

install updates, malware, Microsoft Teams, Ophtek, Phishing, securitymalware, Microsoft Teams, Ophtek, phishing, security, updatesOphtek, LLC

Aug 2023

Microsoft Teams has experienced a surge in popularity among businesses since the pandemic, and this makes it a highly prized target for hackers.

Businesses find Microsoft Teams a powerful tool as it allows employees to work remotely, communicate and be productive. And it’s all through one app. This is why it’s a fantastic business solution and used by 280 million people. Naturally, the size of this audience is going to turn a threat actor’s head. Where there are high numbers of users, there’s an opportunity for malware to be successful. And that’s why the discovery of a vulnerability in Teams has caused so much concern.

The Vulnerability Lying Within Microsoft Teams

One of the main uses of Teams is as a communication tool, a nd this means that the potential for spreading malware via file transfers and linked hard drives is high. But this newly discovered vulnerability is very different. Therefore, it’s important you understand the threat it poses.

Now, Microsoft Teams allows you to communicate with a wide range of people within your organization. It also allows you to communicate with external parties e.g. subcontractors, clients and facility management teams. Usually, these external users are unable to transmit files to other organizations through Teams. And this is a good thing, as it lowers the risk of malware being sent between businesses.

However, the security protocols which are in place to stop unauthorized file sending can, it turns out, be compromised. Once this vulnerability is exploited, a threat actor can start sending malware direct to the Teams inbox of staff within that business. Often, the threat actors are increasing the chances of their attack being successful by setting up similar email addresses to that of their target. All it takes is for one employee to open the malware and it can start to spread.

While the incoming message will still be tagged as “External”, the busy nature of many employees’ days means that it’s likely this message will be ignored. Also, this method of attack is relatively new. Users are well drilled in the telltale signs of a phishing email, but a Teams instant message is very different. Accordingly, the risk of falling victim to this attack is concerning.

Staying Safe on Microsoft Teams

Curiously, Microsoft has advised that this vulnerability doesn’t, at present, warrant fixing. No doubt, at some point, it will be patched, but for now you should remain cautious. To help strengthen your defenses, make sure you practice the following:

Always update: there’s never an excuse for not carrying out software updates once they are available. It’s the quickest and simplest way to plug weak points in your cyber defenses, so, if they are not already in place, setting up automatic updates should be your priority.

Warn your staff: make sure that your staff are aware of this new threat to minimize the risk of your business falling victim. You can achieve this by sending out email updates to your staff and also updating your IT induction process to cover this new form of attack.

Reduce your availability: it’s possible to limit your communication through Teams to specific domains only. Again, this reduces your risk by ensuring that your staff can only communicate with trusted sources and not threat actors operating from similar, yet malicious domains.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Every business wants their IT infrastructure to be secure, so it’s crucial that you understand all your options. And two of the best are an SOC and an NOC.

A Security Operations Center (SOC) and a Network Operations Center (NOC) are exciting options for your defenses, but not everyone knows what they are. The good news is that both of these options, which can be based in-house or outsourced to external contractors, are here to protect your IT operations. And they both do this with a high level of sophistication, which ensures that cybersecurity threats are quickly identified and nullified.

How Does an SOC Protect Your IT Infrastructure?

Integrating an SOC into your cybersecurity strategies is one of the quickest ways to enhance your defenses. In short, an SOC is a dedicated team of professionals who can provide 24/7 monitoring of your IT systems. Their main duties include:

Maintenance: one of the surest ways to keep any system operating effectively is through routine and preventative maintenance. And this is a duty which an SOC will take in its stride. From initiating and installing updates through to updating firewalls and managing backup protocols, a dedicated SOC will ensure that none of these vital tasks are missed.
Creating response plans: in the case of a security incident, your organization needs to have a solid response plan ready to go. This could involve restoring data from backups, partitioning your networks, or even shutting your entire IT infrastructure down. Regardless of the strategy, you need to make sure that the perfect response plan has been formulated. And, thanks to the experience of those employed in an SOC, you can rest assured that your response minimizes disruption.
Monitoring: security incidents can strike your organization at any time of day, so it’s important that you have round-the-clock monitoring to flag up any attacks. An SOC can take care of this by not only monitoring network activity, but also analyzing it to provide a strong determination as to the threat level posed. This allows the SOC team to quickly identify potential threats and react accordingly.

Why Does Your Organization Need an NOC?

IT networks are complex, highly complex. This means that monitoring them effectively is difficult, but crucial when it comes to securing them. It’s difficult for your standard IT team to dedicate themselves to this task, so this is why the emergence of NOCs is so exciting for organizations. With an NOC supporting your IT infrastructure, you can expect 24/7 coverage in the following areas:

Network monitoring: an NOC can provide your organization with constant network monitoring and surveillance. This monitoring will cover all of the most common elements found in a network such as servers, routers, and switches. It’s an approach which is not only comprehensive, but also allows the NOC team to minimize any disruptions to your network.
Enhanced security: the main aim of a threat actor is to bypass the security of your network, and it’s very easy for them to sneak in when a vulnerability is in place. However, the presence of an NOC team means that not only will updates and patches be installed quickly, but their constant monitoring of your network will allow them to identify any unauthorized access.
Performance monitoring: given the level of competition within business in the 21^st century, your organization’s network needs to perform at a high level. Monitoring the complexities of an IT network, though, is a tough ask. But the experience of an NOC team means they can easily analyze your network performance, and then suggest plans for improving and maximizing its output.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows WordPad Flaw Exploited to Infect PCs

cybersecurity, DLL_hijacking, email_links, email_sender, Ophtek, Phishing, Updates, WordPadCybersecurity, DLL_hijacking, email_links, email_sender, Ophtek, phishing, updates, WordPadOphtek, LLC

Jul 2023

WordPad, a basic yet popular word processor, is the latest Windows app to fall victim to a vulnerability exploited by threat actors.

Bundled free with almost every version of Windows since Windows 95, WordPad has remained popular thanks to its simplicity. Less complex than Microsoft Word and more advanced than the basic Notepad app, WordPad gives users an effective word processing tool. However, it’s now an app which carries a real threat to your IT security. Due to a flaw in WordPad’s design, threat actors have started to abuse this vulnerability by launching a DLL hijacking attack.

Everything You Need to Know about the WordPad Hack

You may not be familiar with DLL hijacking, so we’ll start by looking at this form of attack. DLL files are library files which can be used by multiple programs all at the same time. This makes it a highly flexible and efficient file, one which can reduce disk space and maximize memory usage. When Windows launches an app, it searches through default folders for DLLs and, if they are required, automatically loads them. What’s important to note, however, is that Windows will always give priority to loading DLLs located in the same folder as the app being launched.

DLL hijacking abuses this process by inserting malicious DLLs in the app’s parent folder. Therefore, Windows will automatically load this malicious file instead of the genuine one. This allows threat actors to guarantee their malware can be launched long after they have left the system. And this is exactly what has happened with WordPad. The hackers begin their attack by using a phishing email to trick users into downloading a file, one which contains the WordPad executable and a malicious DLL with the name of edputil.dll. Launching the WordPad file will automatically trigger the loading of the malicious DLL file.

This infected version of edputil.dll runs in the background and uses QBot, a notorious piece of malware, to not only steal data, but also download further malware. The infected PC is then used to spread the attack throughout its entire network.

Writing QBot into History

While this form of attack is far from new, it has proved successful. Accordingly, it’s important that we hammer home the basics of good cybersecurity, with a particular emphasis on phishing attacks:

Be careful of email links and attachments: Phishing emails often contain harmful links or attachments. Be careful when clicking on links or downloading attachments, especially if they seem suspicious. Hover over the link to check the URL before clicking and only download attachments from trusted sources. If you’re unsure, always verify the email with an IT professional before clicking anything.
Verify the email sender: phishing emails often impersonate genuine organizations or individuals. Therefore, make sure you check the sender’s email address for any inconsistencies or spelling mistakes. And, if you’re still in doubt, contact the sender by phone or in person to confirm they have sent the email.
Always update: software manufacturers routinely issue updates to patch security vulnerabilities and improve performance. It’s crucial that these updates are installed as soon as possible to avoid threat actors exploiting these flaws. The simplest way to do this is by authorizing automatic updates.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 … 9 Next »

New EarlyRAT Malware Linked to North Korea Emerges

Security Experts Targeted by Malware on GitHub

Microsoft Teams at Risk of Letting Malware In

The Importance of an SOC and NOC in Business IT

Windows WordPad Flaw Exploited to Infect PCs

Tag Archives: updates