Blog - Ophtek

In a highly embarrassing incident for Acemagic, a Chinese PC manufacturer, a number of its products have been shipped with numerous vulnerabilities.

When setting up a brand-new PC out of the box, you would expect it to be highly secure and as protected against current threats as it could be. However, this isn’t always the case. PCs are complex pieces of machinery, packed full of processes, apps and coding to provide the full PC experience. And all of this leaves room for mistakes. Acemagic has learned this the hard way, as have their customers, who have now found their brand-new PCs are vulnerable to countless malware threats.

It’s a nightmare scenario for all involved, so we’re going to look at what’s happened.

The Dangers of Tinkering with Windows Source Code

In a bid to improve the performance of their PCs, Acemagic’s software developers decided to adjust Microsoft’s source code for Windows. This involved altering network settings, but inadvertently resulted in the process of digital signature verification being skipped. Digital signatures are used to verify the authenticity of data passing through PCs, so, without these in place, applications are at risk of being compromised with malware. Acemagic’s aim was to reduce boot times for its customers, but it resulted in the PCs becoming infected with malware.

From bootup, security researchers have been able to discover malware such as Bladabindi and Redline on Acemagic PCs. Both these strains of malware are designated as info stealers, so they have the potential to steal login credentials, financial data, and also download further malware. Additionally, Redline is capable of stealing cryptocurrency.

Acemagic has announced that the software adjustments were stopped on November 18^th 2023, but this still leaves a large number of compromised PCs in use by unsuspecting users. Going forwards, Acemagic has pledged to put more focus on digital certificates, a move they claim will be able to stop unauthorized modifications in the future. But the damage to Acemagic’s reputation has been done, and it’s not been helped by the fact that Acemagic has been unable to pinpoint exactly when the malware was downloaded onto their machines.

Staying Safe with New PCs

A new PC should be as safe as you can get, but the Acemagic fiasco has demonstrated how they can be just as dangerous as a PC which is several years old. Therefore, it’s crucial you take precautions when setting up a new PC:

Set it up offline: to protect your existing network, it’s a good idea to fully set up your PC before connecting it to your network. Not only does this ensure the PC is correctly configured to join your network, but it also allows you to secure the device and limit the spread of any pre-installed malware.
Scan for malware: one of the first things you should do with a new PC is scan it for malware. As we’ve seen with Acemagic, even brand-new PCs can be compromised with malware, so it makes sense to eliminate this threat before it can become active on your network. Running a quick scan with apps such as AVG or McAfee will identify any threats and quickly remove them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Importance of Quick IT Support Response Times

IT contact numbers, IT infrastructure, IT Support, minimize IT issues, OphtekIT contact numbers, IT Infrastructure, it support, minimize IT issues, OphtekOphtek, LLC

Apr 2024

Every second counts when it comes to IT support, as unresolved issues can quickly become costly. And speed is something which Ophtek prides itself on.

The digital business landscape of the 21^st century is wide-reaching and informs countless business decisions throughout the day. From emails through to data storage and on to cybersecurity defenses, your IT infrastructure is crucial. Therefore, when there’s an issue with your IT systems, you need these to be resolved quickly, otherwise the financial impact – especially with cybercrime – can be significant.

The Impact of Downtime

Anything which creates an issue for your operational processes is going to have a financial impact. Say, for example, your data storage solutions fail, this is going to restrict the amount of data you have available. This could easily impact your operations by disrupting the way in which you retrieve customer data. Deliveries, which require customer details such as delivery addresses, could be put on hold. This scenario would instantly compromise your ability to invoice, with customers unlikely to pay for goods not received on time.

Likewise, if your email server were to become compromised by threat actors, you risk not only exposing your customers’ data, but also losing a major communication channel. This is a double-edged threat and, again, represents a major financial risk. Aside from your customers taking legal action against you for data violations, there’s the fact you could miss key communications from your customers and suppliers.

Every minute of downtime has the potential to push your business backwards, and it’s vital you can counter this effectively.

Minimize The Impact with a Speedy Response

It’s clear that IT is important for organizations to conduct their day-to-day operations, and any disruption to this will have major ramifications. The best way to minimize this is by ensuring you can launch a quick response. This will reduce your downtime and allow your organization to get its business operations back on track. Furthermore, it will minimize any financial risk e.g. allow you to resume order processing and any billing processes. And in today’s competitive business landscape, this is essential.

The best way to plan and execute quick IT support response claims is by partnering yourself with an established IT support provider, such as Ophtek. With a long track record of providing speedy and professional support, we can ensure that any IT downtime is kept to a minimum. Nonetheless, you can still put measures in place to help minimize your IT issues and facilitate our response:

Regular training: IT issues need to be reported, but you need to make sure that your team members know when to identify issues which require an IT professional. A malware threat, for example, always needs reporting, but something minor such as selecting a default printer in Word can probably be dealt with in-house.
Provide contact numbers: the members of your organization need to know who to contact in the case of an IT emergency, so these contact details need to be made available to every member of staff. A simple way of achieving this is by creating a contact in your phone systems, but it’s also a good idea to display a contact number on every user’s desktop.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Digital data is perhaps the most valuable asset your organization handles, but just how secure, safe, and compliant is it?

Data governance is a crucial element of business IT and one which businesses must comply with. It gives both accountability and responsibility to the data owners, ensuring sensitive data and privacy is correctly handled. This governance can either be internal – such as data policies specific to an organization – or external, such as government or regulatory bodies. The objective of data governance is to secure data and make sure it’s not misused.

Naturally, with cyber crime showing no signs of slowing up in 2024, it’s vital you have a firm understanding of data governance for business IT.

What is Data Governance?

Data governance is a complex set of procedures and policies which can be difficult to get to grips with. However, the basics are simple to understand. A simple explanation for data governance is that it focuses on the strategic management of all the data you hold. By monitoring your data and the way in which it is used, you build defenses around that data. This allows you to minimize the risks associated with data breaches, build trust among your stakeholders, and assist with informed decision making around your data.

The Importance of Compliance

Many industries are governed by strict regulatory requirements e.g. the healthcare industry needs to adhere to the strict framework put in place by HIPAA regulations. Regardless of the industry or regulatory framework, the aim of compliance remains the same. By demonstrating adherence to compliance, you’re underlining the fact that any sensitive data you hold is protected and handled correctly. If your organization fails to hit the benchmarks laid out by external bodies, then you run the risk of some eyewatering financial penalties.

Improving Your Data Security

The best way to maximize your compliance and governance is to enhance your data security. You can achieve this in the following ways:

Employee training: one of the most common causes of data breaches is your employees. These are the individuals who are most at risk of falling victim to social engineering, phishing emails, and malvertising threats. Accordingly, you need to implement a robust training schedule for new starters and, for all staff, follow up with refresher courses.

Limit data access: it’s important you only allow data to be available to those who need it. After all, there’s no reason why your marketing team, for example, need access to your clients’ financial data. Therefore, you need to identify the data you hold and the individuals who need access to it. By restricting access, you’re safeguarding this data against being mishandled unnecessarily.

Internal audits: to ensure you’re adhering with data governance, it’s a good idea to carry out regular data audits. These are crucial for ensuring data accuracy, compliance, and security. Also, an internal audit is the best way to identify vulnerabilities in your data systems and put procedures in place to mitigate these.

Final Thoughts

With the rise of big data in business, it’s clear that good data governance practices should be a priority for any business. This will allow you to build a strong foundation of data governance to protect both your organization and your customers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Threat actors have compromised 70,000 previously legitimate websites and created a powerful network capable of distributing malware.

Named VexTrio, this network of compromised websites appears to have started in 2017, but it’s only more recently that details around its activity have emerged. As well as distributing malware, the VexTrio network also utilizes phishing pages, and allows the VexTrio hackers to harvest login credentials. The campaign is a significant one, and one which is powerful enough to cause harm to anyone who gets caught up in its operations. Therefore, it’s time to take a look at the VexTrio campaign to see what we can learn.

Understanding the VexTrio Network

The VexTrio campaign relies on a malicious traffic distribution system (TDS) to lead unsuspecting internet users to compromised websites. A TDS is, in simple terms, a web application used to analyze and filter incoming traffic and, following the analysis, redirect it to a specific page. Typically, the activities of a TDS are facilitated by malvertising activities or malicious websites. VexTrio favors using malicious websites.

Working with a number of affiliates, many of whom offer access to hijacked websites, VexTrio has managed to amass a sizeable network over the last seven years. And VexTrio are very much the middle-man in the operation. For a fee, VexTrio will feed incoming traffic through their TDS and forward innocent victims towards the websites they’re mostly likely to be interested in. It’s very similar to legitimate advertising networks, but with a vicious sting in its tale.

The malicious websites which comprise the VexTrio network contain a wide range of threats. For example, one of the affiliates, known as ClearFake, tricks users into downloading what is claimed to be a browser update, but is little more than malware. SocGholish, another well-known malware threat, is part of the VexTrio network and uses it to push unauthorized access to corporate websites.

Don’t Fall Victim to VexTrio

The threat of VexTrio is a substantial one, and organizations need to be aware of the damage it can cause. Luckily, you can protect yourself and your IT systems by implementing the following best practices:

Use an adblocker: you can minimize the risk of being lured to a malicious website by installing an adblocker on your systems. Not only will this block annoying popups, but it will also block any malvertising threats from being activated. These adblockers are usually available as browser extensions e.g. Ghostery and AdBlock for Chrome.
Disable JavaScript: attacks launched through VexTrio often rely on JavaScript to execute their malicious tasks. Accordingly, disabling JavaScript will eliminate the chances of such an attack taking place on your system. However, JavaScript is essential for many legitimate websites, so it’s recommended that you allow it to run only on trusted sites.
Install anti-malware tools: if you install an anti-malware app, such as AVG, you benefit from tools which block malicious websites. These tools are connected to databases which are constantly updated to identify and block malicious websites, such as those featured in the VexTrio network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

HeadCrab Attacks Servers with Advanced Malware

authentication, Hackers, HeadCrab, malware, Ophtek, Redis Servers, runtime monitoring, security scansauthentication, hackers, HeadCrab, malware, Ophtek, Redis Servers, runtime monitoring, security scansOphtek, LLC

Mar 2024

A new strain of malware, which contains several different attack methods and is considered a severe threat, has been discovered and named HeadCrab.

The attack focuses its efforts on Redis servers, an open source, in-memory data structure store. In simpler terms, Redis acts as a database, cache, and message broker application which can store data, cookies, and authentication tokens. This means it contains confidential and personal data, which is a currency valued highly by threat actors. Redis is incredibly popular and used by many high-level clients, some of whom include Amazon, Adobe, OpenAI, and Airbnb. Therefore, it’s likely you and your team will visit websites using Redis servers, and you need to stay safe.

Unpacking the HeadCrab Attack

Redis servers appear to have been targeted by HeadCrab due to the fact they’re often exposed to the internet, without any solid authentication in place to protect them. This makes them highly vulnerable and puts any data stored on them at high risk. Using advanced coding techniques, the threat actor starts by taking control of a Redis server. This allows them to then download HeadCrab onto the infected server. This, as the command logs reveal, is a complex process, and one which leaves no stone unturned, highlighting the advanced skills of the threat actor.

With HeadCrab now active on the Redis server, it can get to work. Security researchers, who have reverse engineered HeadCrab, have discovered eight custom commands contained within its module. These allow HeadCrab to set up encrypted communication channels, reconfigure Redis servers, run exclusively in memory to avoid detection, and even run its own blog detailing its current activities and news.

Staying Safe from HeadCrab

Currently, HeadCrab has been detected in over 1200 servers and represents a serious threat. It doesn’t launch its attack using files, instead relying on advanced hacking techniques, so it’s a difficult threat to combat. However, by staying vigilant, your organization can stay safe against the threat of HeadCrab and similar attacks. The best ways to achieve this are:

Run security scans: using scanning tools contained within software, such as AVG and McAfee, gives your organization the opportunity to discover and nullify malware threats. These scans can be automated and provide you with real-time updates of the scan results. Many of these applications are available in freeware versions, with paid subscriptions allowing you to access more powerful security options.
Use authentication: you may not operate Redis servers, but the HeadCrab attack serves as a cautionary tale for failing to install strict authentication protocols on your servers. This extra layer of security ensures that only those users who are known to your organization can directly access your servers. This minimizes the chances of rogue commands being received by your IT infrastructure by threat actors.
Employ runtime monitoring: it’s important to use runtime monitoring to constantly analyze your IT system’s behavior and performance. This gives you real-time visibility into the operations of your infrastructure, and you can use these metrics to identify suspicious behaviors – such as data packets being sent to unknown addresses – and take actions.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 3 … 115 Next »

Chinese PC Maker Ships PCs Customized for Malware

The Importance of Quick IT Support Response Times

Understanding Data Governance for Business IT

VexTrio Uses 70,000 Hijacked Websites to Spread Malware

HeadCrab Attacks Servers with Advanced Malware