SessionManager Malware Targets Microsoft Exchange Servers

IIS, malware, Ophtek, security, SessionManager, Windows vulnerability, , , , ,
12
Jul 2022

A new piece of malware has been found to be targeting Microsoft Exchange servers operated by both military and government organizations all over the world.

Discovered by security giants Kaspersky, who also gave the malware its name, SessionManager appears to have been at large since March 2021, but its existence has only just been confirmed. It’s believed that SessionManager was created by Gelsemium, a relatively new hacking group who have already conducted a number of serious cyber-attacks.

Naturally, you would expect military and government organizations to have some of the strongest cybersecurity measures in place. And they do. However, there’s not a single IT infrastructure which can be described as 100% secure. And, as SessionManager has proved, where there are vulnerabilities, there’s a way in.

How Does SessionManager Operate?

At the start of 2021, Kaspersky revealed details of ProxyLogon, a series of vulnerabilities discovered in Microsoft Exchange. As a result of these vulnerabilities, threat actors were presented with an opportunity to install malicious modules into web server software for Microsoft’s Internet Information Services (IIS). And this is exactly how the SessionManager module came to be embedded within numerous organization’s servers.

Once installed, the threat actors were able to use SessionManager to carry out the following tasks:

  • Carry out remote command execution on affected devices
  • Gain quick and easy access to email accounts within the organization
  • Install further malware to maximize the way in which servers were compromised
  • Using infected servers to manipulate traffic moving across the network

As SessionManager has managed to operate without detection for over a year, it has been able to harvest signification amounts of sensitive data and take control of high-level networks. Even after SessionManager’s discovery, security experts have been slow to move, with Kaspersky commenting that a popular file scanning service was still failing to detect SessionManager. Accordingly, SessionManager remains active in the digital wild and maintains its threat.

What If You’re Infected with SessionManager?

Even if you do discover that your network has been infected by the SessionManager module, deleting it is not enough to fully rid yourself of it. Instead, you will need to go through the following:

  • The most important step to take first is to disable your IIS environment
  • Use the IIS manager to identify all references to the SessionManager module and ensure that these are fully removed
  • Update your IIS server to eliminate any known vulnerabilities and leave it fully patched
  • Restart your IIS environment and run a final check for any traces of SessionManager

If, of course, you want to prevent vulnerability threats such as SessionManager being enabled in the first place, then you need a conscientious approach to updates. The sooner you can install a firmware upgrade or a security patch, the sooner you can plug security holes in your IT infrastructure.

Sure, we live in a fast-paced world and it’s easy to forget minor tasks such as installing upgrades, but with automate installs a viable option, there’s not really an excuse. Therefore, keep your organization’s network safe by automating updates and enjoying the peace of mind this brings.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Best Built In Windows Tools You Need to Know About

Ophtek, Windows 10, Windows Startup, Windows Startup Repair, Windows System Information, Windows Task Scheduler, Windows Tools, , , , , ,
17
Nov 2020

Windows is an incredibly powerful operating system, but most users are unaware of just how much it can do; this extra power is down to some hidden tools. 

If you take a look through the folders on your PC that contain Windows then it quickly becomes a bewildering spectacle. In among all the various Windows applications there are .dll files (don’t ask!) and text files full of binary code and gibberish. And that’s why most people spend little time sifting through the less explored corners of their PCs. But hidden within Windows are a number of innovative and helpful tools. These can boost your productivity and enhance your PC’s performance. 

The Built In Tools You Need  

It’s a rare individual who can afford to turn down increases in productivity and PC performance, so it’s time to familiarize yourself with: 

  • Startup: In Windows 10 you can find the Startup tool within Windows Task Manager. All you have to do is click the Startup tab to discover which applications begin loading as Windows starts booting. From here you can use the tick boxes to control what does and doesn’t load at startup. So, for example, you could ensure that valuable processing power is concentrated on loading up essential programs such as Windows Updates rather than Spotify.
  • System Information: It’s always important to know the basics about the PC you’re working with. This allows you to determine what your system is capable of as well as aiding IT professionals in diagnosing solutions. And System Information is the quickest way of gathering all this information together. This tool can be accessed in two ways: Firstly, you can type msinfo32 in to the ‘Run’ box when you hit the Windows key. And, secondly, you can access it by opening Administrative tools in control panel. Either way you are presented with a wealth of information on your system.
  • Task Scheduler: Workplaces are busy environments and it’s easy for simple tasks to be missed. But this doesn’t need to be a problem when you have Task Scheduler on your side. A simple but useful tool, Task Scheduler allows you to put automatic processes in place e.g. display alerts at specific times or schedule your antivirus program to scan.  Task Scheduler can be found within Administrative tools or by typing taskschd.msc in the ‘Run’ box.
  • Startup Repair: There’s nothing worse than a below-par startup process. Sometimes it can simply be slow and other times it can generate endless error messages. Thankfully, Startup Repair can help to eliminate this. If you’re in Windows then you need to hold the Shift key as you click on the Restart button to take you to your boot options. If your PC is failing to get as far as Windows it should present you with your boot options after two or three attempts. From boot options you should go to Troubleshoot > Advanced Options > Startup Repair. The process is automatic and any problems should be fixed by the tool. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

What are Zero-Day Vulnerabilities?

Backup, Ophtek, PC Security, Updates, Windows vulnerability, zero-day, , , ,
05
Mar 2019

Zero-day vulnerabilities are frequently referenced in regards to PC security, but it’s also a term which most PC users will be completely unaware of.

Any vulnerability that is present in your organization’s IT network poses a significant danger to the security of your data and equipment. Educating yourself and your staff on the dangers posed by these vulnerabilities is an important security practice, so understanding what zero-day vulnerabilities are is a crucial step in securing your PCs.

To help you get started, we’ve put together a quick guide to provide you with a zero day introduction.

What Happens on Zero-Day?

The definition of a zero-day vulnerability is very simple; it’s any exploit or security bug that is present in software or hardware that isn’t patched as the software vendor isn’t aware of its existence. To be considered a true zero-day vulnerability it must also be known to hackers. And this is where it becomes a huge security concern.

With hackers aware of such an exploit (known as a zero-day exploit), they’re essentially granted free rein to continually exploit this vulnerability in the face of little opposition. Therefore, malware can be installed, data can be stolen and whole networks taken down without software vendors and customers being aware of how it’s happening.

Once the zero-day vulnerability has been confirmed and the software vendor made aware, Day Zero is established. Naturally, any period before Day Zero is highly problematic, but even the commencement of Day Zero provides little comfort. And this is because developing fixes and patches isn’t an instant process. Instead, time and effort needs to be invested in creating these patches and ensuring that customers install them as soon as possible.

What are Some Examples of Zero-Day Vulnerabilities?

Now that you understand a little more about the makeup of zero-day vulnerabilities, it’s time to consolidate that knowledge with some real life examples:

  • Microsoft Windows Vulnerability: Even the seasoned professionals at Microsoft are capable of falling foul to zero-day vulnerabilities with one recently being discovered in the system file Win32k.sys. The exploit can be launched by a specific malware installer and, without the relevant patch, can be considered very dangerous.
  • Adobe Flash Malware: Adobe have suffered numerous zero-day attacks and, in 2016, their users experienced a zero-day vulnerability packaged within an Office document. Activating this vulnerability allowed hackers to download malware to the affected PCs and begin exploiting data until Adobe hastily issued a patch.
  • Internet Explorer Loses Control: Microsoft was, again, victim of a zero-day vulnerability in December 2018 when their Internet Explorer app experienced a severe security risk. It’s believed that the vulnerability is exploited by directing victims to an infected website where the hackers can then assume control of the PC from a remote location.

Final Thoughts

Zero-day vulnerabilities are troubling security flaws as their very definition means that there is no immediate protection available. Accordingly, it’s important that your organization takes the following steps:

  • Always install all updates to ensure zero-day vulnerabilities are treated as soon as possible
  • Backup all data and store it correctly in the case of a zero-day vulnerability disrupting your network and productivity
  • Educate your staff on the dangers of zero-day vulnerabilities and ensure they’re aware of the telltale signs of infection

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Fileless Malware: The Rise of a New Threat

malware, Phishing Email, Ransomware, Security, , ,
18
Dec 2018

We’re all aware of the dangers of opening suspicious files, but what happens when hackers develop the skills to unleash malware without infected files?

Due to the popularity of file-based attacks, most security software concentrates on combating this particular avenue of hacking. And it’s certainly an effective method of shutting down most malware attacks before they’re able to steal or, in the case of ransomware, encrypt your data. Due to the success of blocking these attacks, hackers have had to go back to the drawing board and evolve their methods of attack in order to become less detectable.

The end result of this evolution has seen a rise in sophisticated hacking methods and, in particular, fileless malware is now beginning to grab headlines. And, due to the lack of knowledge of this development in hacking, attacks have increased in frequency and their success rate has also flourished. As fileless malware could easily hit your organization at any given time, it’s a good idea to educate yourself on the threat.

What is Fileless Malware?

You don’t have to be a security expert to understand that fileless malware is a malware variant which forgoes the use of infected files. Instead, fileless malware takes advantage of trusted Windows components such as PowerShell that are rarely checked for infections. PowerShell is hardly ever used by the average PC user, but it’s an important component that can be used to execute system administration tasks and, therefore, taking control of this is a hacker’s dream.

As mentioned, fileless malware does not involve the use of any files to infect a PC. The most common technique to launch an attack is through spam email which contains a link to an infected website. If that link is clicked then the user is transported to a spoof website where Flash player loads and, at the same time, activates a malicious script that accesses PowerShell on the victim’s PC. Infected PowerShell scripts are then downloaded which allow the hackers to collect sensitive data and transmit it back to a remote location.

How Do You Combat Fileless Malware?

Data leaks can be highly damaging not just for your staff and customers, but also your organization’s reputation. Therefore, with the advent of fileless malware, it’s essential that you understand how to protect your business from its malicious activity. To help you keep one step ahead of fileless malware, make sure you action the following:

  • If you don’t use PowerShell in your IT operations then disable it. This nullifies the threat of any PowerShell exploit. Additionally, the same applies to Windows Management Instrumentation which has also been discovered to be vulnerable to fileless malware.
  • Monitor the amount of data leaving your network. If there’s a spike in data leaving your network then it’s possible that this is the result of malware transmitting sensitive data to a remote hacker.
  • Don’t rely on antivirus software alone as this is less effective when it comes to fileless malware. Instead, practice vigilance and monitor any unusual emails.
  • Disable macros at all costs, unless they’re company approved, as macros are another tool employed by hackers as part of a fileless malware attack.
  • As ever, regularly update your software to reduce the chance of known software vulnerabilities being exploited.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Choosing the Best Server for your Business

PC Server, Rack Mount, Servers, Tower, Windows Server, , ,
04
Apr 2018

If you want your business to be successful and allow your team to collaborate with ease then you need a great PC server, but how do you know which is right?

You’re almost certainly aware that a server is an essential business purchase in the digital age, but do you know what a server actually does? Usually the preserve of IT professionals, servers are dedicated computers that allow you to run hardware, share resources and connect people within your organization. So, as you can tell, they’re crucial for your business to operate and boost your staff’s productivity.

Choosing the best server for your business, however, is a little more complicated due to the vast range of servers available. Naturally, this choice ensures there’s a server for every organization’s needs, but the technical specs and jargon can seem a little bewildering. Thankfully, I’m going to break this jargon down into something more digestible to help you make the right choice.

What Types of Servers are Available?

There are two types of servers most commonly seen in businesses:

  • Rack Mounted Servers: Installed within a framework known as a rack, a rack server is a computer dedicated for use as a server. Due to the racking system in place, rack servers can save you valuable space by stacking one server above the other. Rack servers also bring much more simplicity when it comes to connecting cables between individual components.
  • Tower Servers: Housed within a single, upright cabinet, a tower server contains a computer which is intended to be used as a server. These types of servers allow easier cooling of individual components and offer a scalability which allows you to constantly add new servers to your network.

 Which Operating System is Best? 

When it comes to servers, the very best option you can choose to power them is Windows Server. It may feel as though Windows Server is ubiquitous in modern computing and among your rivals, but this is for one simple reason: it’s incredibly effective.

In use, in its earliest incarnation, since 2003, Windows Server is the industry standard, so there’s not only a vast range of options contained within its shell, but there’s also an amazing amount of support available to tackle virtually any issue. There are, of course, alternative options (mostly open source software), but the support for these systems is less prevalent.

How Do You Determine Storage and Memory?

One of the most important needs of a good server is adequate storage and memory. Therefore, calculating the needs of your organization’s computer activity is crucial. Every organization is different, so you will need to analyze your digital operations closely. For example, if you run a client database which requires 1TB storage and 4GB memory then your server needs to have at least that amount of storage and memory. Chances are that your storage and memory needs will increase over time, so it’s recommended that you overbuy in terms of storage and memory to accommodate any future demands.

These are the very basics of servers, but if you can get them right then you’re laying down a fantastic foundation to help power your organization’s networks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 8