Tag: Recent News

SSD Drive Makers Adding Features To Reduce Duplicate Data

Big changes are in the works in the SSD-based storage ecosystem. It includes three different vendors all making similar announcements regarding designs to help companies that rely on SSD-based storage systems to reduce duplication and control data creep.

It’s not hard to see why they’re scrambling.  Although the price of SSD-based storage systems are coming down, it’s a slow process.  Currently, a gigabyte’s worth of SSD storage costs about forty cents, versus about five cents per gigabyte of HDD storage.  Less data duplication means less data to store, making the SSD drives utilizing the new technology more efficient.

Here’s a quick overview of the solutions offered by the three major vendors in this space:

  • Hitachi – Hitachi is working to upgrade all-flash F-Series and its hybrid flash/hard disk G-Series of drives, as well as its SVOS operating system. The improvements to the operating system include new AI-based container and operations support and introduced a new feature in the form of the “Hitachi Infrastructure Analytics Advisor.” This provides real-time analysis of your data center optimization across all storage devices, networks, servers and virtual machines in a bit to more efficiently predict data center needs and optimize/troubleshoot data storage.
  • HPE – The company has upgraded their “Nimble” storage line, which includes an array of all-flash products, a hybrid disk-flash product line and a secondary flash line. The big change here is that the company’s products now support inline, variable block size deduplication.  The company claims this change makes their products “the most efficient hybrid arrays in the industry by a wide margin.”
  • IBM – IBM has issued an upgrade to its Storwize arrays, the first in more than two years. The update improves cloud integration, overall disk performance and an array of enhanced deduplication tools, claiming as much as a 5:1 data reduction while retaining 100 percent data availability (provided you’re using IBM HyperSwap).

How big an impact these changes will have remains to be seen, but kudos to all three companies for taking decisive steps to bolster the performance of their storage devices.

Beware Fake Craigslist Email Could Contain Ransomware

If you post ads on Craigslist for short term employment, be aware that there’s a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users.

By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist’s “Gigs” section for short term employment.  The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are resumes.

If the recipient enters the password to unlock the document, they’ll then be presented with a screen that asks them to enable the content in the document.  Unfortunately, this is the step that dooms the user. The file isn’t a resume at all, but merely a delivery vehicle.

As soon as the content is enabled, the ransomware will be installed, the user’s files will be encrypted, and then will “helpfully” post a message explaining that the files have been encrypted, and explaining that to get access to them again, they’ll have to pay a $400 fee, which rises to $800 if the user waits longer than seven days to request the decryption key.

Unfortunately, there’s no known way to decrypt Sigma-encrypted files other than paying the ransom.

This is a new twist on a very old game. Even worse, it’s enjoying a relatively high success rate because people who post ads for short term employment on Craigslist expect to get responses from people they don’t know. They expect that those people will be sending resumes for review.

The “tell” is that when a potential employee sends you a resume, it’s almost certainly not going to be password protected.  In this case, your best bet would be to reply to the sending and ask them to send you a non-protected resume if they’re genuinely interested in the job.

Energy Companies Under Attack From Malware

The energy sector is in danger, and almost nobody is talking about it.  This, according to a newly published report by Kaspersky Labs.

At issue are ICS (Industrial Control System) computers.  Hackers are increasingly targeting them, having recently been given a robust set of tools to do so.

Recall that in 2010, Kaspersky Labs uncovered the first instances of a malicious computer worm known as “Stuxnet.”  This worm was a beast.  Nothing like it had ever been seen before, and all indications were that it had been created at the behest of a nation-state with deep pockets.

Its purpose was to invade PLC’s (Programmable Logic Controllers) which are essentially primitive computers used by almost every modern industry.  In many ways, these rudimentary computers are what makes modern society possible.  Worse, they have almost no protections in place, because until Stuxnet, no one even considered the possibility that they would be the target of an attack.

The problem is that the damage caused by attacking these controllers isn’t limited to the digital realm.

In Iran, Stuxnet was used to cause significant damage to that country’s fledgling nuclear program by causing dozens of their centrifuges to explode.

Since the code has now been in the wild for many years, variants of the worm have been developed.  The fear has been that the newer, more robust variants could be used to target critical infrastructure around the world.

That now appears to be happening.  According to the Kaspersky Labs report, nearly 40 percent of all analyzed ICS’s in the energy sector have been attacked at least once by malware.

So far, those attacks haven’t caused any significant damage in the physical world, but this is a simple numbers game.  Sooner or later, it’s going to happen, and with tragic consequences.

Attacks on Health Organizations Increasing At Alarming Rate

It used to be the case that credit card companies and retail outlets were the primary targets of hackers around the world.  Make no mistake, they still get attacked with regularity, but the hackers have found a new and even more lucrative target:  Health Organizations.

According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017.  It gets worse.  Those breaches exposed PHI and PII of more than five million individuals.

The reason for the shift away from credit card data to medical records comes down to profits.  PHI and PII can often be sold on the Dark Web for ten times the amount that credit card information will bring.  The hackers are simply obeying the laws of economics and going where the money is.

Brian Wells, the Director of Healthcare Strategy at Merlin International had this to say about the report:

“In an increasingly connected, digitally centric world, hackers have more opportunities and incentive than ever to target healthcare data, and the problem will only increase in scope over time.

Healthcare organizations must get even more serious about cyber security to protect themselves and their patients from losing access or control of the proprietary and personal information and systems the industry depends on to provide essential care.”

Worst of all, a shocking percentage of medical/healthcare companies don’t seem to be serious about cyber security at all.  Although the average cost of a medical data breach is approximately four million dollars, a staggering 49 percent of companies in the industry don’t have an incident response plan of any kind.  There’s no process in place to properly respond to an attack, or to mitigate the fallout if a breach occurs.  These companies are sitting ducks.

New Vulnerability May Expose Encrypted Emails 

Security researchers at the Electronic Frontier Foundation (EFF) have discovered a dangerous new email vulnerability called “Efail.”  Exploiting this new email vulnerability would allow hackers to decrypt emails encrypted with either PGP or S/MIME – including emails that were sent several years earlier.  Both of these encryption tools are commonly used by politicians, journalists and other professionals who need a secure means of electronic communication. Since the standards are so well established, they’re used widely and regarded as fool-proof.  Sadly, that’s no longer the case.

EFF researchers had this to say about the newly discovered vulnerability:

“In a nutshell, Efail abuses active content of HTML emails (for example, externally loaded images or styles) to exfiltrate plaintext through requested URLs.  The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim.  The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.”

In simpler terms, it’s about as bad as it could possibly get.  Once a hacker has access to your email account, they can use the embedded HTML tags inside your mail to force your email system to decrypt those messages so the hackers can see exactly what they contain.

EFF’s recommendation is that if you rely on either PGP or S/MIME for email encryption, your best bet is to simply disable them, and uninstall the tool or tools used to decrypt those messages.

It should be noted however, that there are others in the security community who disagree with this assessment.  A spokesman for ProtonMail tweeted out the following response:

“Efail is a prime example of irresponsible disclosure.  There is no responsibility in hyping the store to @EFF and mainstream media and getting an irresponsible recommendation published (Disable PGP), ignoring the fact that many (Engimail, etc.) are already patched.”

Despite the divided opinion, if it’s something you’re concerned about, you can neatly side step the problem by simply opting for plain text messages, rather than using HTML-emails.

New Chips Support Increased Network Speeds To 400Gbps

Marvell Semiconductor has a new product out, and it’s a game changer.  Their new “Alaska” chip (the Alaska C 88×7120) is the first on the market to support the new 802.3 standard.  The 802.3cd is on tap to eventually replace current Ethernet ports running at 25Gbps to 100Gbps with ports that will run at 50Gbps, 200 Gbps, and 400 Gbps.

The future is now.

Granted, the Alaska chips aren’t for sale just yet, but they are sampling to customers (“Sampling” in the chip world is akin to beta testing in software).  The chip supports sixteen 50 Gbps ports, four 200 Gbps ports, and two 400 Gbps ports, which will quadruple network output.  Even better, the new chips support both copper and fiber-optic wiring, as well as SerDes (long-reach serialization/deserialization) on system and line side interfaces, allowing OEMs to use the chips for wide-area interfaces.

Also of interest, the new chips use PAM4 (pulse-amplitude modulation), which is a four-level signaling scheme that’s designed to replace NRZ (non-return to zero) binary modulation, and even better, the new PAM4 protocol will be backwards compatible with NRZ hardware.

The port density on the new chip has been optimized to enable both Quad Small Form Factor Pluggable – Double Density and Octal Small Form Factor Pluggable port types for 500 GbE, 200 GbE, and 400 GbE deployments.

If all of those technical details make your head spin, not to worry.  The short of it is that once these chips go mainstream, network output is going to increase dramatically, which means that network speeds are about to get even faster.

Unless you run or manage a huge data center, you’ll probably never have direct contact with these chips. However, as big data centers begin deploying them, you’ll absolutely see the benefits.

Hackers Zone In On Microsoft Products To Attack

Congratulations to Adobe Flash Player for not being the software most targeted by hackers.  Security vendor “Recorded Future” has just published their annual list of the software hackers most commonly focus on when targeting computers and handheld devices for attack.

For the last several years, Adobe’s Flash Player has topped the list, but this year they have been dethroned.  Microsoft now has the embarrassing honor. There are multiple Microsoft programs on this year’s list, with some of them having exploits that date back more than a decade.

It’s a shameful honor to say the least, and even worse, in this year’s report, Microsoft captured seven of the top ten places.

The most often abused security flaw this year was CVE 2017-0199.  Found in a variety of Microsoft Office products, the flaw allows a hacker to embed and execute VBS (Visual Basic Scripts) that contain Powershell commands into an Office document.  Recorded Future has found exploit kits for sale on the Dark Web that automate the process going for between $400 and $800.

Hot on the heels of the #1 entry is CVE 2016-0189, which is one of a whole raft of Internet Explorer vulnerabilities that allow hackers to take unfettered control of a victim’s PC, laptop, or smartphone. It is one of the reasons Microsoft has moved away from IE in preference for Microsoft Edge.

Despite this dismaying news, Recorded Future notes that attacks via exploit kit are down significantly, with a staggering 62 percent drop in new variants.

The report’s author, Scott Donnelly, had this to say:

“The observed drop in exploit kit activity overlaps with the rapid decline of Flash Player usage.  Users have shifted to more secure browsers and attackers have shifted as well.  Spikes in cryptocurrency mining malware and more targeted victim attacks have filled the void.”

Despite the shifting landscape, the central lesson is clear.  Hackers tend to take advantage of known exploits.  Companies that keep their software properly patched dramatically reduce their chances of being targeted.

More Bad News From The Equifax Breach 

<img class=”alignnone size-full wp-image-7903 alignleft” src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/data-breach-equifax-resized.jpg” alt=”” width=”300″ height=”225″ />The news just keeps getting worse for Equifax.  The company has already had to revise their estimates of how many people were impacted by last year’s breach more than once, and now, they’re having to revise their estimate yet again.  This latest revision comes after company officials had to testify before Congress, which has been formally investigating the matter.

<strong>Prior to the release of Equifax’s latest “statement of record,” here’s a snapshot of how bad the data breach was:</strong>
<ul>
<li>5 million consumers had their Social Security numbers compromised</li>
<li>99 million consumers had address information exposed</li>
<li>3 million consumers had gender information exposed</li>
<li>3 million consumers had their phone numbers exposed</li>
<li>209,000 consumers had their credit card numbers exposed</li>
<li>97,500 consumers had their Tax Identification numbers exposed</li>
</ul>
<strong>Now, in addition to all of that, the company is adding the following:</strong>
<ul>
<li>6 million consumers had their driver’s license numbers exposed</li>
<li>12,000 had their Social Security and Taxpayer ID cards exposed</li>
<li>3200 consumers had their passports exposed</li>
<li>An additional 3000 had other documents, such as military and state ID’s compromised</li>
</ul>
As bad as it looks that the company has to keep revising their estimates upward, there’s a logical reason for it.  The data that was stolen didn’t come from a single database.  On top of that, the databases themselves all had highly variable structures, which has made it exceedingly difficult for forensic analysts to accurately assess the extent of the damage.  All that to say, since the process is still ongoing, we may see yet another upward revision of the scope and scale of the breach.

Of course, the company is doing what most companies do in cases like these:  They’re offering a year’s worth of free credit monitoring to impacted customers.  The ironic part of their offer though, is the fact that Equifax is offering their own credit monitoring service free for a year, which converts to a paid monitoring service after the year is up.  As Congressional officials rightly pointed out, this means that the company is essentially profiting off of its own breach, which is disturbing to say the least.

Most “Wannacry” Hacks Were On Windows 7 Machines

Last year’s Wannacry attack was bad, but in many ways, it was a self-inflicted wound.  According Webroot’s recently published “Annual Threat Report,” almost all of the machines that succumbed to the Wannacry attack were running Windows 7.  That attack is estimated to have caused in excess of $4 billion in total losses.

The central problem is that businesses have been much slower than individuals to make the shift from Windows 7 to the much more secure Windows 10.  For example, in January 2017, only one Enterprise computer in five was running Windows 10, a figure which climbed to 32 percent by year’s end.

Contrast that with the number of Enterprise computers running Windows 7.  In January 2017, a staggering 62 percent of Enterprise computers were still running Windows 7.  That figure declined as the year went on, but only marginally, dropping to 54 percent by the end of the year.

Meanwhile, Windows 8 was running on 5 percent of Enterprise computers in January 2017, and had dropped to 4 percent by the end of the year.  Windows Vista and XP both represented a tiny fraction (less than 1 percent) of Enterprise OS’s.

Contrast that to the Windows 10 migration figures for individuals.  In January 2017, 65 percent of home users had made to switch to Windows 10.  By the end of the year, that figure had grown to an impressive 72 percent.

A Webroot spokesperson had this to say about the report:

“While Windows 10 won’t solve all security woes, it’s a step in the right direction.  Combined with advanced endpoint protection that uses behavioral analysis and machine learning, adopting Windows 10 can greatly reduce enterprises’ vulnerability to cyber-attacks.”

All that to say, if you haven’t moved away from outdated operating systems at your company, this is yet another compelling reason to do so immediately.  No matter what legacy systems you may be running that rely on old OS’s, it’s just not worth the risk.

New Freemium Offer Mines Cryptocurrency

Freemium software is certainly nothing new.  They are free apps that offer premium features if you don’t mind ads displaying while you’re using it or paying a small fee to have the ads removed.  At least one company is trying a new business model on for size, albeit with limited success.

The company is Qbix, and their freemium app is called “Calendar 2.”  It’s a solid calendar app with more features than Apple’s default app, and the Qbix offers its users premium features if they’re willing to allow the company to make use of CPU cycles to mine cryptocurrency.

Hackers around the world have been enslaving the computers of unsuspecting users and using their processing power to mine cryptocurrency, all while making millions in the process. However, this is the first instance we’ve seen of a company attempting to bring the business model mainstream.

Unfortunately, there were two issues with the release of the latest version.  First, there was a bug in the way the mining app was implemented that kept it running, even if users opted out of the default setting (which is, of course, to accept the arrangement).

Second, and even more disturbing, the mining software consumed twice as much processing power as the calendar app claimed that it would.  Both flaws were discovered by Calendar 2 users, who did not have nice things to say about the app and expressed their concern that Apple had allowed the app on the App Store in the first place.

For Apple’s part, the company seems to have no problem with the revenue scheme, provided that the offering company gets the consent of the user. Although given Calendar 2’s less-than-spectacular-success with the idea, the company may well change their Terms of Service to forbid it going forward.