Tag: Technology Tips

Most “Wannacry” Hacks Were On Windows 7 Machines

Last year’s Wannacry attack was bad, but in many ways, it was a self-inflicted wound.  According Webroot’s recently published “Annual Threat Report,” almost all of the machines that succumbed to the Wannacry attack were running Windows 7.  That attack is estimated to have caused in excess of $4 billion in total losses.

The central problem is that businesses have been much slower than individuals to make the shift from Windows 7 to the much more secure Windows 10.  For example, in January 2017, only one Enterprise computer in five was running Windows 10, a figure which climbed to 32 percent by year’s end.

Contrast that with the number of Enterprise computers running Windows 7.  In January 2017, a staggering 62 percent of Enterprise computers were still running Windows 7.  That figure declined as the year went on, but only marginally, dropping to 54 percent by the end of the year.

Meanwhile, Windows 8 was running on 5 percent of Enterprise computers in January 2017, and had dropped to 4 percent by the end of the year.  Windows Vista and XP both represented a tiny fraction (less than 1 percent) of Enterprise OS’s.

Contrast that to the Windows 10 migration figures for individuals.  In January 2017, 65 percent of home users had made to switch to Windows 10.  By the end of the year, that figure had grown to an impressive 72 percent.

A Webroot spokesperson had this to say about the report:

“While Windows 10 won’t solve all security woes, it’s a step in the right direction.  Combined with advanced endpoint protection that uses behavioral analysis and machine learning, adopting Windows 10 can greatly reduce enterprises’ vulnerability to cyber-attacks.”

All that to say, if you haven’t moved away from outdated operating systems at your company, this is yet another compelling reason to do so immediately.  No matter what legacy systems you may be running that rely on old OS’s, it’s just not worth the risk.

New Freemium Offer Mines Cryptocurrency

Freemium software is certainly nothing new.  They are free apps that offer premium features if you don’t mind ads displaying while you’re using it or paying a small fee to have the ads removed.  At least one company is trying a new business model on for size, albeit with limited success.

The company is Qbix, and their freemium app is called “Calendar 2.”  It’s a solid calendar app with more features than Apple’s default app, and the Qbix offers its users premium features if they’re willing to allow the company to make use of CPU cycles to mine cryptocurrency.

Hackers around the world have been enslaving the computers of unsuspecting users and using their processing power to mine cryptocurrency, all while making millions in the process. However, this is the first instance we’ve seen of a company attempting to bring the business model mainstream.

Unfortunately, there were two issues with the release of the latest version.  First, there was a bug in the way the mining app was implemented that kept it running, even if users opted out of the default setting (which is, of course, to accept the arrangement).

Second, and even more disturbing, the mining software consumed twice as much processing power as the calendar app claimed that it would.  Both flaws were discovered by Calendar 2 users, who did not have nice things to say about the app and expressed their concern that Apple had allowed the app on the App Store in the first place.

For Apple’s part, the company seems to have no problem with the revenue scheme, provided that the offering company gets the consent of the user. Although given Calendar 2’s less-than-spectacular-success with the idea, the company may well change their Terms of Service to forbid it going forward.

Can Computer Data Be Stolen Through Power Lines?

If you have an air-gapped computer, you probably think you’re safe.  You may think that barring physical access to the machine, no hacker could possibly steal the data on that machine.  Unfortunately, you’d be incorrect.

Security researchers from the Ben Gurion University of the Negev, in Israel, have discovered a new way of stealing data using power lines.  While that may sound like science fiction, it’s actually real and a genuine threat, even to computers thought to be highly secure.

If you’re not familiar with the term, an air gapped computer is one that is isolated from local networks and the internet.  Because it’s not connected to anything, these machines have long been regarded as the ultimate in data security and are used by governments and corporations to store their most sensitive data.

Here’s what the researchers had to say about their discovery:

“As a part of the targeted attack, the adversary may infiltrate the air-gapped networks using social engineering, supply chain attacks, or malicious insiders.  Note that several APTs discovered in the last decade are capable of infecting air-gapped networks (e.g. Turlal, RedOctober and Fanny).

However, despite the fact that breaching air-gapped systems has been shown feasible, the exfiltration of data from an air-gapped system remains a challenge.”

Up until now, anyway.

The researchers have dubbed this new technique “PowerHammer,” and it accomplishes the task of siphoning data from air-gapped systems by creating fluctuations in the flow of electrical current to create a Morse-code-like pattern, which can be used to create a simple binary system.

That accomplished, the only other thing that’s needed is a piece of hardware to monitor the flow of electricity as it passes through power lines and then, decode the signal.  According to the research team, data transfer speeds of up to 1000bps can be achieved.

This should scare the daylights out of anyone in data security.

Massive Malware Attack Stemmed From Bittorent App

According to a Microsoft security researcher, a massive malware attack attempted to install a cryptocurrency mining software on more than 400,000 computers in less than twelve hours.  The failed campaign is noteworthy because of the attack vector used.  It was a supply chain attack implemented by compromising Bittorrent, a highly popular program used to share and download files.

Until recently, security professionals discounted the very possibility of supply chain attacks, regarding them as highly improbable occurrences.  The sad truth, however, is that they’re becoming increasingly common.  Over the past couple of years, we’ve seen a growing number of them, including CCleaner, which is a popular disk-maintenance program.  A poisoned version of it was delivered to more than two million of the software’s users.

In another supply chain attack, M.E. Doc (a tax and accounting application which is widely used in the Ukraine) was tainted and contained the NotPetya wiper worm, and shut down computers all over the world just last year.

Then there was a collection of Android apps that came preinstalled on phones from not one, but two different manufacturers that allowed hackers unfettered access to the data on those phones.  In fact, this is actually the second time Bittorrent has been hijajcked.  Last year, a tainted version of the client installed ransomware on Macintosh computers around the world.

Fortunately, this latest attack was not successful, although Microsoft researcher reported that Windows Defender blocked more than 400,000 attempts to infect computers between March 1st and March 6th, with the actual Bittorrent infection occurring sometime between February 12 and February 19.  In this instance, the threat was regional, with most of the computers being located in Russia, Turkey, and the Ukraine.

While this was the latest supply chain attack, it certainly won’t be the last. Worst of all, these kinds of attacks are notoriously hard to prevent because updates coming from trusted sources are often installed without question.

Intel Taking Additional Steps To Prevent Security Flaws

By now, you’ve almost certainly heard of “Spectre,” one of two recently discovered security flaws that impact every chip made by Intel in the last ten years.

The story of Spectre, and Intel’s response to it has been an interesting one.  In response to the flaw’s discovery, Intel rushed a firmware patch, but quickly had to take it back and recommend that users not install  it, because it created as many problems as it solved.

Intel has since released a better, more stable patch, but hasn’t stopped there.  The company recently revealed that it is introducing various hardware protections against Spectre-like vulnerabilities that may be detected in the future.

According to Intel’s CEO, Brian Krzanich, “(We have) redesigned parts of the processor to introduce new levels of protection through partitioning.  As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical.  Our goal is to offer not only the best performance, but also the best secure performance.”

While that is welcome news for people planning to make purchases in the near future, owners of existing Intel-powered equipment will still have to have to rely on firmware updates for Spectre protection. This unfortunately comes with the tradeoff of a hit to CPU performance.

In tandem with that update, the company also announced that as of now, they have firmware updates available for all of its products launched within the last five years.  This coupled with their recent partnership with Microsoft to help deliver Spectre updates to their legions of impacted customers should provide peace of mind, even with the expected hits to system performance.

Unfortunately, with new variants of Spectre and Meltdown being discovered on a regular basis, this is likely not the last we’ll hear about this issue.

Google Changing Name Of Android Wear Without Updates

Wearable computing devices from smart watches to glasses are struggling to find an audience, and Google’s Android Wear operating system hasn’t gotten much love in recent years.  It has weakened as major players in the tech space have struggled to find a market for these products. On the face of it, these products would seem to be wildly popular, but still haven’t quite captured the imaginations of a critical mass of the consuming public.

Google’s recent announcement that it was rebranding Android Wear to “Wear OS,” is the most significant move we’ve seen in over a year. However, without significant updates, simply changing the name isn’t going to improve the OS’s visibility or viability.

The name change was driven by the fact that when the OS was first released, it appeared only on smart watches, but the company later added iPhone compatibility, which made the name less than perfectly applicable.  In a blog post related to the rebranding effort, Google referred to Wear OS as “a wearables operating system for everyone.”

It’s hard to make a convincing argument that Google is all that interested in wearables.  One needs only to compare the company’s handling of Wear OS with the way Apple handles wearable products and OS’s.

We had to wait two and a half years between the version 1.0 and version 2.0 of Wear OS.  Android Wear was released more than 13 years ago, and since its release, the company hasn’t made any updates or announcements except for the recent blog post announcing its rebranding.

There are some signs that Google has long term plans for the floundering operating system, though.  The company has been recruiting high-profile brands including Tommy Hilfiger, Michael Kors, Hugo Boss, Guess, Gc, Fossil and others to make and sell Android watches.  It will be interesting to see what the company does in coming months.

New InvisiMole Malware Turns Your System Into A Video Camera

Another week, another new threat.  This time, in the form of a new strain of malware that researchers are calling InvisiMole.  The new threat was discovered by researchers at ESET, who found it on a number of hacked computers in Russia and the Ukraine.

While the researchers have yet to trace the software back to the group that developed it, based on the available evidence, the campaign appears to be tightly targeted and highly selective.  Only a few dozen computers have been found to be infected, although all impacted systems are both high-profile and high-value.

As for the software itself, it’s a nasty piece of business capable of quietly taking control over an infected system’s video camera and capture audio. This allows them to both see and hear anything going on in the vicinity of the system.  Essentially then, InvisiMole turns your computer into a compromised Amazon Echo.

Based on the sophisticated design of the software and the fact that the researchers have yet to be able to trace it back to the source, it’s believed that it has been developed by (or at least in partnership with) an unknown state actor.  Although the current campaign is small and highly targeted, given its capabilities, InvisiMole could easily become a much more serious threat.

Even worse, it’s entirely possible that the original developers could lose control of the code, or that some other hacker group could reverse engineer it, causing it to spread far and wide.

Research into the software is still ongoing, and at this point ESET can’t say with certainty how the malicious payload is being delivered to target machines. Of course, at present, there is no antivirus software defense against it.  Stay on your guard.  You never know who might be watching.

Majority Of Web Apps Found To Have Security Vulnerabilities 

How many web apps do you have on your phone?  Probably a ton.  Here’s something you likely didn’t know.  Based on the latest research from Positive Technologies, nearly half of them (48 percent) are vulnerable to unauthorized access.

As bad as that is, it’s just the tip of the proverbial iceberg.

Here are some additional disturbing stats from their report:

  • 44 percent of the apps with vulnerabilities place the user’s personal data at risk
  • 70 percent are prone to leak critical information stored on the device
  • 96 percent of them contain flaws that would allow any malicious actor to exploit them to launch an attack on the target device
  • Of those, one in six (17 percent) has a flaw severe enough that it would allow an attacker to assume complete control over the app, and from there, the device itself

The majority of these flaws (some 65 percent) are the result of simple coding errors, with improper configuration of web servers being the most common of these.

There is one bright spot in the otherwise dismal report, though.  The percentage of apps with critical vulnerabilities has declined slightly, down from 52 percent last year, and 59 percent the year before. So the numbers, while frustratingly large, are trending in the right direction.

Ed Keary, the CEO of Edgescan had this to say on the topic:

“DevSecOps needs to be embraced such that security is throughout the development pipeline.  Application component security management (software components used by developers) is still not commonplace in terms of supporting frameworks and software components and is a common source of vulnerability.”

If your firm designs such applications, pay special attention to this report and review your code base at the earliest opportunity.  Even if you don’t, it pays to be mindful of the percentages, because odds are that your employees have several at-risk apps on the devices they’re connecting to your network.

New Trick Lets Hackers Bypass Office 365 Email Security

What’s old is new again.

Hackers have recently begun re-deploying a decade-old trick called ‘ZeroFont’ to get around Microsoft’s security filters and deliver phishing and spam emails to Office 365 email accounts.  The gimmick?  Zero-point fonts.

As anyone with even passing familiarity to Office 365 knows, if you’re drafting a document, you can change the font size to suit your tastes and preferences.  What few people realize is that you can use html code to set your font to zero-point size.

Of course, such a move has no practical application in everyday usage, because no one could read a zero-point font.  Hackers, however, can make cunning use of it, and Office 365 is unable to detect the presence of zero-point fonts.  Since they’re not detected, they’re not marked as malicious and sail right through the security filters.

By itself, the zero-point trick is useful, but not inherently deadly.  Unfortunately, it can be combined with other tricks like Punycode, Unicode, or Hexidecimal code to insert malicious commands into what appears to be a totally innocent email.

It gets better (or worse, depending on your point of view).  Just last month, researchers at a company called Avanan discovered that it was possible to use the HTML tag in an email or Office 365 document, point it at a malicious site, and the security filters would blithely ignore it.

Again, it should be noted that these tricks aren’t new.  They’ve been around for years, fell out of favor in preference for newer techniques, and now are being recycled.  Apparently, they’re so old that they skate right past modern security flags and filters.

Expect updates soon to catch these types of things, but in the short run, just be aware these types of attacks are not only possible, but trivial to execute.

Turn Cortana Off At Lock Screen To Avoid Potential Hack

Do you use Cortana?  It’s a handy virtual assistant (like Siri) built into Windows 10.  Unfortunately, as useful as she is, there’s a problem. Even if you don’t use Cortana yourself, take heed:  Microsoft has recently issued a security update based on findings by McAfee researchers.

It turns out that Cortana can be “summoned” from the lock screen of your PC and used to execute attacks by tricking the ever-helpful Cortana into indexing files from a USB drive, then executing them.

To accomplish the attack, the hacker would need physical access to the PC. Once they had that, they could easily execute Powershell scripts to reset your Windows 10 password, which would then give them unfettered access.

The vulnerability takes advantage of two things:  First, Cortana “listens” for commands, even while the PC is locked. Then, the OS indexes files constantly so that they’re ready to use at a moment’s notice.  Put those two elements together and you have the makings of a disaster.

Microsoft has rushed a patch out the door to address the issue. For now, the company is advising users to simply disable Cortana on the lock screen, so that your PC has to be unlocked in order for her to be active.  It’s probably good advice, given that not all companies update their OS as soon as patches are available, and this one is important.

To be safe, even if you don’t use Cortana, go into settings and disable the virtual assistant on the lock screen.  Then, when you’re away from your PC, at least that’s one less thing you have to worry about.

Unfortunately, this isn’t the first Cortana-related security issue we’ve seen, and it’s not likely to be the last.  As useful as the feature is, it does open the door to a number of other (potential) problems.  Stay vigilant.