Data theft and ransomware attacks with a direct financial impact on their victims are some of the primary threats that the health care industry is facing. Healthcare was the most affected sector in terms of cyberattacks in 2015, accumulating a total of 253 security holes and 112 million stolen records.
Despite its long history of lucrative attacks and the thousands of people affected by its intrusions, ransomware was given the same treatment as other infractions in the eyes of the The Health Insurance Portability and Accountability Act of 1996 (HIPAA). This US legislation grants privacy to data and the provision of security to safeguard medical information. Until now, ransomware was part and parcel with the rest of the legislation.
The current scenario calls for greater protection of the multitudes of devices that compose a hospital’s IT infrastructure. The US Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) has declared that ransomware infections constitute a serious violation of the standard. It has been raised to the level of a serious infraction and a breach of cybersecurity.
With the recognition of the activity of encryption (typical of a majority of ransomware incidents) as a form of unauthorized acquisition and diffusion of medical data, ransomware has become subject to HIPPA security rules. This has established the national standards to protect patient information that is stored or transmitted electronically.
Let Us Protect You
If it seems like cybersecurity breaches are a major hassle in themselves, we must now think of the other fiscal penalties that come into play if security protocols are not met. Non-compliance with these protocols could come to light in the event of a cyberattack such as ransomware.
Adaptive Defense 360 is the only advanced cybersecurity system that combines latest generation protection, detection, and remediation technology with the ability to classify 100% of running processes.
This solution classifies all active processes in every endpoint, guaranteeing protection against known malware and against threats such as zero-day attacks, Advanced Persistent Threats, and targeted attacks.
Better to prevent infection now than to cure it later.
For this week’s guest article, Luis Corrons, director of PandaLabs, spoke with Eddy Willems, Security Evangelist at G Data Software AG, about security in the age of the Internet of Things.
Luis Corrons: Over the course of your more than two decades in the world of computer security, you’ve achieved such milestones as being the cofounder of EICAR, working with security forces and major security agencies, writing the entry on viruses in the encyclopedia Encarta, publishing a book, among other things. What dreams do you still have left to accomplish?
Eddy Willems: My main goal from the beginning has always been to help make the (digital) world a safer and better place. That job is not finished yet. To be able to reach a wide public, from beginners to more experienced internet users, I wrote my book ‘Cybergevaar’ (Dutch for Cyberdanger) originally in my native language. After that it has been translated into German. But for it to have a maximum effect, I really want it to be published in the most widely spoken languages in the world like English, Spanish or even Chinese. That really is a dream I still want to accomplish. It would be nice if we could make the world a little bit safer and at the same time make life a little bit harder for cyber criminals with the help of this book.
Another ambition that fits into my dream of making the world a safer place, is to get rid of bad tests and increase the quality of tests of security products. Correct tests are very important for the users but also for the vendors who create the products. Correct tests will finally lead to improved and better security products and by that finally to a safer world. That’s the reason why I am also involved in AMTSO (Anti Malware Testing Standards Organization). There is still a lot to do in that area.
LC: Since the beginning of 2010 you’ve been working as a Security Evangelist for the security company G Data Software AG. How would you define your position and what are your responsibilities?
EW: In my position as Security Evangelist at G DATA, I’m forming the link between technical complexity and the average Joe. I am responsible for a clear communication to the security community, press, law enforcement, distributors, resellers and end users. This means, amongst other things that I am responsible for organizing trainings about malware and security, speaking at conferences and consulting associations and companies. Another huge chunk of my work is giving interviews to the press. The public I reach with my efforts is very diverse: it ranges from 12 year olds to 92 year olds, from first time computer users to IT security law makers.
EW: Social networks are only one vector of many infections mechanisms we see these days. Of course we can’t deny that social networks are still responsible for even some recent infections: end of November a Locky Ransomware variant was widely spread via Facebook Messenger. But still Facebook, Google, LinkedIn and others have some good protective measures in place to stop a lot of malware already. Surfing the web and spammed phishing or malware mails are still the main entry points for malware in companies. Delayed program and OS updating and patching and overly used administration rights on normal user computers inside companies are key to most security related problems.
LC:What do you believe to be the greatest security problem facing businesses on the Internet? Viruses, data theft, spam…?
The weak link is always an unaware or undertrained employee. The human factor, as I like to call it.
EW: The biggest security threat to businesses are targeted phishing mails to specific employees in the company. A professional, (in his native language) well-written created phishing mail in which the user is encouraged to open the mail and attachment or to click on a specific link, has been seen in a lot of big APT cases as the main entry point to the whole company. These days even a security expert can be tricked into opening such a mail.
Another great threat is data breaches. Most of those are unintentional mistakes made by employees. A lack of awareness and a lack of understanding of technologies and its inherent risks are at the base of this.
Both of these risks boil down to the same thing: the weak link is always an unaware or undertrained employee. The human factor, as I like to call it.
LC: Criminals are always looking to attack the greatest amount of victims possible, be it through the creation of new malware for Android terminals or through older versions that may be more exposed. Do cybercriminals see infecting old devices the same way as infecting new devices? Which is more lucrative?
EW: Android has become the number 2 OS platform for malware after MS Windows. Our latest G DATA report saw an enormous increase in Android related malware in 2016. G DATA saw a new Android malware strain every 9 seconds. That says enough about the importance of the platform. Current analyses by G DATA experts show that drive-by infections are now being used by attackers to infect Android smartphones and tablets as well. Security holes in the Android operating system therefore pose an even more serious threat. The long periods until an update for Android reaches users‘ devices in particular can aggravate the problem further. One of the bigger issues is that lots of old Android devices will not receive any updates anymore, bringing the older devices down to the same level of (no) security as Windows XP machines. Cybercriminals will look to the old and new Android OS in the future. Malware for the old Android versions will be more for the masses, but malware for the new versions Android versions needs to be more cleverly created and are more lucrative if used for targeted attacks on business or governmental targets.
LC: In this age of technological revolution through which we are now living, new services are invented without giving a second thought to the possibility that it may be put to some ill-intentioned use, and are therefore left under-protected. Has the Internet of Things become the main challenge with regard to cybersecurity? Does the use of this technology conflict with user privacy?
EW: I wrote about the Internet of Things already a couple of years ago at the G DATA blog where I predicted that this platform would become one of the main challenges of cybersecurity. In my opinion IoT stands more or less for the Internet of Trouble. Security by design is dearly needed, but we’ve seen the opposite unfortunately in a lot of cases.
Besides Smart grids and Smart factories, Smart cities, Smart cars and Smart everything else, we will also need Smart security.
IoT is seriously affecting our privacy unfortunately. The amount of data IoT devices are creating is staggering and that data is being reused (or should we say misused). You’ve undoubtedly agreed to terms of service at some point, but have you ever actually read through that entire document or EULA? For example, an insurance company might gather information from you about your driving habits through a connected car when calculating your insurance rate. The same could happen for health insurance thanks to fitness trackers. Sometimes the vendor states in the EULA that he isn’t responsible for data leakage. It brings up the question if this is not conflicting with the new GDPR (General Data Protection Regulation).
I am convinced the Internet of Things will bring about much that is good. I can already hardly live without it. It is already making our lives easier. But IoT is much bigger than we think. It’s also built into our cities and infrastructure. We now have the opportunity of bringing fundamental security features into the infrastructure for new technologies when they are still in the development stage. And we need to seize this opportunity. That is ‘smart’ in my opinion. Besides Smart grids and Smart factories, Smart cities, Smart cars and Smart everything else, we will also need Smart security. I only hope the world has enough security engineers to help and create that Smart security.
LC: New trends such as the fingerprint and other biometric techniques used with security in mind are being implemented, especially in the business world. What’s your opinion about the use of these methods? For you, what would the perfect password look like?
EW: Simple, the perfect password is the password I can forget. In an ideal world, I don’t need to authenticate myself with other tools anymore except part(s) of my body. It’s unbelievable how long it takes to implement this in a good way. The theory is there for ages and we have the technology now, it’s only not perfect enough which makes it costly to implement in all our devices. After that comes the privacy issues related to it, which possibly will postpone the implementation again.
We also need to think about the downside of biometric techniques. If my fingerprint or iris gets copied somehow, I don’t have the option of resetting or changing it. So we will always need to have a combination of authentication factors.
LC: Your book Cybergevaar pitches itself as a sort of information manual on IT security for the general public, offering various tips and advice. What were some of the greatest challenges in outlining a book aimed at every kind of Internet user? What piece of advice on display is most important for you?
EW: One of the big challenges in writing the book was leaving out most of the technical details and still remaining on a level that everyone, including experts and non-technical people, wants to read. I tried to keep a good level by including lots of examples, personal anecdotes, expert opinions and a fictional short story. Keeping all your programs and OS up-to-date and using common sense with everything you do when using your computer and the internet is the best advice you can give to everybody! The real problem most of the time is, as I mentioned before, the human factor.
LC: There’s been some talk of a “new reality”, the omnipresent Internet in every aspect of our lives. From your perspective, is this phenomenon truly necessary?
EW: IoT is just the beginning of it. I think we are very near to that ‘new reality’ even if you don’t like it. Our society will be pushed to it automatically, think about Industry 4.0 and Smart cities. In the future you will only be allowed to buy a car with only these specific Smart features in it or you will not be allowed to drive in specific cities. A smart cooking pan that automatically tracks calories and records your delicious recipes as you cook in real time will only work with your new internet connected Smart cooking platform. The omnipresent internet is maybe not really necessary but you’ll be pushed to it anyway! The only way to escape it will be maybe a vacation island specifically created for it.
We also need to think about the downside of biometric techniques. If my fingerprint or iris gets copied somehow, I don’t have the option of resetting or changing it.
LC: What have been for you the worst security violations that have marked a before-and-after in the world of cybersecurity? Do you have any predictions for the near future?
EW: The Elk Cloner virus and the Brain virus back in the eighties … everything else is just an evolution of it. We probably wouldn’t have this interview if nothing had happened 30 years ago or … maybe it was only a matter of time? Stuxnet was built to sabotage Iran’s Nuclear program. Regin demonstrates even more the power of a multi-purpose data collection tool. Both built by state agencies showing that malware is much more than just a money digging tool for cybercriminals. And of course the Snowden revelations as it showed us how problematic mass-surveillance is and will be and how it reflects back to our privacy which is slowly fading away.
Malware will always be there as long as computers -in whatever shape or form they may be around, be it a watch, a refrigerator or a tablet- exist and that will stay for a long time I think. Cybercrime and ‘regular’ crime will be more and more combined (eg. modern bank robberies). Malware will influence much more our behavior (eg. buying, voting, etc) and ideas resulting in money or intelligence loss. Smart devices will be massively misused (again) in DDoS and Ransomware attacks (eg. SmartTv’s). And this is only short-term thinking.
The only way forward for the security industry, OS makers, application vendors and IoT designers, is to work even closer together to be able to handle all new kind of attacks and security related issues and malware. We are already doing that to some extent, but we should invest much more in it.
Hackers can access your data through your headphones
Mark Zuckerberg has a revealing routine he carries out on a regular basis which says as much about him as it does our current era of cyber-uncertainty. Every day when he’s finished talking to friends and business associates, he covers up his laptop’s webcam and microphone jack with a small piece of tape.
Is this simply the paranoia of a man who over the last two decades has had to deal with increasingly sensitive information as well as diminishing privacy in his personal life?
All we know is that many people are utilizing the simple hardware hack, in much the same way, as a cyber security precaution. Whilst those who promote the use of tape no doubt favor the method for its brilliant simplicity, we have worrying news for anyone that thinks this method has all bases covered.
Now even your headphones can spy on you
Your headphones, it has now emerged, can be repurposed from afar, turning them into a microphone capable of recording audio, all of this unbeknownst to the device’s user. A group of Israeli researchers has recently created a piece of malware in order to show how determined hackers could hijack your device and reconfigure it into sending them audio links.
The headphone technology
The researchers, based at Ben Gurion University, created a code aimed at testing their fears about headphone technology. The proof-of-concept code, titled “Speake(a)r,” proved that the very commonly used RealTek audio codec chips contain a vulnerability that allows them to be used to silently repurpose a computers output channel as an input channel.
As Wired magazine have noted, turning a pair of headphones into microphones is a fairly simple task. A quick search on Youtube reveals an abundance of simple hack videos demonstrating how to switch your music listening device into an audio recorder. So it’s the RealTek vulnerability that is the real worry. As the Israeli research team have found, the issue would allow a hacker to record audio if you’re using a mic-less pair of headphones, and even if your laptop or device’s microphone setting is disabled.
Privacy vulnerability
Mordechai Guri, part of Ben Gurion’s cyber security research team, spoke to Wired about the vulnerability they had discovered. “People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.” He added that, “almost every computer today [is] vulnerable to this type of attack.”
The researchers tested their malware hack using Sennheiser headphones. “It’s very effective,” Guri said. “Your headphones do make a good quality microphone.” The team also detailed the extent of the malware’s capability, saying that a hacked pair of headphones could record audio as far as 20 feet away. The recorded file can even be compressed so it can easily be sent over the Internet.
As Guri says, the problem is not one that can receive a simple patch and the vulnerable audio chip may need to be redesigned and replaced in future computers. The full extent of the problem is also not known, as the Ben Gurion research team has so far focused only on RealTek audio chips. They are set to expand their research to determine which other codec chips and smart phones may be vulnerable.
So, if like an increasing amount of people in this era of cyber security, you feel vulnerable to eavesdropping, don’t only reach for the tape. Make sure those headphones are unplugged so as not to be the victim of a stealthy new form of malware.
Now that we’ve taken stock of the year we’re leaving behind, it’s time to establish some resolutions for the year that lies ahead. As in any other field, there’s always something to do when it comes to cybersecurity. The latest report from Accenture, “The State of Cybersecurity and Digital Trust 2016” revealed that 69% of businesses have suffered an attempted or realized data theft over the course of last year. Malware and DDoS attacks figure among the biggest concerns of executives surveyed by the consultancy.
Business managers now have 12 months ahead of them in which to improve security strategies and avoid these much-feared risks. We’d like to propose a few guidelines to improve the protection of corporate systems in 2017.
1. Get On Board the HTTPS Train
The majority of websites visited with Firefox and Chrome in 2016 were already using the HTTPS communication protocol. HTTPS guarantees a secure connection by identifying devices and encrypting data. Every day, the number of websites and applications that use this method increases. But there are still a few stragglers. For this reason, Apple is requiring app developers to incorporate this protocol and Google will publicly mark websitesthat don’t use it. If you haven’t yet, now’s the time to make the move over to HTTPS for your website, and make sure that the applications and websites visited at your company are using it as well.
2. Be Proactive and Know the Risks
The threat of cyberattacks is no longer limited to big corporations. Nowadays any small or mid-sized company is fair game. Criminals are using new and increasingly sophisticated tools and strategies. Better safe than sorry, as the cliché goes. One of the first orders of business is to get a threat detection and prevention program, regularly conduct a system analysis in search of anomalies, and keep your IT team constantly up to date on the latest developments in the field.
3. Invest in Cybersecurity
The Accenture report points out that corporate budgets for cybersecurity are not enough, according to surveys conducted with employers. Investments in this area have to do with more than just security contractors. Worker training programs in IT security or the purchasing of specialized software also require funding.
4. Keep an Eye on Authentication
2016 was not Yahoo’s year. The company had to admit to the breach of 500 million users’ accounts. This attack, the most notorious one in recent months, has set off many alarms. Crucially, it raises the concern about password security in and out of corporate networks. It’s important to create complex passwords, use systems that require more than one login, and adopt multi-step authentication methods. The road to achieving this goes by way of building awareness in your workforce.
5. Come Up With a Contingency Plan
In case a threat makes it past your prevention measures, it’s always good to have a contingency plan in place. This should be a very thorough and well-designed plan that takes into account every possibility. Everything from DDoS attacks and ransomware to the disappearance of a company laptop. This document would establish response protocols to grapple with data breaches and other incidents, distribute damage control responsibilities to the team, and designate measures to be taken, among other things.
These are just a few possible suggestions. The list could go on and on, depending on each individual company’s weak points. A thorough revision of the security flaws that came to light in 2016 will be highly useful for making next year better, and, of course, protecting your IT infrastructure and never letting your guard down.
This Tuesday, the Italian state police dismantled a cyber-espionage ring spearheaded by a brother and sister that sought to exert control over public institutions and administrations, professional studios, employers, and politicians. The network was able to access confidential information by installing a virus on victims’ computers, stealing information sensitive to financial institutions and state security.
Among those affected are former Prime Ministers Matteo Renzi and Mario Monti, as well as the president of the Central European Bank, Mario Draghi, as well as other individuals in possession of confidential information. Mayors, cardinals, regional presidents, economists, employers, and law enforcement officials are also on the list.
How Eye Pyramid Works
The investigation has been dubbed “Eye Pyramid”, after the particularly invasive malware that the suspects used to infiltrate the systems of the people they spied on.
These intrusions appear to have first surfaced in 2012, reaching 18,327 users with the theft of 1,793 passwords using a keylogger. This comes out to be around 87GB data. The method of infiltration was simple given the serious nature of the attack: the cybercriminal sent an email, the recipient opened it, and upon opening the email a software was installed on the device, giving access to its secret files.
Older versions of the malware with unknown origins (although possibly linked to Sauron) were probably used in 2008, 2010, 2011, and 2014 in various spear phishing campaigns.
In a hyperconnected world, with mounting tension between cybersecurity and cyber-espionage — we’ve recently seen a crossfire of accusations exchanged between major powers like the US, China, and Russia — these attacks appear to have special relevance to state security and the dangers it faces in the cyber world.
Advanced Persistent Threat, or How to Avoid a Cybernetic Nightmare
This attack, unprecedented in Italy, will continue to be under investigation and, according to authorities, may end up revealing connections to other cyberattacks carried out in other countries.
Protecting your confidential and sensitive data from cybercriminal networks and attacks such as ATPs is crucial in combatting the growing professionalization of cybercrime.
Advanced threats are no longer an issue when you’ve got an advanced cybersecurity solution like Adaptive Defense 360, the platform that connects contextual intelligence with defense operations to stay ahead of malicious behaviors and data theft. Protection systems are triggered and jump into action before the malware even has a chance to run.
Thwarting potential threats before they become a real problem is the only way to rest easy knowing that your information has not ended up falling into the wrong hands.
Are you aware of the dangers of sharing your internet mobile connection?
Most smartphones have a built-in function that allows you to share the mobile internet connection with other people nearby. Acting very much like a traditional WiFi hotspot, mobile internet connection sharing turns your phone into a hub – authorised devices can then connect to your phone and share the data connection.
This “mobile hotspot” feature is particularly useful when your friends cannot get a reliable connection to their mobile network. Or when you need to get online with your laptop really quickly while “out and about”.
But just as you (should) secure your home network to prevent abuse and deter hackers, you need to take a few extra steps to keep yourself safe. If someone does manage to hack your mobile hotspot they may be able to steal the data stored on your phone – or run up a large phone bill simply by using up your data allowance.
Here are our top tips for boosting your security.
1. Use a ‘secure’ passphrase
When someone tries to connect to your mobile hotspot, they will be prompted to enter a password – which is exactly the same procedure as connecting to any other secure WiFi network. This password needs to be “complex” to prevent hackers from guessing it.
Android and iOS both generate long, complicated passwords by default, but it is worth checking your own settings to confirm. You must resist the urge to replace the password with something simple though – if you make it too easy for your friends to get connected, you also make it easier for hackers to jump online.
The Apple iPhone mobile hotspot requires a password at least eight characters long, but you should consider choosing something even longer that uses a combination of upper and lower case letters, mixed with numbers and punctuation marks (like ! Or ?) to deter dictionary attacks from “guessing” the password. The same password tip applies to smartphones running Android.
2. Disable by default
You can toggle the mobile hotspot function on and off – so it’s only available when you actually need it. You should always ensure the hotspot is toggled off when not in use to reduce the risk of unauthorised connections.
A few extra taps on the screen to enable the hotspot may be annoying – but nowhere near as frustrating as an unexpectedly high phone bill run up by people abusing your mobile data connection.
3. Keep an eye on your screen
Both Android and iOS provide helpful on-screen indicators to show when your mobile hotspot is switched on, and how many devices are currently connected. You should keep an eye on that indicator – it will help you spot when someone is connecting without your permission.
If you do detect an unauthorised connection, turn the hotspot off, and change the password immediately. This will help to prevent your connection being hijacked again.
Using these three tips, you can greatly reduce the risk of becoming another mobile fraud victim. For more help securing your mobile device, download a free trial of Panda Mobile Security.
UK to create new porn filter – but is it enough to protect your kids?
The UK government has recently announced a range of new measures intended to help “police” the internet, identifying and prosecuting cybercriminals and terrorists for instance. In among the proposals of the digital economy bill are plans to restrict access to pornographic websites that breach specific guidelines.
Under the proposal, any websites depicting sex acts that would breach the regulations used by the British Board of Film Classification (BBFC) to issue certificates for movies will be banned. This ban will apply to all UK users – not just children.
Moves to improve online safety
This new filter is part of continued government efforts to protect children from accessing pornography online. Previous measures include “age gateways” on porn sites that will demand proof that the user is over-18 before allowing access.
The reality is that children are being exposed to (or choosing to access) more inappropriate images than ever before. Parents, teachers and healthcare professionals are increasingly concerned about what the long term effect of this exposure is, which explains these new initiatives to restrict access.
Will it work?
Already there are many people raising objections to this latest proposal, claiming that a block on certain websites is unfair to adults who are allowed to view pornography. Other complaints focus on the fact that many of the “banned” sex acts are completely legal for consenting adults to engage in. These objections have little bearing on children, but they could force the government to water down their proposals in the long term.
More problematic is the fact that web filters imposed by central governments around the world almost always have loopholes that are exploited by criminals to carry on as normal. It is entirely possible that a UK content filter will have similar gaps in coverage. Alternatively the use of anonymous web proxies will allow determined users to circumvent these safeguards.
Children need multiple layers of protection online
The proposed web filter will act as a robust baseline protection for your kids as they surf the web. But it will not be sufficient to keep them completely safe.
True internet security relies on using multiple layers of protection to keep unwanted content out. So it makes sense to install a secondary web content filtering tool like Panda Internet Security to catch anything that makes it through the government’s filters.
Panda Internet Security
Panda Internet Security has the added benefit of being able to detect and block attempts to circumvent security. If one of your kids tries to use an anonymous proxy for instance, the filter will detect and prevent access. You also have the added benefit of industry leading anti-malware protection included as part of your subscription.
Whether the government’s proposed porn filter is ever put in place remains to be seen. But there is nothing to stop you from installing your own filter to protect your children right now.
If your employees are like most users, they most likely postpone updates for their OS. In other words, your company’s mobile fleet could be at risk. This is especially true if they are using Android devices. When the famous little green robot gives a notification of the update, a good deal of people wait for other users to try it first and then gauge their reaction.
So Google lags in its response to threats, but the fragmentation of Android devices makes the response time even longer. It’s not enough for Google alone to launch its update, but will later have to be adapted to the specific make and model that your employees are using. Ultimately, an Android patch takes long enough to arrive without the added time of the user postponing an update.
On the other hand, it is true that some people recommend letting some time pass to see how each individual phone reacts to a new update. This advice, which in principle is completely inadvisable for corporate security, does in fact have a reason for being. Some mid-range models could potentially lose some performance or even some functions when a new OS is installed.
Tips on How to Safeguard Your Corporate Devices
The need to protect the confidentiality of corporate data is underscored by this seemingly quotidian matter. For one thing, it’s crucial that employees have a powerful and recent mobile device so as not to run any risks when updating. Also important is that they always have at their disposition the right protection.
The bottom line: your employees should update their mobile software as soon as it’s available. You should also recommend that they make backup copies beforehand. Doing so will reassure them that there is no risk of losing anything. Finally, they should delete cached data to prevent their device’s losing performance. No stone should go unturned in the protection and safeguarding of your company’s data.
Data theft is steadily refashioning itself as a political weapon. This past December, Barack Obama took advantage of his final days in office to take retaliatory measures against Russia. The Obama administration attributes to its Muscovite counterpart the cyberattacks carried out over the course of the recent presidential elections whose goal it was to tip the scales in Donald Trump’s favor for the presidential bid.
In an official statement, Obama announced the measures that include the expulsion of 35 Russian operatives and the introduction of new sanctions against certain people and organizations, including the two primary governmental espionage agencies.
The still-president Obama made this decision despite the Kremlin’s denial of its participation in the cyberattacks against the Democratic National Committee and other organizations in the Democratic Party. These cyberattacks came in the form of a massive email leak (containing many messages that damaged Hillary Clinton’s image), divulged by WikiLeaks to the media and considered to be a crucial element in the results of the election.
Shortly after the White House announcement, the FBI and the NSA published a report accusing Russia of the leak, which affected not only the Democratic Party but also John Podesta, chairman of the Clinton campaign. The document includes technical details of the tools and infrastructure presumably used by Russian intelligence services to “to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities”. These latter victims remain unnamed.
According to the report, that initiative was part of a broader plan that included attacks against other political organisms, corporate infrastructures, data processing centers, universities, and big businesses.
What Targeted Attacks Came Into Play?
The analysis alludes to two kinds of “spear phishing” attacks, a term which refers to fraudulent emails sent from addresses that belong to or seem to belong to one of the victim’s contacts. The first of them came about in the summer 2015. It was directed toward at least one person from a “U.S. political party”, who received an email with attachments that activated a malware download. This was then able to spread itself throughout the system and “exfiltrate emails from several accounts”.
In September of this year, the FBI warned the DNC for the first time that their systems were under attack by a group known as “the Dukes”, with ties to the Russian government.
The second attack took place in the spring of 2016. This time, the report tells us, the attacks consisted of mass emails requesting a change of password from users, a strategy used to access partymembers’ email accounts. While the investigations are underway, Trump continues to deny that the Russian government had anything to do with the intervention made on his behalf.
There is no doubt that with these and other recent developments in the field of cyberattacks, protecting ourselves and our future is key. Over the coming months we will begin to see more and more news on this prickly subject, a clear example of the influence that hacktivism and cybercrime can have in the geopolitical sphere.
Targeted attacks are commonplace. The only way to face them down is with an advanced cybersecurity solution like Adaptive Defense, keeping your company safe from the sorts of silent breaches that can happen without anyone noticing. Until it’s too late.
The latest version of the Microsoft OS has become once again a topic of discussion, and this time it may carry bad news for your company’s security. As the cybersecurity expert Sami Laiho revealed on his blog, every Windows 10 update poses a serious risk. Namely, while your system updates, anyone can take control of your corporate computers.
“This is a big issue and it has been there for a long time,” explains Laiho. This serious flaw comes into play when the OS restarts after installing a new update. Once the system is being updated, all you need to do to gain control of it is to push Shift-F10 to access the command prompt with admin level clearance.
In light of this, the dangers that your company faces are multifaceted. Indeed, any employee can take control of their computer as administrator, access confidential documents, or access the corporate network and create a serious problem from within the company itself.
Laiho points out that it is not necessary to use any specific software to carry out this cyberattack. Just that innocent combination of keys is enough to sow chaos. As if that wasn’t enough, the threat is not limited to those who have physical access to the computer: “An external threat having access to a computer waits for it to start an upgrade to get into the system,” explains Laiho.
Microsoft is apparently working to fix this serious flaw. Meanwhile, the most important thing to prevent threats is to rely on an adequate security solution, and not to postpone Windows 10’s tedious updates.
Forget about how long the update takes. Ideally you would authorize it immediately and stay with the computer at all times. This is the only way to be sure that no bystanders take the driver’s seat of your computer. It is obviously very important to explain this to employees.
In the meantime, we’ll have to trust that they will not commandeer the system themselves and wait for Microsoft to resolve this critical vulnerability.
