Security Newsletter

The latest news from the sector sees Malware on a laptop become “art”, Microsoft in trouble with the NSA thanks to WinXP vulnerabilities, Dark Net police crackdowns driving cyber criminals into encrypted chat spaces – like Telegram and  more …

Malware Infected “Artwork” Sells For Over $1 Million Dollars

As cyber crime and malware intrusion becomes commonplace within IT estates worldwide, the art world this month has welcomed the latest installation (forgive the pun) artwork entitled “Persistence of Chaos” which sold for $1.3 million in auction.

The ‘artwork’ is in fact an 11-year-old Samsung notebook which has been infected by several infamous malware viruses – from ILOVEYOU to WannaCry – and is the artistic brain child of Guo O. Dong who worked with Cyber Security specialists Deep Instinct in the creation of this project.

The laptop, by law, will have its connection ports “functionally disabled” which will mean its network connection ports, USB ports and Wi-Fi function will be removed prior to completion of sale.

The viruses that are inside this laptop have caused global cyber security catastrophes – from the ILOVEYOU virus that affected computers from the Houses of Parliament to Microsoft. WannaCry which brought down the NHS and cost tens of millions to rectify.

Microsoft Forced to Update Windows XP, Thanks To NSA

Microsoft has become somewhat preoccupied of late with Windows XP – a near 20-year-old operating system. It does not ‘officially’ update this version of Windows. However, the National Security Agency (NSA) has now warned Microsoft Windows XP users to manually update systems to guard against serious cyber attack criminality thanks to a newly discovered fault.

The NSA has issued an advisory note:

“The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially ‘wormable,’ meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

CVE-2019-0708, dubbed ‘BlueKeep,’ is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008, and although Microsoft has issued a patch, potentially millions of machines are still vulnerable.

This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

Cyber Criminals Creating “Invisible Internet” To Stop Police Crackdowns On Dark Net Transactions

As more and more hackers and cyber criminals get arrested thanks to police monitoring of the so-called ‘Dark Net’ more and more criminals are turning to ‘invisible’ or ‘gated’ chat forums and apps with heightened encryption to help prevent snooping from intelligence services.

Researchers from the University of Surrey have noted that:

“The dark net is the part of the internet not accessible to search engines such as Google, and for which people need a special browser to visit. The most well-known dark net is accessed via the Tor browser.”

Successful efforts by police to infiltrate dark net marketplaces as well as raids that saw many of them closed down, had pushed criminal hackers to adopt more secure ways of communicating” said Dr Mike McGuire, a criminologist from the University of Surrey, who led the project.

“It’s not as vibrant as it once was because they know the feds are listening and that they will take down markets,” he continued.

“While criminal gangs were still active on those publicly accessible marketplaces” said Dr McGuire, “any conversations about targets and tactics were instantly moved to secure apps such as Telegram or separate forums.”

Estate Agents “At Risk” Due to Cyber Security Implementation Failures

According to researchers at Dragon Information Systems, a recent survey seems to suggest that small and medium-sized estate agents and lettings agencies are “at risk” due to their failure to implement strong data protection strategies and policies.

Citing YouGove data which suggests that a mere 35 per cent of SMEs have created a sliver of data protection policy frameworks, the inference from the data suggests that nearly 65 per cent of SME lettings and estate agencies in the UK have abysmal cyber security practices.

One of the researchers noted:

“GDPR came into force a year ago and with it came the risk of substantial financial penalties for businesses whose systems are not up to scratch. We are now starting to see the first fines being dished out and this should act as a wake-up call for any estate agencies who have yet to take action” says a spokesman for Dragon.”

If you’d like to know more about basic cyber security protection, framework planning and policy writing for beginners. The National Cyber Security Centre provides a range of resources, toolkits and templates that small business can use to help drive forward a culture change within their organisations surrounding the importance of cyber security and protective measures.

How To Create The Best Patch Update Lifecycle?

When managing an IT estate, many people place a greater emphasis on external threats. However, the patch update health of your IT ecosystem could perhaps be one of your greatest IT security threats.

ZDNet have outlined industry thinking on creating a strong yet holistic approach to patch update management. A patch is a fault in a software system and companies like Microsoft do need to get better.

Hackers use these ‘flaws’ to create malware that threatens IT security within organisations. By using these faults, they deploy malware that targets the very flaw that software companies are constantly trying to patch. This is how WannaCry was able to intersect with the flaw within Windows XP’s EternalBlue vulnerability. This brought down the NHS and organisations across the world. Microsoft has to create emergency patches outside of its routine Patch Tuesday.

However, there are other risks, IT experts have argued that impact patch management cycles. For example, some issues need patching instantly. However, others need a more robust interpretation – and needs to be done in a way that avoids organisational disruption. Updates can cause IT problems due to fragmented system deployments.

Other problems present with legacy systems that some companies ‘fear’ updating. Tech leaders have stated that they’ve seen companies have critical systems, legacy systems, that they do not patch because they fear any repercussions and the inability to get tech support due to its legacy status.

At the end of the day, you need to have a conversation with your IT team, IT leadership and wider community to help drive the right attitude, the right update process and the right legacy lifecycle approach to help give you that ‘edge’ when undertaking patch management.

Until next time