Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

New Ransomware Ploy

advertisement 
2•15
Information
you can use
sm
New Ransomware Ploy
A
Swiss security outfit recently disclosed a sneaky new
sort of ransomware. It is a new twist on the
Cryptolocker-type of disk encryption.
The “traditional” means of ransomware have always been to:
! Hack into the network, shut down the network facing
part of the webservers, scramble everything you can
find, and make your ransom demand;
! Compromise the webservers with an exploit kit, invoke
ransomeware on everyone who logs in, and extort
money piecemeal from every customer.
! Hold out for ransomware on everyone who logs in, and
tell them to get the company to pay.
In this case, however, the bad guys took a surprisingly lowkey, annoyingly simple, and hard-to-spot approach – take
over the login database
The target company was using an online customer portal. So
the malware writers broke in and hacked the code that dealt
with the user database.
Basically, the database engine itself was slightly modified so
that user login data was scrambled with a key held by the
crooks when it was saved, but quietly decrypted when it was
read out. On the surface, everything was working fine, but
the raw data underneath was, as an analyst termed it,
“shredded cabbage.”
The decryption key was never actually stored on the hacked
server, but was instead loaded into memory at startup time
from a remote server operated by the crooks:
Then one day, apparently after about two months after the
hack occurred, the crooks removed the decryption key from
their server. So, even though the vast majority of the forum
data was intact and online — customers couldn't log in,
because their usernames had suddenly changed from JIMMY
to FKOVWH3Z7LUV.
Worse, of course, their passwords were scrambled too.
So who knows what password could possibly produce the
required authentication and unlock each account?
Customers then started calling in to say, “We can't log in.”
So, the company followed the traditional recovery steps.
Recovery attempt one
The traditional first step is to recover from a backup. Except
that in this case, the backups for the past two months
included the “shredded-cabbage” login data.
Recovery attempt two
The company would be faced with working through all the
databases, either automatically, manually, or using a bit of
both, and work out what users had their ID transformed into
gibberish. Then they would have to reset passwords, and email them with their new, unusual, usernames as a temporary
measure. It would be ugly, but it would work.
But, the bad guys scrambled usernames, passwords, and email addresses. So even if you can fix Jimmy’s account, you
can only let him know by e-mailing him by sending it to
someone called RDoj2PM4@yivLUZ6aabF DOT GzO3.
Recovery attempt three
Now the message arrives from the bad guys. “Would you
like to buy the decryption key?” There’s no indication of
how much the ransome was, or whether the affected
company eventually paid up (the impression given is that the
company did not).
But it’s an interesting reminder of how security on your
server is as much about your customers and your reputation
as it is about your data. The twist here is that this affected
the company’s customers at their point of interface with the
company, and the cleverness was the encryption lasting for
two months before turning off the key, so that any current
database backup was “shredded cabbage” and unrecoverable without paying for the key.
We bring this up as we continue to see cases of ransomware
affecting our clients. Cryptolocker and its variants are still
active in the IT realm, and despite efforts to block it from
accessing the off-site servers that conduct the encryption, it
occasionally sneaks by and a computer is turned into
“shredded cabbage” as the story calls it. That is why SIM2K
is beefing up our security and backup offerings to offer
better protection against this sort of attack. We will be
reaching out to clients where we feel you may benefit from
some enhanced protocols to better protect your data both onand off-site. And, you are welcome to call us to discuss how
best to protect your data.
February, 2015
page 2
Surface 2 Goes into the Sunset
M
icrosoft seems to be within a whisker of calling it quits
on its failed experiment with the Surface tablet, the
device powered by the ARM architecture and Windows RT, an
offshoot of Windows 8.
In late January, Microsoft’s own online store showed all
configurations of the Surface 2 – the lone Windows RT tablet
still sold –- as out of stock. Best Buy, Microsoft’s U.S. retail
partner, also showed no Wi-Fi models available for online
ordering, although spot checks had some stores with inventory
for in-store pickup. And while giant e-tailer Amazon listed
some Surface 2 tablets for sale, many were refurbished units,
not new devices.
Malware Hidden in Ads
A
ttackers who slipped malicious advertisements onto major
websites over the last month have potentially
compromised large numbers of computers.
Several security vendors have documented attacks involving
malicious advertisements, which automatically redirect victims
to other websites or pages that silently attack their computers
and install malware.
“We certainly see malvertising on the rise,” said the security
research company Cyphort. “We see it is going to be a major
channel of delivering malware this year.” For the second time in
about a month, Cyphort found malicious advertisements
popping up on major websites including the Huffington Post
and LA Weekly.
Another tip-off that the Surface 2 line will be dead-ended:
Microsoft will not offer an upgrade to Windows 10 for either
that tablet or its predecessor, originally called Surface RT and
then renamed simply Surface. Instead, Microsoft will provide
an unspecified update at some point in the future. But there
will not be a path to Windows 10, the operating system slated
to release later this year and which will, by Microsoft’s telling,
be its sole client OS for years to come.
The malvertisements were distributed by Adtech.de, an AOLowned online advertising company, and two other companies,
adxpansion.com and Ad.directrev.com. The bad ads appear to
have been removed from Adtech, a Cyphort spokesman said,
who has been in touch with its security team. He couldn’t reach
the other two companies.
Analysts agreed that the Surface 2 and Windows RT are
goners. “It's pretty clear that we’re not going to see any nonSurface Pro devices,” said the NPD Group, referring to the
Microsoft’s “it's-a-tablet-it's-a-notebook” device that runs the
full Windows.
The malicious advertisements redirected users through several
domains before finally dumping them on pages hosting an
exploit kit, an attack tool that scans for software vulnerabilities.
If a vulnerability is found, malware is automatically delivered, a
dangerous type of attack known as a drive-by download. The
malware installed is called Kovter, which is used to fradulently
generate ad impressions.
The Surface RT was troubled from its release, and bled money
almost from the start. Within nine months, Microsoft had taken
a $900 million write-off to account for a glut of tablets heavily
discounted to move inventory. And Windows RT never was
adopted by other OEMs and those that did dropped it
immediately.
How did Microsoft make such a big blunder with the Surface
2? An analyst at Technalysis Research said “The fundamental
mistake with the Surface RT was that they missed that the
most important thing about a PC is that it’s compatible. The
Surface was incompatible with the PC, and couldn’t run all the
customer’s legacy applications.” Microsoft never made clear
to consumers that Windows 8 and Windows RT were entirely
different beasts, and that the latter was, in fact, incapable of
running – with the exception of Microsoft’s own scaled-back
Office – anything but the new “Metro” apps.
Last year, Microsoft was on the verge of releasing a smallersized Surface, dubbed the Surface Mini, but at the last minute
decided not to launch the 7 or 8 inch device, afraid that it
would not sell. Tablet sales, especially in the U.S., where
Microsoft has done its best business with the Surface line,
have stalled; most who wanted one already have one, and
those with one see little need for regularly replacing the
device. And if nothing else, the demise of the Surface has
shown that tablets are harder to sell than two years ago.
It can be difficult for online advertising companies to keep bad
ads out of their systems. The companies get millions of ads
submitted to them, and any one of them could be malware.
Attackers, for example, may enable malicious payloads after
their ads have been approved. Other times, they may only attack
every 10th user. The ads have to be repeatedly checked to
ensure they're not malicious.
On Tuesday, Cisco’s Talos security research group wrote it had
analyzed another large malvertising campaign that uses the
Angler exploit kit, a potent one known for its quick
employment of the latest Flash vulnerabilities. More than 1,800
legitimate domains were being used as part of that campaign. It
appeared the attackers had gained control of the domain
accounts, many registered through GoDaddy. The attackers
created subdomains on those accounts. People who viewed a
malicious ad were redirected to a newly-created subdomain,
which then redirected to another subdomain that served up the
exploit kit. The attackers have created so many subdomains
that one may only be used once to redirect said Cisco. Since
malicious domains are often quickly detected and blocked by
security software, rotating them helps ensure an attack will be
successful.
While “safe surfing” habits may not protect you from drive-by
exploits, especially if you are on an established site like AOL, it
is still important to watch for any unusual activity and to run
defensive programs like Malwarebytes to head off potential
malware infections. Call us for more details.
February, 2015
page 3
Server 2003 Deadline Looms
W
indows Server 2003 will retire in six months, a deadline
that many companies will miss, experts say.
“If it’s not broke, don't fix it,” said a major IT services provider,
when asked why Windows Server 2003 has hung on even as its
support deadline looms. “It was the first really mainstream
server from Microsoft, a really solid OS, and gave Microsoft a
lot of credibility [in server software].”
Microsoft will terminate security updates for Server 2003 on
July 14, ending the product's support lifecycle. The company
launched Server 2003 in April 2003. Like Windows XP, on
which it was based, it will have been supported years longer
than the usual decade.
Because Microsoft will no longer patch the software after July,
companies have been replacing Server 2003 with newer
operating systems since the software’s peak in 2009, when,
according to research firm IDC, nearly 20 million systems ran
the OS worldwide. But there are still millions of machines
running Server 2003, with pockets of the software in most data
centers, said tech vendor CDW. And with the support deadline
quickly approaching, customers are scrambling.
Although Microsoft publishes support deadlines long in
advance – and has been beating the drum to dump Server 2003
for months – it’s not unusual for customers to hang on too long.
Last year, as Windows XP neared its final days of support, there
were still huge numbers of systems running the aged OS.
Companies lined up to pay Microsoft for extended support
contracts and PC sales stabilized in part because enterprises
bought new replacement machines.
Problems replacing Windows Server 2003 may appear similar
at first glance, but they’re not: Servers are critical to a business
because of the applications that run on them, which may have
to be rewritten or replaced. This situation is quite different for a
server than a PC, because a user can just buy a new PC and
continue working where a server is much more complex and
touches every user on the network. Continued use of Windows
Server 2003 is about more than just the OS itself. In the vast
majority of the cases, there is an application that is directly
responsible for the continued use of older Windows server
products. Those applications may themselves be unsupported
at this point, the company that built them may be out of
business, or the in-house development team may have been
disbanded. Any of those scenarios would make it difficult or
even impossible to update the applications' code to run on a
newer version of Windows Server. Complicating any move is
the fact that many of those applications are 32-bit – and have
been kept on Windows Server 2003 for that reason – and while
Windows Server 2012 R2 offers a compatibility mode to run
such applications, it’s not foolproof.
SIM2K urges all our clients still running Server 2003 to look
into a migration strategy as soon as possible. While end of
support is not the end of the world for this OS, it does have
impact on security of your most critical part of your company’s
IT infrastructure. Therefore, we would like to see plans in place
to move off 2003 to newer server operating systems.
“Random Tid-Bytes”
Connected Cars
I
f you buy a car during the next five years, there's a good
chance it will have a wireless network connection that will
enable a myriad of mobile services. That’s the prediction market
research firm Gartner has made in a report predicting that there
will be about 250 million “connected” cars on the road by 2020.
Early last year, Gartner had predicted 150 million connected cars
by that time, so this latest report certainly ups that number.
Driving the adoption of connected car technology is the
expansion of high-bandwidth wireless network infrastructure,
rising expectations for access to mobile content and better service
from smartphones and tablets. While several major carmakers
have rolled out connected vehicles in a limited number of models,
in-vehicle wireless connectivity is rapidly expanding from luxury
models and premium brands to high-volume midmarket models,
Gartner said. For example, General Motors last May began
offering Wi-Fi through OnStar and AT&T. The service includes
4G-LTE connectivity starting at $5 per month. Audi announced a
similar deal with AT&T for 4G-LTE service, as did Tesla. But the
all-electric Tesla will only offer 3G Wi-Fi. Verizon has partnered
with Hyundai to offer 3G Wi-Fi and Chrysler is offering it
through Sprint.
Come Back, Firefox Users!
A
fter Google's share of the U.S. search market slipped in
December, the Mountain View, Calif. company has been
trying to entice Firefox users back to the fold. Firefox users who
steer to google.com are being asked if they want to reset their
home page to the site or if they would like to change their default
search engine to Google. The move was an obvious response to
Mozilla’s November deal that made Yahoo the default search
engine for most U.S. users of Firefox. Previously, Google was the
browser’s default, but after the latest contract expired, Mozilla
went with Yahoo instead. That resulted in an almost immediate
decline in Google's share of the U.S. search market and a
corresponding increase in Yahoo’s. In January, Irish analytics
company StatCounter said that Firefox 34, the version launched
Dec. 1 and the first to use Yahoo as its default, was generating
four times the search referrals from that search engine than had its
predecessor, Firefox 33. Long term it's unlikely that Firefox’s
Yahoo play will dramatically impact Google, if only because of
Firefox’s small usage share of the U.S. browser market. For
January, Firefox accounted for 16.5% of all browser usage, up
from 13.6% in December, but far behind Google's own Chrome at
39.7% and Microsoft’s Internet Explorer at 33.2%.
Got an iPhone? You are not alone.
A
pple said it sold a record 74.5 million iPhones in the
December quarter, a record that bested the old by a
whopping 24 million – close to the entire quarter’s sales in AprilJune 2012. iPhone sales were up 46% compared to the December
2013 quarter, which until Tuesday was Apple’s best-ever.
Revenue generated by the iPhone topped $51.1 billion, another
record – 58% higher than the previous set in the December 2013
quarter – and accounted for 69% of the company’s total revenue
of $74.6 billion, yet another record. The iPhone’s prior share
maximum of 57% had been set in 2014’s first quarter.
February, 2015
page 4
Windows 10 to be “Free”
I
t’s official, Windows 10 will be a free upgrade for existing
Windows users — as long as you claim it quickly.
Kicking off the consumer-focused Windows 10 event in
Redmond in January, Microsoft operating system chief Terry
Myerson announced that current users of Windows 7,
Windows 8.1, and Windows Phone 8.1 will be able to
upgrade to Windows 10 for free for one year after the
operating system launches. Once you’ve claimed the
upgrade, Microsoft will keep you updated for the supported
lifetime of the device. “We think of Windows 10 as a
service,” Myerson said.
Is there a catch? Here’s the fine print from the Windows 10
page on Microsoft's site:
“It is our intent that most of these devices will qualify, but
some hardware/software requirements apply and feature
availability may vary by device. Devices must be connected
to the internet and have Windows Update enabled. ISP fees
may apply. Windows 7 SP1 and Windows 8.1 Update
required. Some editions are excluded: Windows 7
Enterprise, Windows 8/8.1 Enterprise, and Windows RT/RT
8.1. Active Software Assurance customers in volume
licensing have the benefit to upgrade to Windows 10
Enterprise outside of this offer. We will be sharing more
information and additional offer terms in coming months.”
Hardware companies have increasingly been giving away
software upgrades to keep their users tied to their
ecosystems. Apple, for example, has made both its Mac
OS and iOS free, as well as many of its productivity and
photo management tools.
“If Microsoft wants consumers to update and keep up to
date, it really means that Microsoft is going to have to
give those consumers those updates for free. There’s really
no other way to do it,” said Gartner at the research firm’s
annual technology conference. “A consumer isn’t going to
give Microsoft a credit card and say, ‘Charge me for a
new release whenever one comes out,’” Gartner added.
“It’s very likely that consumer releases will be free.”
That will affect Microsoft’s bottom line: With Windows
10 expected to be the nameplate for the OS for years
longer than the usual three-year cycle between major
upgrades – from Windows 7 to Windows 8, say – free
means that consumers will never again have to pay to
upgrade their PC’s OS.
A constant trickle of free updates and upgrades will also
put computer makers in a bind, as historically they have
relied on new editions to spark sales, particularly to
consumers.
IT analysts believe the decision to make Windows 10 a free
upgrade for existing users — at least for a limited time —
makes sense. Windows 8 users have vocally expressed their
displeasure with the operating system, prompting happy
Windows 7 users to stay put on that OS. That hinders
Microsoft’s ability to execute its vision for a service-centric,
cloud-connected future for Windows; making Windows 10
free could spur more users into embracing a modern
Microsoft operating system.
Windows 10 may mark a new approach toward OS
development for Microsoft. Could the days of major
Windows updates be over? Will Microsoft start releasing
OS updates more incrementally, similar to how
smartphone operating systems are updated? Either way,
essentially giving away Windows 10 to the majority of
Windows users is a big move on Microsoft’s part, and one
that will likely help a lot of users run screaming from
Windows 8.1. Windows 7 holdouts may be a tougher sell.
The free upgrade is only available for the first year.
Microsoft has yet to announce the software’s price for the
upgrade after that one-year window.
SIM2K will continue to monitor the development and
eventual release of Windows 10. As always, we caution
all “early adopters” out there to hold off on any upgrades
until someone else finds the bugs in the new OS.
The move is likely designed to convince consumers that
Windows is worth the effort. Windows 10 is an attempt to
wipe the slate clean after missteps with Windows 8,
including a new start menu that attracted complaints from
PC users, who sorely missed the traditional menu.
More than half of all desktops in the world still run Windows
7. Almost 20% still run Windows XP, a 14-year-old
operating system. Windows 8.1 has yet to reach 10%.
Need Help? Send support requests to:
ticket@sim2k.com
SIM2K
sm
6330 E 75th St., Suite 336
Indianapolis, IN 46250
317.251.7920 • 800.746.4356
www.sim2k.com • sales@sim2k.com
SIMformation is the monthly newsletter from SIM2K. Information
presented here is designed to inform you of trends in the business world
affecting information technology. For questions or comments, write
SIM2K, 6330 E. 75th St., Ste. 336, Indianapolis, IN 46250. Call us at
(317) 251-7920 or e-mail sales@sim2k.com. Visit us at www.sim2k.com.
Related documents
Chapter 1Computer Concept
Chapter 1Computer Concept
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
Nichole Klocke de Rodriguez
Nichole Klocke de Rodriguez
Database Administration Fundamentals
Database Administration Fundamentals
ASP.NET MVC
ASP.NET MVC
Old YMCA Building in Richmond, Indiana 47374
Old YMCA Building in Richmond, Indiana 47374
Database Administration Fundamentals Course Outline
Database Administration Fundamentals Course Outline
Cloud OS Vision Deck Full Version
Cloud OS Vision Deck Full Version
Microsoft Office Specialist Exam Skill Standards
Microsoft Office Specialist Exam Skill Standards
Download
advertisement