Tag Archives: Malware

Are Hackers Using Good Morning Messages To Hack You?

Can Hackers Use Good Morning Messages To Hack You?

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?

Find out what is happening, and what the FACTS really are!

 

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, has gone viral on social media and WhatsApp.

It’s a long message, so skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read it all !!! Send this message urgently to as many friends as you can to stop the invasion.

Olga Nikolaevna Lawyer: Caution:

ATTENTION

For those who like to send Good Morning pictures! Good day! Good evening!

Do not send these “good” messages.

Today, Shanghai China International News sent SOS to all subscribers (this is the third reminder) that experts recommend: please do not send good morning, good night, pictures and videos,.

Reports show that hackers in China designed the images, the video is so beautiful to hide the phishing codes inside them, when everyone sends these messages, the hackers use your devices to steal personal information, such as bank card information and data to crack the phone.

It has been reported that more than 500,000 victims of fraud have already been deceived.

 

Good Morning Message Hackers : Just Another Hoax!

Many of get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation, Shanghai China International News, that was stated in the hoax does not exist.

Fact #2 : Hackers Do Not Design Good Morning Pictures + Videos

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

In fact, they are mostly created by websites and Facebook pages for people to share, and hopefully attract new followers.

Fact #3 : No Fraud Involving Good Morning Messages

There has been no fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself. At most, it can be used to hide the malware payload from antivirus scanners.

In January 2019, cybercriminals created an online advertisement with a script. The script itself would appear innocuous and pass any check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Fact #5 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

Also, most malware require some sort of action to trigger their execution. Generally (but not always), just downloading a malware won’t trigger it.

 

Please Support My Work!

If you would like to support my work, you can do so via bank transfer /  PayPal / credit card.

Name : Adrian Wong

Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Thank you in advanced! 

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

INTERPOL : Alarming Rate Of COVID-19 Cyberattacks!

According to INTERPOL, cybercriminals are taking advantage of the COVID-19 pandemic, boosting cyberattacks at an alarming pace.

Learn more about their key findings, and what they are projecting will happen in the near future!

 

COVID-19 Pandemic : New Opportunities For Cyberattacks!

The COVID-19 pandemic has forced organisations and businesses to rapidly deploy remote work systems and networks to support staff working from home

Cybercriminals are taking advantage of these new COVID-19 work-from-home normals, targeting staff of major corporations, governments and critical infrastructure to steal data and generate profits.

Online Scams + Phishing

 Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content.

Around two-thirds of member countries which responded to the global cybercrime survey reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.

Ransomware + DDoS

Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.

In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.

Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organisations.

Data Harvesting Malware

Taking advantage of the increased demand for medical supplies and information on COVID-19, there has been a significant increase of cybercriminals registering domain names containing keywords, such as “coronavirus” or “COVID”. These fraudulent websites underpin a wide variety of malicious activities including C2 servers, malware deployment and phishing.

From February to March 2020, a 569 per cent growth in malicious registrations, including malware and phishing and a 788 per cent growth in high-risk registrations were detected and reported to INTERPOL by a private sector partner.

Misinformation

An increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.

Nearly 30 per cent of countries which responded to the global cybercrime survey confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware. There are also reports of misinformation being linked to the illegal trade of fraudulent medical commodities.

Other cases of misinformation involved scams via mobile text-messages containing ‘too good to be true’ offers such as free food, special benefits, or large discounts in supermarkets. 

 

INTERPOL : Projection Of Future COVID-19 Cyberattacks

Here are INTERPOL’s projection of future COVID-19 cyberattacks :

  • A further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
  • Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.
  • Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
  • When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.

 

Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Android Wallpaper Malware Explained + Solved!

Ice Universe shared a really interesting problem earlier today – a wallpaper that would set certain Android smartphones into a boot loop. Literally wallpaper malware!

Find out what this wallpaper malware is all about, and how to prevent it from bricking your Android smartphone!

 

Android Wallpaper Malware Explained + Solved Video

For a quick run-down, we prepared this video that explains what the wallpaper does, and how to solve the problem.

 

Android Wallpaper Malware : What Is It?

The wallpaper was first shared by Ice Universe whose friend was affected by it. As you can see, there is really nothing remarkable about it.

If you set it as a wallpaper on a vulnerable Android smartphone, it will force the device to go into a boot loop.

Once that happens, there is nothing more you can do, except to factory reset your smartphonedestroying all of its data.

 

Android Wallpaper Malware : The Cause

Ice Universe paved the way to discovering the cause when he noted that the wallpaper’s colour seemed to changed when he uploaded it to Weibo.

So we looked into the metadata of the wallpaper, and discovered that it has a specific ICC colour profile for Google Skia – E3CADAB7BD3DE5E3436874D2A9DEE126

That ICC colour profile appears to trip the Google Skia graphics engine for certain Android devices, causing them to reboot.

Technically, com.android.systemui.glwallpaper.ImageProcessHelper crashes from an ArrayIndexOutOfBoundsException while trying to load the wallpaper with the embedded colour profile.

And because the wallpaper loads when Android UI loads, it triggers another reboot. Your smartphone is now stuck in a boot loop – it will keep rebooting on loading the wallpaper.

 

Android Wallpaper Malware : The Solution

The solution is surprisingly simple – remove the ICC colour profile. You can do that by using a photo editor (like Photoshop) and simply saving the wallpaper without embedding the colour profile.

Alternatively, you can use an EXIF remover app or software to strip the wallpaper’s metadata. That should strip its colour profile as well. Just make sure you check before you load it into your phone!

The only problem is that stripping the colour profile makes the wallpaper look less vivid.

But the best thing to do is really just avoid the wallpaper altogether. Don’t even download it.

Google really needs to look into how such a bad colour profile in a picture can trip Google Skia and force the phone into a boot loop.

We should consider this a shot across the bow. Not only should we question whether we really “need” that nice wallpaper, we should be more proactive and :

  • offload our data from our smartphones on a regular basis
  • keep constant backups of our smartphone data
  • consider recording our photos and videos to a microSD card

This way, even if another wallpaper or picture malware comes along and bricks your phone, you won’t lose all of your data.

 

Recommended Reading

Go Back To > Mobile Devices | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Ransomware Warning : 1 in 3 Attacks Target Business Users!

INTERPOL and Kaspersky are urging organisations to protect their data against ransomware, because 1 in 3 attacks target business users!

 

Ransomware Warning : 1 in 3 Attacks Target Business Users!

Recent Kaspersky research revealed that in 2019, WannaCry is still the most prevalent ransomware circulating, and some 30% of people targeted by ransomware were business users!

  • 30% of ransomware attacks targeted business users
  • Organisations lost, on average, US$1.46 million in costs, fines and repetitional damage in 2019
  • WannaCry attacked 164,433 users in 2019, and accounted for 21% of all ransomware attacks.
  • GrandCrab accounted for 11% of attacks, while Stop accounted for 4%.

WannaCry, arguably the world’s most famous ransomware, reached its peak 3 years ago – on 12 May 2017 – but continues to wreak havoc on unsuspecting victims.

GrandCrab is famous for its ransomware-as-a-service model, rented out to cybercriminals by its developers. Meanwhile, Stop spreads through compromised software and websites, as well as adware.

 

Ransomware : How To Protect Your Business

Here are some tips that Kaspersky is recommending to stay protected against ransomware :

  • Explain to employees how following simple rules can help a company avoid ransomware incidents.
  • Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device).
  • Don’t just rely on a physical backup, but also store your backup in the cloud for greater reliability.
  • Always update your operating system and software to eliminate recent vulnerabilities.
  • Use anti-ransomware software, which will prevent ransomware from exploiting vulnerabilities in software and applications – especially important for customers who continue to use Windows 7.

And if a corporate device is encrypted by ransomware, please remember that the attack is a criminal offence. You should NOT pay the ransom.

Instead, report the ransomware attack to your local law enforcement agency, and find a decryptor that may work for you. Some are available for FREE.

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Acronis Cyber Protect : What Does It Offer?

Acronis Cyber Protect claims to be the “world’s first complete cyber protection solution” for businesses and Managed Service Providers (MSPs).

Let’s take a look at what Acronis Cyber Protect offers!

 

Acronis Cyber Protect : What Is It?

Acronis Cyber Protect is a new cyber protection solution, which combines three key features :

  • Backup and Recovery : to allow reliable recovery of data, apps and systems
  • Malware Protection : to defend data with anti-malware and anti-ransomware protection
  • Security Controls : save IT resources with a simplified but comprehensive endpoint management toolkit

 

Acronis Cyber Protect : Business Benefits

This is what Acronis Cyber Protect promises to offer businesses :

Benefit #1 : Data Availability

Create regular, reliable backups of your data automatically and store them securely so they are instantly available whenever needed.

Benefit #2 : Fast Remediation

Restore data to any device – servers, workstations, VMs, and mobile devices – using full reimage, granular restore, or Instant Restore.

Benefit #3 : Downtime Prevention

Avoid the kind of costly system downtime that’s caused by ransomware, configuration errors, unpatched vulnerabilities, or faulty hardware.

Benefit #4 : Lower TCO

Improve performance, internal SLAs, and IT efficiencies so you can focus on important tasks, while simplifying training and maintenance.

Benefit #5 : Streamlined Protection

Eliminate complexity from your operations with one solution that integrates data protection, malware prevention, and security controls.

 

Acronis Cyber Protect : MSP Benefits

This is what Acronis Cyber Protect promises to offer Managed Service Providers (MSPs) :

Benefit #1 : Improved Profitability

Attract new business, upsell existing customers, and improve your ARPU by offering a full range of superior data protection services.

Benefit #2 : Easier SLA Compliance

Ensure that you are meeting your SLA requirements by helping customers avoid downtime and enabling immediate restores when needed.

Benefit #3 : Greater Cost Control

Reduce administrative costs by using one tool for all tasks – backups, onboarding, monitoring, managing, assistance, and reporting.

Benefit #4 : Decreased Churn

Keep your existing customers happy and satisfied so they come back for more – generating greater financial stability for your business.

 

Acronis Cyber Protect : Availability + Promotion

Acronis Cyber Protect has yet to be released, but you can request for Early Access.

Acronis is also offering Cyber Protect at the same cost of Acronis Cyber Backup Cloud for all service providers until July 31, 2020.

 

Recommended Reading

Go Back To >  Software | Cybersecurity | Enterprise | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

COVID-19 Email Scams + Malware Are Spreading!

As the COVID-19 coronavirus spreads across the world, so are COVID-19 email scams and malware!

Tatyana Shcherbakova tells us what she and her team discovered!

 

Warning : COVID-19 Email Scams Are Spreading!

As the COVID-19 coronavirus spreads, fake information is being created and distributed at a very high rate, confusing people all over the world.

Cybercriminals are taking advantage of the confusion, creating various email scams, with some realistic ones pretending to be from the WHO.

Tatyana Shcherbakova, a senior web content analyst, details how her team looked at the COVID-19 email scams, and came across the realistic ones from WHO…

 

WHO Is Warning You? These Are COVID-19 Email Scams!

At first, we found emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. We also found scam emails with phishing links and malicious attachments.

One of the latest spam campaigns mimics the World Health Organization (WHO), showing how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.

Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid a COVID-19 infection.

Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals.

This scam looks more realistic than other examples we have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.

In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources.

If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.

This is especially true if the sender suggests clicking on a link and sharing your personal data or opening an attachment.

You should not donate any real money or trust information with promises to help those affected by the virus, even if the email comes from someone who introduces themselves as an employee of a trusted organization.

Finally, double check the email address, as scammers often use free email services or addresses that have no relation to the organization mentioned.

 

Malware Masked As COVID-19 Coronavirus Documents!

They also found malicious files disguised as documents related to the COVID-19 coronavirus. The malicious files were masked under the guise of pdf, mp4 and docx files about the COVID-19 coronavirus.

The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case.

In fact, these files contained a range of threats, from Trojans to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.

Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file.

This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.

 

COVID-19 Email Scams + Malware : How To Avoid

As governments and businesses are forced by the COVID-19 coronavirus to encourage their employees to work from home, it is critical that they employ these cybersecurity practices to reduce risk of falling for phishing attacks, or malware :

  • Provide a VPN for staff to connect securely to the corporate network
  • All corporate devices – including mobiles and laptops – should be protected with security software
  • The operating system and apps should be updated with the latest patches
  • Restrict the access rights of people connecting to the corporate network
  • Ensure that the staff are aware of the dangers of unsolicited messages

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Microsoft : Cybersecurity Trends + How To Stay Safe In 2020!

As part of Safer Internet Day (SID), Antony Cook from Microsoft shared the key cybersecurity trends in 2020, and how we can stay safe against those dangers.

Even if we are experienced techies, it is enlightening to find out what Microsoft believes are the cybersecurity threats that we should be looking out for in 2020.

 

Microsoft : Key Cybersecurity Trends In 2020!

Cybersecurity Trend #1 : Less Ransomware But More Attacks

Ransomware has declined in recent years, dropping more than 60% from its peak. But Microsoft sees a rise in other types of cyberattacks.

Attackers have learned that ransomware attracts too much attention from law enforcement, and organisations have gotten better at backing up their data.

So hackers are moving onto other activities like cryptocurrency malware and phishing, where they can more easily profit with less attention.

Cybersecurity Trend #2 : Mining Malware Will Be Big!

Attackers are often acting for financial benefit, so they will make big bets on cryptocurrency, especially in Bitcoin.

They will focus more on mining malware that lets them use your computer to mine cryptocurrency coins without being detected.

Coin mining software is easily available, and cybercriminals have put malware into many widely-shared and used software. They are also trying to inject these malware through websites illegally streaming copyrighted content like the latest movies.

Cybersecurity Trend #3 : Embedded Threats

Attackers are now more sophisticated, targeting legitimate and trusted software supply points to deliver malware. There have been many examples of this attack vector :

  • a routine update for a tax accounting application,
  • popular freeware tools which have backdoors forcibly installed,
  • a server management software package,
  • an internet browser extension or site plugin,
  • malicious images which active scripts when clicked,
  • peer-to-peer applications

In those cases, attackers were able to change the code of legitimate software that people trust and install without hesitation, allowing them to “hitch a ride”.

This attack vector is very dangerous and frustrating, because it takes advantage of the trust that consumers and IT departments already have for legitimate software.

Cybersecurity Trend #4 : Phishing Scams

Phishing continues to be one of the most effective ways to compromise systems, because it targets human decisions and judgment.

Microsoft noted that the percentage of inbound emails that were detected as phishing messages increased 250% throughout 2018, and they expect the final figures for 2019 to show the same trend.

 

Microsoft : How To Stay Safe In 2020!

Here is a summary of what Microsoft believes we should do to stay safe online against cybersecurity threats in 2020 :

Cybersecurity Tip #1 : Practice Good Security Hygiene

  1. Keep your operating system and software updated.
  2. Turn on email and browser protections.
  3. Apply the cybersecurity configurations that your hardware and software vendors recommend.
  4. Stay away from any unfamiliar software or websites.
  5. Use only legitimate software, and not just your key applications.

Cybersecurity Tip #2 : Implement More Access Controls

System administrators should implement more access controls, using Zero Trust or at least privilege models.

This will limit hackers that successfully break into your network from accessing more than a segment.

Cybersecurity Tip #3 : 3-2-1 Backup!

Make sure you create and keep backups, and the cloud is a great tool for this.

Microsoft recommends adhering to the 3-2-1 rule – keep three backups of your data on two different storage types, with at least one backup offsite.

Cybersecurity Tip #4 : Keep Vigilant!

Even if we implement strong cybersecurity measures, we must remain vigilant, and keep an eye out for suspicious activity.

Not just system administrators, but users as well. If you see anything suspicious – report it to your IT department immediately.

It can be anything from a sudden slowdown in your computer’s performance, to strange web pages and images appearing.

 

Recommended Reading

Go Back To > Computer SystemsHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Malware Alert : How Shopper Takes Over Android Phones!

An Android malware called Shopper is actively taking over smartphones, to post fake reviews on Google Play.. and worse!

Find out what’s going on, and how to prevent your smartphone from being hijacked by Shopper!

 

Shopper : What Does It Do?

Shopper (Trojan-Dropper.AndroidOS.Shopper.a) is an Android trojan that uses the Google Accessibility Service to take over your smartphone.

It is not yet known how users are being infected, but researchers suspect that it may be downloaded through fraudulent ads, or third-party app stores when they try to download legitimate apps.

The malware masks itself as a system application, and uses a system icon called ConfigAPKs to hide itself from the user.

After the user unlocks the screen, the Shopper trojan launches and gathers information about the device, which is then sent to the attacker’s servers.

The attacker’s servers will then send commands to the Shopper trojan to execute one or more of these actions :

  • Check the rights to use the Accessibility Service. If permission is not granted, it will send a phishing request until it gets it
  • Turn off Google Play Protect, a safety check on Google Play Store apps before they’re downloaded
  • Post fake positive app reviews in Google Play, for those apps

  • Open links received from the remote server in an invisible window
  • Download and install advertised apps from Google Play Store
  • Download and install apps from the Apkpure third-party app store
  • Show ads when the smartphone screen is unlocked
  • Create labels to advertised ads in the app menu
  • Replace the labels of your installed apps with labels of advertised websites
  • Use your Google or Facebook account to register on popular shopping and entertainment apps, like AliExpress, Lazada, Zamora, Shein, Joom, Likee and Alibaba

 

Shopper : Who’s Getting Infected?

Right now, Kaspersky researchers say that it is most widespread in Russia (28.46%), following by Brazil (18.70%) and India (14.23%) :

 

Shopper : How To Block It?

To reduce the risk of being infected by Trojan-Dropper.AndroidOS.Shopper.a, take these actions :

  • Do NOT install apps from untrusted sources
  • Block the installation of apps from unknown sources in your smartphone settings
  • Be wary of apps that require the use of the Google Accessibility Service, especially if the app is not meant to offer accessibility features to the disabled
  • Always check application permissions to see what your installed apps are allowed to do
  • Use a reliable mobile security solution

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

NX Technology from The Tech ARP BIOS Guide!

NX Technology

Common Options : Enabled, Disabled

 

NX Technology : A Quick Review

The NX Technology BIOS feature is actually a toggle for the processor’s No Execute feature.

In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

NX Technology : The Full Details

Buffer overflow attacks are a major threat to networked computers. For example, a worm may infect a computer and flood the processor with code, bringing the system down to a halt. The worm will also propagate throughout the network, paralyzing each and every system it infects.

Due to the prevalence of such attacks, AMD added a feature called No Execute page protection, also known as Enhanced Virus Protection (EVP) to the AMD64 processors. This feature is designed to protect the computer against certain buffer overflow attacks.

Processors that come with this feature can restrict memory areas in which application code can be executed. When paired with an operating system that supports the No Execute feature, the processor adds a new attribute bit (the No Execute bit) in the paging structures used for address translation.

If the No Execute bit of a memory page is set to 1, that page can only be used to store data. It will not be used to store executable code. But if the No Execute bit of a memory page is set to 0, that page can be used to store data or executable code.

The processor will henceforth check the No Execute bit whenever it executes code. It will not execute code in a memory page with the No Execute bit set to 1. Any attempt to execute code in such a protected memory page will result in a page-fault exception.

So, if a worm or virus inserts code into the buffer, the processor prevents the code from being executed and the attack fails. This also prevents the worm or virus from propagating to other computers on the network.

The NX technology BIOS feature is actually a toggle for the processor’s No Execute feature. In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

Recommended Reading

Go Back To > Tech ARP BIOS GuideComputer | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Acronis True Image 2020 – Everything You Need To Know!

Acronis True Image 2020 was just released, and it is the first personal data protection solution to automate the 3-2-1 backup rule!

Here is EVERYTHING you need to know about Acronis True Image 2020!

 

Acronis True Image 2020

Acronis True Image 2020 is the first major update since True Image 2018 was released two years ago.

With this release, Acronis believes it has successfully addresses all Five Vectors of Cyber Protection – ensuring the safety, accessibility, privacy, authenticity and security of the user’s data (SAPAS).

Like its predecessor, it combines data backup and recovery capabilities, with anti-malware technology. The new release though boasts more than 100 enhancements. Let’s take a look at some of them…

Dual Protection In True Image 2020

Acronis True Image 2020 is the first personal data protection solution to automate the 3-2-1 backup rule.

It will automatically replicate local backups into the cloud, so you will always have an off-site copy for recovery.

After you completed the first backup, the backup and replication process will henceforth occur simultaneously.

True Image 2020 Tray Notifications Center

Acronis True Image 2020 now pushes messages about your data to your desktop tray, so you can easily monitor the status of your backups.

In addition to alerting you to urgent issues that require your response, it will also send you tips on how to enhance your computer’s protection.

Back Up Only On Selected Wi-Fi Networks

You will now have greater control, including the ability to select which Wi-Fi network to transfer your back-ups.

This allows you to avoid costly metered connections, and insecure public networks that could put your data at risk.

Custom Power Management

You will also have control on when your backups will run while you are on battery power. You can :

[adrotate group=”2″]
  • completely prevent backups whenever you are on battery power,
  • set a minimum power level for backups to run

Mac Power Nap Backups!

Acronis True Image 2020 will support Power Nap backups. Enable it, and your Mac will backup its data during its Power Nap.

In addition, any changes to your Mac’s data during its Power Nap will be captured in those backups too!

 

Acronis True Image 2020 Price + Availability

Acronis True Image 2020 is available in three versions, with immediate effect :

Standard Edition

This is a perpetual license designed for customers who store their data on local drives only.

It does not come with cloud storage or cloud-based features. However, you can make local backups of an unlimited number of mobile devices.

Pricing starts at $49.99 for one computer.

Advanced Edition

This is a one-year subscription that includes 250 GB of Acronis Cloud Storage, and access to all cloud-based features.

You will be able to make both local and cloud backups of an unlimited number of mobile devices.

Pricing starts at $49.99 per year for one computer.

Premium Edition

This is a one-year subscription that includes blockchain-based data certification and electronic signature capabilities, as well as 1 TB of Acronis Cloud Storage.

Pricing starts at $99.99 per year for one computer.

All versions include Acronis Active Protection – an AI-powered anti-malware protection, and covers an unlimited number of mobile devices.

 

Recommended Reading

Go Back To >  Software | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Top Three 2019 Cybersecurity Predictions By Dimension Data

Mark Thomas, VP of Cybersecurity at Dimension Data, recently shared with us his top three cybersecurity predictions for 2019.

  • Increased Benchmarks Will Improve Standards
  • A Strong Future For Predictive Threat Intelligence
  • Cybersecurity Investments Become More Strategic

 

The 2019 Cybersecurity Landscape

Cybercrime currently represents one of the top 10 biggest threats to our globe during 2019 – and it’s showing no sign of ebbing away. The approaches of hackers are increasing in sophistication, the volume of their attacks is intensifying, and successful breaches are causing more damage than ever before.

But as threats and attack types evolve, so too do our methods of defending against them, sparking levels of innovation previously unseen.

And despite the fact that 2018 represented a record year for the number of new business vulnerabilities discovered (a 12.5% upsurge from 2017), the most commonly attacked industries across the globe are also those best-equipped to guard against the latest criminal advances.

But what lessons can we learn from their success? Here are three ways the cybersecurity landscape is going to change over the coming years.

2019 Cybersecurity Prediction #1 : Increased Benchmarks Will Improve Standards

According to NTT Security’s 2019 Global Threat Intelligence Report, the average global cybersecurity maturity rating languishes at 1.45 out of 5 – a score determined by an organisation’s holistic approach to cybersecurity from a strategy, process, metrics and tools perspective.

At first glance, this rating makes for grim reading, but encouragingly, this increase in ‘cybermaturity’ benchmarking is galvanising many forward-thinking companies to make considerable changes in order to ramp up their security posture.

Among those are the two most ‘cybermature’ industries: finance and technology. It should come as no surprise that two such dominant sectors bear the brunt of the cybercrime offensive, each experiencing 17% of all attacks recorded in 2018.

Yet despite enduring this barrage, the finance and tech industries also boast the highest ‘cybermaturity’ rating of any industry, with 1.71 and 1.66 respectively.

It’s from these heightened levels of ‘cyberpreparedness’ that the majority of businesses – regardless of size, sector, or market – can draw some vital lessons from. By benchmarking their maturity, companies are showing a real willingness to inspire positive change; with a greater focus on predictive threat intelligence, more considered and strategic investments, and higher levels of internal and external collaboration representing some of the most critical approaches separating the best-fortified organisations.

Indeed, the finance and technology sectors are the industries most keen to team up with external partners to evolve their long-term strategies and next-generation architectures, unlocking access to trillions of logs and billions of attack records that can be used to shape a more predictive approach to cybersecurity defence.

2019 Cybersecurity Prediction #2 : A Strong Future For Predictive Threat Intelligence

With business vulnerabilities at a record high, the rise of predictive threat intelligence represents one of the most tangible and accessible ways that organisations can immediately bolster their security programmes.

The concept of cybersecurity defence evolving from a reactive to a more predictive model isn’t going to cause shockwaves among IT teams, but with our understanding of AI and machine learning technologies increasing – and attackers’ methods becoming more sophisticated in tandem – its application has never been more pertinent.

In fact, the market for threat intelligence tools is now expected to surge to USD 12.9 billion by 2023, at a growth rate of 19.7% each year.

This prediction, along with news that venture capital firm Insight Partners has splashed out USD 780 million on threat intelligence company Recorded Future, indicates this field is about to go through a sustained period of unprecedented innovation.

One of the secrets to unlocking the potential to predictive threat intelligence lies in the amount of threat information you are able to collect. Security teams need to start digging deeper into the murkier and harder to reach corners of the internet – such as the dark web – to outsmart the bad guys.

With machine learning potentially monitoring billions of logs, patterns can be identified and automated safeguards established so that attacks can be deflected instantly.

And the more granular you can go, the better – it affords security and IT teams with that much-needed structure and context to turn raw data into actionable intelligence.

2019 Cybersecurity Prediction #3 : Cybersecurity Investments Become More Strategic

With almost two-thirds of companies citing a poor understanding of their current risk profile as the primary inhibitor to a better cybersecurity posture, it’s clear that in order to better bolster their barricades, organisations must exercise a more strategic and calculated approach to cybersecurity investment.

The good news is that senior executives are finally prioritising cybersecurity as a critical boardroom concern – but from the lowly 1.45 out of 5 average cybermaturity rating, it’s painfully clear that ambitions are outpacing preparedness. This benchmark needs to change – but where should organisations channel their investment in order to best fortify their defences?

With the cryptocurrency market surging by 51% since the start of 2019, illicit cryptojacking techniques have followed suit, skyrocketing by a staggering 459% last year.

To best prevent, detect, and recover from cryptojacking, organisations should consider introducing egress and ingress filtering restrictions to moderate outbound traffic, denying stratum protocol usage, or segmenting your network environments to make it more difficult for an attacker to penetrate an attack through your entire network.

Segmenting your network environments is a method that can also be applied when defending against web-based attacks, which doubled during 2018 and now account for almost a third of all hostile traffic.

Performing regular vulnerability scans will help you identify issues earlier on during the development cycle, while enforcing secure coding practices will ensure applications remain solid from the moment throughout their design and launch.

Of course, the level of investment in these areas depends on your market and sector, where frequency and volume of attack types can vary greatly – but regardless of industry or location, one key focus cannot be ignored – compliance.

Embedding compliance requirements into your strategy is essential, and with such a wealth of information-sharing and collaborative tools available, there’s no excuse for not keeping pace with the latest regulatory requirements.

Success is achieved when organisations invest proportionately in people, processes, and tools to provide a solid foundation of security and data privacy expertise, across all technology stacks. Benchmarking yourself against industry best practices and control frameworks provides an easy way to measure the return on an organisation’s security investment.

Simply put, you cannot manage what you cannot measure, so it’s critical companies understand their compliance posture and plan ahead so they can achieve their security ambitions.

 

More On The 2019 Cybersecurity Landscape

We had the opportunity to sit down with Mark Thomas, VP of Cybersecurity and other members of Dimension Data (now part of NTT Limited) for a Q&A session on the 2019 NTT Security GTIR and cybersecurity landscape.

You can download the executive guide to the 2019 NTT Security Global Threat Intelligence Report here.

 

Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


MegaCortex Ransomware Analysis + Prevention by Sophos!

Sophos just released their analysis of the MegaCortex ransomware whose speed and spread of attack are very worrying! Get the key details about MegaCortex and how to prevent an attack!

 

What Is Megacortex?

MegaCortex is a new ransomware that was rarely seen until it suddenly spiked in volume in May 2019. Similar to infamous ransomware like Ryuk and BitPyamer, it is now spreading rapidly in these countries :

  • US
  • Canada
  • Argentina
  • Italy
  • The Netherlands
  • France
  • Ireland
  • Hong Kong
  • Indonesia
  • Australia

Why Is MegaCortex Dangerous?

Ransomware attacks are usually carried out in 3 ways:

  • Manual attacks
  • Automated attacks
  • Blended attacks

Unlike Ryuk and BitPyamer, MegaCortex is controlled by cybercriminals using more automated tools, and designed to spread infection to many victims at a much faster speed.

 

What Does MegaCortex Demand?

Unlike other ransomware attacks, MegaCortex has no clear ransom demands.

All it does is invite its victims to email the attackers on any of two free email addresses, attaching a file that had been dropped into the victim’s hard disk drive, to request decryption services.

The ransom note includes “a guarantee that your company will never be inconvenienced by us“. On top of that, if the victim pays the ransom, “You will also receive a consultation on how to improve your companies cyber security“.

How sweet of them.

 

How To Protect Against MegaCortex

Sophos recommends the following steps to protect your business from MegaCortex and the threat of ransomware attacks in general :

  • Companies are cautioned to be on the highest alert should they see warning signs about Emotet or Qbot, as there is strong correlation between MegaCortex and the two ransomwares.
  • Place the company Remote Desktop Protocol (RDP) machine behind a Virtual Private Network (VPN)
  • Practice two-factor authentication for systems logins
  • Regular backup of important and current data on an offline storage device
  • Use anti-ransomware software like Sophos Intercept X Advanced.

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Secureworks Launches Red Cloak TDR Cybersecurity Service!

Secureworks just launched Red Cloak TDR at Dell Technologies World 2019 in Las Vegas! Here is a primer on the Secureworks Red Cloak TDI cybersecurity service!

 

SecureWorks Launches Red Cloak TDR

At Dell Technologies World 2019, Secureworks, a Dell Technologies subsidiary, unveiled Red Cloak TDR, their software-as-a-service (SaaS) app that allows companies to securely manage their own cybersecurity measures.

Developed with over 20 years of field experience in cybersecurity, Red Cloak TDR offers a new way for companies to detect, investigate and respond to online threats such as malware, ransomware etc. Unlike other cybersecurity services, it is aided by deep learning, and machine learning.

The AI assistance helps it quickly detect new and unknown online threats, while reducing false alarms. It also helps cybersecurity teams focus on the real or high-risk threats.

 

How Secureworks Red Cloak TDR Will Transform Cybersecurity

Cybersecurity threats can go undetected for hundreds of days in the gaps and disconnected layers of security products. This is particularly problematic with apps and services that are not updated on a daily or even hourly basis.

Red Cloak TDR Is Cloud-Native

As a cloud-native application, it can be quickly updated after investigations revel a new threat. In addition, the service includes the following features :

  • Intuitive workflows
  • Automation
  • Chat feature
  • Access to Secureworks’ cybersecurity team and network

Software-as-a-Service

As a software-as-a-service (SaaS) app, there is no hassle of installing on-site hardware or software system version upgrades. All updates, back-ups and tuning will be covered by the Red Cloak TDR app.

The app does not charge by data consumption like some apps, so users are free to process and manage all the security data they need to protect their organisation. The app is also designed to integrate into the organisation’s own control framework.

 

Recommended Reading

Go Back To > Enterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The 2019 Kaspersky ICS CERT Report + Recommendations!

The 2019 Kaspersky ICS CERT Report just revealed that almost half of the Industrial Control System (ICS) computers they protected were attacked in the second half of 2018. This is a wake-up call to industries large and small.

They also shared with us some technical measures that can help companies ward off these cyberattacks.

 

The 2019 Kaspersky ICS CERT Report

The 2019 Kaspersky ICS CERT report is based on the industrial threat landscape the team experienced in H2 2018.

In that period, they noted that almost half of the ICS computers they were protecting were attached in some form.

These attacks could have crippled these industrial facilities if they resulted in an actual breach. That would have caused great material and production losses.

Here is the summary of their report :

  • 47.2% of ICS computers were attacked in 2018, slightly more than the 44% they encountered in 2017.
  • Vietnam was the top country, with 70.90% of their ICS computers attacked
  • Algeria was second, with 69.91%; and Tunisia was third with 64.57% attacked.
  • The least impacted countries were Ireland (11.7%), Switzerland (14.9%), and Denmark (15.2%).

 

Mass-Distributed Malware Is The Greatest Threat

Mass-distributed malware such as phishing emails are the most common way used by hackers to infiltrate industrial companies throughout the Asia Pacific region and the world.

Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails.

However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” said Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT.

 

Knowledge And Training Are Essential To Combating Malicious Cyber Attacks

According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky Lab,

Our researchers are seeing many carefully crafted phishing emails, sent purportedly by real companies and masked as business correspondence, commercial offers, invitations to tender and so on, which could be very commonly faced by many enterprises in Malaysia.

We recommend all companies to warn their staff of this real threat and to train them to recognize signs of an attack, to not open suspicious files or click on links, and to inform their IT department of any potential incidents,” Yeo said.

H2 2018 saw a decline in ICS infections in Malaysia, 41.1% versus H1 2018 of 50.8%. It is a good sign that users are more aware of the cyber risks, and are becoming careful about it,” Yeo added.

 

How To Safeguard Industrial Computer Systems (ICS)

The 2019 Kaspersky Lab ICS CERT recommends the following measures to protect Industrial Computer Systems (ICS) :

  • Regularly update operating systems, application software on systems that are part of the enterprise’s industrial network.
  • Apply security fixes to PLC, RTU and network equipment used in ICS networks where applicable.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs.
  • Make sure security solutions are up-to-date and all the technologies recommended by the security solution vendor to protect from targeted attacks are enabled.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
  • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


2019 Symantec Internet Security Threat Report Highlights!

Symantec held an exclusive briefing on the newly-released 2019 Symantec Internet Security Threat Report. In this article, we will share with you the full briefing video, as well as highlights from that Symantec cybersecurity report!

 

The 2019 Symantec Internet Security Threat Report

The 2019 Symantec Internet Security Threat Report is the 24th volume published so far. Based on data from Symantec’s Global Intelligence Network, the ISTR is designed to give businesses and the public an overview of the cybersecurity threat landscape.

The Symantec Global Intelligence Network, incidentally is the world’s largest civilian cybersecurity threat intelligence network. It records events from 12 million attack sensors across more than 157 countries worldwide, blocking 142 million threats every day.

 

The 2019 Symantec ISTR Briefing Highlights

Briefing us on the 2019 Symantec ISTR was Sherif El-Nabawi, Vice-President of Sales Engineering, Symantec APJ; and David Rajoo, Chief Cybersecurity Architect, Symantec ASEAN.

Diminishing Returns Of Ransomware + Cryptojacking

Ransomware, which encrypts and holds data hostage in return for payment in the form of cryptocurrency, has been hit by declining cryptocurrency values as well as increasing adoption of cloud and mobile computing. This led to a 20% drop in infections.

Cryptojacking, in which malware is used to steal computing power from consumers and enterprises to mine cryptocurrency is similarly hit by the drop in cryptocurrency value. Symantec noted that cryptojacking activity declined by 52% in 2018. Even so, it is still a major problem – they blocked 3.5 million attempts in December 2018 alone!

Formjacking Overtakes Ransomware + Cryptojacking

With diminishing returns from ransomware and cryptojacking, cybercriminals now prefer formjacking.

Formjacking is basically a form of virtual ATM skimming. They basically inject malicious code into an online shopping site to steal shoppers’ payment card details.

According to Symantec, more than 4,800 websites are compromised with formjacking code every month, and they blocked more than 3.7 million formjacking attacks on endpoints in 2018.

Generally, small and medium retailers are most widely compromised, and a third of the attacks happened during the business online shopping period of the year – from November through December.

Cloud Is The New Weak Point

With the greater adoption of cloud computing, the same security mistakes are happening in the cloud… with exponentially greater consequences. In 2018, more than 70 million records were stolen from poorly-configured AWS S3 buckets.

Hardware vulnerabilities like Meltdown, Spectre and Foreshadow also put cloud services at risk of being exploited to gain access to every protected memory space in the compromised server. In a single server, data from hundreds of companies could be stolen by a single exploit.

Living off the Land Attacks On Supply Chain

Supply chain attacks using Living off the Land (LotL) tools have increased by 78% in 2018. For example, the use of malicious PowerShell scripts increased by 1,000 percent last year, with Symantec blocking 115,000 of them each month – less than 1%.

These attacks are hard to defend against, because they use the same tools users and organisations need to function. Identifying and blocking them will require the use of advanced detection methods like analytics and machine learning.

Internet of Things (IoT) Attacks Are Changing

While the volume of attacks of IoT devices remains high and consistent with 2017 levels, their profiles are changing. In addition to routers and wireless cameras, attacks now have access to smart light bulbs and virtual voice assistants.

Smartphones Are The Greatest Spying Devices

According to Symantec, smartphones are the greatest spying devices ever created. Their research show that :

  • 45% of the most popular Android apps and 25% of the most popular iOS apps request location tracking,
  • 46% of popular Android apps and 24% of popular iOS apps request permission to access the smartphone camera, and
  • email addresses are shared with 44% of top Android apps and 48% of top iOS apps!

 

Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!

Kaspersky Lab is warning of malicious cryptocurrency mining powered by pirated software and content. Learn more about this new online threat!

 

Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!

Kaspersky Lab has warned that the global outbreak in malicious cryptocurrency mining in 2018 has increased by more than 83%5 million users were attacked online in the first three quarters of 2018 compared to 2.7 million users in 2017.

The major driver behind the malicious cryptocurrency mining was the use of unlicensed software and content.

 

Malicious Cryptocurrency Mining

Malicious cryptocurrency mining has prevailed over the main threat of ransomware in recent years. The number of  attacks had increased steadily during the first half of 2018. It peaked in March with about 1.2 million users attacked.

Kaspersky Lab experts have investigated the regulatory landscape and electricity prices in the top 10 countries targeted by crypto miners and main infection vectors for the popular malware families.

The investigation of malware families revealed that they mainly infected devices by duping users into installing pirated software and unlicensed content.

“Our analysis of the economic background of malicious crypto mining and the reasons for its widespread presence in certain regions revealed a clear correlation: the easier it is to distribute unlicensed software, the more incidents of malicious crypto miner activity were detected. In short, an activity not generally perceived as dangerous: the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious crypto mining,” notes Evgeny Lopatin, security expert at Kaspersky Lab.

Other Key Findings From The Report

  • The total number of users who encountered miners rose by more than 83% from 2,726,491 in 2017 to 5,001,414 in 2018
  • The share of miners detected increased from 5% in 2017 to 8% in 2018
  • The share of miners detected from the overall risk tool detections has risen from 9% in 2017 to 17% in 2018
  • The total number of users who encountered mobile miners also grew by over 5 times from 1,986 in 2017 to 10,242 in 2018.

 

Steps To Reduce Risk Of Infection

  • Always update software on all your devices to prevent miners from exploiting vulnerabilities.
  • Use tools that can automatically detect vulnerabilities and download and install patches.
  • For personal devices, use a reliable consumer security solution and remember to keep key features such as System Watcher switched on.
  • Don’t overlook less obvious targets such as queue management systems, POS terminals and even vending machines.
  • Use application control to track malicious activity in legitimate applications.
  • Specialized devices should be in Default Deny mode.
  • Use dedicated security solution such as Kaspersky Endpoint Security for Business
  • To protect the corporate environment, educate your employees and IT teams to keep sensitive data separate and to restrict access.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

First Kaspersky Transparency Center Launched In Zurich!

Kaspersky Lab just launched their first Data Processing and Transparency Center in Zurich. This is part of their Global Transparency Initiative that we covered a while back.

Let’s take a look, and find out what this means for Kaspersky Lab and global cybersecurity!

 

The First Kaspersky Transparency Center

Malicious and suspicious files shared by users of Kaspersky Lab products in Europe will be processed in Kaspersky Lab data processing centers in Zurich, the first part of a relocation commitment made by the company in late 2017 under its Global Transparency Initiative.

The move reflects Kaspersky Lab’s determination to assure the integrity and trustworthiness of its products and the data processing center is accompanied by the opening of the company’s first Transparency Center in Zurich.

The relocation of Kaspersky Lab data processing is part of a major infrastructure move designed to increase the resilience of the company’s IT infrastructure to risks of data breaches and supply-chain attacks. It also further proves the trustworthiness of its products, services and internal processes.

 

Threat-Related Data and Malicious Files

From November 13, threat-related data coming from European users will start to be processed in two datacenters. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.

Files comprise only part of the data processed by Kaspersky Lab technologies, yet the most important one. Protection of customers’ data, together with the safety and integrity of infrastructure is a top priority for Kaspersky Lab, and that is why the file processing relocation comes first and is expected to be fully accomplished by the end of 2019.

The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymized threat and usage statistics, is planned to be conducted during later phases of the Global Transparency Initiative.

 

Kaspersky Lab’s First Transparency Center

The opening of Kaspersky Lab’s first Transparency Center in Zurich enables authorized partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities.

Kaspersky Lab will provide governments and partners with information on its products and their security, including essential and important technical documentation, for external evaluation in a secure environment.

These developments will be followed by the relocation of data processing for other regions and, in phase two, the move of Kaspersky’s Lab’s software assembly to Zurich.

 

Kaspersky Lab’s Choice of Location in Zurich, Switzerland

Switzerland is a top location in terms of the number of secure internet servers available and is known as an innovative center for data processing and high quality IT infrastructure. A non-EU member in the heart of Europe, Switzerland has established its own data privacy regulation that is guaranteed by the state’s constitution and federal laws. There are strict regulations on processing data requests received from authorities.

“Transparency is becoming the new normal for the IT industry– and for the cybersecurity industry in particular. We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world.

The promises made in our Global Transparency Initiative are coming to fruition, enhancing the resilience and visibility of our products. Through the new Transparency Center also in Switzerland, trusted partners and governments will be able to see external reviews of our products and make up their own minds. We believe that steps such as these are just the beginning – for the company and for the security industry as a whole. The need to prove trustworthiness will soon become an industry standard.” Eugene Kaspersky, CEO Kaspersky Lab said.

 

Kaspersky Lab’s Next Big Step

Kaspersky Lab has engaged one of the Big Four professional services firms to conduct an audit of the company’s engineering practices around the creation and distribution of threat detection rule databases. This is done with the goal of independently confirming their accordance with the highest industry security practices.

The assessment will be done under the SSAE 18 standard (Statement of Standards for Attestation Engagements). The scope of the assessment includes regular automatic updates of antivirus records which are created and distributed by Kaspersky Lab for its products operating on Windows and Unix Servers. The company is planning the assessment under SSAE 18 with the issue of the SOC 2 (The Service and Organization Controls) report for the second quarter 2019 as part of its ongoing efforts to improve the security of its products with the help of a community of security enthusiasts from all over the world.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

84% of New PCs with Pirated Software Infected with Malware!

A recent Microsoft PC test purchase sweep revealed that 84% of new PCs sold in Asia with pirated software were infected with malware. Here are the details of their report…

 

The Microsoft Asia PC Test Purchase Sweep

The Microsoft Asia PC Test Purchase Sweep examined a total of 166 new PCs from 9 markets across Asia – India, Indonesia, Korea, Malaysia, Philippines, Singapore, Taiwan, Thailand and Vietnam.

The PC samples selected were purchased from retailers that offered PCs  at much lower cost and free software bundles to lure customers. In many cases, these retailers also sold pirated software at their store.

 

84% of New PCs with Pirated Software Infected With Malware!

The sweep found that one of the most common practices for vendors installing pirated software on new PCs is to turn off the security features, such as anti-virus software and Windows Defender as doing this allows them to run the hack-tools needed to activate the pirated software.

However, this leaves PCs vulnerable to malware and other cyberthreats, and the buyers of these PCs may not even realize that their PC is not being protected.

The sweep also uncovered that 84%of the new PCs loaded with pirated software were infected with some type of malware, with the most common malware being :

  • Trojans are a type of malware that is employed by cybercriminals to gain remote access and control of devices, allowing them to spy on the users and steal private data. While Trojans typically depend on some form of social engineering to trick users into loading and executing them, bundling them with pirated software makes it easier for cybercriminals to compromise and control PCs.
  • Viruses are another type of malware whichcan cause infected computers to do a variety of things which are not beneficial to the PC owner, such as terminating devices’ security features, sending spam messages, and contacting remote hosts to download additional malware.

These findings are particularly concerning as customers buy PCs that offer special deals which are cheap and come with free software, not realizing the risks they may be exposing themselves to. In most cases, they may not even realize that the security features of their PCs are turned off and may fail to spot suspicious activities on their devices.

Many of these infected PCs’ users are highly susceptible to data loss, including personal documents and sensitive information such as passwords and banking details, as well as identity theft where they lose control of their social media and email accounts. Users might also experience compromised PC performance as malware, running in the background, can slow down devices.

All these factors can lead to consumers and businesses chalking up significant monetary, time and productivity losses as they work to resolve the issues.

 

Key Cyber-Hygiene Practices for Individuals and SMEs

The most fundamental step that users can take to safeguard themselves digitally is to always insist on buying PCs from established retailers and not ones that also sell pirated software, and ensuring they are getting genuine software. Consumers should refer to software vendors’ websites to learn how they can distinguish between genuine and pirated software.

Besides using genuine software, people can also consider and adhere to the following recommendations to better protect themselves:

  • Keep software current with the latest security patches, which are always free.
  • Follow safe Internet practices and do not visit potentially dangerous websites, such as those that offer adult content, illegal downloads, and pirated software, as well as file sharing portals.
  • Avoid using very old software which has reached its end of life and is no longer supported by the software vendor for updates and security patches.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Software | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Exclusive : Tech ARP Interviews Keith Martin Of F-Secure!

F-Secure Regional Director of APAC and Japan, Keith Martin, flew into Singapore to ink a major regional partnership agreement with ACE Pacific Group. Timothy Shim from Tech Barrista and I had the opportunity to interview Mr. Martin about cybersecurity trends in Asia Pacific and worldwide.

 

Tech ARP Interviews Keith Martin

Keith Martin is the Head of Asia Pacific Corporate Business, F-Secure. Here was our exclusive interview with Mr. Martin after he officially signed the APAC partnership agreement with ACE Pacific Group.

The Cybersecurity Business

Tech ARP : How has your long experience in Japan helped you with F-Secure’s business in Japan?

Keith Martin : Japan is one of the largest market for F-Secure, and we are trying to replicate that (success) in the APAC region.

Tech ARP : Are you still based in Japan?

Keith Martin : Yes, but I have now racked up a lot of frequent flyer miles.

Tech ARP : What are your thoughts on the cybersecurity market in the APJ (Asia Pacific and Japan) region?

Keith Martin : Japan is a large market, but the growth rates are relatively stable. We look at the Asia Pacific region (which includes India, Australia and New Zealand), as the next source of growth for F-Secure.

Tech ARP : What are your plans, and areas of focus, for the APJ region?

Keith Martin : Without question, Singapore is going to be a major focus for F-Secure, as well as Australia and New Zealand. We just signed a major partnership agreement with ACE Pacific, which will be a cornerstone of our strategy in coming years.

Cybersecurity Backdoors

Tech ARP : Chinese and Russian companies have been hit by accusations of cyber espionage and hacking, loose security and/or inserting backdoors into their products. Do you see this as a good opportunity to promote F-Secure’s products, or is this a poison pill for the entire industry?

Keith Martin : I don’t think it’s a poison pill for the entire industry. I have never seen any direct evidence that these go beyond mere accusations, but I understand the need to be cautious. One of the things that F-Secure is proud of is our policy that we will never add a backdoor into our products.

We are willing to walk away from any business if it means adding a backdoor. This is just the way we operate, because Finland has extremely tough privacy laws.

I think it’s absolutely an opportunity for us to differentiate ourselves (from the other cybersecurity companies) with our public pledge never to add backdoors in our software.

Tech ARP : Some countries like China and Russia are demanding access to encryption keys, and in some cases, requiring registration of VPN services. How do those tightening laws affect F-Secure products like Freedome VPN?

Keith Martin : F-Secure is very focused on maintaining the security of our products, so if those are the requirements, we will decline and get out of those markets. We would rather walk away from the potential business, than compromise the security of our products.

Government Interest

Tech Barrista : On the geopolitical implications of malware, do you feel that governments are increasingly more focused on cybersecurity on a national scale?

Keith Martin : For sure. We now see nation states attacking each other. There’s no denying that fact. Look at Stuxnet, that malware (which was targeted at Iran) got released into the wild and suddenly, people have the technology to use it elsewhere for nefarious purposes. I think that any country that does not pay attention to cybersecurity is sticking their heads into the sand.

Tech Barrista : Do you feel that this presents a greater opportunity for F-Secure?

Keith Martin : It represents opportunity, of course, but our mission as a company is to stop the spread of malware and cybersecurity attacks, wherever they happen. It’s a kind of Catch-22 situation, where we wish that nation states would not attack each other, but yes, we have the opportunity to help them protect themselves against such attacks.

[adrotate group=”1″]

Transparency

Tech ARP : What is F-Secure doing to promote and enhance source code transparency? Like opening up transparency centers?

Keith Martin : At this point in time, there are no plans to do so. We have a very good reputation throughout our 30-year history of being straightforward and upfront. I have never seen any accusations against us of malicious activities.

Tech ARP : Does F-Secure allow corporations or countries with concerns to inspect their code?

Keith Martin : I don’t know of any specific situations in Asia Pacific where F-Secure has allowed this. It may have been allowed in other regions, where governments have specific concerns, but I’m not aware of those situations.

Malware Galore!

Tech ARP : Ransomware and phishing attacks are big problems these days. Can you detail how F-Secure can help users prevent or mitigate the risks of ransomware and/or phishing attacks.

Keith Martin : Third-party analysis of our software show that we are actually better at detecting these 0-day attacks than any other companies out there. We pride ourselves in detecting not just the malware we know about, but also the malware we don’t about, using technologies we have been developing over the last 20 years.

We have a multi-layered engine, where we use everything from the basic pattern matching technology, to heuristics, etc. so that if it doesn’t catch the malware on the first layer, it will catch the malware on the second or third or fourth layer.

Tech Barrista : Is malware-as-a-service now common?

Keith Martin : It is becoming more and more common. The entry barrier to launching a malware attack is now much lower due to the ability to outsource the creation of the malware.

Cybersecurity Risks Of IoT Devices

Tech Barrista : With cybercriminals leveraging the Internet of Things and Artificial Intelligence, how much more complex do you see the cybersecurity landscape becoming?

Keith Martin : It’s becoming incredibly complex. Our Chief Research Officer Mikko Hypponen said, “Once you connect something to the Internet, it’s vulnerable“. Billions of devices connected to the Internet become potential attack vectors for cybercriminals.

Most IoT devices don’t have good security. If you can get into one of those devices, you can get into the network through them.

Tech ARP : Does F-Secure have any products to mitigate the risks of poorly-secured IoT devices?

Keith Martin : On the consumer side, we have F-Secure Sense, which protects every device on your network.

[adrotate group=”1″]

 

Keith Martin’s Professional Bio

Keith Martin has been Country Manager for F-Secure Japan for 2 years, before being promoted in February 2018 to oversee the entire Asia Pacific region.

Prior to joining F-Secure in 2015, he spent a decade in the telephony and contact center space, first working for four years in Avaya Japan as Director of Multinational Account Sales, followed by six years serving as Japan Country Manager for Interactive Intelligence, a pioneer in cloud contact center technology.

Before that, Keith also spent three years at internet startup ValueCommerce helping build their web hosting platform business before the company was acquired by Yahoo Japan. He got his start at global IT services provider EDS (now HP), delivering IT services to numerous financial industry accounts.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Kaspersky Cloud Sandbox Service Revealed!

To help companies improve their investigation and response to complex threats, Kaspersky Lab just launched a new service called Kaspersky Cloud Sandbox. It gives businesses the opportunity to take advantage of sandboxes without any additional investments into hardware infrastructure.

The Kaspersky Cloud Sandbox solution is available by subscription as part of the Kaspersky Threat Intelligence Portal. Allowing customers to ‘detonate’ suspicious files in a virtual environment with a full report on the file’s activities, it is designed to boost the efficiency of incident response and cybersecurity forensics without any risks to the company’s IT systems.

 

The Kaspersky Cloud Sandbox Revealed!

Exploiting legitimate software flaws became an efficient commodity for cybercriminals in 2017, as malicious activities can be easily hidden behind trusted processes. Even an experienced cybersecurity team can’t always be sure if it has spotted all the malware using such concealment techniques.

To achieve that, teams have to be equipped with advanced detection technologies, including sandboxing, which often requires significant hardware investments that are not easily feasible for many IT Security teams.

With Kaspersky Cloud Sandbox, advanced detection and forensic capabilities are available as a service within the Kaspersky Threat Intelligence Portal, allowing cybersecurity teams to ensure they meet their budget requirements while also benefitting from advanced technology.

The service enables cybersecurity teams and security operations center (SOC) specialists to obtain deep insights into malware behavior and design, detecting targeted cyberthreats that were not identified in the wild.

Advanced anti-evasion techniques: revealing a hidden truth

To lure malware into revealing its harmful potential, sandbox technology performance should possess advanced anti-evasion techniques. A malicious program, developed to run in a certain software environment, will not explode on a ‘clean’ virtual machine, and will most probably destroy itself without a trace.

To avoid this, Kaspersky Cloud Sandbox applies the user’s various emulation techniques, such as Windows button clicking, document scrolling, special routine processes giving malware an opportunity to expose itself, the randomization of user environment parameters and many others.

Logging system: nothing gets missed in the noise

Once a piece of malware starts running its destructive activities, another innovative Kaspersky Cloud Sandbox technology comes to force: its logging subsystem intercepts malicious actions non-invasively.

When a Word document starts to behave suspiciously – for example, if it starts building a string in the machine memory, executing Shell commands, or dropping its payloads (all abnormal activities for a text document) – these events are registered in the Kaspersky Cloud Security logging subsystem.

It has extensive functionality able to detect a vast spectrum of malicious events including DLLs, registry key registration and modification, HTTP and DNS requests, file creation, deletion and modification etc. The customer is then provided with a full report containing data visualization graphs and screenshots, as well as a readable sandbox log.

Detection and incident response performance: second to none

Kaspersky Cloud Sandbox detection performance is backed up with big data of real-time threat intelligence from Kaspersky Security Network (KSN), providing customers with immediate status on both known and new threats discovered in the wild.

Advanced behavioral analysis based on more than 20 years of Kaspersky Lab threat research experience of fighting the most complex threats, allows customers to detect previously unseen malicious objects.

[adrotate group=”2″]

As well as getting advanced detection capabilities, SOC experts and researchers can amplify their incident response activities with other services available through the Kaspersky Threat Intelligence Portal.

When performing digital forensics or an incident response, a cybersecurity officer can receive the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, threat names, statistical/behavior data and WHOIS/DNS data, and then link that knowledge to the IOCs generated by the sample that was analyzed within the cloud sandbox.

APIs to automate its integration into customer security operations are also available, allowing cybersecurity teams to boost their incident investigations in a matter of minutes.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

 

Chinese APT Teams Using PlugX Malware To Spy On Big Pharma!

March 15, 2018 – Kaspersky Lab’s researchers have discovered evidence of Chinese APT teams using the PlugX malware in attacks against the healthcare sector. The infamous PlugX malware has been detected in pharmaceutical organizations in Vietnam, aimed at stealing precious drug formulas and business information.

 

What Is PlugX?

The PlugX malware is a well-known remote access tool (RAT). It is usually spread via spear phishing and has previously been detected in targeted attacks against the military, government and political organizations.

The PlugX RAT allows attackers to perform various malicious operations on a system without the user’s permission or authorization, including – but not limited to – copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity.

PlugX, as with other RATs, is used by cyber criminals to discreetly steal and collect sensitive or profitable information for malicious purposes.

 

PlugX In Attacks On Big Pharma

The PlugX RAT has been used by a number of Chinese-speaking cyber threat actors, including Deep Panda, NetTraveler or Winnti.

In 2013, it was discovered that Winnti – responsible for attacking companies in the online gaming industry – had been using PlugX since May 2012.

[adrotate group=”2″]

Interestingly, Winnti has also been present in attacks against pharmaceutical companies, where the aim has been to steal digital certificates from medical equipment and software manufacturers.

RAT usage in attacks against pharmaceutical organizations indicates that sophisticated APT actors are showing an increased interest in capitalizing on the healthcare sector.

Other key findings for 2017 in the research include:

  • More than 60% of medical organizations had malware on their servers or computers;
  • Philippines, Venezuela and Thailand topped the list of countries with attacked devices in medical organizations.

 

Stay Protected Against PlugX

In order to stay protected, Kaspersky Lab experts advise businesses to take the following measures:

  • Remove all nodes that process medical data from public and secure public web portals;
  • Automatically update installed software using patch management systems on all nodes, including servers.
  • Perform network segmentation: refrain from connecting expensive equipment to the main LAN of your organization
  • Use a proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence, such as Kaspersky Threat Management and Defense solution. These are capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Sophos Intercept X with Predictive Protection Explained!

Sophos today announced the availability of Intercept X with malware detection powered by advanced deep learning neural networks. Join us for a briefing by Sumit Bansal, Sophos Managing Director for ASEAN and Korea!

 

Sophos Intercept X with Predictive Protection

Combined with new active-hacker mitigation, advanced application lockdown, and enhanced ransomware protection, this latest release of the Sophos Intercept X endpoint protection delivers previously unseen levels of detection and prevention.

Deep learning is the latest evolution of machine learning. It delivers a massively scalable detection model that is able to learn the entire observable threat landscape. With the ability to process hundreds of millions of samples, deep learning can make more accurate predictions at a faster rate with far fewer false-positives when compared to traditional machine learning.

This new version of Sophos Intercept X also includes innovations in anti-ransomware and exploit prevention, and active-hacker mitigations such as credential theft protection. As anti-malware has improved, attacks have increasingly focused on stealing credentials in order to move around systems and networks as a legitimate user, and Intercept X detects and prevents this behavior.

Deployed through the cloud-based management platform Sophos Central, Intercept X can be installed alongside existing endpoint security software from any vendor, immediately boosting endpoint protection. When used with the Sophos XG Firewall, Intercept X can introduce synchronized security capabilities to further enhance protection.

 

New Sophos Intercept X Features

Deep Learning Malware Detection

  • Deep learning model detects known and unknown malware and potentially unwanted applications (PUAs) before they execute, without relying on signatures
  • The model is less than 20 MB and requires infrequent updates

Active Adversary Mitigations

  • Credential theft protection – Preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz
  • Code cave utilization – Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance
  • APC protection – Detects abuse of Application Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code)

New and Enhanced Exploit Prevention Techniques

[adrotate group=”2″]
  • Malicious process migration – Detects remote reflective DLL injection used by adversaries to move between processes running on the system
  • Process privilege escalation – Prevents a low-privilege process from being escalated to a higher privilege, a tactic used to gain elevated system access

Enhanced Application Lockdown

  • Browser behavior lockdown – Intercept X prevents the malicious use of PowerShell from browsers as a basic behavior lockdown
  • HTA application lockdown – HTML applications loaded by the browser will have the lockdown mitigations applied as if they were a browser

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Everything On The Meltdown + Spectre CPU Flaws! Rev. 3.0

The Meltdown and Spectre CPU flaws that the Google Project Zero team discovered are arguably the worst we have ever known. These vulnerabilities were built into BILLIONS of CPUs that we have been using for the last decade or so.

Not just Intel CPUs, but also CPUs made by AMD, Apple and ARM. Even those that power our smartphones and other smart devices!

Let’s take a look at what we know so far about Meltdown and Spectre, how they affect you, and what we can do about them.

This story is still developing. We will update the article as and when new details emerge. Be sure to check back and refresh the page for the latest information!

 

Article Update History

Click here for the Article Update History

2018-02-17 : Updated the table of CPUs vulnerable to Meltdown and Spectre. Updated four sections with new information.

2018-02-05 : Added a table of CPUs vulnerable to Meltdown and Spectre. Updated three sections with new information.

2018-01-25 : Revamped the entire article. Added a new section on the difference between Meltdown and Spectre, and a new section on InSpectre. Updated the list of vulnerable processors, mitigation efforts by Microsoft and Apple, as well as the Intel spontaneous reboot issues with their Spectre 2 patches.

2018-01-16 : Updated the list of vulnerable processors, and added a new section on Intel CPUs spontaneously rebooting after applying Meltdown and Spectre patches. Also added cautionary advice on holding off these updates.

2018-01-12 : Updated the article with the AMD confirmation that their processors are vulnerable to both Spectre exploits. Also added details on the Google Retpoline mitigation technique against Spectre attacks.

2018-01-11 : Added new sections on the performance impact of the Meltdown and Spectre mitigation patches, and reports of those patches bricking some AMD PCs. Also expanded the list of affected CPUs, and corrected information on the Intel-SA-00086 Detection Tool.

Between 2018-01-09 and 2018-01-10 : Numerous updates including details of patches and affected CPUs.

Originally posted @ 2018-01-09

 

The Meltdown + Spectre Vulnerabilities

  • The Project Zero team identified these vulnerabilities in 2017, reporting it to Intel, AMD and ARM on 1 June 2017.
  • These vulnerabilities take advantage of the Speculative Execution and Branch Prediction features of the modern processor, that have been used for many years to improve performance.
  • Speculative Execution lets the CPU predict and pre-execute the next instruction, allowing it to “instantly” deliver the results if it’s correct.
  • Branch Prediction helps the CPU predict future execution paths that should be speculatively-executed for better performance.
  • There are THREE (3) variants of the speculative execution CPU bug :
    • Variant 1 : Bounds Check Bypass (CVE-2017-5753)
    • Variant 2 : Branch Target Injection (CVE-2017-5715)
    • Variant 3 : Rogue Data Cache Load (CVE-2017-5754)
  • The Spectre attack (whitepaper) exploits variants 1 and 2.
  • The Meltdown attack (whitepaper) exploits variant 3.
  • There is a Variant 3a, which appears to affect only certain ARM processors.

 

What’s The Difference Between Meltdown & Spectre?

  • Spectre tricks the CPU branch predictor into mis-predicting the wrong path, thereby speculatively executing code that would not otherwise be executed.
  • Meltdown takes advantage of the out-of-order execution capability of modern processors, tricking them into executing malicious code that would normally not be allowed.
  • The Spectre name is based on both the root cause – speculative execution, and the fact that it is not easy to fix, and will haunt us for a long time like a spectre (ghost).
  • The Meltdown name was chosen because the vulnerability “basically melts security boundaries which are normally enforced by the hardware“.

 

How Bad Are Meltdown & Spectre?

  • The Spectre exploits let an attacker access and copy information from the memory space used by other applications.
  • The Meltdown exploit lets an attacker copy the entire physical memory of the computer.
  • Unless patched, the affected processors are vulnerable to malware and cyberattacks that exploits this CPU bug to steal critical information from running apps (like login and credit card information, emails, photos, documents, etc.)
  • While the Meltdown exploit can be “fixed”, it is likely that the Spectre exploit cannot be fixed, only mitigated, without a redesign of the processors. That means we will have to live with the risks of a Spectre attack for many more years to come.

 

How Many Processors Are Affected? Updated!

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

Company Spectre 1 Spectre 2 Meltdown
AMD 295 Server CPUs
42 Workstation CPUs
396 Desktop CPUs
208 Mobile CPUs
295 Server CPUs
42 Workstation CPUs
396 Desktop CPUs
208 Mobile CPUs
None
Apple 13 Mobile SoCs 13 Mobile SoCs 13 Mobile SoCs
ARM 10 Mobile CPUs
3 Server SoCs
10 Mobile CPUs
3 Server SoCs
4 Mobile CPUs
3 Server SoCs
IBM 10 POWER CPUs 10 POWER CPUs 10 POWER CPUs
Intel 732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs
732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs
732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs

Total

2786 CPUs 2786 CPUs 1839 CPUs

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

 

Intel Detection Tool?

The Intel-SA-00086 Detection Tool does NOT detect the processor’s susceptibility to these vulnerabilities. It only checks for different vulnerabilities affecting the Intel Management Engine.

 

InSpectre

Our reader Arthur shared that the Gibson Research Corporation has an aptly-named utility called InSpectre.

It checks for Meltdown and Spectre hardware and software vulnerabilities in a Windows system. It will help you check if your system is getting patched properly against these vulnerabilities.

 

What Is Being Done??? Updated!

Note : The terms “mitigate” and “mitigation” mean the possibility of a successfully attacked are reduced, not eliminated.

  • Intel has started issuing software and firmware updates for the processors introduced in the last 5 years. By the middle of January 2018, Intel expects to have issued updates for more than 90% of those CPUs. However, that does not address the other Intel processors sold between 2010 and 2012.
  • Microsoft and Linux have started to roll our the KPTI (Kernel Page Table Isolation) patch, also known as the KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) patch.
  • The KPTI or KAISER patch, however, will only protect against the Meltdown exploit. It has no effect on a Spectre attack.
  • Microsoft Edge and Internet Explorer 11 received the KB4056890 security update on 3 January 2018, to prevent a Meltdown attack.
  • Firefox 57 includes changes to mitigate against both attacks.
  • Google Chrome 64 will be released on 23 January 2018, with mitigations against Meltdown and Spectre attacks.
  • For Mac systems, Apple introduced mitigations against Spectre in macOS 10.13.2 (released on 8 January 2018), with more fixes coming in macOS 10.13.3.
  • For iOS devices, Apple introduced mitigations against Meltdown in iOS 11.2 and tvOS 11.2.
  • On 8 January 2018, Apple released iOS 11.2.2, which mitigates the risk of the two Spectre exploits in Safari and WebKit, for iPhone 5s, iPad Air, and iPod touch 6th generation or later.
  • ARM has made available the KPTI / KAISER kernel patches for Linux, while Google will provide them for Android.
  • Google patched Android against both exploits with the December 2017 and January 2018 patches.
  • Google shared details of their Return Rrampoline (Retpoline) binary modification technique that can be used to protect against Spectre attacks. It is a software construct that ensures that any associated speculative execution will “bounce” (as if on a trampoline) endlessly.
  • NVIDIA issued six driver and security updates for affected devices and software between 3-9 January 2018.
  • On 11 January 2018, AMD announced that the “majority of AMD systems” have received the mitigation patches against Spectre 1, albeit some older AMD systems got bricked by bad patches. They also announced that they will make “optional” microcode updates available for Ryzen and EPYC processors by the same week.
  • In the same 11 January 2018 disclosure, AMD also shared that Linux vendors have started to roll out OS patches for both Spectre exploits, and they’re working on the “return trampoline (Retpoline)” software mitigations as well.[adrotate group=”2″]
  • On 23 January 2018, Apple released Meltdown patches for macOS Sierra and OS X El Capitan, but not macOS High Sierra.
  • On 23 January 2018, Microsoft finally revealed their Spectre and Meltdown patch schedule.
  • On 24 January 2018, AMD revealed their 11 software mitigations for both Spectre exploits.
  • The 24 January 2018 AMD whitepaper also revealed that the AMD K10 and K8 processors are vulnerable as well, adding an additional 663 CPU models to the list of vulnerable processors.
  • On 2 February 2018, Microsoft released KB4078130 to disable the Spectre 2 patches that were causing many Intel systems to randomly and spontaneously reboot.
  • On 8 February 2018, an Intel microcode update schedule revealed that their Penryn-based processors are also vulnerable, adding an additional 314 CPU models to the list of vulnerable processors.
  • On 14 February 2018, Intel revealed an expanded Bug Bounty Program, offering up to $250,000 in bounty awards.

 

Some AMD PCs Got Bricked

In the rush to mitigate against Meltdown and Spectre, Microsoft released Windows 10 patches that bricked some AMD PCs. They blamed the incorrect / incomplete documentation provided by AMD.

You can read more about this issue @ These Windows 10 Updates Are Bricking AMD PCs!

 

Buggy Intel Spectre 2 Patches Updated!

Intel’s rush to patch Meltdown and Spectre resulted in buggy microcode patches, causing several generations of their CPUs to randomly and spontaneously reboot.

So far, over 800 Intel CPU models have been identified to be affected by these spontaneous reboot issues. If you have one of the affected CPUs, please hold off BIOS / firmware updates!

Intel has identified the cause as the Spectre 2 patches in their microcode updates for some of these processors. They’re still investigating the cause of the other affected CPU models.

Fortunately for Windows users, Microsoft issued the KB4078130 emergency update to stop the reboots while Intel worked to fix the issue.

You can read more about this issue @ The Intel Spectre Reboot Issue, and the Microsoft solution @ KB4078130 : Emergency Windows Update To Disable Intel Spectre Patches!

 

What Should You Do? Updated!

First and foremost – DO NOT PANIC. There is no known threat or attack using these exploits.

Although we listed a number of important patches below, the buggy updates are worse than the potential threat they try to fix. So we advise HOLDING OFF these patches, and wait for properly-tested versions a few weeks down the line.

  • If you are using Windows, make sure you install the latest Microsoft Spectre and Meltdown updates.
  • If you are using a Mac system, get the latest Apple Spectre and Meltdown patches.
  • If you are using an iOS device, get updated to iOS 11.2 or tvOS 11.2.
  • If you are using Firefox, update to the latest Firefox 57.
  • If you are using Google Chrome, make sure you watch out for Chrome 64, which will be released on 23 January.
  • Download and install the latest software firmware updates from your PC, laptop, motherboard brands. In particular, install the latest driver for the Intel Management Engine (Intel ME), the Intel Trusted Execution Engine (Intel TXE), and the Intel Server Platform Services (SPS)
  • If you are running an ARM processor on Linux, grab the kernel patches.
  • IBM POWER system users can download and install these firmware updates.
  • Users of affected NVIDIA systems can download and install these driver and firmware updates.
  • If you are using an Intel system, hold off updating your firmware, unless you have already verified that your CPU is not affected by the buggy Intel patches, or Intel has already issued corrected patches.

 

The Performance Impact Of The Mitigation Patches

Many benchmarks have been released, showing performance impacts of between 5% to 30%, depending on the type of benchmark and workload. Microsoft has called those benchmark results into question, stating that they did not cover both operating system and silicon microcode patches.

They released an initial report on their findings, which we have summarised in our article – Pre-2016 Intel CPUs Hit Worst By Meltdown + Spectre Fix.

 

Meltdown + Spectre Reading Suggestions

[adrotate group=”2″]

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Confirmed : Intel Penryn CPUs Also Vulnerable To Meltdown + Spectre

Intel has always maintained that Meltdown and Spectre only affected their processors from Nehalem onwards. Every list they released publicly has backed that up. However, we can now confirm that even the Intel Penryn CPUs are also vulnerable to Meltdown and Spectre.

 

Intel Penryn CPUs Also Vulnerable To Meltdown + Spectre

Every list Intel ever released on Meltdown and Spectre have only listed their CPUs from the Nehalem microarchitecture onwards. Although it was possible that the Intel Penryn microarchitecture was also affected, Intel conspicuously left them out of every list.

On 8 February 2018, Intel released a schedule of microcode updates meant to fix the random and spontaneous reboot problems they had with their Spectre 2 patches. Hidden in that schedule is the acknowledgement that the Intel Penryn microarchitecture was also vulnerable.

Those who have been tracking the Intel microcode updates will note that the Intel Penryn processors were not mentioned in the last update on 24 January 2018.

 

What Are The Intel Penryn CPUs Vulnerable To Meltdown + Spectre?

 

Meltdown + Spectre Reading Suggestions

[adrotate group=”2″] [adrotate group=”1″]

 

Intel Penryn Server CPUs Vulnerable To Meltdown + Spectre

Intel Yorkfield (2008-2009)

  • Intel Xeon X3380
  • Intel Xeon L3380
  • Intel Xeon X3370
  • Intel Xeon X3360
  • Intel Xeon X3350

Intel Wolfdale (2008-2009)

  • Intel Xeon E3120
  • Intel Xeon E3110
  • Intel Xeon L3110

Intel Dunnington (2008)

  • Intel Xeon X7460
  • Intel Xeon E7458
  • Intel Xeon L7455
  • Intel Xeon E7450
  • Intel Xeon L7445
  • Intel Xeon E7440
  • Intel Xeon E7430
  • Intel Xeon E7420

Intel Yorkfield-6M (2008)

  • Intel Xeon X3330
  • Intel Xeon X3320

Intel Yorkfield-CL (2008)

  • Intel Xeon X3363
  • Intel Xeon X3353
  • Intel Xeon X3323
  • Intel Xeon X3113
  • Intel Xeon L3014

Intel Harpertown (2007-2008)

  • Intel Xeon X5492
  • Intel Xeon X5482
  • Intel Xeon X5472
  • Intel Xeon E5472
  • Intel Xeon E5462
  • Intel Xeon X5470
  • Intel Xeon X5460
  • Intel Xeon X5450
  • Intel Xeon E5450
  • Intel Xeon E5440
  • Intel Xeon E5430
  • Intel Xeon L5430
  • Intel Xeon E5420
  • Intel Xeon L5420
  • Intel Xeon E5410
  • Intel Xeon L5410
  • Intel Xeon L5408
  • Intel Xeon E5405

Intel Wolfdale-DP (2007-2008)

  • Intel Xeon X5272
  • Intel Xeon X5270
  • Intel Xeon X5260
  • Intel Xeon L5248
  • Intel Xeon X5240
  • Intel Xeon L5240
  • Intel Xeon L5238
  • Intel Xeon X5220
  • Intel Xeon L5215
  • Intel Xeon X5205

Intel Tigerton (2007)

  • Intel Xeon X7350
  • Intel Xeon L7345
  • Intel Xeon E7340
  • Intel Xeon E7330
  • Intel Xeon E7320
  • Intel Xeon E7310
  • Intel Xeon E7220
  • Intel Xeon E7210

Intel Kentsfield (2007)

  • Intel Xeon X3230
  • Intel Xeon X3220
  • Intel Xeon X3210

Intel Allendale (2007)

  • Intel Xeon 3050
  • Intel Xeon 3040

Intel Clovertown (2006-2007)

  • Intel Xeon X5365
  • Intel Xeon X5355
  • Intel Xeon X5350
  • Intel Xeon E5350
  • Intel Xeon E5345
  • Intel Xeon E5340
  • Intel Xeon E5335
  • Intel Xeon L5335
  • Intel Xeon E5330
  • Intel Xeon E5320
  • Intel Xeon L5320
  • Intel Xeon L5318
  • Intel Xeon E5310
  • Intel Xeon L5310

Intel Conroe (2006-2007)

  • Intel Xeon 3085
  • Intel Xeon 3075
  • Intel Xeon 3070
  • Intel Xeon 3065
  • Intel Xeon 3060
  • Intel Xeon 3050
  • Intel Xeon 3040

Intel Woodcrest (2006)

  • Intel Xeon 5160
  • Intel Xeon 5150
  • Intel Xeon LV 5148
  • Intel Xeon 5140
  • Intel Xeon LV 5138
  • Intel Xeon LV 5133
  • Intel Xeon 5130
  • Intel Xeon LV 5128
  • Intel Xeon 5120
  • Intel Xeon LV 5113
  • Intel Xeon 5110

Next Page > Intel Penryn Desktop + Mobile CPUs Vulnerable To Meltdown + Spectre

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Intel Penryn Desktop CPUs Vulnerable To Meltdown + Spectre

Intel Yorkfield-6M (2008-2010)

  • Intel Core 2 Quad Q9705
  • Intel Core 2 Quad Q9700
  • Intel Core 2 Quad Q9505S
  • Intel Core 2 Quad Q9505
  • Intel Core 2 Quad Q9500
  • Intel Core 2 Quad Q9400S
  • Intel Core 2 Quad Q9400
  • Intel Core 2 Quad Q9300
  • Intel Core 2 Quad Q8400S
  • Intel Core 2 Quad Q8400
  • Intel Core 2 Quad Q8300
  • Intel Core 2 Quad Q8200S
  • Intel Core 2 Quad Q8200

Intel Yorkfield (2008-2009)

  • Intel Core 2 Quad Q9650
  • Intel Core 2 Quad Q9550S
  • Intel Core 2 Quad Q9550
  • Intel Core 2 Quad Q9450S
  • Intel Core 2 Quad Q9450

Intel Wolfdale (2008-2009)

  • Intel Core 2 Duo E8700
  • Intel Core 2 Duo E8600
  • Intel Core 2 Duo E8500
  • Intel Core 2 Duo E8400
  • Intel Core 2 Duo E8300
  • Intel Core 2 Duo E8290
  • Intel Core 2 Duo E8200
  • Intel Core 2 Duo E8190

Intel Wolfdale-3M (2008-2010)

  • Intel Core 2 Duo E7600
  • Intel Core 2 Duo E7500
  • Intel Core 2 Duo E7400
  • Intel Core 2 Duo E7300
  • Intel Core 2 Duo E7200
  • Intel Pentium E6800
  • Intel Pentium E6700
  • Intel Pentium E6600
  • Intel Pentium E6500K
  • Intel Pentium E6500
  • Intel Pentium E6300
  • Intel Pentium E5800
  • Intel Pentium E5700
  • Intel Pentium E5500
  • Intel Pentium E5400
  • Intel Pentium E5300
  • Intel Pentium Dual-Core E5300
  • Intel Pentium E5200
  • Intel Pentium Dual-Core E5200
  • Intel Pentium Dual-Core E2210
  • Intel Celeron E3500
  • Intel Celeron E3400
  • Intel Celeron E3300
  • Intel Celeron E3200

Intel Allendale (2008-2009)

  • Intel Celeron E1600
  • Intel Celeron E1500
  • Intel Celeron E1400
  • Intel Celeron E1200

Intel Yorkfield-XE (2007-2008)

  • Intel Core 2 Extreme QX9775
  • Intel Core 2 Extreme QX9770
  • Intel Core 2 Extreme QX9650

Intel Conroe-L (2007-2008)

  • Intel Celeron 450
  • Intel Celeron 445
  • Intel Celeron 430
  • Intel Celeron 420
  • Intel Celeron 220

Intel Kentsfield (2007)

  • Intel Core 2 Quad Q6700
  • Intel Core 2 Quad Q6600
  • Intel Core 2 Quad Q6400

Intel Conroe-CL (2007)

  • Intel Core 2 Duo E6405
  • Intel Core 2 Duo E6305
  • Intel Celeron 445

Intel Conroe (2006-2008)

  • Intel Core 2 Duo E6850
  • Intel Core 2 Duo E6750
  • Intel Core 2 Duo E6700
  • Intel Core 2 Duo E6600
  • Intel Core 2 Duo E6550
  • Intel Core 2 Duo E6540
  • Intel Core 2 Duo E6420
  • Intel Core 2 Duo E6400
  • Intel Core 2 Duo E6320
  • Intel Core 2 Duo E6300
  • Intel Core 2 Duo E4700
  • Intel Core 2 Duo E4600
  • Intel Core 2 Duo E4500
  • Intel Core 2 Duo E4400
  • Intel Core 2 Duo E4300
  • Intel Pentium Dual-Core E2220
  • Intel Pentium Dual-Core E2200
  • Intel Pentium Dual-Core E2180
  • Intel Pentium Dual-Core E2160
  • Intel Pentium Dual-Core E2140

Intel Kentsfield-XE (2006-2007)

  • Intel Core 2 Extreme QX6850
  • Intel Core 2 Extreme QX6800
  • Intel Core 2 Extreme QX6700
[adrotate group=”1″]

 

Intel Penryn Mobile CPUs Vulnerable To Meltdown + Spectre

Intel Penryn-3M (2008-2011)

  • Intel Core 2 Duo SU9600
  • Intel Core 2 Duo SP9600
  • Intel Core 2 Duo SU9400
  • Intel Core 2 Duo SP9400
  • Intel Core 2 Duo SU9300
  • Intel Core 2 Duo SP9300
  • Intel Core 2 Duo SU7300
  • Intel Pentium T4500
  • Intel Pentium T4400
  • Intel Pentium T4300
  • Intel Pentium T4200
  • Intel Pentium SU4100
  • Intel Pentium SU2700
  • Intel Celeron T3500
  • Intel Celeron T3300
  • Intel Celeron T3100
  • Intel Celeron T3000
  • Intel Celeron SU2300
  • Intel Celeron 925
  • Intel Celeron 900
  • Intel Celeron ULV 763
  • Intel Celeron M ULV 743
  • Intel Celeron M ULV 723
  • Intel Celeron M ULV 722

Intel Penryn-L (2008-2009)

  • Intel Core 2 Solo SU3500
  • Intel Core 2 Solo SU3300

Intel Penryn (2008-2009)

  • Intel Core 2 Duo T9900
  • Intel Core 2 Duo T9800
  • Intel Core 2 Duo P9700
  • Intel Core 2 Duo P9600
  • Intel Core 2 Duo T9600
  • Intel Core 2 Duo SL9600
  • Intel Core 2 Duo T9550
  • Intel Core 2 Duo P9500
  • Intel Core 2 Duo T9500
  • Intel Core 2 Duo SL9400
  • Intel Core 2 Duo T9400
  • Intel Core 2 Duo SL9380
  • Intel Core 2 Duo SL9300
  • Intel Core 2 Duo T9300
  • Intel Core 2 Duo P8800
  • Intel Core 2 Duo P8700
  • Intel Core 2 Duo P8600
  • Intel Core 2 Duo E8435
  • Intel Core 2 Duo P8400
  • Intel Core 2 Duo E8335
  • Intel Core 2 Duo T8300
  • Intel Core 2 Duo E8235
  • Intel Core 2 Duo E8135
  • Intel Core 2 Duo T8100
  • Intel Core 2 Duo P7570
  • Intel Core 2 Duo P7550
  • Intel Core 2 Duo P7460
  • Intel Core 2 Duo P7450
  • Intel Core 2 Duo P7370
  • Intel Core 2 Duo P7350
  • Intel Core 2 Duo T6970
  • Intel Core 2 Duo T6900
  • Intel Core 2 Duo T6670
  • Intel Core 2 Duo T6600
  • Intel Core 2 Duo T6570
  • Intel Core 2 Duo T6500
  • Intel Core 2 Duo T6400

Intel Penryn QC-XE (2008)

  • Intel Core 2 Extreme QX9300

Intel Penryn QC (2008)

  • Intel Core 2 Quad Q9100
  • Intel Core 2 Quad Q9000

Intel Merom-2M (2007-2008)

  • Intel Core 2 Duo U7700
  • Intel Core 2 Duo U7600
  • Intel Core 2 Duo U7500
  • Intel Pentium Dual-Core T3400
  • Intel Pentium Dual-Core T3200
  • Intel Pentium Dual-Core T2410
  • Intel Pentium Dual-Core T2390
  • Intel Pentium Dual-Core T2370
  • Intel Pentium Dual-Core T2330
  • Intel Pentium Dual-Core T2310
  • Intel Celeron T1700
  • Intel Celeron T1600
  • Intel Celeron T1500
  • Intel Celeron T1400
  • Intel Celeron 585
  • Intel Celeron 575

Intel Merom-L (2007)

  • Intel Core 2 Solo ULV U2200
  • Intel Core 2 Solo ULV U2100
  • Intel Celeron ULV 573
  • Intel Celeron M ULV 523

Intel Merom (2007)

  • Intel Core 2 Duo T7800
  • Intel Core 2 Duo T7700
  • Intel Core 2 Duo SP7700
  • Intel Core 2 Duo L7700
  • Intel Core 2 Duo T7600G
  • Intel Core 2 Duo T7600
  • Intel Core 2 Duo SP7500
  • Intel Core 2 Duo T7500
  • Intel Core 2 Duo L7500
  • Intel Core 2 Duo T7400
  • Intel Core 2 Duo L7400
  • Intel Core 2 Duo T7300
  • Intel Core 2 Duo L7300
  • Intel Core 2 Duo T7250
  • Intel Core 2 Duo T7200
  • Intel Core 2 Duo L7200
  • Intel Core 2 Duo T7100
  • Intel Core 2 Duo SL7100
  • Intel Core 2 Duo T5900
  • Intel Core 2 Duo T5800
  • Intel Core 2 Duo T5750
  • Intel Core 2 Duo T5670
  • Intel Core 2 Duo T5600
  • Intel Core 2 Duo T5550
  • Intel Core 2 Duo T5500
  • Intel Core 2 Duo T5470
  • Intel Core 2 Duo T5450
  • Intel Core 2 Duo T5300
  • Intel Core 2 Duo T5270
  • Intel Core 2 Duo T5250
  • Intel Core 2 Duo T5200
  • Intel Celeron 570
  • Intel Celeron 560
  • Intel Celeron 550
  • Intel Celeron 540
  • Intel Celeron 530
  • Intel Celeron M 530
  • Intel Celeron M 520

Intel Merom-XE (2007)

  • Intel Core 2 Extreme X7900
  • Intel Core 2 Extreme X7800

 

Meltdown + Spectre Reading Suggestions

[adrotate group=”2″]

Go Back To > First Page | Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

FREE Acronis Ransomware Protection For All!

The world is under siege by ransomware attacks. Ransomware don’t just put our personal data at risk, they are a serious threat to critical services and even national security. Therefore, we are elated to learn about the new Acronis Ransomware Protection – a free, standalone app that will protect us against ransomware.

 

The Ransomware Threat

Ransomware remains a silent destroyer of data for users worldwide. New strains of ransomware can easily bypass traditional anti-virus software to encrypt user data.

According to a ransomware survey conducted by Acronis earlier this month, 57.5% of the respondents still don’t know that ransomware can wipe their files and disable computer. Only 9.2% of the respondents heard about the WannaCry or NotPetya attacks last year, and 37.4% report that they don’t know how to protect their data or choose to do nothing.

These findings demonstrate a need for an easy, universal ransomware protection solution, and 55.5% of the survey respondents said that they would use one if it was free.

 

Acronis Ransomware Protection

Acronis Ransomware Protection is designed to stop ransomware attacks in real-time, and help users recover their data without paying any ransom. It is compatible with all popular backup and anti-virus programs, and provides an additional level of defense.

In event of a ransomware attack, Acronis Ransomware Protection blocks the malicious process and notifies the user with a popup. If any files were damaged in the attack, it facilitates the instant recovery of those affected files.

Acronis Ransomware Protection also comes with a cloud backup capability, allowing users to protect important files not only from ransomware, but also from hardware failure, natural disasters and other causes of data loss. Every user receives 5 GB of free Acronis Cloud storage.

Easy to install, Acronis Ransomware Protection is essentially a “set it and forget it” protection solution. The lightweight program (only 20 MB in size) requires limited system resources, which means it can run quietly in the background without affecting system performance.

 

Acronis Active Protection

Acronis Ransomware Protection is based on the Acronis Active Protection technology, that monitors system processes in real time, and uses unique behavioural heuristics to detect a ransomware attack.

[adrotate group=”2″]

These heuristics are constantly being improved by machine learning models, that are generated by analysing hundreds of thousands of malicious and legitimate processes in the Acronis Cloud AI infrastructure.

According to Acronis, this AI-based training is “tremendously effective” in defeating all ransomware strains, including zero-day attacks that signature-based solutions cannot detect.

 

Downloading Acronis Ransomware Protection

Acronis Ransomware Protection is currently available only for the Microsoft Windows operating system. Head over to its official page for the FREE download.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Protection For Household 2.0 Revealed!

Kaspersky Lab is not letting their woes with the US Department of Homeland Security detract them from their core business of protecting consumers against cyberthreats. That was the message they conveyed when they presented the Kaspersky Lab protection options for Household 2.0.

 

Household 2.0

The modern home has changed. In the new era of Household 2.0 which consists of 2.4 people and 0.3 pets, there is an average of 6.3 connected devices per house! Yet, the Kaspersky Cybersecurity Index found that 39% of people are leaving their devices unprotected from cyberthreats like hacking, malware, financial fraud and more.

To protect these connected devices that play such a prominent role in Household 2.0, Kaspersky Lab is introducing updated versions of Kaspersky Internet Security and Kaspersky Total Security.

 

Kaspersky Lab Protection For Household 2.0

The updated Kaspersky Internet Security and Kaspersky Total Security come with anti-phishing technology to prevent users from falling victim to fake or spam emails, fake websites and fraud.

In addition, the updated URL Advisor tells a user whether a link in the search engine leads to a trusted, suspicious, dangerous or phishing website, or a website that may cause their computer harm, via a special indicator close to each link.

Many people are also worried about ransomware and the loss of their digital memories. To give them peace of mind, the new Kaspersky Internet Security and Kaspersky Total Security have updated anti-ransomware features.

Protecting your mobile devices is the new App Lock feature for Android. You can now protect specific apps like instant messaging services, social media or email accounts with a secret code. You can also use the Kaspersky Secure Connection service to encrypt your network traffic whenever you use a public or insecure Wi-Fi network.

Children are also increasingly connected to the Internet. To protect them, parents can use Kaspersky Safe Kids parental controls in Kaspersky Total Security to set time limits, restrict applications and prevent access to pages with adult content, obscene language or information on drugs and weapons.

 

The 2018 Kaspersky Lab Product Price List

Products One Device Three Devices Five Devices
Kaspersky Total Security RM 109 / ~US$ 27 RM 199 / ~US$ 49 NA
Kaspersky Internet Security RM 100 / ~US$ 24 RM 179 / ~US$ 44 RM 249 / ~US$ 68
Kaspersky Anti-Virus RM 39.90 / ~US$ 9.70 RM 119 / ~US$ 29 RM 199 / ~US$ 49

Here are some Amazon purchase links :

 

The Kaspersky Think Security Campaign

In conjunction with the announcement of the new Kaspersky Lab protection fo household 2.0, Techlane Resources, the Kaspersky Lab distributor in Malaysia, announced the Kaspersky Think Security Campaign.

You can now purchase Kaspersky Internet Security 3 Devices 1 Year at RM 179 / US$ 44 and get the following Kaspersky products absolutely FREE :

[adrotate group=”2″]
  • Kaspersky Internet Security 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

You can also purchase Kaspersky Anti-virus 1 Device 1 Year at RM39.90 / ~US$ 9.70 and get the following Kaspersky products absolutely FREE :

  • Kaspersky Anti-Virus 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Symantec 2018 Cybersecurity Predictions

David Rajoo, Director of Systems Engineering, Symantec Malaysia, reveals the Symantec 2018 Cybersecurity Predictions. They will help CIOs and cybersecurity experts prepare for the onslaught of cybersecurity threats in 2018.

 

The Symantec 2018 Cybersecurity Predictions

This past year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defenses. In 2018, we expect the trend to become more pronounced as these attackers will use machine learning and artificial intelligence to launch even more potent attacks.

Gear up for a busy year ahead. Incidents like the WannaCry attack, which impacted more than 200,000 computers worldwide in May, are just the warmup to a new year of more virulent malware and DDoS attacks. Meanwhile, cyber criminals are poised to step up their attacks on the millions of devices now connected to the Internet of Things both in offices and homes.

The cybersecurity landscape in 2018 is sure to surprise us in ways that we never imagined. As 2017 draws to a close, here is what you can expect over the course of the upcoming year:

 

The Symantec 2018 Cybersecurity Predictions Part 1/3

Blockchain Will Find Uses Outside Of Cryptocurrencies But Cyber criminals Will Focus On Coins and Exchanges

Blockchain is finally finding applications outside of crypto-currencies, expanding its functions in inter-bank settlements with the help of IoT gaining traction. However, these use cases are still in their infancy stage and are not the focus for most cyber criminals today.

Instead of attacking Blockchain technology itself, cyber criminals will focus on compromising coin-exchanges and users’ coin-wallets since these are the easiest targets, and provide high returns. Victims will also be tricked into installing coin-miners on their computers and mobile devices, handing their CPU and electricity over to cyber criminals.

 

Cyber criminals Will Use Artificial Intelligence (AI) & Machine Learning (ML) To Conduct Attacks

No cyber security conversation today is complete without a discussion about AI and ML. So far, these conversations have been focused on using these technologies as protection and detection mechanisms. However, this will change in the next year with AI and ML being used by cyber criminals to conduct attacks.

It is the first year where we will see AI versus AI in a cybersecurity context. Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion.

Next Page > The Symantec 2018 Cybersecurity Predictions Part 2/3

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Symantec 2018 Cybersecurity Predictions Part 2/3

Supply Chain Attacks Will Become Mainstream

Supply chain attacks have been a mainstay of the classical espionage and signals-intelligence operators, compromising upstream contractors/systems/companies and suppliers. They are proven to have a high-level of effectiveness, with nation-state actors using a mix of human intelligence to compromise the weakest link in the chain.

These attacks are moving into the cybercriminal space, becoming mainstream. With publicly available information on suppliers, contractors, partnerships and key-people, cyber criminals can find victims in the supply chain and attack the weakest link. With a number of high profile successful attacks in 2016 and 2017, cyber criminals will focus on this method in 2018.

 

File-less and File-light Malware Will Explode

2016 and 2017 have seen consistent growth in the amount of file-less and file-light malware, with attackers capitalising organizations that lack in preparation against such threats. With fewer Indicators of Compromise (IoC), use of the victims’ own tools, and complex disjointed behaviours, these threats have been harder to stop, track and defend against in many scenarios.

Like the early days of ransomware, where early success by a few cyber criminals triggered a gold-rush like mentality, more cyber criminals are now rushing to use these same techniques. Although file-less and file-light malware will still be outnumbered by orders-of-magnitude as traditional style malware, they will pose a significant threat and lead to an explosion in 2018.

[adrotate group=”1″]

 

Organisations Will Still Struggle With Security-as-a-Service (SaaS) Security

Adoption of SaaS continues to grow at an exponential rate as organizations embark on digital transformation projects to drive business agility. This rate of change and adoption presents many security challenges as access control, data control, user behaviour and data encryption vary significantly between SaaS apps. While this is not new and many of the security problems are well understood, organizations will continue to struggle with all these in 2018.

Combined with new privacy and data protections laws adopted by regulators across the world, these will pose major implications in terms of penalties, and more importantly, reputational damage.

 

Organisations Will Still Struggle With Infrastructure-as-a-Service (IaaS) Security – More Breaches Due to Error, Compromise & Design

IaaS has completely changed the way organisations run their operations, offering massive benefits in agility, scalability, innovation and security. It also introduces significant risks, with simple errors that can expose massive amount of data and take down the entire system.

While security controls above the IaaS layer are customer’s responsibility, traditional controls do not map well – leading to confusion, errors and design issues with ineffective or inappropriate controls being applied, while new controls are ignored. This will lead to more breaches throughout 2018 as organizations struggle to shift their security programs to be IaaS effective.

Next Page > The Symantec 2018 Cybersecurity Predictions Part 3/3

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Symantec 2018 Cybersecurity Predictions Part 3/3

Financial Trojans Will Still Account For More Losses Than Ransomware

Financial Trojans were some of the first pieces of malware to be monetised by cyber criminals. From simple beginnings as credential harvesting tools, they have since evolved to advanced attack frameworks that target multiple banks, and banking systems that send shadow transactions and hide their tracks. They have proven to be highly profitable for cyber criminals.

Today the move to mobile application-based banking has curtailed some of the effectiveness, so cyber criminals are now moving their attacks to these platforms. Cyber criminals’ profits from Financial Trojans is expected to grow, giving them higher gains as compared to Ransomware attacks.

 

Expensive Home Devices Will Be Held To Ransom

Ransomware has become a major problem and is one of the scourges of the modern Internet, allowing cyber criminals to reap huge profits by locking up users’ files and systems. The gold-rush mentality has not only pushed more and more cyber criminals to distribute ransomware, but also contributed to the rise of Ransomware-As-A-Service and other specializations in the cyber criminal underworld.

These specialists are now looking to expand their attack reach by exploiting the massive increase in expensive connected home devices. Smart TVs, smart toys and other smart appliances can run into thousands of dollars and users are generally not aware of the threats to these devices, making them an attractive target for cyber criminals.

[adrotate group=”1″]

 

IoT Devices Will Be Hijacked and Used in DDoS Attacks

In 2017, we have seen massive DDoS attacks using hundreds of thousands of compromised IoT devices in people’s homes and workplaces to generate traffic. This is not expected to change with cyber criminals looking to exploit the poor security settings and management of home IoT devices.

Furthermore, the inputs and sensors of these devices will also be hijacked, with attackers feeding audio, visual or other faked inputs to make these devices do what they want rather than what users expect them to do.

 

IoT Devices Will Provide Persistent Access to Home Networks

Beyond DDoS attacks and ransomware, home IoT devices will be compromised by cyber criminals to provide persistent access to a victim’s network. Home users generally do not consider the cyber security implications of their home IoT devices, leaving default settings and not vigilantly updating them like they do with their computers.

Persistent access means that no matter how many times a victim cleans their machine or protects their computer, the attacker will always have a backdoor into victims’ network and the systems that they connect to.

Go Back To > First PageArticles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Trend Micro Red Code 2017 Key Takeaway Points

At the side of Trend Micro Red Code 2017, Trend Micro and Cyber Security Malaysia gave us a briefing on the key takeaway points from the cybersecurity conference.

The Trend Micro team comprised of Goh Chee Hoh (Trend Micro Malaysia Managing Director). Ryan Flores (Senior Manager, Future Threat Research, Trend Micro AP) and Law Chee Wan (Technical Sales, Trend Micro Malaysia). Cyber Security Malaysia was represented by Dr. Aswami Ariffin (Senior VP, CyberDEF@CSRS).

 

The Trend Micro Red Code 2017 Key Takeaway Points

Cybersecurity Best Practices

  • Keep legacy systems and current secure: There are organizations still using Windows XP, Vista, or 7, for all of which Microsoft has ended support. This means there will no longer be security patches or updates anymore, leaving these systems vulnerable to cyberattacks. The recommendation is to quickly move to a new system or keep the current ones secure with third-party security software.
  • Protect data storage systems: Wherever data is – on-premise, cloud, or in virtualized or hybrid environments – it has to be protected.
  • Detect/prevent breaches: Targeted attacks can breach your organization without ever alerting traditional early warning and defense systems. Fail to spot an incursion, and you could be hit with industry fines, reputation damage and legal costs.
  • Protect information on endpoints: Your organization could have information residing on mobile devices, laptops, and multiple virtual and physical endpoints. The more endpoints, the greater the risk surface.
  • Data encryption: Encrypted data are “useless” to a hacker without the decryption key. It is imperative to encrypt sensitive data for both those in transit and those at rest.
  • Backup of data: It is extremely important to have backups of consumer data. In an event where a breach happens and all information is stolen or encrypted by the hacker, at the very least an organization would still have the backups to carry on daily service, while trying to resolve the issue.
  • Frequent assessments: Regular “checkups” on the capabilities of the system as well as the knowledge and education of employees is important. Trend Micro offers server assessments and also recommends that the people within the organization also be assessed via methods such as sending out test “phishing” emails.

 

Cybersecurity Awareness

  • Cybersecurity awareness programs help get employees up to speed with the latest attacks, safe internet practices, security policies, and how to spot a security threat.
  • Within an organization, there must be security policies governing the use of data and access to certain systems and programs.

 

Multi-Layered Security

To mitigate the risk of infection as effectively as possible, organizations to take a layered approach to security – from the gateway to the network, server and endpoint.

  1. Email and Web Gateway Protection
    This will give a good chance of preventing most ransomware from reaching your users – whether that’s via a phishing email or a malicious website.[adrotate group=”2″]
  1. Endpoint Security
    For a small percentage of ransomware threats that might make it through the web/email gateway protection, endpoint security will monitor for suspicious behavior, enforces application whitelists and features vulnerability shielding to protect against unpatched vulnerabilities that ransomware often takes advantage of.
  1. Network Defense
    This layer guards against ransomware that spreads into the organization via network protocols.
  1. Server Protection
    This is where most of the organization’s critical enterprise data will reside. It is essential to ensure any unpatched vulnerabilities are protected from ransomware via virtual patching, through a security solution which can monitor for lateral movement and file integrity.

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Tracking The Spring Dragon Advanced Persistent Threat

In her role as a Senior Security Researcher in the Kaspersky Global Research & Analysis Team (GReAT), Noushin Shabab is responsible for the investigations of targeted cyberattacks with a primary focus on Australia and New Zealand. At the Kaspersky Lab Palaeontology of Cybersecurity conference, she recounted how her team tracked the Spring Dragon APT (Advanced Persistent Threat) attacks across the South China Sea region.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

 

The Spring Dragon Advanced Persistent Threat

In early 2017, Kaspersky Lab researchers noted increased activity by an APT called Spring Dragon (also known as Lotus Blossom). The attacks involved new and evolved tools and techniques and targeted countries around the South China Sea. Kaspersky Lab’s experts have published their analysis of the attackers’ toolset over time in order to help organizations better understand the nature of the threat and protect themselves.

Spring Dragon is a long-running threat actor that has been targeting high profile political, governmental and educations organisations in Asia since 2012. Kaspersky Lab has been tracking the APT for the last few years.

According to Kaspersky Lab telemetry, Taiwan had the largest number of attacks followed by Indonesia, Vietnam, the Philippines, Macau, Malaysia, Hong Kong and Thailand. To help organizations better understand and protect against the threat, Kaspersky Lab’s researchers have undertaken a detailed review of 600 Spring Dragon malware samples.

Kaspersky Lab’s overview of Spring Dragon’s tools shows that:

  • The attackers’ toolset includes a unique customised set of links to command and control servers for each malware: the malware samples contained more than 200 unique IP addresses overall.
  • This toolset was accompanied by customised installation data for each attack to make detection difficult.
  • The arsenal includes various backdoor modules with different characteristics and functionalities – although they all have the capability to download additional files to the victim’s machine, upload files to its servers and execute any executable file or command on the victim’s machine. This allows the attackers to undertake a number of malicious activities on the victim’s machine – particularly cyberespionage.
  • The malware compilation timestamps suggest a time zone of GMT +8 – although the experts warn that does not represent a reliable indicator of attribution.

Noushin Shabab concludes, “We believe that Spring Dragon is going to continue resurfacing regularly in the Asian region and it’s important to be familiar with its tools and techniques. We encourage individuals and businesses to have good Yara rules and other detection mechanisms in place and strongly recommended they use – and regularly audit – a multi layered approach to security.” 

 

How Do You Protect Against Spring Dragon & Other APTs?

[adrotate group=”2″]

In order to protect your personal or business data from cyberattacks, Kaspersky Lab advise the following:

  • Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.
  • Educate and train your personnel on social engineering as this method is often used to make a victim open a malicious document or click on an infected link.
  • Conduct regular security assessments of the organisations IT infrastructure.
  • Use Kaspersky’s Threat Intelligence that tracks cyberattacks, incident or threats and provides customers with up-to-date relevant information that they are unaware of. Find out more at intelreports@kaspersky.com.

Next Page > The Spring Dragon (Lotus Blossom) APT Presentation Slides

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Spring Dragon (Lotus Blossom) APT Presentation Slides

Here is the complete set of slides from Noushin Shabab’s presentation on the Spring Dragon (Lotus Blossom) APT attacks.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Go Back To > First PageArticles | Home

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Palaeontology of Cyberattacks by Vitaly Kamluk

Vitaly Kamluk is the Director of Global Research & Analysis Team (GReAT), Kaspersky Lab APAC. He has been involved in malware research at Kaspersky Lab since 2005. At the Kaspersky Lab Palaeontology of Cybersecurity conference, he gave the keynote speech on The Palaeontology of Cyberattacks.

He shared how Kaspersky Labs performed digital forensics, literally the palaeontology of digital monsters, to trace their creators and to learn how to shut them down. He also took the opportunity to officially announce the release of his open source, free remote forensics tool called BitScout.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

 

The Palaeontology of Cyberattacks by Vitaly Kamluk

The Director of the APAC Kaspersky GReAT (Global Research & Analysis Team), Vitaly Kamluk, details how Kaspersky Lab dissect cyberattacks so they can take down their infrastructure and alert victims. He also talks about BitScout – the open source digital tool he created to analyse and investigate these cyberattacks.

Here are the key takeaway points :

  • Stuxnet is an example of how malware can affect and even destroy objects in the real world.
  • Digital forensics is important because only by learning from the past can we prevent it from repeating in the future.
  • The art of tracing these cyberattacks takes time and involves multiple stages like :
    • Add detection for known modules and collect new samples
    • Reverse engineer the samples
    • Decrypt sophisticated encryption and compression schemes
    • Understand the lateral movement of the attacker
    • Outline multiple attack stages in the correct order
    • Map the command and control (C&C) infrastructure
    • Set up sinkholes – servers that they can redirect victims to, and analyse the collected traffic and protocols
    • Crawl other hosts that understand the same protocols, to check if they have been compromised as well
    • Take down and acquire images of the C&C servers to identify the attackers
    • Identify victims, send out notifications to warn them, and alert global CERTs
    • Apply forensics and extract logs, stolen files, etc.
    • Collect and analyse data from all sources
    • Write a comprehensive report
  • Zero day (0-day) vulnerabilities or exploits are rare and valuable. For example, one iOS 0-day exploit was priced at US$1.5 million.
  • Even old exploits (like the Silverlight 0-day) that have been exposed years ago are still usable, because not everyone updates their operating system.
  • In the case of the Silverlight exploit, Kaspersky Lab used signature code snippets from the creator’s own public code samples to identify a new 0-day Silverlight exploit that he created as well.
  • Vitaly also shared how Kaspersky Lab tracked the Lazarus group, which was famous for its theft of $81 million from the Central Bank of Bangladesh last year (February 2016).
  • Kaspersky Lab found several artefacts that pointed to a Korean origin, including proof that at least one of the computers used in developing the malware was using a Korean version of Windows.
  • They also identified false flag attempts to pin the exploit code on Russian developers using crude Russian phrases and a commercial Russian software protector.[adrotate group=”2″]
  • Kaspersky Lab also discovered that the Lazarus group used a testing bot that was located in a North Korean server.
  • Because attribution of any cyberattack is difficult, Kaspersky Lab believes there should be better cooperation between cybersecurity companies and the police and the private sector.
  • Therefore, Kaspersky Lab is officially releasing a tool that Vitaly Kamluk himself developed – BitScout – to help them with their investigations.
  • BitScout is an open-source tool that is free for anyone to perform remote forensics on a compromised system.
  • Using virtualisation, BitScout allows a cybersecurity expert to trace and detect malware in a compromised system without making any changes to the storage drives, preserving the legal chain of custody and avoiding the perception of possible tampering with the data.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Next Page > The Palaeontology of Cyberattacks Presentation Slides

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Palaeontology of Cyberattacks Presentation Slides

Here is the complete set of slides from Vitaly Kamluk’s presentation on the Palaeontology of Cyberattacks

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Go Back To > First PageArticles | Home

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!