Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Researchers Find New CPU Security Vulnerability

Remember the Heartbleed scare we had a couple years back?  It was a nasty side-channel attack that was somewhat exotic and difficult to pull off, and it was absolutely devastating and sent shockwaves through the entire world.

Well, it’s back. In a way.

While this new side-channel attack isn’t identical, it’s similar enough that the researchers who discovered it gave it a similar sounding name:  Hertzbleed.  It allows remote attackers to pilfer full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling, or DVFS for short.

In other words, hackers can monitor the electrical output of your PC and based on that, derive your cryptographic keys.

A team from the University of Texas at Austin, in collaboration with others from the University of Washington and the University of Illinois Urbana-Champaign are credited with the discovery of the new attack vector.

The team had this to say about their discovery:

“In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [..] Hertzbleed is a real, and practical, threat to the security of cryptographic software.

First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks–lifting the need for any power measurement interface.

Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis.”

To be fair, this is an incredibly exotic attack that would be extremely difficult for even the most experienced hackers in the world to pull off.  Even so, there are hackers out there in the world who have the skills to do this. That is why it’s somewhat disturbing that neither Intel nor AMD have any plans to issue a fix for the issues that make Hertzbleed possible.

Per an Intel spokesman:

“While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment.”

While that’s true, hackers have always been known for being more interested in bragging rights than practicality. In our view, it’s just a matter of time before we see Hertzbleed in the headlines.

0
Posted on Author Atlantic Computer Services Categories Blog

Ransomware Hackers Have Set Their Sights On Exchange Servers

Microsoft Exchange servers are once more in the crosshairs of hackers around the world.  Most recently, hacking groups have been specifically targeting them to deploy BlackCat ransomware.

As is common among ransomware attacks, the hackers here first rifle through an infected network, looking for login credentials, proprietary information, and other sensitive files that they can copy and exfiltrate.  They exploit a target organization in two ways. They ultimately encrypt a target’s files and demand payment to unlock them and then ransom the copied files for additional payment.

This should be regarded as a serious threat.  Although Microsoft tries gamely to keep Exchange servers secure, there are several vulnerabilities in the code. An organization that doesn’t apply security patches as soon as they are available is incredibly vulnerable to these attacks.

It’s a sufficiently significant threat that in April, the FBI issued a Flash Alert about BlackCat, warning that the recent surge in attacks have compromised more than sixty different organizations worldwide.

Their alert reads, in part as follows:

“Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations.”

The FBI has also requested the assistance of any organization that becomes compromised so they can track the attacks back to their source and take action against them.

Again, per the recent FBI Flash Alert, the specific information they’re looking for is as follows:

“IP logs showing callbacks from foreign IP addresses, Bitcoin or Monero addresses and transaction IDs, communications with the threat actors, the decryptor file, and/or a benign sample of an encrypted file.”

Here’s hoping your organization doesn’t wind up in the crosshairs of the hackers. If you happen to, give the FBI a hand so they can shut these miscreants down.

0
Posted on Author Atlantic Computer Services Categories Blog

Blog 3 – WHAT SMBs need to understand about cybersecurity

Why Cybersecurity shouldn’t be taken lightly

Let’s start with a “fun fact”: In 1981, the first cybercriminal was convicted of hacking into the AT&T network and altering its internal clock so it charged off-hour rates at peak times. So, it turns out that cybercrime is not all that new. But it stays new in the sense that it is constantly evolving. Cybercriminals now target not only big businesses like AT&T, but also small- and medium-sized businesses. Cybersecurity has to be a conscious decision. It is not something to be taken lightly or something that you can engage in passively as though it were yet another random business requirement. In order to stay safe in today’s highly vulnerable environment, businesses need to focus on cybersecurity and have clear cybersecurity strategies and action plans in place. This also means budgeting appropriately to support the process. Also, remember, creating a safe cyber space in your organization isn’t an idea that starts and ends with IT. Human Resources is a critical component in the design and implementation of any cyber security strategy. Often, SMB owners feel investing so much into IT doesn’t offer great returns–which may be true in some cases. Some of the reasons for this include-

  1. Your in-house IT staff may not have enough work to stay occupied full-time

  2. When you have an in-house IT team, there are other costs that come with it, that are generally HR-related, such as training costs, employee benefits, medical insurance, 401(k) etc.,

As a result, sometimes, SMBs tend to resort to the firefighting approach to IT problems, which means, they reach out to an IT service provider when they face an issue. However, more often than not, it is too little, too late and also, too expensive.

0
Posted on Author Atlantic Computer Services Categories Blog

The Surprising Ways Mobile Technology Impacts Our Lives

If you grew up in the days before the internet, it’s absolutely staggering to think of all the ways that mobile technology has changed our lives (and mostly for the better).

Remember when you had to pay for long distance telephone calls?  That’s mostly a thing of the past.  In under a minute, you can install any number of messenger apps, most of which offer VOIP capabilities and make calls to just about anywhere for nothing.

Today’s youngsters might not believe this, but many of us remember a time when if we didn’t want to listen to the radio, our only musical option was to head home to our beloved record player and vinyl albums.

A bit later we got the 8-track and not long after that, the cassette tape which was later supplanted by the CD. Today, you can have access to literally millions of songs on your mobile device.  It is even better that the days of needing an entire wall devoted to your record/tape/CD collection are gone.  Every song you can imagine is digital these days.  You can even find apps that will add the “vinyl scratchiness” sound to your music if you miss it!

The same thing goes for movies.  There is no need for piles of VHS tapes or Blu-Ray discs.  Streaming services are plentiful and you can watch your favorite movies or TV shows literally anywhere that you can get a signal on your mobile device. That is, of course, virtually anywhere.

It’s not just fun and games that have changed though.  Mobile technology has forever changed how the world works, and we got to put that to the test during the Covid-19 pandemic.  Tens of millions of people fled home and worked from there, as often as not on their trusty laptop computers.

When you’re traveling for business, between your smartphone and your laptop, you can stay in constant contact with everyone you work with. You can get real, meaningful work done on the road.  That wasn’t always possible in the earliest days of the internet, but mobile devices and our internet infrastructure have come such a long way now that both are easily done.

It’s impossible to say where mobile technology will take us next, but one thing you can be sure of is that there are more benefits to be had that we haven’t even dreamed of yet.  Mobile technology has made life more convenient in almost too many ways to count!

0
Posted on Author Atlantic Computer Services Categories Blog

Edge Will Replace Internet Explorer After It Is Gone

It may seem as though Internet Explorer is the browser that will not die, but according to Microsoft, it is now a step closer to breathing its last virtual breath.

Microsoft has struggled in the browser wars for the entire existence of the internet.

They came late to the party. Although they did manage to beat out early dominant browsers like Opera and Netscape Navigator, their Internet Explorer was soon eclipsed by nimbler and better browsers.  The company simply didn’t devote enough resources to the quest in a timely enough fashion to gain an iron grip on the market share.

Eventually, having lost ground to Firefox, Google’s Chrome, and others, the Redmond Giant gave up on Explorer and started from scratch with Edge.

Edge is unquestionably better. However, in the Enterprise ecosystem, several web-based applications had been developed by the time Microsoft decided to retire the browser. Given that, Microsoft continued supporting the code long after they had ceased active development on it.

All things come to an end however, and nearly 27 years after its initial launch, Microsoft has announced the end of support for Internet Explorer on most Windows versions as of June 15th.  So, by the time you read these words, it will be all over for the ancient browser.

Even this isn’t the absolute end.  The company’s new Edge browser has an “Edge IE Mode” which emulates the old Internet Explorer for the purpose of allowing Enterprise customers who haven’t upgraded their Legacy sites and web-based applications to continue using them under the new Edge umbrella.

According to Microsoft, Edge IE Mode will continue to be offered until at least 2029. If you still have Legacy code that hasn’t been updated at that point, all bets are off.  Although few people will actually miss the old browser, its demise does feel a bit like the end of an era.

0
1 19 20 21 22 23 236