Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Installing Windows 11 On Unsupported Devices May Have Security Risks

Microsoft raised hackles worldwide when they placed stringent hardware requirements on their recently announced Windows 11 OS. Many chipsets that are more than capable of running the new software aren’t on the list. That doesn’t mean that you can’t still install Windows 11 on a machine with unapproved hardware. However Microsoft has stuck to its guns here.

They announced that although users may take that approach, unsupported devices won’t receive automatic updates and security patches. That’s harsh and it may well be sufficient to keep most people from installing Windows 11 on hardware that Microsoft does not approve of.

The specific reason that so many people are up in arms about Microsoft’s position is that a large swath of the user base will have to invest in new hardware. That is if they want to take advantage of new Windows 11 capabilities.

It’s good that Microsoft has built a loophole into the system but running an unsupported copy of Windows 11 carries enormous risks. If anybody does it’s likely to be seen as a very short term solution. Few individuals and even fewer companies would want the risk of exposure that comes with having an unsupported copy.

It is not yet known whether or not Microsoft will allow users with unsupported hardware to install those updates manually. That makes it even worse. If they don’t, it amounts to the kiss of death for unsupported hardware.

Nothing is set in stone and it’s still technically possible that Microsoft could reverse course and soften their stance. This seems unlikely though. If we get very lucky users may still be able to manually install updates. Stay tuned for the final word from Microsoft on that front. Whether you agree with the decision or not the company seems to have firmly made up its mind.

0
Posted on Author Atlantic Computer Services Categories Blog

Report Finds One Third Of Suspicious Emails Are Threats

Employee cyber security training is paying off according to a report recently released by IT security company F-Secure.

Researchers from F-Secure analyzed more than 200,000 emails that had been flagged as suspicious by employees working for organizations around the world. They discovered that more than one third of those emails could be classified as phishing.

Phishing is an extremely common technique hackers use to gain important information about specific individuals. In some cases they even gain access to a system that the hackers are targeting. For example hackers may employ phishing techniques to impersonate a vendor company that another company does business with. Perhaps they attach a poisoned Word or Excel document that appears to be an invoice.

If the recipient enables macros to view the document, it will install malware onto the recipient’s computer. That will allow the hackers to spy on the user and attack other machines on the network. It’s one of the most common tactics employed by hackers around the world with phishing attacks accounting for fully half of all infection attempts in 2020.

Even with a relatively low success rate there are so many phishing attacks made over the course of any given year that it adds up to a staggering number of successes. That is why hackers rely so heavily on the technique.

F-Secure’s Director of Consulting had this to say about the recently published study:

“You often hear that people are security’s weak link. That’s very cynical and doesn’t consider the benefits of using a company’s workforce as a first line of defense. Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results.”

Naude makes an excellent point. Kudos to the company for conducting the analysis and to all the employees who submitted suspicious emails for a closer look.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Behind REvil Ransomware Are Back Online

Not long after successfully attacking Kaseya the band of cyber criminals behind the REvil ransomware strain went dark. Their “Happy Blog” mysteriously went offline.

It is not known if the group went into hiding as a safety precaution after their attack drew worldwide condemnation. It could have been as a result of action by law enforcement agencies. The truth is not currently known.

Many credit Presidents Biden and Putin because the group went silent not long after the two leaders spoke. Biden pressed the Russian leader about ransomware attacks that originated from Russian soil.

Kaseya is a global IT solutions company based in Ireland. The REvil attack impacted thousands of end users in more than a thousand small to medium-sized companies that Kaseya serves. Whatever drove the hacking group offline temporarily the pressure seems to have faded. The group has returned. Security researchers from both Emsisoft and Recorded Future have confirmed that most of the gang’s infrastructure is back in operation.

Ransomware expert Allan Liska had this to say about the group:

“Things definitely got hot for them for a while, so they needed to let law enforcement cool down. The problem (for them) is, if this is really the same group, using the same infrastructure, they didn’t really buy themselves any distance from law enforcement or researchers, which is going to put them right back in the crosshairs of literally every law enforcement group in the world (except Russia’s).

I’ll also add that I’ve checked all of the usual code repositories, like VirusTotal and Malware Bazaar, and I have not seen any new samples posted yet. So, if they have launched any new ransomware attacks, there haven’t been many of them.”

BlackFog’s CEO Darren Williams added that he’s not surprised that the group resurfaced. REvil is one of the most successful ransomware variants of 2021. With so much demand from hackers around the world it would have been virtually impossible for the group to remain hidden and offline.

REvil is back and it is just a matter of time before REvil attacks begin anew.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Using Windows 11 Curiosity To Load Malware

Millions of people around the world are understandably curious about Windows 11. It’s easy to understand why. A new OS offered by the company that makes the most widely OS used on the planet is a big deal.

Unfortunately hackers are well aware of this and are currently using that curiosity as a means of spreading malicious software to unsuspecting victims.

Security researchers have found evidence suggesting that the notorious “FIN7” cyber gang is responsible for the latest campaign which started in late June of this year (2021). That coincided with Microsoft’s early announcements about the release of Windows 11.

The current campaign seems to have concluded in late July. All expectations are that a new campaign will begin the next time Microsoft makes another major announcement about their new OS.

The hacking group used tried and true social engineering tactics creating a poisoned Word document filled with Windows 11 logos and imagery to pique a reader’s curiosity. If this poisoned document is opened readers will get a message saying that the advanced features of the document cannot be accessed unless macros are enabled. Naturally if the reader opts to enable macros this is the mechanism by which the malware payload is delivered.

It’s a vicious campaign designed to prey on people’s natural curiosity about something that’s almost certain to have a significant impact on them. Given that we can expect to see more of these types of campaigns as Microsoft moves closer to the Windows 11 launch date.

If you get an email (regardless of who it is from) and that message asks you to download something or enable macros, just say no. Few if any reputable companies require such things to view their content and these are almost always signs that someone is trying to scam or hack you.

0
Posted on Author Atlantic Computer Services Categories Blog

Fortinet VPN User Passwords May Have Been Leaked Online

Hackers recently released a list of nearly half a million Fortinet VPN usernames and passwords onto the Dark Web. The group behind the attack claims that all the credentials were scraped from exploitable devices last summer.

The group also claims that while the vulnerability that made the hack possible has been patched many of the VPN credentials are still valid.

For their part Fortinet has confirmed that they were attacked and that the hackers successfully made off with hundreds of thousands of VPN login credentials.

Half a million credentials of any sort is a serious matter but half a million VPN credentials is eye popping. If the list is exploited the groups doing so could infect a wide range of networks all around the world.

A recent Fortinet advisory had this to say about the matter:

“This incident is related to an old vulnerability resolved in May 2019. At that time, Fortinet issued a PSIRT advisory and communicated directly with customers.

And because customer security is our top priority, Fortinet subsequently issued multiple corporate blog posts detailing this issue, strongly encouraging customers to upgrade affected devices. In addition to advisories, bulletins, and direct communications, these blogs were published in August 2019, July 2020, April 2021, and again in June 2021.”

For reference the old vulnerability Fortinet is referring to is being tracked as CVE-2018-13379. A Bleeping Computer analysis of the stolen data reveals that it contains VPN credentials for 498,908 users spread over nearly 13,000 different devices.

If you have Fortinet VPN your best bet is not to take any chances. Assume that your account has been compromised and force-reset all of your users’ passwords. In addition to that take the time to do a deep dive into your logs and scan for any suspicious activity that may point to a possible intrusion.

0
1 75 76 77 78 79 236