Unexpected Support Updates For Older Systems Released By Microsoft

Users of Windows XP, Windows 2003, Windows 7 and Server 2008 got an unexpected benefit from Microsoft recently.

All of the OS’s mentioned above have reached the end of their support lives and the company hasn’t been issuing new security updates for them. However, they made a rare exception in the case of patching CVE-2019-0708.

CVE-2019-0708 is a critical security flaw that allows hackers to exploit the Remote Desktop Service and gain access to a target system without any authentication.

Windows 8 and later versions are unaffected by this flaw, but there are millions of vulnerable users still on the older operating systems we named above who are vulnerable.  Microsoft threw them a lifeline releasing the patch that addressed this issue, along with 79 other security flaws.

Last year, the malware strain known as Wannacry swept across the globe, infecting hundreds of thousands of systems, most of which were running older OS’s.  Fearing that something similar could happen this year, the company took the extraordinary step of issuing an unexpected security patch.

While the smart money says that you should already be well into making plans to migrate away from these older operating systems with little to no support, that may not be possible for everyone.  At the very least then, be sure you grab the latest security patch from Microsoft, which will undoubtedly buy you at least a bit more time.

Honestly though, at this point, the only safe move is to migrate to a more modern OS with all possible speed, even if it means some short-term discomfort.  Wannacry devastated thousands of businesses of all shapes and sizes. Microsoft isn’t going to continue making heroic efforts to save a user base unwilling to migrate forever.

New Ransomware Looks Like An Anti-Virus Installation

Dharma is a highly successful ransomware strain.

It recently has been made even more successful by a change in the way the hackers controlling it are deploying it.

The first part of their latest campaign remains unchanged.  They rely on well-crafted phishing emails to lure employees in.

The key difference, however, lies in the particulars of the newly crafted emails.

In a nutshell, the group has begun imploring email recipients to protect their systems by installing the latest antivirus software.  The emails include a helpful link to the antivirus, which of course doesn’t point to antivirus software at all. Rather, it is the ransomware they’re trying to deploy inside corporate networks.

Worst of all, the emails claim to be from Microsoft, one of the biggest, most recognizable and most trusted names in the industry. So, there’s a good chance that at least one of your employees will take the bait. In a bid to be good, proactive employees, they will seek to install what they think is antivirus software.

Once they start the installation, the damage is done.  It will lock every file on the victim’s system, demand ransom, and seek to spread itself to as many other systems inside your network as it can reach.

Raphael Centeno, a security researcher at Trend Micro had this to say about the new twist on the malware strain:

“As proven by the new samples of Dharma, many malicious actors are still trying to upgrade old threats and use new techniques.  Ransomware remains a costly and versatile threat.”

As ever, the best way to guard against this type of threat starts with employee education.  Employees should not be in the habit of installing their own antivirus software in the first place, so a gentle reminder to that effect should go a long way toward limiting the threat, but it still pays to be very much on your guard.

Hundreds Of Apps Loaded Adware Onto Millions Of Android Phones

How many malicious apps would you need on the Google Play Store to infect more than one hundred and fifty million Android devices? Unfortunately, we have a good answer to that question, courtesy of SimBad adware, which can be found in 210 different Android apps.

Taken together, they’ve made their way onto nearly 150 million devices.

If that was the only strain of adware in existence it would be bad enough. Of course, SimBad is only one form of malware.  Granted, it’s a significant strain with a hefty footprint, but the statistics above only demonstrate the sheer scope and scale of the problem. The internet is awash in malware of all types, and the problem is only getting worse.

On top of that, hackers are getting increasingly sophisticated in the way they deploy their poisoned code. Even worse, they’re sharing secrets and adopting each other’s most effective strategies. They’re creating a kind of ‘Black Hat Best Practices’ that enable even hackers with only a moderate level of skill to cause real damage.

If all of the above wasn’t bad enough, even worse is the fact that the larger hacking groups have begun serving as hired guns.  On the Dark Web, it’s easy to find a massive botnet for hire, or to rent out someone else’s malware and leverage their resources to launch your own devastating campaign.

Arrayed against these forces are a motley collection of industry insiders, independent researchers, corporate IT staff members, and security company professionals. They are all trying gamely to keep up with the ever-shifting threat matrix.

Unfortunately, it’s a battle these forces are losing.  2018 was another record setting year in terms of the number of successful data breaches, and 2019 will almost certainly beat last year.  Stay vigilant.