Tag Archives: Security

Posted on Author Atlantic Computer Services Categories Blog

Researchers Find New CPU Security Vulnerability

Remember the Heartbleed scare we had a couple years back?  It was a nasty side-channel attack that was somewhat exotic and difficult to pull off, and it was absolutely devastating and sent shockwaves through the entire world.

Well, it’s back. In a way.

While this new side-channel attack isn’t identical, it’s similar enough that the researchers who discovered it gave it a similar sounding name:  Hertzbleed.  It allows remote attackers to pilfer full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling, or DVFS for short.

In other words, hackers can monitor the electrical output of your PC and based on that, derive your cryptographic keys.

A team from the University of Texas at Austin, in collaboration with others from the University of Washington and the University of Illinois Urbana-Champaign are credited with the discovery of the new attack vector.

The team had this to say about their discovery:

“In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [..] Hertzbleed is a real, and practical, threat to the security of cryptographic software.

First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks–lifting the need for any power measurement interface.

Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis.”

To be fair, this is an incredibly exotic attack that would be extremely difficult for even the most experienced hackers in the world to pull off.  Even so, there are hackers out there in the world who have the skills to do this. That is why it’s somewhat disturbing that neither Intel nor AMD have any plans to issue a fix for the issues that make Hertzbleed possible.

Per an Intel spokesman:

“While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment.”

While that’s true, hackers have always been known for being more interested in bragging rights than practicality. In our view, it’s just a matter of time before we see Hertzbleed in the headlines.

0
Posted on Author Atlantic Computer Services Categories Blog

Ransomware Hackers Have Set Their Sights On Exchange Servers

Microsoft Exchange servers are once more in the crosshairs of hackers around the world.  Most recently, hacking groups have been specifically targeting them to deploy BlackCat ransomware.

As is common among ransomware attacks, the hackers here first rifle through an infected network, looking for login credentials, proprietary information, and other sensitive files that they can copy and exfiltrate.  They exploit a target organization in two ways. They ultimately encrypt a target’s files and demand payment to unlock them and then ransom the copied files for additional payment.

This should be regarded as a serious threat.  Although Microsoft tries gamely to keep Exchange servers secure, there are several vulnerabilities in the code. An organization that doesn’t apply security patches as soon as they are available is incredibly vulnerable to these attacks.

It’s a sufficiently significant threat that in April, the FBI issued a Flash Alert about BlackCat, warning that the recent surge in attacks have compromised more than sixty different organizations worldwide.

Their alert reads, in part as follows:

“Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations.”

The FBI has also requested the assistance of any organization that becomes compromised so they can track the attacks back to their source and take action against them.

Again, per the recent FBI Flash Alert, the specific information they’re looking for is as follows:

“IP logs showing callbacks from foreign IP addresses, Bitcoin or Monero addresses and transaction IDs, communications with the threat actors, the decryptor file, and/or a benign sample of an encrypted file.”

Here’s hoping your organization doesn’t wind up in the crosshairs of the hackers. If you happen to, give the FBI a hand so they can shut these miscreants down.

0
Posted on Author Atlantic Computer Services Categories Blog

New Panchan Botnet Targets Linux Servers

If you’re involved with IT Security at any level and if your network includes Linux servers, keep a watchful eye out for the new Panchan botnet.

It first appeared in the wilds on March of this year (2022) and its main focus seems to be targeting Linux servers in the education sector and enslaving them to mine for cryptocurrency.

Panchan has several wormlike features that allow it to replicate quickly and spread laterally once it gets inside a network.  Additionally, the hackers behind the botnet have given it a raft of detection avoidance capabilities. That includes the fact that it uses memory-mapped miners and dynamic detection capabilities that allows it to stop all mining operations automatically if it detects that anomalous activities are being scanned for.

Panchan was written in Golang, which is both versatile and powerful.  Once it infects a target network, it creates a hidden folder inside itself under the name “xinetd.”

Once that’s done, it initiates an HTTPS POST operation to allow it to communicate with Discord, which is likely how the hackers monitor their new victim.

In terms of communicating back to its command-and-control server, Panchan utilizes port 1919 and note that these communications are not encrypted.

Researchers at Akamai first discovered this new threat and have mapped out its spread to this point.  They have discovered 209 compromised systems with more than 40 currently active infections.  The USA seems to be the botnet’s primary target with China as a distant second. Russia, Japan, India, and Brazil account for most of the rest.

Although the education sector seems to be the group’s primary focus for now, anyone running a Linux server should consider themselves at risk.  While this botnet isn’t as damaging as some, it is nonetheless a threat to be avoided.

0
Posted on Author Atlantic Computer Services Categories Blog

How To Protect Your Company With Cybersecurity Awareness

These days, companies spend significant sums of money to protect themselves from cyber criminals.  The threat matrix is vast, and attacks can come from almost any quarter. That is why many companies not only spend heavily on antivirus software, but also on a wide range of tools that IT security professionals can leverage to intercept attacks “at the gates” and prevent attackers from ever breaching their defenses.

Further, many companies will engage with third-party specialists to provide round the clock monitoring.  Managers invest even more money to ensure that regular backups are taken. This is so that if the worst happens, the process of recovery will be relatively quick and the company can get back to the business of its business with as little downtime as possible.

All of that is commendable, but the unfortunate reality is that even the most elaborate and expensive systems designed to defend your corporate network can be reduced to nothing by one moment of carelessness by one of your firm’s employees.

If you want to increase the return on your IT Security investment, the very best thing you can do is educate your workforce to the dangers that are lurking on the ‘net.  Teach them security best practices so that they become part of your network security solution rather than being yet another risk factor you have to guard against.

A few examples of the way your employees may be unwittingly putting your firm at risk include the following:

  • They use simple, easy to guess passwords that any hacker could guess with minimal effort
  • They seldom change their passwords unless forced to
  • When traveling, many will connect to your company’s network using free, unsecured WiFi hotspots
  • A disturbing percentage of people use the same easily guessed passwords across multiple web properties
  • They fail to use multi-factor authentication paradigms, even when and where you make them available
  • Far too many people will automatically assume that any attachment that lands in their work email inbox is safe, and will open it without thinking twice
  • And there is very little cross-checking done when someone reaches out to them via corporate channels to ensure that the person contacting them is who they claim to be

All of these pose a very real risk to the security of your company.  Make sure your employees get the training they need to keep both themselves and your corporate network safe.

0
Posted on Author Atlantic Computer Services Categories Blog

Data Breach Hits One Of America’s Largest Healthcare Providers

Do you receive healthcare of any kind from Kaiser Permanente?  If so, be aware that they recently published a data breach notification indicating that an unidentified attacker accessed an email account that contained personal health information on April 5th, 2022.

Based on the investigation to this point, it appears that sensitive health information belonging to more than 69,000 individuals was exposed.  For context, Kaiser Permanente provides a wide range of health care services to more than 12.5 million customers spanning eight states, plus the District of Columbia.  While it’s true that a breach of any size is a bad thing, this one only impacted a tiny slice of the company’s patient base.

Kaiser’s breach notification reads in part as follows:

“This notice describes a security incident that may have impacted the protected health information of some Kaiser Permanente patients who may have been affected by an unauthorized access incident on April 5, 2022.

The specifics of the unauthorized access were provided to individuals affected in a letter sent by Kaiser Permanente on June 3, 2022.

Sensitive info exposed in the attack includes:

  • The patients’ first and last names
  • Medical record numbers
  • Dates of service
  • Laboratory test result information”

If there’s a silver lining to be found here, it lies in the fact that Kaiser’s notification stressed that no Social Security or credit card numbers were exposed.

While this event will no doubt damage trust, the data that was stolen is not likely to be sufficient to allow the attackers to steal your identity. If you are one of the impacted customers, then you should have already received a notification from the company.

We wish we could say that this will be the last data breach of the year but sadly, that’s not going to be the case.  Stay tuned for the next, and guard your personal data closely!

0
1 10 11 12 13 14 155