USB Thumb Drives that can Fry your System

hardware, Security,
06
May 2015

PC On Fire Shoot

Learn how USB thumb drives can potentially destroy laptops / pcs. We’ll explain how this works and what measures can be taken to protect your computers.

If you happen to find an unknown flash drive in any place that you aren’t familiar with, we strongly advise not to plug it into a computer, especially one that is used for work.  It makes sense when there’s a high element of risk involved. Not only does the possibility of being infected by a virus exist, but as of late, a new type of attack has been created which can physically damage your systems. We have recently learned of dangerous USB thumb drives that are capable of frying a computer or laptop. 

How does it work?

Think of a computer’s ports as physical access points for an attack.

USB-Killer-2

  • An attacker would modify or build a USB thumb drive by using an inverting DC-DC converter to draw power off the USB port.
  • The power drawn from the USB port is then used to create a -110VDC charge on a capacitor bank.
  • Once the caps have charged up, this triggers the converter to shut down.
  • This forces a transistor to propel the voltage from the capacitor over to the port’s data pins.
  • This pattern repeats every time the caps recharge, discharging its high voltage through the port.
  • As long as there’s a bus voltage and high current present, the attack will run its course and overrun the small TVS diodes present on bus lines  of the computer or laptop.
  • Inevitably this will lead to a computer’s components, including possibly the CPU, to fry.
  • With fried components, a laptop or computer will be “dead”.

In typical circumstances a USB thumb drive is design to be protected, and a computer is normally able to dissipate manageable amounts of power, which wouldn’t cause this type of damage.

An example of an attack

A thief had stolen a USB flash drive off a commuter on the subway.  When the thief inserted the flash drive into his computer USB port, the least he’d expected was to see some data. Instead, his computer died as its internal components have been fried.  Although one may think that it was good for the thief to get their just desserts, it addresses a more serious problem- trusting unknown peripherals such as flash drives.

Precautionary measures

Now that we have a good overview of how a USB thumb drive can be engineered to take out a computer, let’s discuss how to prevent such an occurrence.

  • Don’t allow strangers to connect a USB thumb drive in to a mission critical computer or laptop.
  • Don’t plug in USB thumb drives found in public.
  • Do only use thumb drives purchased from reliable retailers or officially provided by an IT administrator.
  • Avoid sharing thumb drives, especially if they leave the premises and return to be used on computers.
  • Aim for individuals to carry their own thumb drives which can safely be used within an office environment.
  • Always question any thumb drives which may be presented to your business by an unknown third party. Even if it lands at your office’s reception desk, have an IT admin check it out first.
  • Have a thumb and flash drive policy in place to cover all of the above as part of your IT security policy.

For more ways to safeguard your computers and IT infrastructure, contact your local IT professionals.

Read More

CryptoWall: Advanced Ransom Malware

Security, ,
04
May 2015

ransomware-161113CryptoWall 3.0, a new variant of the Cryptolocker ransom-ware virus is out causing problems to many businesses. Learn how it works and how to prevent it.

Discovered in late February 2015, CryptoWall 3.0 works very much like the previous versions of this virus, however its strategy to infect systems is somewhat different..

How CryptoWall 3.0 works

  • When the infected file containing CryptoWall 3.0 is opened, the malicious program encrypts all files that it finds mapped over the network.
  • Files become encrypted and unreadable.
  • Only the perpetrator can unlock the code to make it readable again.
  • Once it finishes encrypting all files, it asks for a ransom of around $500USD.
  • This amount is expected to be paid in Bitcoin currency, which is a universal currency used around the world.

Point of entry and identification

CryptoWall 3.0 employs social engineering tactics via phishing emails. These come through with attachments disguised as an “incoming fax report” displaying the same domain as the one the user is on creating a false sense of trust by making them believe it is a legitimate document. Once opened, Cryptowall picks up all mapped drives identified from the host machine it infects and encrypts all of the contents on it as well as the data on the mapped drives.

CryptoWall 3.0 uses .chm attachments, which is a type of compressed file used for user manuals within software applications. Since .chm is an extension of HTML, this allows the files to be very interactive with different types of media such as images, hyperlinked table of contents and so forth. It also uses JavaScript to allow the attack to send users to any website on the Internet, which occurs when a user opens up the malicious .chm file.
Once the file is opened, the attack automatically runs its course.

CryptoWall: More than meets the eye

rouge

Ransom Malware bas been evolving since the first wave of Cryptolocker attacks back in September 2013, which had netted the virus writers over $27,000,000 from claiming ransom money within only a few months of the Cryptolocker operation. Attacks are happening all over the world with detections in Europe, the UK, the US and in Australia.
The sophisticated Cryptolocker and CryptoWall attacks also use botnets, which is a wide network of compromised machines, to be the originators of the attack. Aside from speeding up distribution of the virus, it allows anonymity for the virus writers.

How to prevent CryptoWall 3.0

For more ways to stay protected and safeguard your network, contact your local IT professionals.

Read More

The Declining Firefox Market Share

Office IT,
02
May 2015

chrome_vs_firefox_securos.org_.ua_

Is Firefox as popular as it used to be? A decline in the Firefox market share has proven its loss of user share. Learn why by reading our overview here.

Browsers take long-term data statistics very seriously, as it is a measure of their success in the internet browser market. The popular and widely used browsers today are considered to be Google Chrome, Mozilla Firefox, Internet Explorer, Safari and Opera.

In the past year, Mozilla Firefox’s desktop user share has dropped by a significant 34% and since April 2010, dropped down to a total of 54%.

In recent months and years, Mozilla’s Firefox has continued to lose user share due to other widely used internet browsers gaining popularity. The Firefox browser has dropped to the lowest numbers in the browser market share since its initial release back in 2004 when Internet Explorer had already captured most of browser market.

Less people are using the Firefox browser and they’re increasingly reporting issues related to its use. For instance, there are now fewer browser users discussing bugs and fixes on blogs and forums than ever before. This has led to more problems for Mozilla Firefox.

The rise and fall of user share

browser-war-galit-weisberg

Browser wars as depicted by Galit Weisberg.

 

Let’s look at the rise and fall of user share regarding Mozilla Firefox browser and compare it to other popular browsers.

February saw Mozilla Firefox’s user share on desktop platforms to be down to 18.2%, which was down half a percentage from the previous month.

According to Computerworld, if the trend of losing market share continues at the same rate, this could mean that Firefox would go under 8% by this coming October based on both mobile and desktop users being at a low 9.8%, which is 3.4% down from when they first recorded statistics in July 2014.

Mobile Device Browsers

web-browsers

Since the introduction of smartphones that have been made widely available to the consumer market, users are also accessing the internet on their mobile devices. The drop in user share for Firefox appears to correlate with the increased use of mobile devices. Not even their combined numbers of desktop and mobile device users can make up for this loss in market share.

This is despite having a mobile web browser available on smartphone devices, such as for Apple’s iOS and Google’s Android devices.

According to Computerworld’s records, February’s mobile share usage was less than seven-tenths of 1%.  Google’s Chrome browser has been the biggest beneficiary of the loss of user share suffered by Firefox.

With Chrome being a popular browser choice on mobile platforms, this has helped their share flourish on the overall market. According to Net Applications’ statistics, Chrome along with the former Android browsers it has replaced, takes up a massive share of the market with 41.5%.

Mozilla committed to evolve their services

As Mozilla is focusing on their cloud service to offer an improved browsing experience for mobile and desktop browser users. They have also signed a five year contract with Yahoo to make its search engine a default one for Firefox browser in the United States.

In regards to a snapshot of the current market share for browsers, the order of popularity from highest to lowest includes Internet Explorer, Google Chrome, Safari, Mozilla Firefox and Opera.

For more information on Cloud services and flexible IT solutions, contact your local IT professionals.

Read More

What to do when your Wifi won’t work

Network, Uncategorized,
30
Apr 2015

Broken-WiFi

Is your Wifi not working? No problem, simply follow our quick checklist to get your Wifi back online so you can get on with business as usual.

It can be annoying to lose your Wifi connection at home or in the office. Besides, where would one be without Wifi these days?

Not having a Wifi connection can effect a multitude of business operations such as losing access to both the internet and your internal network, email, shared peripherals (such as printers and scanners), and any other wireless  resources connected to your router.

For many, it’s no longer feasible to have ethernet cables swimming all over the place.
To help end this panic, we’ve compiled a three -step troubleshooting list to get your wireless working again.

so-asus-wireless-n300-3-in-1-router-ap-range-extender-4-x-10-100mbps-lan-ports-1-x-10-100mbps-wan-port-w-dual-detachable-5dbi-antennas-model-rt-n12-d1-3

  • Restart your device or computer. The idea is to restart whichever device has lost its Wifi connection. It is best to do this first, as it may be an isolated issue with only the your computer, laptop, printer or smartphone. It’s also good idea to confirm this by checking to see if other devices and computers are connected and working over the wifi.
  • Restart your wireless router. If all devices connected to your Wifi router appear to be offline, then the problem is likely to be the router. You may want to observe whether your router is flashing amber or red lights, which is a sign that it has lost connectivity. Green lights are usually an indicator of a Wifi router being online, operating as usual. A simple reboot of your Wifi router by unplugging it from the power for 1 minute and plugging it back in can help it come back online. If the router continues to play up after a few minutes following a reboot, contact your ISP to check if there are problems with the internet connection. If not, the Wifi router may need to be replaced.
  • Make sure you’ve selected the correct wireless access point. Check to see which access point you’ve connected to by checking your device’s wireless settings. If you’re unsure about the wireless access point name, you can double-check it by reading the label displayed on the Wifi router or, alternatively, you can or ask your network administrator what it is. Understandingly, it’s so easy to pick the wrong wireless access point as most households and businesses have Wfi routers emitting wifi everywhere.

For more ways to troubleshoot networking problems, contact your local IT professionals.

Read More

Lenovo Caught Shipping Laptops with Invasive Adware

Security, Uncategorized, ,
28
Apr 2015

Comp 1 (0;00;00;00)

Lenovo has been caught red-handed shipping laptops with invasive adware. Read more here to find out the implications of why you should be concerned.

If your office has purchased any number of Lenovo laptops during the latter part of 2014, then these systems are likely affected by pre-installed adware.

There’s now little wonder  as to why your office’s antivirus or antimalware software might have been bugging you about a malicious adware named “Superfish”. If your systems administrator hasn’t been able to pinpoint the particular source, the culprit could really be the OS itself or Lenovo.

In 2014, several Lenovo notebook users reported injected advertisements while doing regular internet searches. The adware was identified as “Superfish” with capabilities of injecting third-party advertisements to not only on search engines like Google but by any website visited as well. Experts and technical enthusiasts have determined the adware was already pre-installed with the notebook by the time a unit is purchased.

Is It a Big Issue?

Although Lenovo would claim otherwise, experts point out that this invasive software can affect both users’ privacy and security.

For internet users who are annoyed by those numerous and deceiving web advertisements, this would already be a problem. Even the more savvy users can be deceived due to the nature of the advertisements displayed, which are designed in a way to look like they are part of the search results or the webpage itself.

A serious security threat which can spy and steal your data

Other than the ability to bombard you with online advertisements,”Superfish” also gives the perpetrators an opportunity to spy on the user’s activities when online and even monitor personal data:

  • The adware installs itself as a root security certificate in the laptops.
  • A security certificate is a small system file/key that determines which websites, servers, and software are trustworthy and which are not.
  • A root certificate can be likened to having a “master key”, where its authority will be adopted within the internet settings of a computer.
  • This makes a computer vulnerable by tricking it into thinking a website is secure, even if it’s not.

It’s a window of opportunity for cyber criminals to spy on their targets or even deceive them to give out personal data like usernames and passwords. There’s also a risk for laptops to be susceptible to malware and virus attacks since they can slip through their antivirus/antimalware software by using the certificates to make them look like legitimate files.

Lenovo’s Response

superfish-screenshot

Lenovo recently confirmed selling their units pre-installed with adware and shipping them worldwide. According to Lenovo, only units produced between September and December of 2014 were affected. Additionally, Lenovo defended the addition of “Superfish” in its laptops citing that the goal was to improve user experience when shopping online and that it does not monitor user activity.

As of January 2015, Lenovo has stopped shipping the adware on its computer products and has promised not do so in the future. It has also disabled “Superfish” and server interactions for the affected units and users. This “feature” should now cease to exist.

Check if you are affected by Superfish

 

superfish

Filippo Valsorda has setup a quick online test to see if your computer and internet connection are affected.  The test can be run here.

For more ways to stay protected, contact your local IT professionals.

Read More
1 98 99 100 101 102 126