2017_Petya_cyberattack_screenshot

A major cyber attack has swept across the globe and, once again, it’s taken the form of ransomware to shut down computers and demand Bitcoin ransoms.

Known as Petya – the Russian word for stone – has managed to halt operations at a chocolate factory in Australia and even one of Russia’s biggest oil companies, so the scale and sophistication of its attack is clear to see. Following the recent WannaCry ransomware attack, Petya has made headlines in a security landscape where safety appears to be far from guaranteed.

As this is such a widespread attack – and the fact that new ransomware attacks are appearing weekly – it seems like the perfect time to look at Petya and reinforce what you can do to protect yourself.

The Story behind Petya

Although it’s difficult to confirm, it’s believed that the Petya attack originated in the Ukraine. Reports suggest that the ransomware was spread through the update server for MeDoc which is a popular brand of Ukrainian accounting software. Consumers believed they were simply downloading a new update for their software, but it was actually a powerful slice of malware which then spread like wildfire.

Petya.Random

This latest variant of Petya, however, is even more powerful than its original incarnation. It’s believed that Petya now comes loaded with a tool named LSADump which harvests data and passwords from all the PCs located on that network. Petya also appears to be encrypting every single file on the infected PCs through the master boot record – this helps your PC boot up Windows at startup.

Most disturbingly, though, it’s being reported that Petya may not even be ransomware and may, instead, simply wipe everything from a PC with no chance of recovery. While the thought of having to pay a small ransom to retrieve data is troubling enough, the idea that your data may never be retrieved brings a whole new level of concern to Petya.

Defending Against Petya

Regardless of whether Petya encrypts or destroys files, it remains a highly sophisticated strain of malware that no PC user wants to find on their system. Kaspersky and Symantec have assured consumers that their anti-virus software will actively identify and protect against Petya, but for many users this may be too late.

cyber-security-2296269_960_720

Unfortunately, despite the spate of attacks taking advantage of Windows vulnerabilities, many PC users are still incredibly lax when it comes to installing security updates and patches. The main reason for this procrastination is an issue of time, but what’s five to ten minutes of installing updates and rebooting compared to having all the files on your entire network encrypted or even deleted?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


gettyimages-551984543-2

Microsoft has claimed that their latest upgrade to Windows 10 (10S) is immune to all known ransomware. However, it appears that this isn’t quite true.

Windows 10S is a streamlined upgrade of Microsoft’s current operating system (OS) and it promises increased speed, stability and security. Naturally, this claim of invulnerability is certainly impressive, but, effectively, it’s also issued a challenge to the online community to test the strength of this security.

It’s a brave move, perhaps one which was necessary after the various security issues with Windows 10 shortly after its launch, but it’s now looking rather embarrassing for Microsoft as Windows 10S has already been breached.

Hacking Windows 10S

win10virus

Launched at the start of May, Windows 10S survived several weeks without having its defenses breached, but this security has now come tumbling down. Security expert Matthew Hickey of Hacker House managed to make his way through the security capabilities of Windows 10S in just three hours.

How did he do this though? Microsoft, after all, should know a thing or two about security, right? Well, Hickey actually employed an old fashioned technique of hacking called DLL injection. A particularly sneaky form of hacking, DLL injection runs malware within a running process that is deemed not capable of carrying a threat by the operating system in question.

This hack was carried out by one of the most common malware attacks seen in contemporary hacking, a Microsoft Word document packed full of malicious macros (automated commands). Although Microsoft Word now has an anti-malware system, this does not detect issues with files that have been shared on the network – which is exactly where Hickey had downloaded the infected document to.

Hickey was then able to activate the malicious payload in the Word document and found he was able to take control of the PC by giving himself full administration privileges. Using Metasploit – software designed to look for loopholes in cyber defenses – Hickey eventually managed to secure himself full system privileges. And this meant, in theory, that he could begin disabling firewalls and anti-malware software.

With the system’s defenses completely disabled, Hickey could easily have installed ransomware on the PC, but he refrained from doing this in order to protect other PCs on the network.

An Unhackable OS?

adobe-after-effects-master-creates-downloadable-version-of-windows-10-wallpaper-485537-2-e14394812989461-695x336

At no point did Microsoft claim that Windows 10S was 100% protected from any form of hacking, but by claiming that it was safe from ransomware they were setting themselves up for a mighty fall. And now that Matthew Hickey has revealed just how easy the hack was – and a three hour hack is relatively quick in terms of a previously unhacked operating system – it’s likely that even more exploits will be revealed.

And, although Hickey’s attack was a ‘friendly’ hack, it underlines just how fragile cyber security can be. Despite all the bold claims by Microsoft, Windows 10S doesn’t appear to be any more secure than previous versions and this is very troubling for consumers.

Once again, user knowledge and awareness is highly important as the root cause of this attack was an infected Word document. Your employees must understand the important of identifying malware and not rely on software as, even when Microsoft are involved, it’s impossible to claim something is secure enough to give you full protection.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


5-installing-updates

Windows updates are always around the corner. Fixing Windows update when Windows update isn’t working is as important as keeping your antivirus up to date.

Just when you’ve finished installing that large update that took forever finish, another 20 pop up the next time you boot. It’s annoying but it is a necessary evil for every PC user. The updates patch security holes in your system so hackers and other cyber criminals can’t exploit them to gain your information or take control of your computer. Sometimes Windows update won’t work however.  Not being able to install these updates leaves the users computer vulnerable to attack.

Here are a few ways to make sure the updates are pushed through to maintain your business’ security and stability.

1. Use a system restore

A system restore point is a snapshot of your computer’s working state at that moment in time. Many Windows events automatically create restore points of your system but you can also manually create your own.

System_Restore

Chances are that you have a few restore points in your system already. To restore your system to an earlier state, you need search for system restore using the Start Menu and open it. Once open you will be greeted with a page to start a restore, click Next. Check the box on the bottom left to show more restore points.

SystemRestore

Each restore point will have a date and time stamp to indicate when it was created. All you need to do is pick one prior to when you were having the Windows Update issue and restore to that point. This should fix most of your issues.

2. Manually download the update installer

Each Microsoft update also comes in its own installer package that you can download directly from the Microsoft website. In order to download the update you must know its update KB number, which you can find from the windows update page on your computer.

Win7-SP1RC-windows-update

Next all you need to do is install the update like you were installing any other program and hopefully your windows update will come out of its rut.

3. Download the Windows Update and Automatic Update Reset tool

Windows_Update_Reset_Tool

If all else fails you can install this handy tool created by the Microsoft Fix it team. This program should resolve most of your issues. You can run the program in default mode first and if that fails then you can run it again in aggressive mode to make sure everything gets patched.

 For more ways to keep your business data safe and your operations running smoothly, contact your local IT professionals.

Read More


Windows 10 will be a free upgrade

Microsoft will soon offer free upgrades to Windows 10. We’ll explain everything you need to know and how to properly prepare for the upgrade.

An overview

We would have never thought we’d see the day that Microsoft announces a “free” upgrade to their operating systems!

So what is the catch? It appears to be that the upgrade will be free for one year and will only be offered to Windows 7, 8.1 and Windows Phone 8.1 systems.

That’ll leave enough time for Microsoft users to test out the new OS features and functionalities for glitches, even past the technical preview version. Or could it be that they’re keeping up with Apple’s trend of free upgrades to fit in more with the flourishing mobile market?

Whatever the reason may be, we know that the announcement officially came through Terry Myerson from Microsoft. Myerson had conveyed the notion of moving towards a close-knit product, with the aim of leaving behind the problem of having to worry about multiple OS versions.

Either way, it’s a safe decision for Microsoft to make as they’ll gain a better foothold on various pies in market whilst maintaining consumer loyalty.

Windows_10_Free_Upgrade

Since Microsoft’s operating systems are still predominantly used in many companies and businesses across the globe, the possibility for a free upgrade will also ensure compatibility with their existing systems, making it simpler for IT to implement upgrades.

What you need to know

  • Windows 10 is designed be even more robust than the previous versions, and it’ll include an exclusive voice control technology known as Cortana.
  • It’ll be an all-in-one platform supporting PCs, phones, tablets, laptops, and games consoles.
  • After the initial year is up,  Windows 10 may possibly be priced as a premium OS, so be prudent with your budget and allocate a little more than you would on your existing Microsoft licenses.
  • It’s yet to be disclosed if any discount will be given after using the free one year upgrade. At present, an upgrade to Windows 10 from version 8.1 is priced at $199.99.
  • The system requirements for Windows 10 will be good on most desktops and laptops built within the past 5-7years.
  • According to the Windows Insider website the minimum requirements are a 1 GHz processor, 16 GB of disk space and 1 GB of RAM.
  • Microsoft reassures users that computer systems running Windows 8.1 will be good enough to run Windows 10.
  • Another consideration is Microsoft not raising their system requirements since 2006; You could even run Windows 10 from a Windows 7, Vista, and even possibly XP system!

Although Microsoft released their Technical Preview of Windows 10 last October, the wait still continues for the official “bug-free” version of Windows 10. We can only speculate that it’ll be out sometime in 2015.

For more ways to update business networks and systems, contact your local IT professionals.

Read More


Windows 8.1 Administrator Access

Google publicly disclosed a Windows 8.1 bug that allows administrator access to PCs. The disclosure highlight a vulnerability affecting millions of users.

This has left Microsoft outraged, especially considering that they were about to release a patch for it.

The news originated from Forshaw, one of Google’s researchers who found the bug and published it online. The bug is backed up by the Google’s POC (proof of concept) scheme, which was tested on an updated version of Windows 8.1. It’s not entirely clear whether earlier versions of Windows, such as Windows 7 operating systems, are also affected by the bug.

Microsoft went on to express their displeasure by stating that such bug reports shouldn’t be released until after a fix has been made available.

According to Microsoft, for such a bug to cause problems, the perpetrator trying to access the computer would need to know the password of the local machine. This is still a big enough risk to have over a network, as any hacker will use this simple fact as motivation to steal passwords and ultimately gain elevated user privileges.

An unpopular decision?

Google’s Project Zero carries out research and bug testing on various systems. Once they find a bug, their policy is to give 90 days for the vendor to fix the issue.  The 90 days disclosure time had passed and Google went ahead and published their report a couple of days short of Microsoft releasing an update, on their patch Tuesday.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

It leaves little to guess why Microsoft recently pulled their ANS (Advanced Notification Service) from the general public and made it only available to paid Premier support clients. This means that only paying customers would know of the security issues before their scheduled release on Patch Tuesday.

The vulnerability: Briefly explained

An internal function exists within the Windows 8.1 operating system, known as AhcVerifyAdminContext. Google’s proof of concept tested this using a couple of programs and some commands to bring up the calculator in Windows as an administrator.

Vulnerability Overview:

  • The vulnerability in unpatched versions of Windows 8.1 has a function which consists of a token. The problem is that this token doesn’t correctly verify if the user logged onto the computer is an administrator.
  • It checks the footprints from user’s impersonation token and matches these between the user’s SID and the system’s SID.
  • What it doesn’t do is verify the token’s impersonation level against anything else.
  • This leads to the vulnerability where an identity token can be added from a local process on the system, and as a result, skip the verification stage.
  • This vulnerability only needs to be exploited by someone who knows that it’s available on an un-patched version of Windows 8.1.
  • The hack could be something like an executable that creates a cache, and uses a registry entry on the computer to reload itself.
  • All that would be required is to use an existing application on the computer to run and elevate these privileges.

The proof of concept Google used includes two program files and a set of instructions for executing it. This resulted in the Windows calculator running as an administrator. Forshaw states that the bug is not in UAC (user access control) itself, but that UAC is used as part of it to demo the bug.

Protecting Yourself and Your Business

We suggest keeping your anti-virus updated, along with Windows Security Updates to patch up known vulnerabilities on the computer. Depending on your office set-up, it is also a good idea to enable firewall on PCs too if not at least your network.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More