Security Bulletin #110 – 22 May 2017
Ignoring software updates? You’re making one of five basic security mistakes
Cybercrime has quickly become a major problem for businesses, governments and citizens all over the globe. While awareness of this multifaceted threat is increasing, we’re still making the same blunder when it comes to cybersecurity. Here are a few security mistakes to be aware of. 1) Email: Social engineering tactics are as old as the day is long, yet people keep falling for them. Today, phishing via email has become incredibly commonplace. 2) Social media: Social media has become the go-to-market for cybercriminals eager to compromise people. It’s no surprise, as many users still fail to adequately look after their networks (for example, a 2016 survey showed that 58% of people do not know how to update their privacy settings). 3) Attitude: Forget technology for a second, culture is arguably the biggest issue with security right now, and this has been the case for 20 years. CEOs think they won’t be targeted and citizens think much the same (i.e. it won’t happen to me) 4) Passwords: guessable passwords can be easily cracked, and they can open a can of worms if you use the same password across several accounts. Brute-forcing passwords is increasing fast and easy for criminals today equipped with either huge computing power, or access to buy such expertise on the dark web. 5) Software updates: Whether on desktop, laptop or mobile, there’s always another software update for an app, our operating system or security solution. Interestingly, the constant pop-ups irritate us, with many people failing to understand just how important they are. If we fail to update, we’re effectively leaving our software and devices vulnerable to attack, as cybercriminals look to exploit out-of-date flaws. Configuring automatic updates from trusted providers can make sure these are installed regularly.
Medical Devices infected by WannaCry Ransomware in US hospitals
WannaCry infected 200,000 computers across 150 countries in a matter of hours last week. Now security experts report the WannaCry ransomware has infected also medical devices as reported by Thomas Fox-Brewster on Forbes. The journalist published an image of an infected medical device, likely a Bayer Medrad radiology equipment that is used to inject contrast agents inside the human body to aid in MRI scans. The medical device was infected by the WannaCry ransomware because it was running on a version of the Windows Embedded operating system and supporting the SMBv1 protocol. According to Forbes, a source with the Health Information Trust Alliance (HITRUST) confirmed that WannaCry ransomware also infected and locked down Windows-based medical devices belonging to Siemens. Siemens admitted that Healthineers products are vulnerable to WannaCry. Ransomware is a serious threat for the healthcare industry, this specific category of malware could infect systems at hospitals preventing the personnel from using any medical equipment and making ordinary operations (i.e. managing patient data or medical treatment schedules). Let’s hope operators in the healthcare industry will understand the importance of cyber security for the industry.
Wannacry: Everything you still need to know because there were so many unanswered Questions
It has been a week since the Wannacry ransomware burst onto the world's computers – and security researchers think they have figured out how it all started. Many assumed that it happened using malicious emails. According to research by boffins at Malwarebytes, email attachments weren't used. Instead, the malware's operators searched the public internet for systems running vulnerable SMB services, and infected them using the NSA's leaked EternalBlue and DoublePulsar cyber-weapons. Many assumed Wannacry could infect any pre-Windows 10 systems, however it mostly infected Windows 7 computers that hadn't pick up Microsoft's March security patch for the SMB bug. That's because the malware's implementation of EternalBlue is ineffective on Windows XP and Windows Server 2003. The outbreak didn't hit very many WinXP and similarly aging boxes at all – it was mostly unpatched Win7 and Server 2008 machines in enterprises and other large organizations that were slow to apply Microsoft's fixes earlier this year. A pro tip is to never use SMBv1 and never expose your file servers to the internet. According to a research, a security researcher published an implementation of EternalBlue's exploit in Ruby on Github shortly before Wannacry began to spread this code. It was designed to work with Metasploit and this may have been used as a blueprint by the Wannacry developers.
CERTFR-2017-ALE-008 : Multiples vulnérabilités dans Microsoft Windows XP et Windows Server 2003 (15 mai 2017)
CERTFR-2017-ALE-011 : Campagne de messages électroniques non sollicités de type Jaff (14 mai 2017)
CERTFR-2017-ALE-010 : Propagation d’un rançongiciel exploitant les vulnérabilités MS17-010 (12 mai 2017)
CERTFR-2017-AVI-161 : Multiples vulnérabilités dans VMware Workstation (19 mai 2017)