We really hope that you are doing the best you can in these very weird times. The current situation makes even mildly bad times of the past (you know, people being late and such) seem like nothing and as for the good times of yesterweek, well amazing. Let’s hope some sense of normality (the pubs reopening would be a great start) will be returning in the not too distant future and with the least number of fatalities, fingers crossed, indoors.
Of course with everyone locked up at home, computer time has skyrocketed, as of course has Internet bandwidth consumption. London residents who use old school DSL (and associated multiplexors - DSLAMs) are suffering from incredibly poor performance and drop outs. Suppose it's the same for people trying to watch Rick and Morty in black and white.
Anyhow with everyone glued to their computers, now is not the time for Microsoft to announce two unpatched Remote Code Execution flaws affecting not just a few but all versions of the Windows platform. Microsoft is ‘working on a patch’, well what else would it be doing with all of this time on its hands, selling licenses to support home working and cloud migration hand over fist? Never.
In the meantime Microsoft has advised that a number of workarounds are implemented, certainly on non-Windows 10 platforms.
Whilst we can see this being doable in an incredibly well managed and maintained Windows environment, the chances of getting our kids, parents or in some cases colleagues to execute these workarounds are slim to none.
Which leaves us with a bit of a problem. As we discussed last week, one woman's Global Pandemic is another man’s grasping, nasty opportunity (we are equal opportunities round here, next time the Women will be the baddies, mwahahahaha.
As we wailed about (along with pretty much all other commentators) last week, the bad boys are all over this pandemic. This week we have seen shameless clickbait targeting the vulnerable on all social media platforms, like this Covid-19 phishing scam.
Some excellent work from the boys and girls at Bitdefender has uncovered dastardly, despicable deeds being perpetrated by Android developers using the outbreak to hide malware (the usual, financial credential theft, SMS forwarding, the full gamut). The bad girls (see) are even trying to ride off the back of the increase in home delivery traffic, just evil.
This is a perfect storm for your Windows-using relatives. Without wanting to be boring about it (and we have been advised to keep banging on about this), please give them a chat about phishing and try and keep them safe. Apple are short on product so getting them a Mac is unfortunately not an option and unless you are in a competitive situation regarding inheritance we can’t see you implementing the workarounds above.
So please do what you can, as soon as you can to let everyone know that this is a time for caution online as well!
Moving upmarket from the bottom feeders to the teams at the top, nation state ‘threat actors’ (never really got on with the actor bit), this week has seen a couple of audacious campaigns, at least one of which is more than likely from, you will never guess, yes CHINA. Apparently not busy enough, Chinese hacking outfit APT41 has been caught running a campaign against a number of known vulnerabilities. The attacks seem pretty indiscriminate so if you are running unpatched Netscalers, Cisco Routers or Zoho ManageEngine, it is time to get the magnifying glass out and have a very hard look at your environment. Threat hunting, as well as (obviously) detection where possible is becoming an essential part of the security professionals toolbox and is becoming the only way to identify advanced, determined attacks. Our friends over at Tiberium security are having some significant success with their new Microsoft Sentinel powered threat hunting capability. If you would like them to show off to you, contact them here firstname.lastname@example.org.
Proving that nothing is sacred, some (allegedly asian-based) hackers have been caught busting into no other than the World Health Organisation. The data it holds is very valuable and this just goes to show what part data will play in any future conflict. We wish Falvio Aggio (what a name!) and the hard working staff at the WHO all the best, not what they needed right now.
Back next week with no doubt more cheery news. Have a good weekend and think about your vulnerable people.
Please register, using the form at the bottom of the page, if you want automatic updates and access to occasional detailed analysis, rumour mongering and dark web update.