June 25, 2019
Cyber-news from the dark side – cyber-hypocrisy, an eye for a Mirai, GCHQ-watching-you, and keeping BlueKeep at bay.
Let’s kick off with some good news….
‘Most tested, most awarded’ – still ).
Just recently, the respected independent test lab AV-Comparatives released the results of its annual survey. Taking place at the end of 2018, the survey, er, surveyed 3000 respondents worldwide. Of the 19 questions asked of each, one was ‘Which desktop anti-malware security solution do you primarily use?‘. And guess which brand came top in the answers for Europe, Asia, and South/Central America? Yes: K! In North America we came second (and I’m sure that’s only temporary). In addition, in Europe we were chosen as the most frequently used security solution for smartphones. We’re also at the top of the list of companies whose products users most often ask to test, both in the ‘home’ segment and among antivirus products for business. Great! We like tests, and you can see why! Btw – here’s more detail on the independent tests and reviews that our products undergo.
“Thou hypocrite, first cast out the beam out of thine own eye;
and then shalt thou see clearly to cast the speck out of thy brother’s eye.”
– Matthew 7:5
In May, yet another backdoor with features reeeaaal useful for espionage was discovered. In whose tech was the backdoor found? Russia’s? China’s? Actually – Cisco‘s (again)! Was there a hullabaloo about it in the media? Incessant front-page headlines and discussion about threats to national security? Talk of banning Cisco equipment outside the U.S., etc.? Oh, what, you missed it too?! Yet at the same time, Huawei’s international lynching is not only in full swing – it’s in full swing without such backdoors, and without any convincing evidence thereof whatsoever.
Continuing the theme of backdoors, some new malware has been discovered: HiddenWasp. So what’s the big deal?
Well, first, this malware is for Linux – an OMG-fact in the first place. Second, it initially went unnoticed by most antivirus systems. This new malware is used in targeted attacks on previously-infected Linux machines. Its functionality differs from the standard functionality of the modern Linux malware (DDoS attacks and cryptocurrency mining): it can hide files uploaded to an infected computer, copy the contents of hard drives, run programs, and forcefully terminate active processes on the infected system. The malware uses storage in Hong Kong and the file names are in Chinese; I’ll let you make of that what you will. But in the meantime, I hasten to reassure our users – we detect this malware and all its modifications.
Oh my, oh my, oh Mirai.
For anyone who wants to dive into the world of new cyberthreats in more detail, I’d advise you to read our quarterly report. In there you’ll find lots about financial threats, the increase in the number of mobile ransomware Trojans, the LockerGoga encrypting-malware attack on large enterprises, plus analysis of the Mirai IoT botnet.
Regarding the latter, there’s a lot of interesting findings. First, Mirai has expanded its network of victims and learned how to attack corporate IoT devices. Second, if the worm detects that it’s running in a sandbox (an artificially isolated environment for the safe execution of computer programs), it just stops working. Besides, in one version of Mirai a mechanism for clearing the environment of other bots has been detected. Well, well! So it not only hides, it also gets rid of all the competition!
In March of this year, the Norwegian metals giant Norsk Hydro was severely affected by the encryption virus LockerGoga (and it wasn’t alone: the virus infected the systems of a lot of other industrial companies too). The infection practically paralyzed the company’s IT systems, which caused a breakdown in the work of its production facilities and offices. In early June the company released its financial report for the first quarter of 2019, in which was published the figure as to the financial damage from the cyberattack: around 70 million dollars!
Big Brother update 1: GCHQ is watching you!
Recently in an open letter, 47 large companies, associations and NGOs – including Microsoft, Apple, Google, WhatsApp and Human Rights Watch – criticized the proposal of the UK’s Government Communications Headquarters (GCHQ) to pass encrypted messages to the state. The letter noted that GCHQ’s plans undermine the credibility of encryption services and threaten the right to privacy and freedom of expression of users. The GCHQ proposal was published in an open essay at the end of 2018. The authors suggested that though intelligence officers read messages in encrypted chats, users should not be aware that they were being spied on. Allegedly, this solution corresponds to ‘current practices in surveillance’ and does not differ from listening to unencrypted telephone conversations. Such a proposal made by the authorities is not an isolated case, but a world trend. The German magazine Der Spiegel recently reported that a law was already being developed in the country that would force popular instant messengers such as WhatsApp to cooperate with law enforcement agencies and provide chat texts in decrypted form by court order. Similar pushes from state security authorities are being made in Russia too, targeting the country’s popular Yandex email and Telegram instant messenger services.
Big Brother update 2: Keeping BlueKeep at bay.
Very recently, a serious vulnerability called BlueKeep was discovered in Windows, which threatens old versions of the operating system no longer supported by Microsoft. For those who, like me, aren’t big fans of Windows 10 – this is very unsavory news. Anyway, our guys were the first to come up with defense for the hole, and shared it with our industry colleagues so that any and all antiviruses could quickly shut down the attack. Microsoft itself understood the seriousness of this vulnerability – going so far as releasing a patch for ‘unsupported’ Windows XP. But!…
Do you think XP users around the world rushed with the patch and update? That’s right: noooooo. That means a hacker could exploit the hole, allowing “an infectious worm to rip through millions of PCs”. Oops. Eek. So, stay tuned – with fingers crossed…