Weekly Tech Roundup — February 20

It’s becoming apparent that our dedication to data protection needs to become more resolute. We need to be smarter when it comes to our data, because cybercriminals are certainly getting sneakier. We’ve seen first-hand how innovative ransomware can be, and research shows that it’s only going to get worse—doing more damage and causing more harm. Malware is taking advantage of existing vulnerabilities and if we don’t start upping our security game, our data will be increasingly at risk. What threats are headed your way? Last week’s biggest tech headlines say it all.

If ransomware can get into personal and business computer systems and steal data, what will it do next? Researchers at Georgia Institute of Technology found that in the future, hackers may be able to control industrial processes and critical infrastructure.

According to ZDnet, researchers created a ransomware attack that was able to hack into industrial control systems, like those used to manage water-treatment plants. On top of demanding ransoms for the return of business or personal data, future attackers may threaten the general public, e.g., with contamination of the water supply, if a ransom isn’t paid fast enough.

This development shows the ability of future cybercriminals to control vital services that affect our day-to-day lives. It echoes fears similar to those in the healthcare industry, where ransomware attacks have adversely affected hospital operations, putting peoples’ lives at risk and highlighting the vulnerabilities in data protection and disaster recovery that are already present in this industry.

This research debuted last week at the RSA Conference in San Francisco. 

"It's quite likely that nation-state operators are already familiar with this and have attacks that they could use for political purposes, but ordinary attackers have had no interest in these systems. What we hope to do is bring attention to this issue. If we can successfully attack these control systems, others with a bad intention can also do it,” said Raheem Beyah, associate chair in the School of Electrical and Computer Engineering at Georgia Institute of Technology.

RELATED: Frequently Asked Questions: Protection Against Ransomware

Apple device vulnerabilities are steadily increasing, and now an old malware attack is taking aim.

Hacking group APT28—also known as Sofacy, Sednit, Fancy Bear, and Pawn Storm—is infamous for its advanced set of tools that can attack Windows, iOS, Android and Linux. And Macs are the next target.

According to Ars Technica, the malware known as Xagent is infiltrating Mac systems to steal passwords, take screenshots, and steal iOS backups. Their targets are devices in the Ukraine, Spain, Russia, Romania, Canada, and the US. This malware is being tied to the known group through a number of coding similarities.

"Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation. For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel,” researchers wrote.

The malware works by installing itself onto a system, using a backdoor to check for debuggers attached to the process. If there isn’t one, it sits and waits for an Internet connection in order to initiate communications with its command and control servers with URLs that impersonate legitimate Apple domains. It adds another nail to the coffin of the myth that iPhones and other iOS devices are impervious to malware attacks, and highlights the need for users to regularly back up their iOS devices.

RELATED: The Easiest Way to Back Up iPhone and Android Devices

A vulnerability in a basic microprocessor security technique has the potential to open a wide variety of computer systems to malware attacks. A group of Dutch researchers have found a technique that allows hackers to defeat address space layout randomization (ASLR), making it easier for malware to exploit memory bugs in commercial applications. Worse, the hardware vulnerability cannot be patched. It’s going to take much more than a simple software update to fix this bug, Wired postulates.

“Bugs are everywhere, but ASLR is a mitigation that makes bugs hard to exploit. This technique makes bugs that weren’t exploitable, exploitable again. In some sense, it takes us back to the ’90s in terms of security,” said Free University of Amsterdam researcher Ben Gras.

It’s a relatively easy attack to pull off in that it can be deployed using JavaScript, victims only needing to visit a malicious website. And it’s a hard problem to deal with, requiring updated hardware—with new chips, architectures, and a memory management unit separated from the processor’s cache.

“Attackers are always getting smarter. If computers are getting dumber, attackers will have the advantage,” said Yossi Oren, a researcher at Ben Gurion University.