Weekly Tech Roundup — February 27
When it comes to cyber threats, the future is here—malware attacking new devices in new ways and jumping on popular technology trends to do it. Phones aren’t safe, computers aren’t safe, and in some instances, it doesn’t even take clicking on the wrong link or attachment to become a victim of an attack. Keeping up with these threats is becoming a full-time job, and it’s imperative that we do whatever it takes to keep our data safe. With each week looking slightly different from the last, what tech headlines did you miss?
New Android ransomware forces its victims to decrypt their data verbally
A new ransomware variant is taking control of your Android device and forcing you to read the decryption code aloud.
Researchers at Symantec discovered this ransomware — called Android.Lockdroid.E — and it’s making its victims speak the decryption code into their devices using voice recognition after paying the ransom, according to Dark Reading.
This is raising some questions — are hackers using this verbal confirmation in some malicious way, and what if the voice recognition fails?
This attack hasn’t entered the Western market, targeting Chinese-speaking victims and forcing them to obtain a new device to get in contact. This step, as well as forcing victims to give verbal confirmation, could backfire on the hackers. It raises more questions and makes it more difficult for the user of the hacked device to understand how to pay up.
This new variant has many similarities to a ransomware variant known as Android/LockScreen.Jisut that spiked on mobile devices in 2016, but there is not enough evidence that the two are related.
The hackers behind these attacks haven’t been identified, but officials believe that there are clues in the code. It’s likely that the culprits behind these attacks are youths in China between 17 and 22 years old.
One way to make sure your data is safe is through backup. Acronis True Image 2017 allows you to back up an unlimited number of mobile devices to guarantee data protection that is comprehensive and complete.
New Mac malware is encrypting your data and losing the decryption key along the way
Be wary of BitTorrent websites if you’re a Mac user—ransomware may be on the horizon.
According to Computerworld, there’s a new ransomware variant attacking macOS, and even if you pay, you won’t get your data back.
This is the second form of crypto-ransomware found targeting Mac computers, and it is very poorly designed. In the process of encrypting a victim’s files, the program creates a single encryption key that gets stored in an encrypted ZIP file. Once there, it’s stuck—hackers and victim alike are unable to gain access to it.
This poses some pretty obvious problems for the victims of these attacks, because paying up won’t get them their data back. These attacks leave people wishing they’d had a backup they could restore from.
"The random ZIP password is generated with arc4random_uniform, which is considered a secure random number generator. The key is also too long to brute force in a reasonable amount of time," said ESET researchers who uncovered this ransomware variant.
This is not the only sign of its faulty craftsmanship, however. The malware was designed without a signed developer certificate by Apple, making it even harder for the ransomware to take root. There are also many mistakes in the coding itself.
This is obviously just the first step for Mac ransomware variants, but it proves that users need to start making data protection a priority.
Google discloses unpatched Microsoft vulnerability
Google recently disclosed a Windows vulnerability that went unpatched past its 90-day deadline, according to TechTarget. Microsoft recently cancelled patching this latest vulnerability—it was set to be included in the February 13, 2017 Windows update.
These vulnerabilities were first uncovered by Google’s Project Zero team member Mateusz Jurczyk. He found multiple vulnerabilities in Microsoft’s Graphics Device Interface library, and most of these were fixed last June—most, but not all.
After 90 days, Project Zero has a strict disclosure policy. Any vulnerability, patched or unpatched, must be made public. And while this vulnerability wasn’t too dangerous, it still needs to be fixed.
“Usually this type of vulnerability is essentially a primitive tool useful only as a step in a larger exploit chain containing more serious code execution flaws. In this specific instance, however, an attacker could theoretically use crafted image files within web content in such a way that the attacker could read data on the user's PC that they should not have access to. Fortunately, there is no indication that an attacker intentionally read specific data but rather is limited to random heap memory contents likely adjacent to where the malicious graphic was constructed,” Craig Young, a security researcher at Tripwire, said.
Make sure your data isn’t subject to attack. Develop a comprehensive data protection plan. This vulnerability might not cause catastrophic data loss, but the next one could.
Attack by drone—the future of malware?
Malware is encrypting your data, and it’s using a drone to do it.
The first known instance of a drone setting off on a mission to hack into a computer system occurred in Israel, Wired reports. The drone uses its camera to detect a desktop computer’s blinking light. Once the drone catches these LED blinks, the drone uses these patterns to steal data.
These lights have a way of emitting secret information and data, and researchers at Ben-Gurion’s cyber security lab are finding out how to access it, defeating “air gap” security protection, in which sensitive systems are isolated from attack by eliminating connections to the Internet and unsecured local networks.
“If an attacker has a foothold in your air-gapped system, the malware still can send the data out to the attacker. We found that the small hard drive indicator LED can be controlled at up to 6,000 blinks per second. We can transmit data in a very fast way at a very long distance,” researcher Mordechai Guri said.
The exploitation of the LED indicator shows a switch towards stealthier, more detrimental attacks in the future. It also goes to show that even air gapping is not as secure as we once believed. Data protection, then, becomes even harder. If hackers can get innovative, data protection has to as well.
Luckily, protecting against these types of attacks is as simple as covering the LED indicator.
PHP: The first programming language to incorporate modern cryptography
By unanimous vote, The PHP Development Team has approved a proposal to add the Libsodium library to PHP, the enormously popular website programming language toward the end of 2017. This will make PHP the first modern programming language to support cryptography in its core, according to Bleeping Computer.
The push came from Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises. He reasoned that incorporating this library would eliminate the need for shared hosting providers and PHP extensions—this cryptography would be able to support all modern PHP versions.
"Marrying the two [PHP and Libsodium] is the most logical and straightforward way to get better security in the hands of [PHP] developers who wouldn't have the time or cryptography experience to build something as secure on their own. PHP powers at least 82% of websites on the Internet. Libsodium is the library that most cryptographers recommend for application-layer cryptography," Arciszewski said.