Have you ever seen a Word document embedded inside a PDF? There may be one already sitting in your inbox. Ransomware criminals keep coming up with new ways to bypass malware detection, for example, by embedding multiple files inside each other, and it’s proving to be very effective. Find out how this works, plus other news, in this edition of our Weekly Tech Roundup.
Ransomware hides inside a World document nested within a PDF file
Cyber criminals are going to extreme lengths to trick computer users into installing damaging ransomware on their computers, as evidenced by a new variant that emerged in recent weeks. The ransomware may be old (in this case it’s a variant of the widely-used Locky), but the distribution method is new and innovative. It’s designed to fool traditional malware protection programs by hiding the ransomware script inside a file embedded inside another file.
Here is how it works, according to the Naked Security blog:
- The user receives a spam email with a PDF attachment. The PDF looks safe and clear to most conventional antimalware programs.
- When the PDF is opened, the system detects another file and asks for permission to launch Microsoft Word.
- When Microsoft Word opens the second file, it’s in the read-only state, and the program prompts the user to enable editing.
- By clicking on the “Enable Editing” and then the “Enable Content” buttons, the user enables a harmful VBA macro script that downloads and installs the ransomware.
Receiving ransomware payloads by email is nothing new: it is the most common way ransomware is distributed across the world. What’s new, however, is the way the crooks hide the infected macro inside another, seemingly clean file.
This type of attack makes it clear that users can’t rely on conventional anti-malware programs to defeat ransomware. Common sense on the part of end users, reliable backup with both local and cloud-based components, and active ransomware protection — the kind that can stop a successfully initiated attack and then automatically repair any damaged files — are the only reliable methods to defend against the fastest-growing new malware threat of the 21st century.
RELATED: What is Ransomware?
OSX/Dok phishing malware affecting unsuspecting Mac users
For many years, Mac users have been relatively immune from major malware and cyber-attacks, but that situation is rapidly changing. Check Point researchers have discovered a new strain of malware, OSX/Dok, that is capable of infecting all versions of macOS (previously known as OS X), bypassing Apple’s built-in security checks and going undetected by most major antimalware programs. It’s a significant large-scale coordinated malware campaign against Apple machines, and Mac users must exercise extreme caution, Check Point advised.
The OSX/Dok is phishing malware that gives the attackers complete access to all of the target’s communications, including traffic secured by SSL certificates.
Currently, the malware mostly targets European users, presenting instructions on how to “install” it in both English and German. Not surprisingly, it sends users fake documents and asks the targets to resolve supposed issues by installing the damaging software.
During installation, the malicious application displays a new window with a message claiming that a security issue has been identified in the operating system, that an update is available, and that to proceed with the installation, the user has to enter the administrator’s username and password. The malware then users these login details to gain full system privileges to download and install the rest of the malware.
OSX/Dok is distributed by email as a Zip attachment. Like most other attachment-based malware attacks, it doesn’t infect the system automatically: the user must perform a series of steps to enable the attack. Apple-oriented website iMore has instructions of how to remove OSX/Dok from your system. Alternatively, you can roll back your computer to its pre-infection state with the help of a recent backup.
Spotify acquires blockchain-based technology to track royalty payments
Earlier this year we predicted that blockchain is going to impact consumers in every industry. Last week we found more proof of this emerging trend.
Spotify, a popular music streaming service provider, acquired Mediachain to simplify the tracking and payment of royalties with the help of transparent, immutable and irrefutable blockchain technology, Bitcoin Magazine reported.
The acquisition is part of Spotify’s vision to develop a fair compensation platform for musicians and publishers. According to the report, Mediachain’s engineers and developers will join Spotify in its New York offices to help co-build an efficient royalty-tracking platform specialized for Spotify.
“Brooklyn-based Mediachain Labs has been the driving force behind the Mediachain project, a world-class blockchain research agenda and open source protocol to better manage data that is critical to the health of the music industry,” Spotify announced in a statement.
National Music Publishers’ Association (NMPA) president and CEO David Israelite welcomed the new and reliable method of distributing royalties to artists, hoping that it will help Spotify to avoid legal battles similar to the one the company went through earlier this year when it had to settle via a $30 million payout.
“I am thrilled that through this agreement both independent and major publishers and songwriters will be able to get what is owed to them. We must continue to push digital services to properly pay for the musical works that fuel their businesses and after much work together, we have found a way for Spotify to quickly get royalties to the right people. I look forward to all NMPA members being paid what they are owed, and I am excited about the creation of a better process moving forward,” Israelite said.
Mediachain is a blockchain data solution for connecting applications to media and information about it. Today, content publishers depend on centralized platforms for their identity, audience and monetization. With Mediachain, all data stays connected to the identity of the author, offering undisputable attribution, analytics and value.
Australian university uses blockchain to maintain student records
The University of Melbourne in Australia has announced that it will test blockchain technology “to record student credentials, allowing people to share verified copies of their qualifications with employers and other third parties in a tamper-proof system,” Financial Review reported.
The university will be one of ten universities worldwide to trial Blockcerts, a blockchain system developed by U.S. company Learning Machine in conjunction with the Massachusetts Institute of Technology Media Lab’s ongoing research on the Bitcoin blockchain.
By using blockchain-based technology, the university is planning to revolutionize the way people record their academic achievements and professional work experience. Starting with just one course in the university's Centre for Study of Higher Education, next year the system may be extended to other courses.
The University of Melbourne's pro vice-chancellor Gregor Kennedy said the project put the university at the vanguard of new technology.
Australian employers are interested in being able to verify the skills of new employees at a very granular level. "Micro-credentials, verified through secure, distributed platforms like Learning Machine's are a means to address this," Kennedy said.
Learning Machine's Natalie Smolenski said that employees and students will be able to certify data and conduct quick verification checks to ensure that the shared data is genuine.
"Anyone who needs to verify official records, such as employers, can quickly check the validity and authenticity of each certificate. Any attempt to change, embellish, or otherwise misrepresent a micro-credential represented by a certificate will cause the verification to fail," Dr. Smolenski said.
RELATED: What Is Blockchain and What Does It Mean for Data Protection?
Microsoft advises against manual installation of Windows 10 Creators Update
If you’re wondering why your PC hasn’t received the new Windows 10 Creators Update yet, there may be a good reason. The massive update is full or fresh features and helpful tweaks, but it may not be compatible with your hardware — at least for now.
Microsoft recently released a statement advising users against installing the update manually: “We continue to recommend (unless you’re an advanced user who is prepared to work though some issues) that you wait until the Windows 10 Creators Update is automatically offered to you.”
And what are those issues? Nothing that can’t be solved with some technical skills, and a precautionary backup that is advisable before any major system update.
One of the known issues involves Bluetooth accessory connectivity for a specific series of Broadcom devices, which fail to reconnect as expected after the update. Driver-related problems may force the user to update Windows, request a new driver from the vendor, or temporarily block all further updates until the Creators Update problem has been resolved.
“Blocking availability of the update to devices we know will experience issues is a key aspect of our controlled rollout approach. We decide what to block based on user impact, and blocking issues are a high priority for us to address as quickly as possible. During the time it takes to address an issue, we want to limit the number of customers exposed to that issue.
If your PC is one of those devices that fell in the blocked category, you can still try installing Windows 10 Creators Update manually through the official Software Update site. You just need to have a good full image backup that would allow you to roll everything back if you face issues that can’t be resolved on the spot.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.