Central Illinois' IT Experts

The two vulnerabilities were patched off of Microsoft’s typical “patch Tuesday” schedule that sees the software giant release bug fixes every second Tuesday of the month. The fact that they broke their patch schedule suggests that the two vulnerabilities were critical for their customers. Let’s take a look at the two updates and how they’ll function to secure Microsoft products. 

Internet Explorer Zero-Day

The first, and obviously most significant patch, is a zero-day vulnerability found in Internet Explorer, the antiquated (and much maligned) Internet Browser that comes on most Microsoft operating systems. Since this is a zero-day event, the vulnerability had already been exploited in places. 

Little is known about the vulnerability, but Microsoft did call it a remote code execution exploit that if accessed could give a user control over the user account of another. The attack requires phishing an Internet Explorer user onto a malicious website, but once there, an attacker would be able to gain access over the user account of the visitor. 

Luckily, IE currently has an active market share of under two percent, but attacks have already happened so remaining vigilant about the use of IE, and your network’s patch management is key to keeping this particular vulnerability from causing problems for your organization.

Microsoft Defender DOS Bug

The other issue fixed in the out-of-band patch was a denial of service vulnerability in Microsoft Defender. The antivirus program ships with all Windows 10 PCs and is a core component in Windows 10’s sterling security record. 

The bug itself isn’t much of an issue. To successfully exploit it an attacker would need unfettered access to a computer and the ability to execute some code. It disables Windows Defender components and gives people with access (and the ability to code) the chance to completely take over a system with malware or other more sophisticated programs. 

Keeping your software patched and running smoothly is extremely important. Reach out to our expert IT technicians today to see how Decatur Computers Inc. can help you manage your system updates and software management at 217-475-0226.

At the Beginning

The beginning of cybersecurity started as a research project. One man realized that it was possible for a single computer program to move across a network, but leave a trail behind. That’s when he decided to write the code that became the “Creeper”. Sure enough, the Creeper worked and traveled between Tenex terminals on the old ARPANET leaving a message “I’M THE CREEPER : CATCH ME IF YOU CAN” behind.

When Ray Tomlinson, the inventor of e-mail, saw this, he changed the code to make it self-replicating. This was, in effect, the first computer worm. Tomlinson then wrote a code called “Reaper” that chased down the replicating Creeper code and deleted it. This was the invention of antivirus software. 

Shift to Criminality

Cybercrime started in a time before the personal computer. In a time when networking was brand new, most connected computer terminals had no security at all. This came to the attention of Soviet hackers who used code created by academics to infiltrate and steal information off of insecure computing networks. This came to the forefront in 1986 when German hacker Marcus Hess hacked an internet gateway hosted at the University of California at Berkeley. He used a connection to that system to hack into 400 computers connected to the ARPANET, including mainframes at the Pentagon. For his efforts, he was caught, tried, and convicted, landing a 20-month suspended sentence. 

Around the same time this was happening, the personal computing boom had started and computer viruses were starting to be developed at a dizzying rate. As more people connected to what was now called the Internet, viruses were becoming a major problem. 

Development of Cybersecurity Software

The late 80s and early 90s saw cybersecurity first become a priority. The Computer Fraud and Abuse Act (CFAA) was passed and companies were beginning to create very simple antivirus programs. The urgency was dialed up in 1988 after a software engineering student at Cornell University, Robert Morris, wanted to test to see just how big the Internet was getting. He wrote a program that was designed to spread across the web, get into Unix terminals, and replicate. This research project failed miserably as the code replicated so quickly that it actually slowed the Internet to a crawl and caused immense damage. “The Morris Worm”, as it was called, led to the formation of the Computer Emergency Response Team (what is known today at US-CERT). Morris, who is now a longtime professor at MIT, became the first person convicted under CFAA and received three years on probation, 400 hours of community service, and a $10,050 fine. 

The Morris Worm situation not only woke up the security industry, it woke up hackers. Viruses, worms, and other forms of malware were being developed so quickly that it was impossible for security measures to work. In the early 1990s antivirus began to be developed with the design to thwart malicious code. By the time the Internet was entering homes in the mid-90s, there were already several antivirus vendors. Antivirus programs scanned the binary information on a computer and tested it against a database of individual virus code signatures. The software did a decent job of keeping viruses off of computers, but as you might expect, they found a lot of false positives. They also had a tendency to use a lot of a system’s resources to scan for viruses, leaving a computer inoperable, or frustratingly slow; something that people using commercial-grade antivirus can sympathize with. 

The Malware Boom

Where there are people, there are going to be thieves. As more and more people joined the “World Wide Web” the number of different types of attacks grew. By 2007, there were nearly five million different malware strains, a number that is almost cute today. By 2015, half a million different strains of malware were being created each day.

Security began to lag behind. Antivirus couldn’t keep up with the constant stream of malware that was being created. Computers simply didn’t have the processing power to scan that fast. Over time this led to innovations in cybersecurity. Endpoint protection platforms (EPP) were developed that didn’t waste time scanning for specific code, it found common denominators in the code of all the malware and searched for that. Security was enhanced, but threats kept being developed.

Ransomware

This whole thing was flipped on its head with the deployment of WannaCry. WannaCry was, a ransomware, the most devastating piece of malware ever deployed. WannaCry was such a huge surprise to security professionals because the vulnerability it took advantage of was patched by Microsoft.

WannaCry worked by encrypting data and locking it away from the user. The hacker then forces the owner of the computer to pay (in Bitcoin) to get access to those files. This signaled a hard turn in the cybersecurity industry. If hackers are going to be able to deploy threats like this (or worse), it is crucial that the strategies used to ward people, resources, and data from this type of cybercrime are effective and understood. Security professionals now have developed what is called Endpoint Threat Detection and Response (EDR) services to proactively monitor systems to ensure they are not lousy with malicious code. Today, EDR solutions are the cutting-edge tool used by professionals keeping malware and other threats off of your network.

So Where Are We Now?

The combination of vigilance and automation are giving cybercriminals a run for their money. Unfortunately, that’s exactly what the hackers are after; and, they aren’t doing poorly. Hackers siphon at least $1.5 trillion in profits each year off the world economy. In fact, some analysts have predicted that damages from cybercrime will reach $6 trillion by 2021. Now cybersecurity is a $200 billion a year industry. Even so, security breaches are up by 67 percent over the past five years. 

Today the biggest threat comes from phishing attacks. A phishing attack is a social engineering strategy designed to gain access to a secure computing system by tricking end users into providing access. The main problem with phishing, apart from the millions of messages hitting email and social media inboxes every day, is that most people that have been successfully phished have no idea until something dramatic happens. Phishing results in billions of records being compromised every year. 

If you would like to know more about cybersecurity, or if you are just interested in keeping your business’ data and network safe, call Decatur Computers Inc. today at 217-475-0226.

In 2018, there was an increase in the prevalence of phishing attacks by 269 percent when compared to their prevalence in 2017. In addition, a full 32 percent of reported data breaches that year featured phishing to some extent. United States businesses may have had cause for the most concern, as nearly 86 percent of phishing attacks targeted American companies.

NCSAM’s Phishing-Heavy Theme: “Own IT. Secure IT. Protect IT.”

With National Cybersecurity Awareness Month well underway, it’s high time to pay attention to some of its lessons. These lessons effectively boil down to pretty basic practices that any user should cultivate into habits. Naturally, this includes some anti-phishing tactics.

Remember, you also have another knowledgeable resource to lean on for advice - we’re always available to assist you and your team. For instance, try implementing these best practices in your processes now to avoid phishing:

• Don’t trust surprise messages: One of the first signs that a message is hiding a phishing attack is if it just appears in your inbox. Let’s say you suddenly get an email that says that it’s from Amazon, claiming that your account needs to have its payment credentials verified after some suspicious purchases were made. Stop and consider some other facts before you react… have you received something like a receipt in your inbox for something that you didn’t order, or an anticipated delivery date? Any emails can - and should - be examined in this way to ensure that you aren’t walking into a threat. It’s generally a good idea to reach out to the alleged sender through a different form of communication for confirmation.
  
  
• Make sure the details match up: When we get an email, it’s pretty typical that we only take a quick glance at who sent it without giving it a second thought. If a cybercriminal is worth their salt, they would have used a fake email that isn’t quite perfect, but passes the “quick glance” test. For instance, would you sooner click on an email from “[email protected],” or one from “[email protected]?”
  
  The right answer is “neither,” as in “neither A-C-L-M-I-N or G-R-N-A-I-L actually say what they appear to say at first.” Therefore, they are most likely traps.
  
  
• Don’t trust surprise links or attachments, either: You need to be prepared before you even open a message, and this is one of the reasons why. Some links and attachments contain malware, or automatically direct you to a website that will begin installing the malware. Some have been especially tricky, asking the user to confirm the download, but completing the installation regardless of what they pick. Again, unless you expected an attachment or a link, think twice before just clicking through. It doesn’t hurt to confirm its legitimacy through another means, either.

Sure, October is National Cybersecurity Awareness Month, but hackers and cybercriminals don’t go into hibernation for the rest of the year. You should be sure that you’re just as secure for every one of the other 264 days as well. Decatur Computers Inc. can help - reach out to us at 217-475-0226 to learn more.