In the wake of WanaCrypt0r, what should you do…

In light of this attack, it is a good time for all users of the Internet to stop and consider what steps they should take to protect themselves and their organizations against the wide range of malware and ransomware exploits that are being propagated by cyberhackers.

As many of the victims of the WanaCryptor Ransomware have discovered, this exploit infects your computer when you click on an email with an attachment.

Based on initial reports, PCs become affected with WanaCryptor is via crafted phishing emails that propagate using a vulnerability in the Microsoft Windows SMB server. Every infected user is required to pay a ransom of between $300 and $600 per device or more to regain access to their encrypted files.  While Microsoft has issued patches for this venerability, this particular attack has affected 10s of thousands of Windows computers.

Here are some actions you and those in your organization can take to protect yourself:

  • Do not open unexpected attachments and always confirm an attachment’s validity without clicking on it or opening. Some OSs and browsers may allow you to examine a link via a QuickLook that does not open the link.
  • Send a text message or IM to the originator of the email to ask if it was intended for you.
  • Email sent by hackers  may be very sophisticated or may look official, but on closer examination may contain subtle errors.
  • A phishing attempt may often come from an email that looks like a friend or company that you may recognize. The email may come from an account using Gmail, Hotmail, Yahoo Mail, or other common email service.
  • Make it your mission to ensure that co-workers, family and friends with less technical skill and awareness understand the risks and concerns around cyberattacks and help train them to be careful in opening or clicking on links in suspicious email.
  • Show them how spot a suspicious email and how to keep critical software such as anti-virus, the PC operating system, and associated firewall software updated.

While the Internet has been an indispensable tool for education, research, communications and just plain R&R, it has also become a vector for nasty exploits and malware. So, be careful out there and help others to understand how to keep themselves safe.

As always, drop us a note or comment if you have any questions!

Massive Ransomware attack unveiled and underway

According to Wordfence, one of the front line protectors of all things WordPress, there is a massive ransomware attack ongoing affecting Windows computers and their related networks.

Called WanaCryptor, it functions similar to other ransomware in locking down files on an infected system unless the victim makes a payment. Ransomware infects machines though inadvertent clicks on malware links in bogus or phishing emails that pose as legitimate communications.

According to Microsoft, a fix for this vulnerability was released on March 14th for all affected versions of Windows.

US CERT has also published a blog post on this and sent out warning emails to let systems admins and user know of the threat.

Gizmodo is updating this page with information on the current threat and information on how its spreading.

More details here from Wordfence and US CERT website…

https://www.us-cert.gov/ncas/current-activity/2017/05/12/Multiple-Ransomware-Infections-Reported

Massive Global Ransomware Attack Underway, Patch Available

Is your home router attacking the internet?

Updated: 17.04.17

Home Internet routers, with different capabilities, provide a range of services such as access management, shared disk services or Wifi for your laptop or iPad. Many users install these devices and don’t realize that they still retain their default passwords. Knowing this, hackers have using this fact to load hacked software into these devices and  launch various attacks on vunerable internet hosts.

US-CERT has a long list of vulnerabilities and attack vectors for this type of hack at https://www.us-cert.gov/ncas/alerts/TA13-175A. .

The bad guys have been exploring other methods to use home routers to do their dirty work.

Workfence, creator of one of my favourite wordpress plugins used to protect WP websites,  looked at a recent set of network attacks from addresses owned by Telcom Algeria and surveyed a number of  those addresses to see what was there and received responses from 3,855 IP addresses.

Out of those IPs, 1501 are Zyxel routers that are listening on port 7547 and are running “Allegro RomPager 4.07 UPnP|1.0 (ZyXEL ZyWALL 2)”.

Allegro RomPager 4.07 is an embedded web server that has a severe vulnerability. This vulnerability, called the Misfortune Cookie by Checkpoint, who discovered it in 2014. The identifier is CVE-2014-9222.

It appears that attackers have exploited the home routers on Algeria’s state owned telecommunications network and are using them to attack WordPress websites globally.

There are a number of other routers in the web-o-sphere that also possess this vulnerability, used by various telecoms around the world. According to Shodan, a popular network analysis tool, over 41 million home routers world-wide have port 7547 open to the public internet.

Wordfence has published an excellent web post on the topic, as well as a link to a tool to check if your router has the vulnerability on port 7547.

Here’s the link to the post: Wordfence router check

It’s Tax Time Again

Every year about this time, I fire up my tax program to do my income taxes. With the blessing of the Canada Revenue Agency, we can use technology to file our taxes electronically, to get them filed accurately and to speed up  getting any refunds back into my pcoket.

Except, I take it one further. I go a bit crazy from a tech perspective. And, spoiler alert, this is not about making tech simpler!

In this day and age, there are several ways of doing your taxes electronically.

One way involves logging into a website and filling in all your personal and financial data online. If you are security conscious, not the preferred approach, particularly with all the data breaches occurring!

Another one is to go to a tax preparation service and get your return filed through them.

Taxes Virtually

My preferred method is to use a commercial software package such as TurboTax running on a laptop or desktop in your home or office.

Despite my serious(!!) protests, Intuit have dropped support for MacOS X, and only offer the software running under Windows. I don’t own one piece of hardware running Window. Not one. And not likely going to have one any time soon. But this is the approach that I want to use for security reasons.

So what to do?

Every January, I fire up my Linux box that holds the only Windows instance I own.

Using Fedora Core and VirtualBox, I fire up a virtual machine running Windows 7 Pro, apply all the updates to bring it up to date and install the latest version of TurboTax.

I then use remote desktop to login to the Windows “machine” and access the software. I export the files I’m working on to the outside world via dropbox, so I have access for reference purposes when the VM is not running. The response time is good, I can print and file electronically over the LAN, and all is good.

And every May, I back it all up and shut down until the following year.

Virtual Box is an open source software package that runs under a number of platforms and is pretty stable at this point. It’s a great tool to spin up a OS that you only need occasionally, or to allow you to try new software quickly and easily.

This technology is used in Data Centers all over the globe to allow many virtual machines to run on one physical host, reducing costs in hardware and energy. Indeed, this website is running on a virtual host in a manner similar to this.

Is it crazy to do this for my taxes? Yes but it’s fun and it’s possible. And it works quite well. And it’s a great way to learn more about a specific technology.

Try it yourself. Drop me a line if you’re interested in trying this out for your next project.

2017 Update: to be precise, I have started using BootCamp as well for Windows access on my Mac only when needed! So there is one more way.