Search Results

Share Article:

Facebook Twitter Linkedin Mail

Tag: cyber-attack

Don’t Meltdown: keep calm and patch

Cyber Security

Posted on January 5, 2018

3 min read

Users and businesses should apply available patches to address highly complex twin security vulnerabilities affecting computers and phones.

The Meltdown vulnerability is a fundamental flaw affecting Intel chips, and allows attackers the ability to read otherwise protected sensitive information on computers and phones. Spectre is more complex and allows attackers to read information from other running programs.

The two flaws taken together impact Intel, ARM, and AMD chips in Windows, Mac, and Linux computers, and iOS and Android devices.

These vulnerabilities do not result in instant hacks – they first require attackers to first compromise vulnerable devices by the usual methods such as tricking users into running malware or visiting malicious sites. Meltdown and Spectre can then be used once attackers have established a foothold on computers or phones.

The flaws are a result of design choices to improve compute speed.

What should I do?

General users: Most computer users should not fear nor fret on the particulars of Meltdown and Spectre. The flaws are hugely complex and have evaded brilliant technical minds for decades.

Instead, they should treat the vulnerabilities like most security flaws and apply software updates (patches) for their computers, laptops and phones as they are made available.

They should also focus on being security-smart as attackers need to compromise users’ devices first before they can exploit the vulnerabilities, so being mindful of email attachments, random software, and shady websites will limit potential exposure to these vulnerabilities.

Businesses: Technology companies are developing and distributing patches to address Meltdown (CVE-2017-5754) by securing access to kernel memory through Kernel Page Table Isolation.

Telstra security experts advise these patches, when available, should be applied through usual processes and testing cycles for endpoints and servers to avoid any unforeseen large scale performance degradation.

It’s also advised that a full verified backup of devices is made before patches are applied, in the event of unforeseen issues.

Microsoft has released a patch for Windows 10 (kb4056892) and Windows Server variants, and will distribute these through its Patch Tuesday (released Wednesday local time) release cycles. The latest Linux kernel has also been patched.

Apple and Google are releasing patches for their platforms and programs including the Safari and Chrome browsers, and iPhone, Nexus and Pixel phones. Other manufacturers, such as Samsung, are expected to deliver the patches to supported phones also.

Priority patching should be applied for those instances where multiple users share a single CPU. Businesses running public cloud environments should most strongly consider applying patches since failure to do so could allow attackers to compromise multiple environments. Microsoft, Google, and Amazon have indicated that they have patched their environments.

These patches may cause machines to slow down by up to 30 percent due to changes introduced to protect kernel memory. Initial speculation suggests this may increase the cost of cloud computing and that general end users should not notice performance degradation.

Some antivirus software is incompatible with the Windows patches. Endpoints running affected antivirus products cannot be patched until those security companies ensure compatibility.

Security researcher Kevin Beaumont has a live database that administrators can consult.

While both flaws can be patched, fixing Spectre (CVE-2017-5753) is more nuanced. It is a more complex, entrenched, and widespread flaw that uses Speculative Execution and Branch Prediction to achieve what Meltdown does with privilege escalation against Intel. It is also more difficult for attackers to exploit compared to Meltdown.

Tags: Cyber Attack,

Cyber security threat: BadRabbit bites

Cyber Security

Posted on October 25, 2017

2 min read

A new highly-capable ransomware dubbed BadRabbit has surfaced overnight infecting Windows machines which visit certain malicious websites.

Security experts say most of BadRabbit’s victims are located in Russia, Ukraine, and Bulgaria with some infections registered in Japan.

How can I stay safe?

All users:

  • Only install Flash updates from within the application or from Adobe’s official site.
  • Ensure Windows is automatically updated.
  • Ensure antivirus is automatically updated.

Windows 10 users:

Visitors to these websites are greeted with messages that pretend to offer updates to Adobe Flash.Infection begins through malicious and seemingly legitimate websites that are designed to appeal to specific audiences. These are known as watering hole websites.

BadRabbit infects users who install those fake updates.

Keep safe

Users: The best defence against BadRabbit is cyber security best practice:

Additionally, Windows 10 users should consider activating a new free feature called Controlled Folder Access which can protect files from ransomware and other malware.


Follow the above tips and consider:

  • Disabling SMB version 1.
  • Ensuring administrator passwords are complex and unique. Reused domain administrator accounts could lead to BadRabbit spreading and causing mass compromise.
  • Restrict administrator rights on endpoints.
  • Distributing the files c:\windows\infpub.dat and c:\windows\cscc.dat to Windows endpoints and marking them read-only. These files serve as a killswitch preventing BadRabbit from firing.
  • Disabling Windows Management Instrumentation (WMI) service.

For the geeks

BadRabbit, while modelled off the June NotPetya wiper malware, does not spread via EternalBlue (MS17-010).

It searches for 13 SMB shares open on internal networks and uses Mimikatz to pull credentials from memory, along with a short list of hardcoded default logins.

BadRabbit encrypts the Master File Table and sets a reboot via Windows scheduled task to complete the action. Some of those tasks are named after Game of Thrones references Drogon and Rhaegal.

Encryption occurs using the open source DiskCryptor full drive encryption platform and 2048 bit encrypted keys.

Tags: Cyber Attack,