Category: Software

Fake Cryptocurency

Riding on the back of the cryptocurrency hype, a malware is disguising itself as a fake cryptocurrency wallet. And it’s not just any type of malware, we are talking about a ransomware type of attack. Once it infects a target, it secretly encrypts the user’s files. (source Fortinet)

According to Investopedia there are 6 main cryptocurrencies: Litecoin (LTC), Ethereum (ETH), Zcash (ZEC), Dash, Ripple (XRP), Monero (XMR).  The site coinmarketcap is a good tool to find how many currency exist at a any given time; the current count is up to 1494.

The rush for cryptocurrency can be compared to California’s 1848 gold rush. Wanting to be a part of the Crypto-Rush, most people jump in the “waves” without doing any proper research And this is exactly the behavior on which certain entities rely in order to deliver malware to their targets.  Mark Beaumont wrote an article for the Guardian in which he explained his journey into the cryptocurrency world.

The attackers behind this campaign, lure in their victims by prompting them with a convincing Initial Coin Offering message. In order to get that cryptocurrency, the user has to download a wallet app package.  Once installed, the app will ask the user to set up a password in order to get access to SpriteCoin’s blockchain.

Unfortunately,  for the user, the app will start encrypting all files on the infected computer; the files will be assigned at .encrypt suffix. The ransom message will appear and ask for 0.3 monero in order to decrypt all the files.

What is even more sinister is the fact that during the decryption of the files, right after the user has paid the ransom, more malware is being downloaded to that computer. This malware can perform  web camera activation, key parsing, and certificate harvesting.

According to Fortinet “While have not yet fully analyzed this malicious payload, we can verify that it does have the capability to activate web cameras and parse certificates and keys that will likely leave the victim more compromised than before.”

These people are using social engineering in order to fool people into clicking and installing their malicious software. Most of the time they are exploiting the innate curiosity that is present in all of us. This article by David Bisson explains in detail how social engineering is used by certain parties in order to achieve their nefarious plans.

As always, do not assume that you are safe when being online. If something seems to good to be true, than most of the time it’s a scam.

 

Meltdown and Spectre

Now that we know what the Kernel is, and more importantly, what it does; we are going to talk a bit of Meltdown and Spectre.

Two papers (Meltdown and Spectre) have been published by researchers from various universities across the globe and several Google researchers. Both of them describe the way in which cyber-criminals could steal sensible information from our devices.

There are good new though, several patches have been deployed to mitigate this flaw. Unfortunately, drop in performance (from 5% to 30%) have been reported after the Microsoft patches have been installed. Furthermore, the deployment of patches for AMD processors has been halted by Microsoft. This is due to the many complaints that users could not boot their PCs after the patches.

The short but tech-savvy explanation is :

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

The short non tech-savvy explanation is as follows:

All starts with something called Speculative Execution. I know it might sound terrible, but bare with me.

Let’s say you are running a service that gathers information upon request from your clients.

For example:

A client comes to you at 10am in the morning and asks you to print for him a list of news that are related to cyber-security.  Your client does this daily for 5 days, the he has the exact same request, at exactly the same hour. Since we are “smart cookies”, we observe a pattern and we start printing the list before he arrives. We see the client is happy that he got his list faster this time. We continue doing this, the client is happy, we are happy.

But one day, he comes at 10 am and asks for 4 types of chocolate chip cookie recipes. We print what he asked us, and we throw away what we already printed.

Speculative Execution works similarly. If the calculations that were performed by the computer are not needed, they are being thrown away into a side-channel.

This information then arrives in an unsecured part of the cache memory that can be accessed through a side-channel. If we use the above-mentioned printing story, all the unwanted lists arrive in a trash bin that can be accessed by bad guys.

Why isn’t that data secured? The answer is simple, when Speculative Execution was invented, the devices were not connect to each-other.  Thus, there was no reason to secure something to which no external party would have access to. Unfortunately, this has never been addressed until now.

There are many patches that have been released, and Microsoft tries to mitigate the issues that might arise from the Intel Chip flaw. But, and there is a big BUT, systems that receive the update have been signalling a decrease in performance. This decrease in performance varies from 5% up to 30% in some cases.

Sources: SEI, Cyberus Tech Blog, Meltdownattack.com, Spectreattack.com

 

 

 

 

 

 

 

Just what is the Kernel?

This is a support article for the upcoming Meltdown and Spectre article – Disclaimer

It would seem that each year we have some sort of new software that is up to no good. This time, unfortunately, we are talking about a hardware flaw that is going to affect the way in which processors are going to be manufactured from now on.

But before we dive head on into the issue, there is a term that I would like to explain first.

I am fairly sure anyone that has read some basic things about hardware and software found the word ‘Kernel’ at one point.

Most of us know that there are two components when it comes to PCs/laptops/phones etc. You have the hardware – the thing that you can touch, and the software – the thing makes the software run. Fun fact! Anyone that got frustrated and hit the keyboard(or whatever hardware part was closer) was, most of the time, punishing the hardware for a software error.

What we don’t usually think about is how they are interconnected. Well, here is where the Kernel comes into play.

A kernel is nothing else than the Manager of your device. It is the magical code that tells an app when to start. (to be more precise, it’s the one that starts the process that is bound to that app)

Furthermore, it decides what resources (CPU, Memory, Devices) the application is allowed to use.

As you can see, that little thing has a lot of power in its hands. So, that means it should be one of the most secure things in our devices, right?