This Week In Security - 01/20/2020
NSA Warns Users of Critical Windows 10 Vulnerability
As the new decade dawns, the first security patch of 2020 is one of the most serious to date. In a cybersecurity advisory statement, the NSA warned that the critical vulnerability, CVE-2020-0601 affects the “certificate and cryptographic messaging functions in the CryptoAPI”. Cybercriminals could use this vulnerability “to impersonate everything from trusted Web sites to the source of software updates for Windows and other programs”.
The severity of the issue is such that Microsoft delivered the patch to key organizations, vulnerable targets and certain branches of the US military. These organizations were all asked to sign non-disclosure agreements preventing them from revealing details of both the flaw and its patch.
The encouraging news is that the NSA turned over details of the flaw to Microsoft almost immediately, rather than “using a Windows vulnerability to conduct surveillance” as it has done in the past.
A senior director at Microsoft, Jeff Jones, issued a statement reassuring Microsoft users and saying, “Customers who have already applied the update, or have automatic updates enabled, are already protected”.
In the words of Dmitri Alperovitch of the cybersecurity technology firm, CrowdStrike, “Everyone should patch. Do not wait”. So, if you haven’t patched yet, get your Band-Aid now.
Russian Hackers Target Impeachment-Beleaguered Ukrainian Oil Firm
Since Donald Trump started poking his nose into the Ukraine-based activities of rival Joe Biden and his son, Hunter, Russian hackers have quickly followed suit. Cyberattacks on the Ukrainian oil firm, Burisma, started back in November 2019 and, according to the New York Times, show no sign of stopping.
Burisma is the target of an ongoing phishing campaign, although exactly what the hackers are looking for remains a mystery. According to Oren Falkowitz, the former Clinton campaign chairman and co-founder of the Area 1 cybersecurity firm, “The timing of the Russian hacking campaign mirrors the … hacks we saw in 2016. Once again, they are stealing email credentials, in what we can only assume is a repeat of Russian interference in the last election”.
In what Falkowitz refers to as a “lazy” yet “sophisticated” attack, Russian hackers diverted Burisma employees to fake login pages and had been “blasting Burisma employees” with fake internal emails ever since.
With the President yet to comment on the incident, a spokesperson for the Biden campaign attacked him, saying, “Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections”.
Google Chrome – A Cookie Monster No More
Many internet users resent cookies and want to see an end to online tracking which enables advertisers to follow individuals around in cyberspace while creating targeted adverts based on their past behavior. For Google Chrome users, however, the end to online tracking is in sight as Google sets itself “an aggressive two-year deadline” for phasing out all third-party cookies.
Google Chrome’s engineering director, Justin Schuh, said the company’s new direction was a response to changing attitudes regarding online privacy. According to Schuh, “Users are demanding greater privacy – including transparency, choice, and control over how their data is used – and it’s clear the web ecosystem needs to evolve to meet these increasing demands”.
Instead of tracking cookies, Google Chrome has introduced a Privacy Sandbox that uses machine learning to establish a user’s interests and then aggregates this data with other users who have similar interests. It only after this process is complete that the information is shared with advertisers.
It is hoped that the new technology will make it “possible for your browser to avoid revealing that you are a member of a group that likes Beyoncé and sweater vests until it can be sure that group contains thousands of other people”.
The US Prepares for Iranian Cyber Backlash
A drone attack on an international political figure is bound to have some repercussions in cyberspace and, as tensions flare between Iran and the US, experts are warning companies and government departments to prepare for the worst.
In the past, Iran has targeted US government networks and financial systems – actions that suggest similar cyberattacks could occur again, especially in light of the current conflict. Even more worrying is that the Islamic Republic has both boosted its own cyber proficiencies over the past few years and “received new capabilities from China”.
While those competencies are focused on defense rather than attacks, according to the Head of Cyber at Israel’s Holon Institute of Technology, Dr. Harel Menashri, while “China probably did not give them [the Islamic Republic] offensive cyber capabilities [directly]… when you carry out defensive cyber, you also learn about offensive cyber”.
Philip Ingram, a former British military intelligence colonel, agreed with Menashri, earning that Iran has “a first-world cyberattack capability” and could “target critical national infrastructure, financial institutions, education establishments, manufacturers, and more”.
Although the potential threat of a serious Iranian cyberattack “seems more likely than confronting America or Israel head-on”, it’s unlikely it could match US cyber capabilities.