Reminiscent of the delicate lyrics of Rock Master Scott and the Dynamic Three, there’s a lot of press about a number of different attacks right now on individuals, SMB’s, and large enterprises. CryptoLocker ransomware, a Microsoft attack via images, and the oldie-but-goodie of continued Java vulnerabilities. It seems that the attacks are coming from all sides. And I believe they are.
The CryptoLocker attack seemed interesting and fairly novel a few weeks ago, but I figured it would fade away pretty quickly as new anti-virus signatures or other patches caught up with it. However, it appears to be on the rise. CryptoLocker is a form of malware known as ransomware where the attacker encrypts your files and then demands a ransom for the key to unlock the files. There have been reports of successful file unlocks after paying ransom, no file unlock after paying ransom, and also of the ransomware actor extending the due date. US Cert has issued an alert regarding the rise in infections.
And then Microsoft has issued a security advisory regarding vulnerabilities in its graphics component and malicious TIFF files. Apparently, malicious code hidden in an image can execute and do arbitrary things. So we’ve got that going for us. Affected systems include Office 2003, 2007, 2010, Server 2008, and Lync. Microsoft offers a fixit/workaround here.
Finally, rounding out the happy news is the update from a Kaspersky report that there were over 14 million attacks with Java exploits between 9/2012 and 8/2013, with more than 8 million of those in the second half of that period. While chasing down some Java issues across several hundred machines myself last week, I counted over 200 Java fixes in the past year and that’s not counting new ‘features’.
It’s been said before, but the good guys are not winning this battle. The general consensus is that it’s getting worse, not better. What to do? While no panacea, the basics apply — current anti-virus with daily updates, autoupdate on operating systems, good Internet hygiene — don’t open unknown mail, don’t download unknown things, keep a watchful eye for phishing attacks, use good passwords and don’t share them. I think this will be our best/only approach for some time to come.