The Importance of Software Updates for Protection

One of the simplest yet most critical steps in protecting your computers from cyber threats is ensuring that they are patching the latest updates from developers. Microsoft has reported that only 1/3 of Windows 10 computers have applied the update that they released on April 30^th 2018. This leaves 450 million systems still running an out-of-date version of the operating system.

Patches do not only contain bug fixes and performance improvements. Instead, they often provide fixes to newly discovered vulnerabilities in the software. Despite this, many organizations delay patching for months after they are released, exposing their data to potential attack.

Furthermore, oftentimes cyberattacks do not need to be targeted at specific organizations. Instead, attackers can automate a scan of the internet to locate all systems running older vulnerable versions of a particular software. After identifying these systems, they can then infect them with malicious software.

Therefore it is essential that you keep your organization’s computers up to date with the latest patches in order to protect them from cyberattack.

Major Incidents Caused by Neglected Updates

In April 2017 hacker group Shadow Brokers leaked a cyber vulnerability used by the U.S. National Security Agency which allowed attackers to lock-up files on hundreds of thousands of computers. The vulnerability, named “EternalBlue”, was able to be exploited by a malicious software called WannaCry. Microsoft reported that it had in fact released the patch protecting against this vulnerability a month prior to the event. However many organizations neglected to apply the update, and were therefore left vulnerable to the attack.

This incident was an example of an opportunistic, rather than targeted attack. Instead of focusing efforts on specific organizations, attackers instead scan for unprotected computers and target those vulnerable to their malware. Rendition researchers demonstrated this automation process during their efforts to find out how many computers had been impacted. By mass-distributing ‘pings’ that were sensitive to the DoublePulsar malware, they were able to echolocate systems impacted by this virus. However while Rendition used this strategy to identify infected computers, attackers can likewise use it to discover vulnerable PCs. This was the case in another incident involving the SamSam malware, which affected computers running outdated versions of Jexboss software.

In another incident in September 2017, Credit Reporting Agency Equifax reported that close to 150 million consumers located in the US, Canada, and UK had their data compromised because of the delayed update of a software they used called Apache Struts. The vulnerability allowed attackers to gain control of the affected computers.

Similarly to Microsoft, Apache released a statement noting that the vulnerabilities had been identified and patched March of that year. In fact, the U.S. Computer Emergency Readiness team (US-CERT) had also released an announcement that same month, urging users to update their Struts software to newer versions.

Learning from these incidents, it is clear that keeping up with patches is an essential step to protecting your computer against new cyber threats. This is not only the case for operating systems such as Windows, but also for many open-sourced software such as Apache. In fact, Black Duck found that 78% of open-source codebases contained cyber-vulnerabilities, which now often make up the majority of software.

At GigE, our experts can help your organization ensure that it is patching the latest patch software, to maximize protection of your sensitive data. Contact us at +1 (888) 366-4443 to get started today.

Improving your Network’s Security against Online Malware

Contrary to popular belief, online malware does not exclusively focus on breaching large corporations. Instead, The United States Computer Emergency Readiness Team (US-CERT) stresses that most malware attacks are indiscriminate in their target selection, and are just as likely to affect home or small business networks as large businesses. Therefore, an organization of any size is vulnerable to malicious software as long as it has computers that are connected to the internet.

One of the most recently discovered threats that has affected more than 500,000 routers is called “VPNFilter”. American networking hardware manufacturer Cisco has stated that routers developed by Linksys, NETGEAR, QNAP, TP-Link, and MikroTik are vulnerable to the new malware. This new malicious software is capable of destabilizing the firmware of your router and exploiting security vulnerabilities to steal sensitive information, such as website login credentials.

Cisco has reported that “VPNFilter” uses a three stage process to gain access to your router’s information. Firstly, stage 1 involves the malware finding out the ip address attached to the server, and rooting itself into the router. After successfully gaining traction, the malware initializes stages 2 and 3 of its operations. Stage 2 allows attackers to gather information from the server, as well as destabilize the firmware of the router using “self-destruct protocols”. Finally, stage 3 allows attackers to gather further traffic information such as website login information.

Cisco has outlined recommended strategies to counter “VPNFilter”. Firstly, rebooting your router can remove stage 2 and 3 of the malware from your router, and inhibits further data collection temporarily. However, this does not remove stage 1 of the malware, meaning that it will still be rooted within your device. Therefore they warn that the malware will still be able to reinitialize its stage 2 and 3 protocols after a router reboot. To fully remove the malware from your router, Cisco states that you must fully factory reset the device, restoring it to its factory settings.

The 2017 Mirai Malware

One common aspect shared by many devices infected by the VPNFilter is the fact that owners of these devices did not change the default login information of their routers, causing them to be much more vulnerable to attack.

A similar incident occurred in 2017, when the malicious software “Mirai” infected thousands of routers which still had default login credentials. These infected devices were then used to target the DNS provider “Dyn” with DDoS attacks, and managed to disturb the functioning of many enormous websites such as Paypal and Twitter.

However, “VPNFilter” and “Mirai” are only the latest of many malicious software. In light of this, here are some general best practices to protect your servers and computers from online attack.

Firstly, do not leave your router settings on default. These are often designed to be overly lenient to convenience the end-user. However, default settings can often increase vulnerability to online malware and cyberattacks. In particular, the setting “remote management”, which allows users to change the settings of the device from a remote location such as a computer on the network, is often turned on by default on many routers. However this is a major vulnerability that could be abused by cyberattackers. Therefore always ensure to turn off this setting after initial device setup.

Constantly check for software updates for your computer. These do not just contain bug fixes, but often also contain important security updates to protect your computer from newly discovered malicious software.

Download and constantly update antivirus software from a reputable developer, to ensure that your network has protection against online malware. Furthermore, ensure that firewalls are activated on all your computers connected to the internet. Firewalls constantly filter internet usage and traffic based on existing databases of dangerous software, and can be essential to protecting yourself against malicious or suspicious websites.

Finally, ensure to backup all important data, whether in a company or home setting. Despite following all these precautions, any computer connected to the internet will still be inherently vulnerable to cyberattacks and malware. Therefore, always keep encrypted backup copies of important or sensitive data. This will not only ensure that the information cannot be destroyed, but that it will also be inaccessible to an attacker who has not gained possession of an encryption key.

For more information or assistance on how to protect your network, contact us at +1 (888) 366-4443, or visit our page on our Network Solutions.