Email Icon info@fiveninesit.ca
Phone Icon +1-519-893-3359

Our job is to ensure you can do yours. Let’s talk.

Scam of the Week: Fake Meltdown and Spectre Patch Phishing Emails

 

You may have read in the press or seen our earlier announcement that it was recently discovered that practically all computer systems worldwide have a hardware bug called "Meltdown" and "Spectre". Hardware and software vendors have been working hard to create software patches to get around this problem and we are in the process to apply these patches on our whole network.

 

However, bad guys are using this major event to try to trick you into downloading malware that claims to be a patch for the "Meltdown" and "Spectre" hardware issue. Don't fall for it!

 

In the office, your IT partner or department will take care of all patching and will notify you about it. Do not act on any emails or popups that tell you to urgently update your computer. At the house, take the same precautions. Patches should only come from official sources like the manufacturer of your PC or the developers of your Operating System (Microsoft Windows or Apple Mac).

 

We sent out some warnings and advisories last week about Spectre and Meltdown, but we want to remind everyone again about some steps you can take to protect yourself.

 

Remember that the bad guys are also going to jump on this bandwagon with phishing attacks!

 

Here is a live phishing attack email, just picked from the wild:

 

 

For the most part protecting your network comes down to applying the many patches vendors have been rolling out since the bugs broke into public awareness.

 

There are three of these nasty bugs, and they essentially enable side-channel attacks and information theft as an unfortunate side effect of the chips having been engineered for speed and efficiency by performing speculative execution.

 

"Meltdown" (CVE-2017-5754) is a flaw that lets ordinary applications cross the security boundaries enforced at chip level to protect access the private contents of kernel memory. This bug has been found in Intel chips produced over the last decade.

 

The other two vulnerabilities are being called "Spectre" (CVE-2017-5753 and CVE-2017-5715), and these are more insidious and widespread, having been found in chips from AMD and ARM as well as Intel.

 

Spectre could enable an attacker to bypass isolation among different applications. Some early reports began to appear at the end of the first week in January, that Meltdown (at least) was being exploited in the wild.

 

It's also good to remember that an incident like this not only presents you with a challenge, but also with an opportunity to raise awareness and shore up your security.

 

Five things are worth noting:

  1. First, vendors are working quickly to roll out patches. Microsoft and Google did so last Thursday, and they're not alone. Patch quickly but with discretion: not all anti-virus programs are compatible with the updates.
  2. Second, your people may notice that some of the services they're accustomed to using seem to be moving more slowly. That may not be in their mind, and it may not be evidence of a problem, but rather a sign that those services, cloud providers in particular, are taking steps to mitigate the risk.
  3. Third, be alert for social engineering scams related to the bug announcements. These follow most major cyber incidents, and Meltdown and Spectre will be no different. Remind your employees of your patching policies and notification practices. Reinforce with your people that they're the last line of defense.
  4. Fourth, now that ARM and AMD processors are known to be afflicted with Spectre at least, remember that those chips are widely used in distributed, set-it-and-forget-it, Internet-of-things devices. The risk is likely to linger there longest.
  5. Fifth, the disclosure suggests a human problem. Google found the flaws last summer and vendors have been quietly working to prepare fixes since then. The news broke suddenly, and before fixes were entirely ready, because Google determined that someone, somewhere, had begun to leak the news.

 

The New York Times published an accessible overview of the issue here: https://www.nytimes.com/2018/01/04/technology/meltdown-spectre-questions.html?_r=0

 

Five Nines IT Solutions

info@fiveninesit.ca

1 (519) 893-3359

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

Contributors

Stefan Myles
8
March 2, 2018
show Stefan's posts
Douglas Grosfield
4
January 17, 2018
show Douglas's posts

Latest Posts

Show All Recent Posts

Archive

Tags

Everything Hardware Software Cybersecurity Malware Antivirus Business Continuity Microsoft AMD Intel Infrastructure IoT (Internet of Things) Cyberwar

 

Still have questions? Of course you do.
Good news! We listen.
After all, you know your business and we know IT.

 

LET'S TALK

 

Gimme ten Timbits® and a large ÐÖÜߣ€ ¥®±§H?

No Sale

 

Whether karmic retribution over the minimum wage scandal, just another high-profile target chosen for its prestige or simply an opportunity to mess with a whole lot of half-awake people at the same time as they attempted to acquire their daily fix, somewhere between a hundred and a thousand Tim Hortons locations across the country were hit by a form of computer virus a couple of days ago. This one hit them right where it hurts – in the cash register. Literally.

 

According to the company, a substantial number of the chain’s Panasonic Point-Of-Sale systems were smacked with undisclosed malware, resulting in service delays and in some cases, the shutdown of entire restaurants. Sources say there was no threat to client data or other computer systems, but there are unconfirmed reports of lawsuits launched by the franchisees who argue their systems should have been better protected by the company’s IT support services.

 

Only time will reveal the amount of damage and lost productivity resulting from a major blip in the country’s primary caffeine supply chain.

 

Read more here.


view all comments (86) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Hardware Software Cybersecurity Malware Business Continuity IoT (Internet of Things) Cyberwar

Canadians are nice but it's not enough to be immune

 

It seems that being nice just isn't enough anymore. In today's world, sad as it may be, we need to be suspicious and cautious, especially when it comes to our digital presence. Of course, the open and friendly nature of the fine folks behind the firewalls helps define us as a culture and a nation, but the truth is, our shops, offices and industries face the same risks as even the most hard-hearted, cynical and mistrustful around the globe. Nice as we may be, we can no longer ignore the threats that loom large and threaten our privacy and security with every keystroke and finger swipe. I'm not saying this just to rattle cages or ramp up the fear factor - this is a reality.

 

Datto, a world leader in Backup and Disaster Recovery and Business Continuity technology has released its latest report on the state of Ransomware in the Canadian computer market. While this document is primarily targeted at service providers, it offers considerable insight into what's really going on and how this and related threats are impacting our livelihood and infrastructure. And they present it in the nicest way. We Canadians rub off on others, and that's a good thing. :0)

 

You can download the report here


view all comments (46) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Cybersecurity Malware Business Continuity

You can hide but you can't run

 

In a pilot program to monitor obesity in soldiers, the US military issued fitness tracking smartwatches to some 2500 active duty personnel to help track their day-to-day exercise and activities. Last Saturday, a 20-year-old student in Australia stumbled upon what appeared to be US military operations in Somalia and Yemen while researching international security in the Middle East. It seems that the devices were plotting the soldiers' routes and activities on a "heat map" made available on a publicly accessible website. Experts say some of the information that may have been gleaned included special ops, locations of missile bases and other potentially sensitive activities.

 

All the more reason to stay on the couch.

 

Read more here.


view all comments (36) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


This message ain't from my (Pay) Pal

Thank heaven I learned to read at an early age. Typos jump out at me, especially those made by others (Note - I am still working on reducing my own.) Thankfully, the baddies haven't yet discovered grammar checkers.

 

I received this e-mail today; it looked pretty legit and I have purchased a few things using PayPal over the last couple of months. However, the clues were right there, especially if you're one for details. Can you see what I'm seeing? There are at least ten errors in just this snippet (It goes on.)

 

If only they were all so obvious. 

 

As with all messages, if you receive something like this, read and proceed with caution.

 


view all comments (25) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


Ding, dong, Bell, they're hacking you as well.

 

 

OK, this is getting a little scary.

 

Bell Canada, one of the world leaders in communication services and technologies has announced that they have experienced yet another a data breach. While this hack apparently involves fewer than 100,000 clients, that's 100,000 more than should be.

 

Sadly, this is not the first time, but it brings new light to the importance of reporting incidents as soon as they are identified and/or confirmed. New federal regulations regarding detection, reporting and remediation are soon to be implemented as part of the government's cybersecurity strategy for both the public and private sectors as well as international dealings.

 

In the meantime, we as individuals and business owners need to be not only cognizant but prepared for these eventualities.

 

Let's talk.

 

Read more here.


view all comments (26) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


Commuter hackers target Ontario transportation firm

Image courtesy of Metrolinx 2015-16 Annual Report

 

Computers at Metrolinx, the Ontario government agency responsible for GTA/Hamilton and Ottawa area public transportation services were said to be targeted by North Korean hackers in mid-January 2018. At the time of writing, details are still coming in, but a statement from Metrolinx assures that both the systems that manage rail and bus services and servers storing personal information are safe and secure. 

 

The question this begs is, "Why?"

 

Are they (North Korea) looking for new ideas on how to (or how not to) manage their public transportation? Could it be a group of bored but talented teenagers pulling a prank? Odds are it is organized crime looking to add to the ever-increasing pool of available identity-related data for far more nefarious purposes. Reports say that hacking brings in a billion dollars to NK coffers each year. No word as to whether that money goes directly to their illustrious leader or is divvied up to give their commuters a break. One can only speculate.

 

Why is this particular situation so important? Well, this kind of attack is not random, it is targeted. Consider that over 35,000 people use GO trains and buses every day, travelling to and fro for work and pleasure, and over two million Presto cards are in use. That's a lot of names, addresses, and credit/debit cards, but what about simple details like demographics and travel patterns? This kind of information also feeds into plans for disruption and chaos, not just financial gain. I'm sure the terrorists responsible for attacks on commuter trains in other parts of the world did background research beforehand to determine where and when to strike with maximum effectiveness.

 

The point is, every network, every computer and every Internet-connected device everywhere is potentially vulnerable to attacks of one kind or another. In this case, the folks at Metrolinx responsible for cybersecurity were on the ball, prepared and ready for action (GO team!) How well do you know your network?

 

After all, you have a responsibility to protect yourself, your business, your employees, your data.

 

Let's talk.

 

Read more here.


view all comments (20) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


I'll huff, and I'll puff, and I'll shut your network down

 

Many areas of the world, including ours, have experienced extreme weather events in recent years. Natural and man-made disasters like floods, fires and earthquakes have had their way, destroying everything from beachfront property to cities and even entire countries. These threats are expanding in frequency and scope, even showing up in unexpected places, wreaking untold havoc upon the unprepared.

 

Now there is a new set of threats that are approaching in potential severity and impact.

 

According to the World Economic Forum, cyber attacks are among the most serious risks facing the world as we know it today. The ability to attack not only individuals and businesses but also government and infrastructure like power, gas and water puts these threats into the same category as hurricanes and forest fires.

 

We not only need to be aware of the immediate effects us as computer users and as business owners, we must understand how small weaknesses in our systems can play a serious role in much larger scenarios. No one wants to be hacked, but we must also be vigilant to ensure we're not leaving a door to our clients or suppliers unlocked, allowing troublemakers entrance to do their dirty deeds on a grander scale.

 

The big, bad wolf has a new kind of wind machine; bricks and mortar might not be enough to hold up this time. It's time to review, test and reinforce your defences.

 

Let's talk.

 

Read more here.

 

 

 


view all comments (37) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Business Continuity Infrastructure IoT (Internet of Things) Cyberwar

CES 2018: Tons of Cool Stuff for the Nerd in Your Life...

 

While the way to a man's heart may be through his stomach, the way to a nerd's heart is showcased in vivid technocolour every year at the Consumer Electronics Show in Las Vegas!  This year's CES was no different, and you can see some of the very best highlights of the show here.  Hug your techie today...


add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Hardware Software

New Ransomware Coming: This One Can Even Encrypt Cloud-based Email

 

There is a new kind of very scary ransomware expected soon, which can do something that has not been done before, and the majority of folks who use cloud-based email services such as Office 365 do not have appropriate protections in place to recover from something like this.

 

Have a look at this video to see it in action, and ask for help to protect yourself today!

 

 

 

 


add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Cybersecurity Malware Business Continuity

Network Device Patching: Slow yer Roll

 

 

While patching related to the recent CPU vulnerabilities is critical, doing so on network devices is significantly lower in priority than with operating systems and computer CPUs themselves.  Have a look at the article here for more information, and think about how you can prioritize patching your network systems.

 

 

 


add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Hardware Cybersecurity Microsoft AMD Intel