You may have heard news about issues with the latest Mac OS operating system, High Sierra. At Sheffield Hallam, Digital Technology Services has been recommending that staff do not update University Macs to the new operating system and no University owned Macs that students use have the new operating system installed. If you own an Apple Mac yourself, you should take advice from Apple about how to handle this.
Western Intelligence services have lost control of a number of ‘cyber weapons’. These are essentially toolkits built around one or more vulnerabilities that the intelligence services have discovered but not disclosed to vendors.
The recent WannaCry ransomware which had such devastating effect on the NHS and around the world made use of one such undisclosed vulnerability.
These ‘cyber weapons’ are crafted exploits available across multiple operating systems (Windows, Apple, Linux) and devices (Android, iPhones, Windows phones).
As a result, the threat environment at the moment is very high and system vendors and security companies are working hard to understand the vulnerabilities and provide fixes or protection. Users need to ensure systems are patched or security products installed in order to benefit from this protection and reduce their risk.
Additionally two further attacks have shown disturbing developments.
- UCL was suffered a ransomware attack on 15th June this year that investigation showed was initiated by users browsing a site that was running malicious advertising. The attack itself was initiated via an advert that not only made use of a ‘zero-day exploit’ (a vulnerability not known to vendors and therefore not fixed or protected against) but didn’t require the user to click on anything. Around a dozen computers were infected which resulted in the IT department shutting down all network drives in order to contain and eradicate the infection.
- A further ransomware attack called NotPetya appeared on the 27th June. It made use of the same WannaCry vulnerability in addition to several others. This attack is remarkable because it appears the hackers had no intention of decrypting any of the machines that had been infected. Even those users who dutifully paid $300 received nothing in return.
In this environment it becomes incredibly important that organisations and users take time to ensure their systems are properly protected:
- Always ensure your machines and devices are upgraded regularly. All major Operating System manufacturers offer automatic updates and this feature should be turned on.
- Computers and devices should have some form of anti-virus/anti-malware or internet security suite installed.
- Install ad blockers where possible on all browsers (for more advanced users, look into script blocking add-ons)
- Don’t use an administrator login as your normal login, create a separate user with normal rights and use that for your day to day use. The more rights your account has, the more damage can be done if it is compromised.
- Be vigilant and don’t fall for unsolicited attempts to get you to click links, open attachments or perform some other action (especially where there’s an implied or explicit threat or reward)
- Ensure backups are taken of your most important files. This should be either on a separate system or, preferably, on removable storage.
A particularly nasty phishing scam is currently circulating using an infected PDF attachment to take victims to a fake gmail sign-in page. Once the user has signed in the scam is then sent to other gmail users with information from the sent items folder. This means the phishing attacks can look very convincing with realistic subject lines and appearing to come from known contacts.
Once the hackers have access to your account they may be able to use your personal details and password on other services you use. You can avoid being targeted by enabling two-factor authentication. To check whether the log in page is genuine, look out for the prefix ‘data:text/html’ in the browser location bar, which indicates that you are being directed to an illegitimate web page. The real log in page should start https://accounts.google.com/ServiceLogin