Security Week 13: Facebook rush, ransomware popularity, Specter patches

A wide discussion of the privacy issues of user data on Facebook is a more public topic, and if you try to find some technical features in it, it turns out that nothing happened at all with Facebook over the past month. Unless the developers of the Firefox browser in late March released a solution that allows you to isolate your Facebook user account from other activities on the web. As for the rest, as usual: either journalists dig up even more shocking details about data leakage, then Tim Cook from Apple speaks on the topic “we sell products to users, not users to advertisers”, then Mark Zuckerberg will respondthat "everything is not so clear." The technical community is mostly surprised: what's new? It has long been clear that any public activity on the Internet will be analyzed by someone and, possibly, used somehow - for the benefit of users or how it turns out. Far from always processing big data is a necessary evil. The question is how to make this process more transparent.


Following the hearings in the American congress with the participation of Facebook CEO, the English-speaking Threatpost publishes a detailed description of possible legislative initiatives that aim precisely at more transparency in the collection and transfer of personal data. Moreover, in the same USA there is already a Federal Trade Commission definition that social networks should ask the user's permission if they want to transfer information about him to a third party. So they warn, but who reads these warnings? Conditionally non-working designs include the Do Not Track initiative and the European cookie law.. Obviously, based on the hustle and bustle around Facebook, there will be more initiatives, and perhaps big data operators will become more accommodating. Despite the powerful news background, this problem will be resolved by political methods for a long time, it is always there. Technologies to replace the existing status quo are also not yet in sight, except perhaps some decentralized social Internet with a thick layer of blockchain. Like Diaspora , but better. Much, much better.

On the topic: Why is it “too late to delete Facebook” - the story of the scandal in detail on the blog of LK.

Almost 40% of cyber attacks on businesses accounted for Trojan-cryptographers

News

Verizon’s business threat report is custom built. There are 67 companies in the sample (they represent 65 countries), but each, apparently, provided detailed information about incidents for the year. In total, 53,000 incidents and 2216 successful attacks were analyzed - English breaches can be interpreted as a data leak, or as an attacker gaining control over part of a corporate infrastructure. 39% of successful attacks using malware in one way or another refer to infection with a ransomware trojan. Verizon notes that the complexity and scale of attacks is growing: not only workstations are under attack, but also - increasingly - file servers. The reason is understandable - the more data "captured", the greater the potential ransom.

Some more interesting facts from the study. Email remains the primary mode of entry. Phishing, malware distribution under the guise of financial documents - depending on the method of counting up to 93% of successful attacks, these are the tools. It can be concluded that the malware industry is rapidly monetizing. To develop this criminal business, it is not even necessary to use the latest hacking methods. For example, a Kryptos Logic report says that 2.7 million computers are still infected with WannaCry. This attack was non-standard, but it happened almost a year ago, was immediately stopped and since then, it would seem, it should be stopped without any problems. Despite this, in March, a WannaCry incident occurredon Boeing’s network, and as we can see, millions of computers are still infected with this trojan.

In one line,

AMD is releasing patches to protect against Specter vulnerabilities. The patches are relevant for processors released since 2011, but updating the microcode is not enough: you can completely close the vulnerability only in combination with the latest version of Windows (an update for Windows 10 is also released this week) or with the current Linux kernel, the patch for which is already available for a while.

Microsoft's April patch release addresses 66 vulnerabilities, including 24 critical. Among them is the XSS vulnerability in the Sharepoint server, which allows to slightly increase privileges.

If someone else uses Adobe Flash Player, it alsoclosed a couple of holes .

Schneider Electric has released software patches for industrial systems, including removing a serious vulnerability that allows you to take control remotely. The set of problems is no different from that for a home computer: vulnerability in Samba, SQL injection and the like.

Disclaimer: The digest was prepared with the support of magical fairies, whose opinions do not always coincide with the official position of Kaspersky Lab.