Despite the awareness that in six months Microsoft will officially end its support for its nearly 10-year-old operating system, Windows 7, 18% of large enterprises have not yet migrated to Windows 10, according to new research from Kollective.
At the start of 2019, researchers found that 43% of companies were still running Windows 7. Of those, 17% didn’t even know about the end of support. In its most recent analysis of 200 US and UK IT decision makers, the report revealed that organizations have a long way to go to prepare for the much anticipated end of Windows 7 support.
Six months later, 96% of IT departments have started their migration, and 77% have completed the move. However, given that the migration from Windows XP to Windows 7 reportedly took some firms more than three years to complete, companies that have not started migration are at risk of missing the final deadline.
Speaking on the theme ‘The threats that should be keeping you awake at night’ at the FourSys SecureTour in London, independent computer security researcher Graham Cluley described the three main areas of concern for businesses in 2017.
Claiming that it is not about giving the audience nightmares, and not about nation-state hackers who “target private firms”, Cluley said that the three main problems were: ransomware, insider threat and business email compromise.
Focusing on last weekend’s WannaCry ransomware outbreak, Cluley said that this was ransomware “on a scale never seen before”, and “it hit so hard it took some hours before people came up with a logo!”
He added: “WannaCry did traditional things with Bitcoin, so what made it so different? It was not traditional ransomware; it was distributed by a worm-like feature and exploited a component in Microsoft Windows vulnerability and exploited the SMB protocol to spread very rapidly indeed.”
He went on to claim that ransomware has “truly been a threat over last few years” highlighting other instances of the NHS being hit, as well the San Francisco rapid transport being shut down, and it is also hitting mobile devices.
RELATED: Global cyber-attack: Security blogger halts ransomware ‘by accident’
In the other cases, Cluley said that in the case of business email compromise, where an attacker poses as a CFO and typically targets a junior member of staff but instead of sending malware, they just send an email to try to trick a person into sending money.
“People do this and as soon as they click on the send button, it is too late”, he said. Highlighting cases affecting major companies, Cluley said that this is effectively good social engineering.
Source: Info Security
Security researchers from computer and network security outfit Cybellum have revealed a new zero-day code injection and persistence technique that can be used by attackers to take over applications and entire Windows machines.
They demonstrated the attack on antivirus solutions, and ultimately dubbed it DoubleAgent, as it turns the antivirus security agent into a malicious agent.
The DoubleAgent attack
“DoubleAgent exploits a legitimate tool of Windows called ‘Microsoft Application Verifier’ which is a tool included in all versions of Microsoft Windows and is used as a runtime verification tool in order to discover and fix bugs in applications,” the company explained.
“Our researchers discovered an undocumented ability of Application Verifier that gives an attacker the ability to replace the standard verifier with his own custom verifier. An attacker can use this ability in order to inject a custom verifier into any application. Once the custom verifier has been injected, the attacker now has full control over the application.”
“By using DoubleAgent, the attacker can take full control over the antivirus and do as he wish without the fear of being caught or blocked,” they noted. This includes:
- Turning the app into malware (while not be identified as such by other security solutions)
- Modifying its behaviour (make it stop working)
- Using it to perform actions that would otherwise be flagged as suspicious almost immediately (e.g. exfiltrate data, C&C communication, etc.)
- Damage the computer (encrypting files, formatting hard drives, etc.) or the OS, and more.
Cybellum researchers demonstrated a DoubleAgent code injection against Symantec Norton antivirus, and offered PoC exploit code on GitHub.
Is there a solution?
The researchers have notified major antivirus vendors of their findings, and some of them (Malwarebytes, AVG) have already issued a patch for the vulnerability. Trend Micro’s patch is also in the works. Among the still vulnerable antivirus apps are those by Avast, BitDefender, ESET, Kaspersky, and F-Secure.