Monday, November 7, 2016

Everybody gets a 'prize'

Today, one year ago...

We should always keep in mind that the weakest link in the chain is the most powerful vector of infection. But, many times, the user doesn’t take part on it or his intervention is minimal. The risk exists and  it happens because we are online, and prevention is important but not always enough. In our weekly review about what happened just one year ago, we find some turbulent news related to online forums, Twitter, emails… The daily routine for any of us, under little and not very friendly crossfire.

The creators of vBulletin, a software on which many popular opinion forums are based, woke up on a November morning with such an overwhelming threat that those forums decided to close temporarily. The attacker, under the identity of Coldzero, put the 0-day on sale, almost at the same time that the vBulletin released a patch that solved the problem. Of course, the bug on which the exploit was based had been online for three years.
Who is not in a forum or uses Twitter or knows someone who does? Because right here everybody wins a ‘prize’. A year ago we found out that the group Cibercalifato, linked to the ISIS, had control over 54.000 Twitter accounts. In this type of operations, what matters is not knowing the secrets of this or that user, but putting them all in circulation for the propagation of criminal messages. Propaganda is a war weapon and we have been at war for a long time: cyberwar.

Let’s say that one day you get tired of Google and you decide to try other options, for instance: the Chinese Baidu. And you download their development software (SDK) into the rest of your apps. So far so good. But if the SDK has a back door, life can start to get complicated. And if through that back door someone sneaks in with bad intentions, everything can end like 365 days ago: with at least 100 million Android devices loaded with a ‘surprise’.

It’s not the same, although it seems similar to installing something without looking at the source and origin, and without giving permissions to a cloned app that looks legitimate (but it’s not) and that does evil things like rooting your device and stay there forever; impossible to get rid of it. If that malware has cloned more than 20,000 apps, it’s rare you have not crossed paths with it. And this happened, we insist, one year ago.

Because things that happened one year ago, and back then they were kind of multiple warnings that were not heard, it’s likely that it’s happening today. Like, for example, many mail servers have not gone through the necessary migration of certificates from 1,024 to 2,048 bits, something that exposes them to be a genuine gruyere cheese of cybersecurity. Then if the computer “slows me down”. It’s clear. Who did you say your email server was?

So it’s not always your fault. But precisely for that reason, you need to be aware. Be informed, read, participate, ask and become a strong link to help the weak ones to protect themselves.   

Original image: Freeimages


Post a Comment