Remember the panic that hit organisations around the world on May 12th, 2017 when machine after machine displayed the WannaCryptor ransom screen? Well, we might have a similar incident on our hands in the coming days, weeks or months if companies don’t update or otherwise protect their older Windows systems right away. The reason is BlueKeep, a ‘wormable’ critical Remote Code Execution (RCE) vulnerability in Remote Desktop Services that could soon become the new go-to vector for spreading malware, says Carey van Vlaanderen, CEO at ESET South Africa.
A patch by Microsoft for supported, as well as some unsupported, operating systems has been available since May 14th
The BlueKeep vulnerability was found in Remote Desktop Services (also known as Terminal Services). If successfully exploited in the future, it could enable access to the targeted computer via a backdoor with no credentials or user interaction needed.
To make the bad news even worse, the vulnerability is ‘wormable’. This means that future exploits might use it to spread malware within or outside of networks in similar ways to what was seen with WannaCryptor.
Following Microsoft’s release of these latest patches, security researchers were able to create several working proofs-of-concept, but at the time of writing, none of these have been publicly released and there are no known cases of the flaw being exploited in the wild.
The flaw, listed as CVE-2019-0708, affects multiple in-support and out-of-support versions of Microsoft’s operating systems. Users of Windows 7, Windows Server 2008 R2, and Windows Server 2008 with automatic updates enabled are protected. Microsoft also issued special updates for two non-supported versions – namely Windows XP and Windows Server 2003 – which are available via this site. Windows 8 and Windows 10 are not affected by the vulnerability.
Microsoft has not released patches for Windows Vista, despite this version also being affected by the vulnerability. The only solution here is to disable Remote Desktop Protocol (RDP) completely or only allow its use when accessed via VPN.
It is important to note that any company using misconfigured RDP over the internet is putting its users and resources at risk. Apart from vulnerabilities such as BlueKeep, attackers also try to brute force their way into company machines and internal systems.
The BlueKeep case bears a strong resemblance to the events from two years ago. On March 14th, 2017, Microsoft released fixes for a wormable vulnerability in the Server Message Block (SMB) protocol, advising all users to patch their Windows machines immediately.
The reason for this was the EternalBlue exploit – a malicious tool allegedly designed by and stolen from the National Security Agency (NSA) – which targeted the SMB loophole. A month later, EternalBlue leaked online and in a few weeks became the vehicle for the two most damaging cyberattacks in recent history – WannaCry(ptor) and NotPetya (Diskcoder.C).
A similar scenario might unfold with BlueKeep given its wormable nature. Right now, it is only a matter of time until someone publishes a working exploit, or a malware author starts selling one on the underground markets. Should that happen, it will probably become very popular among less skilled cybercriminals and a lucrative asset for its originator.
BlueKeep will also show if organizations around the world learned a lesson after the large 2017 outbreaks and improved their security posture and patching routines.
To sum it up, organisations and users are advised to:
1. Patch, patch, patch. If you or your organisation run a supported version of Windows, update it to the latest version. If possible, enable automatic updates. If you are still using unsupported Windows XP or Windows Server 2003 – for whatever reason – download and apply the patches as soon as possible.
2. Disable Remote Desktop Protocol. Despite RDP itself not being vulnerable, Microsoft advises organisation to disable it until the latest patches have been applied. Further, to minimize your attack surface, RDP should only be enabled on devices where it really is used and needed.
3. Configure RDP properly. If your organisation absolutely must use RDP, avoid exposing it to the public internet. Only devices on the LAN, or accessing via a VPN, should be able to establish a remote session. Another option is to filter RDP access using firewall, whitelisting only a specific IP range. The security of your remote sessions can be further improved by using multi-factor authentication.
4. Enable Network Level Authentication (NLA). BlueKeep can be partially mitigated by having NLA enabled, as it requires the user to authenticate before a remote session is established and the flaw can be misused. However, as Microsoft adds, “affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.”
5. Use a reliable multi-layered security solution that can detect and mitigate the attacks exploiting the flaw on the network level.
Spotify hits sweet spot
Streaming has shifted the music industry away from ownership and towards customer experience, writes ARTHUR GOLDSTUCK
Last week marked the end of the beginning of the streaming music revolution. Apple announced the closing of iTunes, the 18-year-old platform that helped shift the music industry from physical to digital. At its height, in 2014, close to a billion people were using it.
However, the business model was still based on traditional ownership of music. Users either converted their physical music into digital tracks, or bought songs from iTunes. Apple founder Steve Jobs said back in 2003, when the iPod music player was launched, that consumers “don’t want to rent their music… They don’t want subscriptions”.
History proved him spectacularly wrong, and when streaming subscriptions services like Spotify and Pandora began taking off, even as iTunes hit the 800-million user mark, the company launched Apple Music in a dramatic acknowledgment that subscriptions were the future. It was also an admission that iTunes, which had also become a download service for movies and TV shows, had become top-heavy and frustrating to use.
Apple’s late arrival in the streaming world has cost it: In January this year, Apple Music reached 50-million subscribers – exactly half the number paying monthly subs to Spotify.
Spotify took South African music by storm when it launched here in March 2018, thanks to close collaboration with local artists. It has a dedicated South African team that creates playlists for South Africans, in genres that appeal to local audiences. It also has a local ad sales team, and achieved early success with automotive brands like BMW and Mini using the platform extensively.
The company does not break down user statistics by country but, says Claudius Boller, managing director for Middle East and Africa, uptake exceeded all expectations.
“It’s been an amazing year,” he told Business Times. “Engagement in South Africa has crossed the world average. Users are extremely active, lean forward, and engage with playlists on a daily basis. We are not running many campaigns to move people from our free service to the Premium offering, but people do it right away.
“The metric we look at is how often and how long people use Spotify on average per day, and we have already seen those on premium subscriptions using Spotify much more than Facebook per day.”
The South African audience has another key differentiator, says Boller: “The market is extremely loyal. We know other music services have been in the market for many years. But when people make up their minds to try Spotify, they fall in love with it and continue to use it. The drop-off rate of people using our service is one of the lowest of all the markets in which Spotify operates.”
One of the secrets of Spotify’s success is the close relationship it builds with what it calls “the creative community” – both artists and labels.
“They are extra engaged, because of the data they are able to get. We give them a huge amount of data in a way that is very easy to digest. Through Spotify for Artists, they can see in real time how many listeners they have, their demographics, where they are listening, and where their audience is growing. If Jeremy Loops is doing very well in Australia, he can adjust where to promote his music and how to plan his touring schedule.
“We also use that data to work more closely with the creative community. We bring artists, labels and managers together for educational events so that they can get to know how to use the data. We give them practical advice, for example that they should release music on the same day on all platforms, including radio and streaming services, to maximise monetisation.”
Music entrepreneur Siya Metane agrees that audience data is one of the greatest benefits of streaming music. Better known as Slikour, founding member of the legendary hip hop group Skwatta Kamp, he now runs SlikourOnLife, an online urban music site and community with well over a million regular users. Understanding user trends has been at the heart of the growth of the platform, and he believes Spotify and its competitors add yet another dimension.
“The analytics that the streaming platforms provide give artists more insight of where their music is being consumed,” he says. “It is therefore giving the artists and their managers insight on where to invest nationally or globally. Such information has not been readily available to artists and managers before. Historically, everything was based on the physical purchase of a copy in a region – most of the time locally.”
But there is a downside, he says: “The cost of the streaming sacrifice is losing a whole R100 per album to a streaming company that pays you based on their pro rata plays on their service. Therefore only a few people can benefit. But streaming has definitely shifted the business from music alone to everything else music can influence.”
Both Vodacom and MTN have recognised the potential of streaming music to add value to their services, which are becoming increasingly commoditised. MTN late last year bought the local music streaming service Simfy Africa, and Vodacom in April this year launched its own streaming music service, called My Muze. The latter invites aspiring musicians to upload their music, with the possibility of being discovered and signed to a music label.
“The music industry has changed rapidly in recent times in that everything now lives digitally,” says Rehana Hassim, portfolio manager for music at Vodacom. “We also hope to attract new young consumers, to whom music remains one of the biggest passion points, providing various ways to engage with and consume the music they love.”
AI reveals SA domestic abuse trends
Digital abuse, infidelity, and alcohol abuse are emerging as common conversation topics between victims of domestic violence in South Africa and rAInbow, an artificial intelligence-powered smart companion.
Developed with funding partner, Sage Foundation, and social justice organisation, The Soul City Institute, rAInbow allows users to ‘chat’ to a non-human over Facebook Messenger. It provides a safe space for domestic violence victims to access information about their rights, support options, and where they can find help – in friendly, simple language.
When we launched rAInbow in November last year, we didn’t expect that it would facilitate over 200,000 conversations with 7,000 users – 150,000 of those within the first three months of launch. One of the reasons we believe Artificial Intelligence (AI) can fill a gap in victim support is because many victims are uncomfortable talking to another person about their experience – due largely to social and cultural taboos, embarrassment, and shame.
The data gathered from anonymised rAInbow conversations** providesinvaluable insight into this complex issue; insight that we can use to improve our communication and prevention strategies.
Digital abuse: Behind the screens
Around 30% of rAInbow users believe it’s acceptable for their partners to check their phones and to insist on knowing who they’re talking to at all times.
Yet this constitutes a form of verbal and/or emotional abuse because abusers exploit technology and social media to monitor, control, shame, stalk, harass, and intimidate their victims. In conversations with rAInbow, many victims reveal that they don’t know what constitutes digital abuse because they can’t recognise the signs.
You could be a victim of digital abuse if your partner demands to know your passwords and who you’re talking to, reads your messages, and dictates who you can be friends with on social media.
The bottom line is, when you’re in a relationship, all communication with your partner – be it digital or face-to-face – should be respectful. You should never feel pressured into doing anything you’re uncomfortable with.
Infidelity: Is cheating really abuse?
Infidelity emerged as one of the main challenges facing rAInbow users in abusive relationships. In such cases, the cheating partner usually blames you for his/her cheating, does it intentionally to hurt you, or threatens to cheat again to control you. Infidelity is often accompanied by lying, manipulation, and blame-shifting – all recognised abusive behaviours.
Technology has exacerbated the problem. It’s now easier to access dating sites, pornography, and chat platforms, facilitating behaviour like ‘sexting’, which some people may consider infidelity.
‘Alcohol made me do it’
Alcohol and drugs are common triggers for violent episodes, with rAInbow users saying their partners were more likely to lash out at them verbally or physically after they’d been drinking. While alcohol itself doesn’t cause domestic violence, it can aggravate already tense situations.
Alcohol impairs people’s judgement and behaviour, to the point where they may lose control and become aggressive, short-tempered, and abusive. In most situations, the abusive partner will blame the alcohol for their actions and may not remember what they did or said the next day. The abused partner, however, has to live with the memories and after-effects of the abuse.
In his State of the Nation Address earlier this year, President Cyril Ramaphosa said violence against women and children has reached “epidemic proportions” and that ending abuse would be made an urgent national priority. Corporates, NGOs, and ordinary citizens also have a responsibility to end the scourge.
Technology like rAInbow provides the vital information needed to start driving radical change – at policy and societal level. The conversations that rAInbow is having with users is making us think differently about how to approach this issue. It’s apparent that we need targeted, personalised education drives that help victims identify abuse and explain how and where to get help. It’s also apparent that there’s a strong need for information that can be accessed in a safe, anonymous, and non-judgemental space.
We need to use the aggregated data that’s available to us to make better decisions about action plans and strategies. Solutions like rAInbow can provide governments with the information they need to tackle abuse.
To find out how you can contribute to the rAInbow project, e-mail firstname.lastname@example.org.
** All conversational data is anonymised. It is used to improve rAInbow and help organisations make better decisions about where to focus their efforts to combat abuse.