Exploits, software that takes advantage of a bug or vulnerability, for Microsoft Office in-the-wild hit the list of cyber headaches in Q1 2018. Overall, the number of users attacked with malicious Office documents rose more than four times compared with Q1 2017. In just three months, its share of exploits used in attacks grew to almost 50% – this is double the average share of exploits for Microsoft Office across 2017. These are the main findings from Kaspersky Lab’s Q1 IT threat evolution report.
Attacks based on exploits are considered to be very powerful, as they do not require any additional interactions with the user and can deliver their dangerous code discreetly. They are therefore widely used; both by cybercriminals looking for profit and by more sophisticated nation-backed state actors for their malicious purposes.
The first quarter of 2018 experienced a massive inflow of these exploits, targeting popular Microsoft Office software. According to Kaspersky Lab experts, this is likely to be the peak of a longer trend, as at least ten in-the-wild exploits for Microsoft Office software were identified in 2017-2018 – compared to two zero-day exploits for Adobe Flash player used in-the-wild during the same time period.
The share of the latter in the distribution of exploits used in attacks is decreasing as expected (accounting for slightly less than 3% in the first quarter) – Adobe and Microsoft have put a lot of effort into making it difficult to exploit Flash Player.
After cybercriminals find out about a vulnerability, they prepare a ready-to-go exploit. They then frequently use spear-phishing as the infection vector, compromising users and companies through emails with malicious attachments. Worse still, such spear-phishing attack vectors are usually discreet and very actively used in sophisticated targeted attacks – there were many examples of this in the last six months alone.
For instance, in late 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero-day exploit used in-the-wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. Analysis of the payload enabled researchers to confidently link this attack to a sophisticated actor known as ‘BlackOasis’. The same month, Kaspersky Lab’s experts published a detailed analysis of СVE-2017-11826, a critical zero-day vulnerability used to launch targeted attacks in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML parser. Finally, just a couple of days ago, information on Internet Explorer zero day CVE-2018-8174 was published. This vulnerability was also used in targeted attacks.
“The threat landscape in the first quarter again shows us that a lack of attention to patch management is one of the most significant cyber-dangers. While vendors usually issue patches for the vulnerabilities, users often can’t update their products in time, which results in waves of discreet and highly effective attacks once the vulnerabilities have been exposed to the broad cybercriminal community,” notes Alexander Liskin, security expert at Kaspersky Lab.
Other online threat statistics from the Q1, 2018 report include:
- Kaspersky Lab solutions detected and repelled 796,806,112 malicious attacks from online resources located in 194 countries around the world.
- 282,807,433 unique URLs were recognised as malicious by web antivirus components.
- Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 204,448 user computers.
- Kaspersky Lab’s file antivirus detected a total of 187,597,494 unique malicious and potentially unwanted objects.
- Kaspersky Lab mobile security products also detected:
- 1,322,578 malicious installation packages.
- 18,912 mobile banking Trojans (installation packages).
To reduce the risk of infection, users are advised to:
- Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.
- Wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.
· Regularly run a system scan to check for possible infections and make sure you keep all software up to date.
- Businesses should use a security solution that provides vulnerability, patch management and exploit prevention components, such as Kaspersky Endpoint Security for Business. The patch management feature automatically eliminates vulnerabilities and proactively patches them. The exploit prevention component monitors suspicious actions of applications and blocks malicious files executions.
The hacker, the scrapheap, and the first Apollo computer
Three years ago, a Tshwane computer engineer tracked down the “lost” first Apollo space flight guidance computer. ARTHUR GOLDSTUCK retells the story on Apollo 11’s 50th anniversary.
It’s not often that a YouTube video on a technical topic gives one goosebumps. And it’s not often that someone unpacking a computer makes history.
Francois Rautenbach, a computer hardware and software engineer from Tshwane, achieved both with a series of videos he quietly posted on YouTube in 2016, and shared by Gadget.
It showed the “unboxing” of a batch of computer modules that had been found in a pile of scrap metal 40 years ago and kept in storage ever since. Painstaking gathering of a wide range of evidence, from documents to archived films, had convinced Rautenbach he had tracked down the very first Guidance and Navigation Control computer, used on a test flight of the Saturn 1B rocket and the Apollo Command and Service Modules.
Apollo-Saturn 202, or Flight AS-202, as it was officially called, was the first to use an onboard computer – the same model that would eventually take Apollo 11 to the moon. Rautenbach argued that the computer on AS-202 was also the world’s first microcomputer. That title had been claimed for several computers made in later years, from the Datapoint 2200 built by CTC in 1970 to the Altair 8800 designed in 1974. The AS-202 flight computer goes back to the middle of the previous decade.
His video succinctly introduced the story: “On 25th August 1966, a very special computer was launched into space onboard Apollo flight AS-202. This was the first computer to use integrated circuits and the first release of the computer that took the astronauts to the moon. Until recently, the software for the Block 1 ACG (Apollo Guidance Computer) was thought to be lost…”
One can be forgiven for being sceptical, then, when he appeared on screen for the first time to say, “I’ve got here with me the software for the first microcomputer.”
Then he unwrapped the first package and says: “Guys, these modules contain the software for the first microcomputer that was ever built, that was ever used.”
The goosebumps moment came when he revealed the NASA serial number on a device called a Rope Memory Module, and declared: “These modules are the authentic flight AS-202 software modules. These were found on a rubbish dump, on a scrap metal heap, about 40 years ago … and we are going to extract the software from this module.”
In a series of three videos, he extracted the software, showed how the computer was constructed, and used a hospital X-Ray machine to inspect its insides. The third video started with the kind of phrase that often sets off the hoax-detectors in social media: “Okay, so you guys won’t believe what I’ve been doing today.” But, in this case, it was almost unbelievable as Rautenbach took the viewer through a physical inspection of the first Apollo guidance computer.
How did an engineer from Tshwane stumble upon one of the great treasures of the computer age? He tended to avoid the limelight, and described himself as “a hardware/software engineer who loves working on high-velocity projects and leading small teams of motivated individuals”.
In an interview with Gadget, he said: “I am the perpetual hacker always looking for a new challenge or problem to solve. I have experience in designing digital hardware and writing everything from embedded firmware to high-level security systems. Much of the work I did over the last five years revolved around building new and creative payment solutions.”
The breadth of his work gave him the expertise to investigate, verify, and extract the magic contained in the AS-202 computer. A global network of contacts led him to the forgotten hardware, and that is when the quest began in earnest.
“I got interested in the Apollo Guidance Computer after reading a book by Frank O’Brien (The Apollo Guidance Computer: Architecture and Operation). Most of us grew up with the fallacy that the AGC was less powerful than a basic programmable calculator. I discovered that this was far from the truth and that the AGC was in fact a very powerful and capable computer.
“I started communicating with experts in the field and soon realised that there was a wealth of information available on the AGC and the Apollo space program in general.
“One day I received some photos of AGC Rope Memory modules from a friend in Houston marked ‘Flight 202’. After a little googling, I realised that these modules contained the software from Flight AS-202. As I learned more about AS-202, I discovered that this was the first time the AGC was used in an actual flight.”
Rautenbach eventually tracked down the source of the photos: a man who had picked up the entire computer, with memory modules, at an auction, as part of a three-ton lot of scrap metal.
“At one point he opened up to me and said he had other modules. He admitted he had a full Apollo guidance computer, and my theory was that it was used to develop the Apollo 11 guidance computer. He sent me more information, and I thought he had THE computer.
“He’s got all this junk in his backyard. He started selling stuff on eBay and one day got a visit from the FBI wanting to know where he got it. He was able to find the original invoice and showed it to them and they went away. But it scared him and he didn’t want to tell anyone else in the USA what he had. Not being from America was an advantage.”
Rautenbach flew to Houston last year, opened the sealed packages and filmed the process.
“This was the first microcomputer. I opened it and played with it. I realised this was the first computer that actually flew. I also found Rope Memory modules that said Flight 202, and he didn’t know what that was. I found it was from AS-202, and I said we can extract stuff from this.”
Rautenbach paid a deposit to borrow the units and have them sent to South Africa, so that he could extract and rebuild the software. He also made contact with Eldon Hall, leader of the team that developed the Apollo guidance computer and author of the 1966 book, Journey to the Moon: The History of the Apollo Guidance Computer.
The correspondence helped him verify the nature of the “scrap”. The Apollo command module from flight AS-202 was restored and is now on permanent display on the USS Hornet, the legendary aircraft carrier used to recover many Apollo command modules and now a museum. However, the computer parts were sold as scrap in 1976. And NASA never preserved a single copy of the software that had been used on its first guidance computer.
Fortunately, a sharp-eyed speculator realised the lot may contain something special. He sold off some of the scrap over the years, until that visit by the FBI. He still preferred to remain nameless.
In August 2016, on the 50th anniversary of the launch of AS-202, Rautenbach quietly began posting the evidence online. He also announced that the raw data he had extracted would be made available to anyone who wished to analyse it.
His videos on the unboxing of the AS-202 computer and the extraction of the software can be viewed on YouTube at http://bit.ly/as202, where he also planned to post instructions for accessing the software.
- Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee
NASA’s description of flight AS-202 can be found at: http://nssdc.gsfc.nasa.gov/nmc/spacecraftDisplay.do?id=APST202
Technical specifications of the Apollo Guidance Computer can be found at: https://en.wikipedia.org/wiki/Apollo_Guidance_Computer
Apollo comes back to Pretoria
Francois Rautenbach pointed out that South Africa played a prominent role during the 93 minutes of flight AS-202: “Pretoria is mentioned no less than three times in the post-flight report. The AS-202 flight actually reached it’s highest point above South Africa. The telemetry data from the flight were recorded on computer tape at Hartebeesthoek and later shipped back to NASA.”
Homemation creates comfort through smart homes
Home automation is more than just turning the lights on and off, Homemation’s Gedaliah Tobias tells BRYAN TURNER
The world is taking interior design notes from the Danish, in a style of living called hygge (pronounced hoo-gah). Its meaning varies from person to person: some see hygge as a warm fire on a cold winter’s night, others see it as a cup of hot coffee in the morning. The amount of “good feelings” one gets from these relaxing activities depends on what one values as indulgent.
But how does technology fit into this “art of feeling good”?
We asked Homemation marketing manager Gedaliah Tobias to take us through a fully automated home of the future and show us how automation creates comfort and good feelings.
“The house is powered by Control4, which you can think of as the brain of the smart home,” says Tobias. “It controls everything from the aircon to smart vacuum cleaners.”
The home of the future is secured by a connected lock. It acts like other locks with keypads and includes a key in the event of a power interruption. The keypad is especially useful to those who want to provide temporary access to visitors, staff, or simply kids who might lose their parents’ house keys.
“The keypad is especially useful for temporary access,” says Tobias. “For example, if you have a garden service that needs to use the home for the day, they can be given a code that only turns off the perimeter alarm beams in the garden for the day and time. If that code is used outside of the day and time range, users can set up alerts for their armed response to be alerted. This type of smart access boosts security.”
Once inside, one is greeted with a “scene” – a type of recipe for electronic success. The scene starts by turning on the lights, then by alerting the user to disarm the alarm. After the alarm is disarmed, the user can start another more complicated scene.
“Users can request customised scene buttons,” says Tobias. “For example, if I press the ‘Dinner call’ scene, the lights start to flash in the bedroom, there’s an announcement from the smart speakers, the blinds start to come down, the lighting is shifted to the dinner table. Shifting focus with lighting creates a mood to bring the house together for dinner.”
Homemation creates these customised scene buttons to enable users to control their homes without having to use another device. In addition to scene buttons, there are several ways to control the smart home.
“Everything in the smart home is controllable from your phone, the touchscreens around the house, the TV, and the dedicated remote control. Everyone is different, so having multiple ways to control the house is a huge value add.”
We ask Tobias where Homemation recommends non-smart home users should start on their smart home journey.
“Before anything, the Control4 infrastructure needs to be set up. This involves a lot of communications and electrical cabling to be run to different areas of the home to enable connectivity throughout the home. After the infrastructure is set up, the system is ready for smart home devices, like lighting and sound.”
“For new smart home users, the best bang for their buck would be to start with lighting once the infrastructure is set up. Taking it one step at a time is wise.”
• For more information, visit https://www.homemation.co.za/