Exploits, software that takes advantage of a bug or vulnerability, for Microsoft Office in-the-wild hit the list of cyber headaches in Q1 2018. Overall, the number of users attacked with malicious Office documents rose more than four times compared with Q1 2017. In just three months, its share of exploits used in attacks grew to almost 50% – this is double the average share of exploits for Microsoft Office across 2017. These are the main findings from Kaspersky Lab’s Q1 IT threat evolution report.
Attacks based on exploits are considered to be very powerful, as they do not require any additional interactions with the user and can deliver their dangerous code discreetly. They are therefore widely used; both by cybercriminals looking for profit and by more sophisticated nation-backed state actors for their malicious purposes.
The first quarter of 2018 experienced a massive inflow of these exploits, targeting popular Microsoft Office software. According to Kaspersky Lab experts, this is likely to be the peak of a longer trend, as at least ten in-the-wild exploits for Microsoft Office software were identified in 2017-2018 – compared to two zero-day exploits for Adobe Flash player used in-the-wild during the same time period.
The share of the latter in the distribution of exploits used in attacks is decreasing as expected (accounting for slightly less than 3% in the first quarter) – Adobe and Microsoft have put a lot of effort into making it difficult to exploit Flash Player.
After cybercriminals find out about a vulnerability, they prepare a ready-to-go exploit. They then frequently use spear-phishing as the infection vector, compromising users and companies through emails with malicious attachments. Worse still, such spear-phishing attack vectors are usually discreet and very actively used in sophisticated targeted attacks – there were many examples of this in the last six months alone.
For instance, in late 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero-day exploit used in-the-wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. Analysis of the payload enabled researchers to confidently link this attack to a sophisticated actor known as ‘BlackOasis’. The same month, Kaspersky Lab’s experts published a detailed analysis of СVE-2017-11826, a critical zero-day vulnerability used to launch targeted attacks in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML parser. Finally, just a couple of days ago, information on Internet Explorer zero day CVE-2018-8174 was published. This vulnerability was also used in targeted attacks.
“The threat landscape in the first quarter again shows us that a lack of attention to patch management is one of the most significant cyber-dangers. While vendors usually issue patches for the vulnerabilities, users often can’t update their products in time, which results in waves of discreet and highly effective attacks once the vulnerabilities have been exposed to the broad cybercriminal community,” notes Alexander Liskin, security expert at Kaspersky Lab.
Other online threat statistics from the Q1, 2018 report include:
- Kaspersky Lab solutions detected and repelled 796,806,112 malicious attacks from online resources located in 194 countries around the world.
- 282,807,433 unique URLs were recognised as malicious by web antivirus components.
- Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 204,448 user computers.
- Kaspersky Lab’s file antivirus detected a total of 187,597,494 unique malicious and potentially unwanted objects.
- Kaspersky Lab mobile security products also detected:
- 1,322,578 malicious installation packages.
- 18,912 mobile banking Trojans (installation packages).
To reduce the risk of infection, users are advised to:
- Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.
- Wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.
· Regularly run a system scan to check for possible infections and make sure you keep all software up to date.
- Businesses should use a security solution that provides vulnerability, patch management and exploit prevention components, such as Kaspersky Endpoint Security for Business. The patch management feature automatically eliminates vulnerabilities and proactively patches them. The exploit prevention component monitors suspicious actions of applications and blocks malicious files executions.
What US game of phones means for Huawei
The Trump administration shocked the world with its ban on US companies supplying Huawei. ARTHUR GOLDSTUCK digs deeper.
The Trump administration shocked the world with its ban on US companies supplying Huawei. ARTHUR GOLDSTUCK digs deeper.
In the same week that the wildly popular Game of Thrones series reached its climax with major characters meeting their startling destinies, US president Donald Trump took the game of phones to a new level in a move that was as startling.
By declaring a trade ban on Huawei, he in effect blocked any US technology from being supplied to the world’s fastest growing smartphone manufacturer. The immediate consequence: Google revoked Huawei’s access to the Android operating system, the Google Play Store, and Google apps like Maps, Gmail and YouTube for all future phone models.
However, Google announced on Twitter, through its Android account, that it would not pull the plug on current devices. It said:
For Huawei users' questions regarding our steps to comply w/ the recent US government actions: We assure you while we are complying with all US gov't requirements, services like Google Play & security from Google Play Protect will keep functioning on your existing Huawei device.— Android (@Android) May 20, 2019
This means that the current market-leading phone, the Huawei P30 Pro, won’t be affected by the ban. Huawei said it had stockpiled chips from US suppliers with this possibility in mind, so it should at least be able to meet demand for the current model.
Huawei is also known to have worked on its own operating system for some years now, with a view to it eventually replacing Android and reducing the company’s reliance on Google. However, the severity of the ban, and its catch-all nature, shook the market. A smartphone without any Google products is a phone that will see little demand outside China, which itself has banned most Google apps and services.
Notably, the first impact of the shock wave was on American companies that supply Huawei. Chipmakers Intel and Snapdragon were hit, and a wide range of other corporations, from Microsoft to Corning, could also be affected. Apple could be next, as the Chinese government may well block the assembly of its products in China. Currently, all iPhones are put together at factories in China. Should it retaliate in this way, Apple will have to develop a new supply chain, both delaying its next versions and increasing its cost due to its loss of a cheap source of labour.
That is not to say that Huawei won’t be a big loser in this trade war. It’s a massive blow. Until now, Huawei could carry on blithely in the face of a sales ban in the USA, knowing it is dominant in the rest of the world in both 5G equipment and in handset sales.
However, its smartphone leadership is founded on a particularly good implementation of Google’s Android ecosystem. Losing that means it has to go back to the drawing board in developing and evolving its own operating system and even apps environment. It can do it, but it will lose years of development to Apple and Samsung.
The bottom line, then, is that everyone loses in this trade war. If the Huawei ban is no rescinded, Donald Trump will have dealt a crippling blow to the entire smartphone industry. This could, in turn, presage a slump in technology shares on the stock markets of the world.
It may, then, appear baffling that the US administration would take such drastic steps. The ostensible reason is that Huawei is subject to a Chinese law that requires local companies to cooperate with authorities. This is interpreted as meaning that Huawei would install secret backdoors in handsets to give the Chinese government access to them, and secret spy technology in 5G networks to allow the government to eavesdrop on all communications.
This is clearly an absurd accusation, as any evidence to this effect would instantly destroy Huawei as a credible provider of technology to the world. No such evidence has been presented, and most arguments to this effect have been on the level of conspiracy theory rather than presentation of facts.
It also speaks volumes that the US has not banned trade with China’s Lenovo, which acquired the IBM hardware business a few years ago, and the Motorola handset division more recently. Motorola is still perceived to be an American brand, while Huawei is perceived not just as the challenger brand it had been for some years, but in fact as an invader brand.
Can foreign policy be based on mere perception? In the case of the Trump administration, that tends to be the rule rather than the exception. And the perception is further clouded by the halo effect that surrounds Apple products in the USA. The iPhone makes up well over a third of all American smartphone sales. Typical iPhone users tend to be rather enthusiastic about their loyalty to the brand, to the extent that they are usually disparaging of any other brands.
Grudging respect for Samsung, which has been going head-to-head with Apple for much of this decade, does not extend to Huawei, which emerged seemingly from nowhere to become the world’s third biggest smartphone brand. Its current sales trajectory has it overtaking Apple very soon, and reaching the number one position by the end of the year. Until, that is, Donald Trump brought its momentum to a halt.
Again, why not ban Motorola and Lenovo in the same breath? The answer may well lie in the pathology of the Apple fanboy. American-born Motorola and Lenovo handsets pose no threat to Apple’s dominance of the US market, whereas the interloper, Huawei, is a fundamental threat. It is, therefore, the enemy, merely by virtue of its existence as serious competition when it is seen as having no right to compete with the likes of Apple. Trump is known to be an enthusiastic iPhone user, using two of the devices simultaneously, and would almost certainly buy into this mindset. That, in turn, makes it a natural kneejerk reaction simply to ban American companies from doing business with Huawei.
Whether this is merely idle speculation is beside the point. The ban also represents self-inflicted harm, which extends the pathology argument to an entire administration.
It will be a blow to both countries, symbolic of how a trade ban can hurt the country imposing the ban. It also casts a dark shadow over world trade, and is a shameful example of how trade wars wreck so much in their paths.
- Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee
Time for smart energy
South Africa is experiencing an energy crisis that requires the public and private sectors, along with households to work together. Fundamental to this is embracing innovative technology that provides more efficient ways of managing the country’s energy.
Riaan Graham, sales director for Ruckus Networks, sub-Saharan Africa, said: “With the number of connected devices expected to top more than 75 billion worldwide by 2025, the Internet of Things (IoT) can be considered an important tool in reaching this goal. Already, connected devices can be used to deliver smart energy that sees a more optimal use of resources.”
This approach relies on a smart grid of connected sensors pointing to areas where energy is wasted. In turn, the supply to these points can be allocated to higher priority areas resulting in a better use of resources.
Aiding this drive towards connected devices is government pushing towards the establishment of smart cities. These cities require a technological infrastructure built around various sensors connected to the internet to not only generate data, but control things as diverse as traffic lights, street lamps, and other electrical devices.
Graham said: “These smart cities enable lighting to be automatically switched off when not needed. Sensors on the connected devices will detect when people are on the street and turn it off or on accordingly. What might seem like a novelty, can make a massive difference in reducing energy waste.”
According to Kate Stubbs, director of business development and marketing at Interwaste, IoT is just part of how technology can be used to create a more efficient environment.
“South Africa produces an average 108 million tonnes of waste annually,” said Stubbs. “Of this, only 10 percent is recycled. There is significant potential to use this waste and convert it to energy. This is more than just the traditional way of viewing recycling. Instead, it is using technology to extract value out of waste through initiatives like refuse and waste-derived fuel.”
The first South African Refuse Derived Fuel (RDF) plant was launched in 2016 and not only aims to reduce landfill, but also the country’s carbon footprint. As the name suggests, the plant converts general, industrial, and municipal waste into an alternative fuel that is used in the cement industry.
Stubbs said: “Spin-off benefits of this plant includes the creation of additional employment opportunities and a reduction of South Africa’s greenhouse gas emissions. Waste management entails so much more than what many people think. But the key remains a combination of technology innovation and a willingness to use the resources generated by this.”
Graham agrees about the need to readily accept the innovation technology brings as the country is teetering on a significant energy disaster.
He said: “New technologies are critical in helping the countries and their cities of the future promote sustainable energy use. For example, Nairobi has introduced smart street lamps that use LED lighting saving money and resources on energy costs. These lamp poles also have Wi-Fi embedded in them that sees air quality probe sensors submitted vital data for city planners on where there are pollution hotspots.”
Stubbs feels these are good examples of how energy management approaches in the connected world need to be non-linear.
“The traditional ways of adopting technology, recycling, and managing energy must be seen as relics of the past,” she said. “Instead, we must all work together and readily embrace modern solutions or risk our country entering a new dark ages.”