Screen Shot 2017-06-16 at 08.02.09.pngThis week we witnessed Microsoft pick up the ball to patch legacy systems against ESTEEMAUDIT; a fileless malware campaign is targeting U.S. restaurants; researchers discovered a new malware that could have a destructive effect on a power grid's infrastructure.

 

 

 

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

Patch Tuesday

Microsoft patches legacy systems in hopes to prevent the next WannaCry style attack. 

Why is this significant?

  • WannaCry, a ransomware attack that took the form of a worm took down crucial servers, in more than 150 countries. WannaCry exploited a vulnerability in legacy and unpatched Windows systems.
  • Legacy systems are aging out for Microsoft, but there are thousands of critical servers powering organizations, such as the NHS
  • As a response to the threat, companies 0Patch and enSilo created an ESTEEMAUDIT patch that was also an NSA tool exploit, in hopes to prevent another worldwide attack.
  • Microsoft may be forced to keep maintaining these legacy systems as the threat amplifies just as they did for Wana Decryptor.

Read the full story on Bleeping Computer

Malware

Fileless malware slipped under the radar of most AV attempting to protect restaurants in the U.S.

Why is this significant?

  • Customized phishing emails that are tailored to the person receiving them, with an attached Word document that when opened, injects the malware.
  • Researchers are reporting that hacking group FIN7 are responsible for this campaign targeting U.S. restaurants.
  • “US restaurants would normally be detected by just about any AV program if the file was written to a hard drive. But because the file contents are piped into computer memory using PowerShell, the file wasn't visible to any of the 56 most widely used AV programs, according to a Virus Total query conducted earlier this month.”

//**enSilo's platform protects against fileless attacks out-of-the-box. Read how**//

Read the full story in Ars Technica

2. Targeted attacks delivered with malware are moving laterally through networks most likely hiding out at the kernel level.

 

Why is this significant?

  • “Crash Override”, as dubbed by researchers, is the second known malware that its sole purpose is to disrupt physical systems.  Targeted attacks delivered with malware are moving laterally through networks most likely hiding out at the kernel level.
  • Researchers claim that the Kiev power outage was a “dry run” and the attackers are testing a more destructive malware that could take down a power grid’s controls to have a cascading effect, physically destroying the multiple points in a power grid.
  • “But once Crash Override has infected Windows machines on a victim's network, researchers say, it automatically maps out control systems and locates target equipment. The program also records network logs that it can send back to its operators, to let them learn how those control systems function over time.”

Read the full story on Wired

//** enSilo protects against Crash Override out-of-the-box **/