Evan Williams, co-founder of Twitter become the latest victim of hacking ! His account was hacked on Wednesday. A middle east based group called OurMine took the responsibility. Some other high profile people’s account also been hacked recently.
Writer – Rubayat M.
What is zero-day attack or exploit
“Zero-day attack” We all heard about this. This is a flaw in the software that might be used by someone to commit an unauthorized act on a computer. Because of the name – it can be little difficult to understand the concept. Let me explain the problem with an example –
“Every once in a while, you log in to your secured online bank account to pay some bills or say to check your balance. But you didn’t know that there is a security flaw in your bank’s online system. Then one day this security flaw is discovered. Soon as this flaw becomes a public knowledge – bad people start working to take advantage of this flaw to steal your money. Now your bank’s software developers needs to find a solution to fix this issue by the end of the day.
The reason that this problem is called “zero-day”, because once the flaw becomes public knowledge, the developers has practically “zero days or 0 days“ to find a solution. “
How this can happen
Till today softwares are written by human being. Some times an unintentional error-in-code can remain in the algorithm and can be overlooked by the software developer. After the development – every software goes through a series of testing before it goes for public use. These tests are done either by a human being or by a “software testing software”.
Some times the “unintentional error-in-code” never get caught in the testing phase. Then this “unintentional error-in-code” becomes a “flaw in the software”. This flaw remains unknown to the software developer, testers and even to users. Eventually this flaw becomes a “security hole”. And that is when Zero-day attack happens.
Why this is a problem
In a nutshell ‘zero-day attack’ is an unknown flaw in the software. Due to the nature of this problem –
Any attacker can attack any system in any time. A seasoned attacker can cause serious damage to data, computer programs.
Even a standard antivirus software may not be able detect a zero-day virus .
This is also very effective against any secured or “well protected” network. In most cases the attack remains undetected for days.
Detection – the bug hunters
There are individual groups and companies working on this issues. Here is some of them
The Good Force : Google has a security team called Project Zero. Members of this team, test vulnerability in softwares developed by Google and by other companies. When they detect anything – Project Zero team inform the software maker. Then made this information public once a patch has been released by the makers.
Antivirus maker companies also test for vulnerability in softwares.
The Dark Force : People with bad intention or ‘the bad guys’ – also look for vulnerability in softwares, developed by different companies. Difference between the good force and dark force are – the dark force do not inform the software developer about the security holes, instead they try to exploit the situation.
Protection
Zero-day attacks are usually unknown to the users. In reality there is no good protection against this. So users needs to develop safe-computing habit. Examples of safe-computing habits are –
1. Stay informed. Beware of scams, try reading some security news every day.
2. Dont use the same password for everything.
3. Try not to use open or unsecured wifi network.Your data can be intercepted while in transit.
4. Read the description and company review before install or download any software or apps.
4. Scan your computer regularly for spyware and make sure your operating system has the latest updates.
5. Finally backup…backup…backup…backup…everything.
Writer – Rubayat M.
What is it
Ransomware is a malware. What is does is hijack computer, encrypt its file system and then demand payment in exchange for the decryption or unlock key to its owner. It was a popular subject around the people who worked in the computer security sector – until recently this “bug” bites the mainstream news. A well-known hospital in California – Hollywood Presbyterian Medical Center had to paid $17,000 as ransom money in order to get their service restored.
Why it matters
Ransomware can attack any computer system – from someone’s personal computer to business computer. If not handle properly – computer owner can lost their data. And if business computer get infected then business can lose data and money . In the case of Hollywood Presbyterian Medical Center, human life was in risk as patient’s medical report was not accessible by the doctor. And the hospital authority had to pay money in order to restore their normal operation.
This particular bug is getting sophisticated every day and attacking new computer systems. Anybody can be its next victim.
List of computer system it attacked
Microsoft Windows – the most common operating system that get attacked by ransomware.
Mac OS – Very few incident but numbers are increasing due to growing popularity of Mac. In July 2013, an OS X ransomware was identified. Although this was not a typical ransomware attack and was not able to encrypt the files.
Mobile device(android, i-os, BB, windows)-Mobile devices has auto backup option. User’s data is backed up in the devices cloud storage. Even if the mobile devices got attacked by ransomware – users can always get the original content back from the cloud. So ransomeware attacker cannot make money from this.
How to get protection
Advanced preparation is the best defense. Zero day vulnerability is a well-known term in the world of computer security. Zero day vulnerability refers to a hole in the software that is unknown to the vendor or the owner.
Large business organizations have layers of protection like firewalls, anti-virus, intrusion detection, web monitoring and will most likely stop the attack before it hit the computers in the network. Most of these organizations use thin client and perform back up on a regular basis. So even if there is any attack, organizations can restore their service shortly.
Most personal computer users do not have large organization like computer network. So it is easy to attack these systems. Here are few steps that can be taken –
Step 1 : Backup…backup…back up…your data – either in an external hard drive or in cloud based system.
Step 2 : Update your operating system’s system file. So your operating system will have the latest patch.
Step 3 : Install a good security software. If needed – pay for it.
Step 4 : If you have a home network – with Wi-Fi capability – please beef up your Wi-Fi security.
Step 5 : Avoid using unknown or open Wi-fi connection. This is one of the most common ways of getting infected with malware.
The Next Level
The people behind the ransomware is updating their tools regularly. In 2015 the group started ransomware-as-a-service and was hosted on the tor network. The group start using virtual currencies like bit coins for payments. This will help newer cyber criminals to use the tools and attack unsuspecting user.
New horizon for ransomware is the cloud storage and mobile devices. This means android, ios, blackberry, windows and other systems are in security risk.
December 2014, one financial company’s website was compromise. First a general website out of service message was displaying in the website. Then the financial company received a ransom note. Company’s database was encrypted by the ransonmware attacker. One security company was able to retrieve the encryption key and was able put the service back again. This type of attack is on the rise.
** as a service – primary application is hosted centrally. Client use a standard web browser to access the service. Primary application is maintained by the application developer.
Perpetrator
No specific groups have not been identified yet as perpetrator. The people or groups behind the common ransomware campaigns are going for quick money and targeting mostly the people or organizations of rich countries. In August 2012 FBI issued a warning message about ransomware on their website.
Warning link – https://www.fbi.gov/news/stories/2012/august/new-internet-scam/new-internet-scam
Final thought
No security or operating system is 100% foolproof. So nothing can give us complete security. Staying alert is the best action that we can take.
Writer – Rubayat M.
