A macro is a small piece of code that runs within a software program such as Microsoft Word or Excel, and is normally used to automate common or repetitive tasks. Macro malware is the practice of hiding a virus in a macro code and enticing unsuspecting users into downloading a Word or Excel file and running the macro script within, which then will download a virus, malware or even ransomware onto that person’s PC. Macro malware was common during the 1990s, but lapsed in popularity through most of the 21st century as increasingly savvy PC users learned how to spot the spam or phishing emails that delivered them, which were often riddled with typos. Nowadays, however, macro malware is seeing a big return due to two factors – Phishing emails are becoming increasingly sophisticated and no longer have obvious typos in them, and ransomware – a very profitable form of malware for criminals – can be easily downloaded via a macro, leading to entire networks being encrypted and held to ransom. It is now critical that all users understand the threats that macro malware can pose, particularly to their organisation, and learn how to spot the attacks before it’s too late.
Credential Stuffing is a common practice in cyber crime where a hacker or cyber criminal gains access to a user’s email addresses and password, and proceeds to try that password against other accounts/services belonging to that individual. This is performed based on the knowledge that users often reuse the same passwords between different accounts/services, albeit sometimes with slight variations.
This is a highly effective means of attack, as users may change passwords for services that they are aware have been breached, but may not think to change that password where it is in use on other accounts. Credential stuffing is also commonly used when attempting to commit identity theft against a user.
It is highly recommended that all users do not reuse passwords between services, and to use a password manager if required to help them remember distinct, secure passwords.
GDPR is coming. Rapidly, as it so happens, and at the time of writing there is just over 6 months to go until the 25th May 2018 deadline for compliance. Since the GDPR was adopted by the EU in 2016, businesses have been trying their best to understand the impending data protection regulation and, ultimately, ensure they are compliant. The GDPR is no straight-forward matter, though, as much of the phrasing is purposely vague to allow for possible technological advances, and to ensure that the regulation itself does not become obsolete in the near future. The idea is that if the GDPR specified which technologies were to be employed by a business in order to safeguard its data, it may be superseded by new technologies – thus reducing the effectiveness of the regulation. A key GDPR requirement, under Article 32, states that data controllers and processors are required to “implement appropriate technical and organizational measures” taking into account “the state of the art and the costs of implementation” and “the nature, scope, context, and purposes of the processing”. But what exactly does state of the art mean?
The EU has specifically worded some GDPR requirements in a vague manner, to ‘future-proof’ them from technological advances
Traditionally, cyber security has been seen as an IT department’s problem. They make sure everyone has antivirus on their PCs and take care of the firewall – and as long as they’re doing it right, then everyone else is safe… right? This has lulled users and business owners into a false sense of security of late, believing that cyber security simply isn’t their area or that it’s not in their job description. However, this attitude is now being taken advantage of in a big way by cyber criminals, who have discovered that individual users are much easier to target and deceive. As a result, users often takes actions which inadvertently allows the hackers to bypass the IT security systems. Traditional antivirus is dead, and even more advanced next-generation antivirus simply can’t stop the most deadly attacks. Now, everyone in an organisation has a part to play in keeping it secure, from the bottom all the way up to the CEO.
Hackers are now finding it easier to target regular users, who often lack cyber security training, than to try and bypass complex technical measures put in place by IT
In May of this year, the world was shook by a global ransomware attack, the now-infamous WannaCry, which is believed to have affected more than 400,000 machines. It shook the world, crippling business big and small across a wide variety of industries. It utilised a vulnerability in the outdated Windows protocol Server Message Block (SMB) v1, and Microsoft even developed a patch for Windows XP to help defend against it. How could such an attack have caught so many organisations off guard? Well, lack of patching, cited the experts, and lack of security awareness on behalf of their employees. Patch your machines now, train your staff, and you’ll be OK going forward. Then, the following month, it happened again – the world was hit by NotPetya, a ransomware strain believed to have infected a further 250,000 machines around the world. It’s worth noting that both attacks managed to affect PCs in Ireland, and that the second of the two major attacks could have been prevented if these companies had taken appropriate measures following WannaCry.
BadRabbit is the latest in a streak of mass-ransomware attacks this year, and may have been unleashed by the creators of NotPetya
As of this week, yet another strain of mass-ransomware is out in the wild, which has been dubbed BadRabbit. While it doesn’t utilise the same vulnerability as the previous two infections, its modus operandi is very similar in that it relies on both the SMB v1 protocol (which is largely defunct in 2017) and heavy use of social engineering to trick employees into clicking their malicious links. It’s an epidemic, and too few companies are learning the lessons that the cyber and business communities have gleaned from these attacks.