40+ Different Device Drivers Found to Have Malware Security Flaw

The scope and extensiveness of malware risks for computing devices is more pronounced than ever before, and that’s pretty much the story from one month to the next these days. At a recent security conference in Las Vegas, the Eclypsium security research team announced they had dug up some serious security flaws in at least 40 device drivers from 20 different vendors. These vulnerabilities could increase the likelihood of devices being infected by malware.

While this type of development in itself is nothing out of the ordinary, what makes it noteworthy is the sheer number of different drivers that may be affected. Here at 4GoodHosting, we’re like any other reputable Canadian web hosting provider in that we strive to make our customers aware of risks to their digital security when they arise. When one is as potentially far reaching as this one, we’re almost always going to make some sort of announcement regarding it.

The Latest

The research team’s report is stating that this malware targets system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component. By doing so what the attackers have done is take the same tools used to manage a system and then turn them into powerful threats that can escalate quickly on the host.

Once the driver is infected it then provides the attacker with optimized access for means of launching malicious actions within all versions of Windows, and Windows Kernel most notably.

Do note that all these affected drivers are ones certified by Microsoft:

  • American Megatrends International (AMI)
  • ASRock
  • ASUSTeK Computer
  • ATI Technologies (AMD)
  • Biostar
  • EVGA
  • Getac
  • GIGABYTE
  • Huawei
  • Insyde
  • Intel
  • Micro-Star International (MSI)
  • NVIDIA
  • Phoenix Technologies
  • Realtek Semiconductor
  • SuperMicro
  • Toshiba

The Why

All of this is related to a specific design flaw in Windows device drivers. They have a functionality that can be taken advantage of to perform a read/write of sensitive resources without being restricted by Microsoft. Some are suggesting that bad coding practices are to blame for this, and while that can’t be substantiated it is true that there is a more pressing need for better ones these days and older work can be suspect.

At present, the understanding is that Microsoft will be using its HVCI (Hypervisor-enforced Code Integrity) capability to create a blacklist of drivers that are reported to them. The only problem there is that the HVCI feature is only available with 7th gen Intel CPUs along with newer processors only. The situation for older operating systems would be the need for manual installation, and this would also be true for newer ones where HVCI can’t be enabled.

Microsoft is now recommending that its users work with Windows Defender Application Control or turn on memory integrity for supported devices in Windows Security. This should block malware in software and drivers.

The Motivation for Developing Malware

Many people ask what exactly is in it for these malware developers to spend as much time as they do creating this infections and releasing them onto the world. Not sure there’s a clear answer to that, but it’s a good question. After all, people will assume that there’s nothing really to be gained by creating malware other than perhaps an individual sense of deranged satisfaction in messing with people and businesses.

This would be an incorrect assumption, however. The truth is that these people go to the effort to make malware because there’s money in it. For example, a botnet; a network of thousands – or even hundreds of thousands – of computers belonging to everyday people that have been infected with software that usually work to send out LOTS of spam.

Once a botnet network is established then it can be rented by individuals and organizations who want to send out spam promoting whatever it is they want promoted. Botnet owners make money, and same goes for keyloggers – they capture usernames and passwords and sell this information to whoever would like it and for whatever purpose.

These are just 2 examples of many. Long story short, the reason there’s people working to make malware is because – strangely enough – it’s profitable in one way or another.

Understanding Smart Contracts, and Their Relation to Blockchain & Bitcoin

It seems Bitcoin and all the hubbub about cryptocurrency is ‘back on’ now, and there’s a renewed general interest in mining for digital currency. The one takeaway anyone who’s developing an interest in this should take is that this is not a way to get rich quick, and that bitcoin mining is much more labour-intensive than you think. Blockchain technology is integrally important to managing cryptocurrencies, so f you’re still not dissuaded and you’d like to start amassing cryptocurrency for yourself then you’re encouraged to read on.

Here at 4GoodHosting, we join every other Canadian web hosting provider in understanding the way many of our customers have real interest in taking advantage of everything that’s there for discovery in the digital world. It’s likely more than a few are taking more than a passing interest in cryptocurrency mining, so today we’ll share some information these folks are going to find valuable.

Smart contracts have the potential to be one of the most useful tools associated with blockchain, and it’s almost certain that they’re going to take off right along the cryptocurrencies they’re designed to manage. So what exactly are smart contracts then?

No Administration Required

Smart contracts are self-executing, business automation applications that run on a decentralized network, such as blockchain. The appeal of them is specifically in the way they’re able to remove administrative overhead. Indeed, smart contracts are one of most attractive features associated with blockchain technology. Blockchain functions as a database, and confirms that transactions have taken place, while smart contracts execute pre-determined conditions at the same time. They’re not unlike a when a computer executes on “if/then,” or conditional, in programming.

The way all of this works is once certain conditions of a smart contract are met – and related to our discussion here that’ll be two parties agreeing to an exchange in cryptocurrency – they can automate the transfer of bitcoin, fiat money, or the receipt of a shipment of goods that makes it possible for them to continue on their journey.

The workings of that will reveal a blockchain ledger that stores the state of the smart contract.

Tokens and Smart Contracts

The different applications for smart contracts are pretty much endless. Let’s take the insurance industry; an insurance company could use smart contracts to automate the release of claim money paid out for events like large-scale floods, hurricanes or droughts. Another example would be when a cargo shipment enters a port and IoT sensors inside the container relay a confirmation that the contents have been unopened and stored properly along the entirety of the journey.

This means a bill of lading can then be issued without any manual – and time consuming – inspection of the goods being required.

As mentioned, smart contracts are also now creating the basis for the transferring of cryptocurrency and digital tokens. Which function as a representation of a physical asset or utility. The best-known example these days is Ethereum blockchain’s ERC-20 and ERC-721 tokens. Both are smart contracts.

However, don’t think all smart contracts are tokens. It’s possible to have smart contracts running on Ethereum that trigger an action based on a condition without an ERC-20 or ERC-721 being involved.

How Smart Contracts Mimic Business Rules

For all intents and purposes, smart contracts are business rules translated into software. If you compare them to business rules automation software or stored procedures, smart contracts can support automating processes stretching across corporate boundaries and involving multiple organizations in ways the automation software can’t.

The major functional difference is that rules can be applied not only within the corporation that coded the smart contract, but to other business partners approved to be on the blockchain.

Importance of Good Data, and ‘Oracles’ in Smart Contracts

Smart contracts are great, but each one is only as good as the rules that dictate its automating processes. Quality programming is crucial, as is the accuracy of the data fed into a smart contract. The nature of smart contract rules make it so that once they’re in place, they can’t be altered in any way. After a contract is written, no on – not even the programmer – can change it.

If it tuns out that the data isn’t true – and being on a blockchain doesn’t necessarily make it so that it is – the smart contract will be unable to work properly.

Why is this? Well, data fed into blockchains and used for smart contract execution is sourced externally, and from data feeds and APIs most notably – a blockchain is not able to ‘fetch’ data directly. Real-time data feeds for blockchains are referred to as oracles.

Little Disputability with Smart Contract Data

Oracles have traditionally transmitted data from a single source, and as such there is no data that’s entirely trustworthy. It can be benignly or maliciously corrupted due to faulty web sites, cheating service providers, or even by unintentional mistakes.

The way regular contracts function today can be problematic. This is because one party may perform a task, but after that the other party may decide not to pay, or there may be assumptions made by one of the parties about complexities of the contract that may not even be true.

The issue here is that those contracts are not rigorously enforceable, but smart contracts are. A smart contract is deterministic, and can absolutely be enforced as long as the events related to its contractual clauses happen.

Edge Computing, IoT and future of Smart Contracts

Within the next 5 to 7 years we should see a massive growth in IoT connected devices spurring greater use of smart contracts. It’s projected that the majority of the estimated 46 billion industrial and enterprise devices connected in 2023 will be dependent on edge computing. Addressing standardization and deployment issues will be crucial.

How smart contracts will benefit here is by offering a standardized method for accelerating data exchange and enabling processes between IoT devices. Essentially they’ll be removing the middleman – the server or cloud service that acts as the central communication spoke for requests and other traffic among IoT devices on a network.

Add this to blockchain ledgers decreasing the time required to complete IoT device information exchange and processing time, and the collective promise between both technologies becoming prominent is something to definitely keep an eye on. With the focus on process efficiency, supply chain and logistics opportunities smart contracts will almost certainly become more ubiquitous in the years ahead.

3 Million Malwares Across Android Last Year in N. America

Just a few weeks back we were sharing with you how WhatsApp was recommending users reinstall their app because of it being hacked. Hopefully those of you that use it have already done so, and if you have then you’re probably good to go with instant messaging for the foreseeable future. It turns out however that the problem of hacks, infection, malware and more is a lot more extensive than just one app and one operating system.

A quality Canadian web hosting provider is going to be one that appreciates the full extent of just how much digital connectiveness is important to people, and here at 4GoodHosting we have a front row seat to see the way mobile web browsing has pulled away from desktop in as far as being the means of choice for people. It all points to one well-understood reality; we’re turning to our mobile devices for more and more of everything that we do during the day.

A good many of us (myself included) have Android phones, and that’s why recent news from Quick Heal Security Labs is really undeniable when it comes to highlighting the extent of the cyber-attack problem for Android users in nor. And that is that apparently over 3 million malware were detected on Android OS in 2018.

Big Number, Big Problem

We can paint a picture of the severity of this best by sharing some numbers:

  • 3,059 malware infections per day, working out to 2 every minute across the country for Android devices
  • 1,786 adware infections per day, equally 1 per minute
  • 4,670 PUAs per day, and that’s 3 per minute

Yes, there’s an awful lot of smartphones out there, and a good many of them are going to have an Android OS. Those numbers are still fairly staggering though, and it really does put the problem in some perspective. And what’s interesting is that despite the rapid rise in cyberattacks on mobile devices, cyber security experts say device owners aren’t taking this as seriously as they should be.

Serious Business

Experts state that there will be a significant rise in mobile-focused malware and banking trojans, and another major mobile-based threat expected to be coming more to the forefront involves malicious code being introduced into clean-owned applications post update. Further, it would seem that this is more likely to take place once the download count reaches a certain landmark with the Google Play Store, according to the same report from Quick Heal.

Earlier this year a test was performed to check the efficiency of Android antivirus apps from Google Play. 250 apps were tested, and the results weren’t agreeable – more than two thirds failed to come back with a malware-block rate of 30% or better. Also turned out to be true that less than 1 in 10 of the apps tested were not able to defend against all the 2,000 malicious apps.

Not All Antiviruses the Same

There is no shortage of cheap and free antivirus apps accessible for consumers these days, but the reality is that only a few of those provide sufficiently powerful shielding against cyber threats. It’s important to validate the effectiveness of any you might be considering. There’s plenty of information on the web about them and quality reviews from knowledgeable people, so we’ll stay away from that topic here today and look at the most prevalent of these Android malwares being seen.

Top Android Malware for 2018

It seems the most common infection was with one called Android.Agent.GEN14722, which made its way into some 100,000 smartphones around the world last year. That’s just for the year though, overall and looking at it long-term, another two called Android.Agent.A1a92 and Android.Gmobi.A are the most prevalent malware found on mobile devices worldwide.

Other notables:

  • Umpay.GEN14924 at 25% of the total amount
  • MobileTrack.Gen7151 at 10%
  • Smreg.DA at 8%
  • Agent.DC6fb8 at 8%
  • Airpush.J at 7%

There were also function predispositions and focuses seen with these malware. Many aim to attack social media accounts for malicious purposes (like the Spyware bug that WhatsApp had recently), while others are geared to be invisible after installation and then display full-screen ads to users and earn revenue.

There’s also the FakeApp trick, which increases the number of sponsored app download counts and reviews. That’s clearly not as evil, but still something that people won’t be welcoming of in the slightest. Lastly, some activate by means of PDF attachments sent via phishing emails to launch malware on the device.

Be Proactive in Protecting Yourself

As mentioned, the right anti-malware for Android mobile devices is becoming more and more of a necessity, and especially so as it’s unlikely we’re going to see a decrease in the number of these malware threats that are emerging. This is especially true as each Android phone has a camera, speaker and a location tracker that quickly collects data from every place the consumer goes. When users are not aware about having this malware, the way they go about their day-to-day just the same as always puts their online privacy and sensitive data at risk.

AV apps that come from genuine security vendors are your best choice, as they regularly release updated versions to protect the users from the latest threats. These may come at a cost, but if you’ve got an understanding of just how pervasive this problem is then you should be okay with paying a little something for the security of your phone.

And yes, iOS is not immune to these problems either, although it may be true that the numbers attached to it might not be so massive as they seem to be for Android.

Major Security Hack Means It’s Time to Update or Re-Install WhatsApp

WhatsApp is one of the most ubiquitous and popular instant messenger apps these days, and it’s fair to say that there’s likely hundreds of thousands of people who have it installed on their smartphone and make frequent use of it. Well, no one’s about to tell you should stop doing so if you’re one of them, but it turns out that you may want to update it manually now – or perhaps even better delete and re-install it – due to recent developments that have just now gotten out into the media.

Part of being a good Canadian web hosting provider is giving clients a heads up on such developments, and that describes 4GoodHosting to a tee if we may say so ourselves. Often times these sorts of things aren’t quite ‘newsworthy’ in that sense, but again considering how common WhatsApp is these days we decided to make it our topic for the week.

Right then. So, despite encrypting every conversation and following best security practices, WhatsApp (which is owned by Facebook for those of you who care about those things) it seems has been the victim of a cyber attack.

It recently announced that it found a vulnerability that was allowing shady types to infect WhatsApp users with spyware when they made – or even attempted to make – a call using the app.

No Answer – No Problem

Now most people aren’t ones to take notes of character and number chains, but it would seem this this WhatsApp vulnerability is going by CVE-2019-3568. What makes it especially noteworthy is that it allows attackers to infect the device, and have success doing so even if the user at the other end receiving the call didn’t answer it.

The means by which these nefarious individuals did this was by exploiting a buffer overflow weakness in the app, one that enables them to hack into WhatsApp before doing the same on the device running the app.

When asked about it, the security team at WhatsApp chose to refer to it as an ‘advanced cyber actor’ – a rare but very dangerous type of cyberattack. It is different from other malware attacks that are done with the more standard ‘phishing’ approaches. If it were of a more ordinary version of this type, the phishing nature of it would mean that the individual on the other end would need to answer the call in order for the infection to be complete.

As mentioned, however, attackers can use spyware to exploit the devices – even if the users don’t receive the call.

Right, onto the potential repercussions of any such attack. They can result in cybercriminals gaining access to personal data stored on the phone. Further, it could allow them to modify things or lock the mobile before demanding a ransom from the users.

If you’re reading this and you’ve yet to receive any ransom notes for a unexplainably locked device or any other similar red flag, you’re likely okay but you should go ahead and delete and reinstall WhatsApp. Interestingly enough, I just got a new Android phone the other day and so I was installing WhatsApp quite literally at the same time I was reading this news. So unless you’re in a similar scenario, you should definitely be looking for an available update at the very least (and make sure it’s a very recent one)

These WhatsApp versions were vulnerable to the spyware attack:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Tizen prior to v2.18.15

Go Get ‘Em

It’s been reported that WhatsApp responded to the attack without delay and said the only became aware of the vulnerability some time earlier this month. Within 10 days of realizing the breach, WhatsApp released a server-side fix to mitigate the attack. It’s understood, however, that many WhatsApp users were already potentially exposed to the attack before the fix was issued.

In addition, WhatsApp is also releasing an update to the mobile app as of today (Monday, May 20th) that should help squash similar cyber attacks for the foreseeable future. Along with the patch they have asked all users to update the app to the latest version while also ensuring their operating system is equally as updated.

Off you go and update your WhatsApp if it’s part of the indispensable array of apps you use on your device day in and out.