Search This Blog

Showing posts with label Windows 7. Show all posts

FBI Warns About Using TeamViewer and Windows 7

 

The FBI issued this week a Private Industry Notification (PIN) caution to warn organizations about the dangers of utilizing obsolete Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes after the recent assaults on the Oldsmar water treatment plant's network where assailants attempted to raise levels of sodium hydroxide, by a factor of more than 100. The investigation into the occurrence uncovered that operators at the plant were utilizing obsolete Windows 7 systems and poor account passwords, and the desktop sharing software TeamViewer which was utilized by the assailants to penetrate the network of the plant. 

“The attempt on Friday was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems, Sheriff Bob Gualtieri said in an interview,” reported Reuters. 

The FBI alert doesn't explicitly advise associations to uninstall TeamViewer or some other sort of desktop sharing software but cautions that TeamViewer and other similar software can be abused if assailants gain access to employee account credentials or if remote access accounts, (for example, those utilized for Windows RDP access) are secured with frail passwords. 

Moreover, the FBI alert likewise cautions about the continued use of Windows 7, an operating system that has reached end-of-life a year ago, on January 14, 2020, an issue the FBI cautioned US organizations about a year ago. This part of the warning was incorporated in light of the fact that the Oldsmar water treatment plant was all the while utilizing Windows 7 systems on its network, as indicated by a report from the Massachusetts government. 

While there is no proof to suggest that the attackers abused Windows 7-explicit bugs, the FBI says that continuing to utilize the old operating system is risky as the OS is unsupported and doesn't get security updates, which presently leaves numerous systems exposed to assaults via newly discovered vulnerabilities. While the FBI cautions against the utilization of Windows 7 for valid reasons, numerous organizations and US federal and state agencies might not be able to do anything about it, barring a serious financial investment into modernizing IT foundation from upper management, something that is not expected at any point soon in many locations.

Windows 7 Remain Vulnerable to Blind TCP/IP Hijacking Attacks

 

Adam Zabrocki, a security researcher warned window operating system users regarding the susceptibilities of Windows 7 to blind TCP/IP hijacking attacks. Adam Zabrocki reported the vulnerability to Microsoft reported eight years ago.

Windows 7 was launched in the year 2009 and reached its end of life a year ago – which can be seen in users no longer receiving security updates. In 2008, Adam Zabrocki created a proof of concept of this venerable attack methodology with Windows XP as the target point. In 2012, a security researcher notified Microsoft regarding the same TCP/IP vulnerabilities that made the attack feasible in Windows 7 and all the subsequent versions. 

Microsoft only patched the bug in Windows 8 and considered the bug “very difficult” to be exploited. Nearly one in four PCs is still running on the old operating system and are potentially susceptible to form of cyber-attack. In 1994, Kevin Mitnick orchestrated the most infamous blind TCP/IP hijacking strike against the computer systems of Tsutomu Shimomura at the San Diego Supercomputer Centre on Christmas day. 

The impact of TCP/IP hijacking attacks is not as fatal as it was some years ago. If the threat actor can hijack any TCP/IP session which is established but the upper-layer structure properly executes encryption then the options of a threat actor are limited in terms of what they can do with it; with the assumption that the cyber attacker does not have the capability of generating encrypted messages.

However, one thing that persists is “widely deployed protocols which do not encrypt the traffic, e.g, FTP, SMTP, HTTP, DNS, IMAP, and more” that would allow a threat actor to “send any commands on behalf of the original client”, Zabrocki explained.

Packets containing IP header were sent to the victim’s user by Zabrocki to discover how many packets were sent to link each probe. This laid the path to a ‘covert channel’ via which Zabrocki could uncover the user IP and port, and sequence numbers for both users and server. 

Russian banks to face risk due to a cancellation of support for Windows 7


Termination of technical support for Windows 7 and Windows Server 2008 operating systems (OS) can become a serious problem for Russian banks. According to the architect of the Microsoft technology center in Russia, Ivan Budylin, now, banks are required to quickly switch to Windows 10, since working without technical support is contrary to information security requirements. He added that the lack of updates can lead to significant risks of data loss.

At the same time, according to the survey, credit institutions are not yet ready to completely abandon the old OS.

Some banks reported that they had signed an agreement with Microsoft for paid additional support for Windows 7 (EAS). However, the expert noted that paid support is not an alternative to updating the operating system, but a temporary measure.

A similar situation was already with the Windows XP operating system, which was not supported in 2017 but continued to be used. During WannaCry ransomware virus epidemic, some XP users faced a situation where the malware appeared on the computer, was blocked and deleted by the antivirus.
However, then the virus repeatedly tried to get into the computer again and was blocked again. This caused a huge load on the network, processor, and disk. The devices started working so slowly that it was almost impossible to do anything on them.

Therefore, experts recommended updating Windows 7 as soon as possible, even though antiviruses can protect an already unsupported system.

Yuri Brisov, a member of the Commission on legal support of the digital economy, said that by denying the ability to regularly and timely update systems, banks put their customers at risk, which is unacceptable.

According to Boris Yedidin, a lawyer and co-founder of Moscow Digital School, for using outdated programs and operating systems, banks can bring to administrative responsibility under the article “Violation of information protection rules”.

Recall that Microsoft has refused to support the Windows 7 operating system since January 14. The computer will work with the old OS, but the company does not provide technical support for any software updates, as well as security updates and fixes.

An Ex-Operating System Hit by an Exploit Found In Audio Files



A crypto-mining exploit attack, has as of late been discovered in Windows 7 , the ex-operating system which ceased to exist only a couple of days back as per the official announcement by Microsoft, hidden away in sound WAV records.

Ophir Harpaz and Daniel Goldberg, two security analysts at Guardicore Labs, have uncovered how a medium-sized medical tech sector business was attacked by cryptominers utilizing WAV audio files to muddle the malware.

While trying to exploit the EternalBlue vulnerability the attackers focused on the organization's system, running Windows 7 machines in December 2019. The EternalBlue exploit has been around for quite a few years now and was even behind the scandalous WannaCry attacks that hit the U.K. National Health Service (NHS) in 2017.

The Guardicore research journey started in October 2019, when a number of blue screens of death began coming up on Windows machines in the target network. Further investigations unveiled that over half of the system, some 800 endpoints, were getting to suspicious data in a registry key.

And soon enough the Guardicore researchers found a Monero crypto-mining module, utilizing steganography to hide within the audio WAV files.

Daniel Goldberg, a senior cybersecurity researcher at Guardicore Labs and one of the report authors, when asked to comment on the risk-level for those still running Windows 7 replied that, "The risks are crazy high to organizations facing this WAV-based attack if they are running a Windows 7 system after EoL. Before the quarter is over, there will be other vulnerabilities discovered in Windows 7 too that will not be fixed by Microsoft and will also be easy to exploit."

Further going on to describe the WAV-based attack threat to Windows 7 as being "like a hot knife through butter." 

Apart from updating to Windows 7 , whether there exists any other way for those who will not or cannot make a move away from Windows 7, Goldberg points out, "Segment machines you can't support away from the internet and the rest of your network, your old windows 7 machine running this critical but obsolete application should not be accessible from the internet, or most of the machines in your networks."

Additionally arguing that the best offense is a good defense, Terry Ray, senior vice-president and fellow at Imperva, a cyber-security software and services company, says, "Businesses must be responsible, and act in favor of their customers, who trust them with their information, by updating their systems, if not, they will face severe consequences which will come at a huge cost to the customer, and the future of the business. Simply put, don’t fall victim and instead, upgrade to up to date systems which generate regular security updates and have the right systems in place to deter attacks."