In this moment moment, a A ransomware attack affects hundreds of businesses across the United States. It seems that the incident is the result of the so-called attack on the supply chain; the hackers managed to push the malware on the victims through Kaseya’s legitimate IT management software. To make matters worse, REvil ransomware operators are hitting what are known as “managed service providers,” which provide IT infrastructure and support to companies that would rather leave such things to themselves. When hackers compromise SMEs, it is usually a quick deal to infect their customers as well, making the scale of this campaign “monumental,” according to one cybersecurity professional.
The seriousness of the REvil strike was almost enough to forget about a particularly bad week for Microsoft. Almost. In addition to several high-profile cyber security incidents, which we will discuss in more detail below, the company has found itself in its own controversy over which computers will be able to run Windows 11. The new operating system you will probably need a processor that came out a maximum of four years ago, which means that many of the devices you can currently purchase will not qualify. Not only that, but Microsoft has previously announced it will discontinue support for Windows 10 in 2025, meaning many users have only a few years before they will be forced to choose between completely losing security updates and buying a new computer – even if their current works perfectly well.
In other not-so-great Microsoft news, the same hackers are behind the devastating SolarWinds campaign they were found to have installed malware on the customer service employee’s device. Microsoft said three customers were affected by the hacking, although it is not clear who was stolen or what information was stolen. That should never come as a surprise Russians are spying cybernetically, but it is still alarming that they have managed to gain that level of access in a company that is as critical as Microsoft.
A separate group of Russian hackers was caught this week as well, creating problems. Intelligence agencies from the US and the UK have warned that this is notorious The Fancy Bear group tried to use brute force to enter hundreds of target networks. The technique is pretty basic; it just means throwing passwords into the account until one of them fails. This, however, does not make it any less worrying, especially since the campaign seems to be ongoing.
Lastly, browser extensions are convenient and fun, but they can also pose a security risk if you install incorrectly. Here’s our guide on how to discover which ones you should keep and which you should skip if you have privacy concerns (which, generally speaking, you should have).
And there is more. Every week we round up all WIRED security news that is not covered in detail. Click on the headlines to read the full stories and be sure.
If your big new idea could also serve as the opener of a techno-dystopian thriller, maybe it’s best to put that aside? Just the thought of unveiling this week’s Worldcoin project, which suggests a good and rational way to distribute the new cryptocurrency, is to sign people in via letting a basketball-sized ball scan their iris. The ultimate goal is to establish a kind of universal basic income, and the founders of Worldcoin emphasize that they scan the eyeballs with a large ball with the greatest concern for privacy. But considering the choice between looking at the crypto ball and no in doing so, we warmly recommend the latter.
A riot broke out in the Windows world this week, after an exploit of proof of a concept known as PrintNightmare leaked, effectively providing a hot zero-day vulnerability. PrintNightmare is serious, it allows remote code execution thanks to the lack of Windows Print Spooler. Almost as worrying as the exploitation itself is the apparent sloppiness that led to its release. In June, Microsoft released a patch for what appeared to be just this issue. But a Chinese cybersecurity company claimed this week that the problem was not fully resolved; shortly thereafter, two researchers from a separate Chinese company published the exploit code on GitHub, where it was quickly copied and distributed. While you’re waiting for a patch that actually works, you can disable Spooler printing – but then you won’t be able to print from the server. So, yes, a little mess!
Using a VPN is always a bit shitty; the best ones they have shown that they keep your browsing private as advertised, but there is often no way to know for sure. And there are VPNs that allegedly favor ransomware gangs to the point that an international consortium of law enforcement agencies completely removes them. This happened this week with DoubleVPN, whose domain and servers were seized by the Dutch national police and authorities from the US, Canada and elsewhere in Europe. In a statement, Europol said DoubleVPN was “used to compromise networks around the world”. They still have VPNs to choose from, of course, but anything that helps disrupt ransomware workflows – and potentially lead to identifying people using it – is a welcome development.
Security researchers warned this week that Chinese hackers were running a sophisticated phishing campaign posing as the Afghan president’s office in an attempt to pass malware to members of the National Security Council. The group used a Dropbox account to avoid raising suspicions as it dumped the data, and appears to be targeting other countries in Central Asia.
More great WIRE stories