Patch Lady – 31 days of Paranoia – Day 14

Topic

New Reply

If you have a bit of time on your hands, take a stroll through the FBI’s most wanted for Cyber security attacks.  You’ll find Russian hackers targetin
[See the full post at: Patch Lady – 31 days of Paranoia – Day 14]

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

Elly, SueW, HiFlyer, GreatAndPowerfulTech, woody

Reply | Quote

Replies

Oh, Lovely Eternal Blue. I learned about that exploit from a Malwarebyte’s Newsletter talking about another possibly nastier uses of that Exploit, Emotet. Links

https://en.wikipedia.org/wiki/EternalBlue

https://blog.malwarebytes.com/cybercrime/2018/09/emotet-rise-heavy-spam-campaign

https://blog.malwarebytes.com/detections/trojan-emotet

https://blog.comodo.com/comodo-news/new-immense-attack-emotet-trojan-targeted-thousands-users/

https://securityintelligence.com/news/emotet-trojan-uses-complex-modules-to-evade-standard-protection/

https://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/

https://https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010/kb/en-us/127218

Why I bring this up? Because it is easy to avoid be detected by antivirus scanners.

From the last link:

IMPORTANT: Emotet is a very advanced polymorphic network worm that has multiple ways to avoid detection. Stopping this worm requires every machine on an infected network to be protected with Anti-Virus, it is also critical that you are following best practice advice. Specifically, you must have Behavior Monitoring (HIPS) enabled including the Detect malicious traffic option also enabled.

The Best Protection from this is simple. Even though it currently MS-DEFCON -1, IMO if you are missing the Patch for this Exploit, get Patched now!

Reply | Quote

There is an Emotet topic in Code Red – Security Advisories, from July.

1 user thanked author for this post.

Elly

Reply | Quote

I know a lot of effort/focus right now is on fixing actual problems caused by 1809 upgrade, Win 7 problems and OS update hassles in general but Susan you touch on a point that I feel will come to be seen as very damaging re. patching for general computing security. That is Microsoft putting a wrecking ball through the “check for updates and keep your software up to date” ethos. It was spreading and people were getting the message that patching is “a good thing”. For their own selfish reasons Microsoft have subverted the purpose/effect of the check for updates button and washed away any trust in it.

That ripples outwards and in the general consciousness, and not just as regards Windows, becomes “getting updates can cause problems – so don’t”. That is a bad message to give.

UKBrianC

Reply | Quote