ADVERTISEMENT

Transfer, Backup and Free Up iPhone Storage Fast with DearMob – 60% Off Running out of space on your iPhone? A 5-minute 4K HEVC video can take up to 1.25 GB! With DearMob iPhone Manager, quickly bulk-export your media, organized by folder, type, or date. Backup everything to your computer, ensuring your data safe, accessible, and fully in your control. Plus, enjoy features like custom ringtones, HEIC to JPG conversion, duplicate contact merging, and encrypted backups for added privacy. Get this easy, powerful iPhone tool at 60% off this Halloween!

ON SECURITY

By Susan Bradley • Comment about this article

When you use technology, one challenge is determining whether a vulnerability is actually being exploited.

This is especially important if you are holding back, delaying patches and updates until you can determine whether a bug has been fixed. This is one of my strategies in determining which update recommendations I will make.

I use many sources of information to help me make those decisions.

A key resource is the Cybersecurity and Infrastructure Security Agency (CISA) and its Known Exploited Vulnerabilities Catalog. When you study the catalog, you will notice that some of these vulnerabilities are quite old. Remarkably, attackers often use old exploits because large companies sometimes have line-of-business applications with restrictions on updating. In other words, the apps have perhaps not yet been updated with protections against those vulnerabilities. They make juicy targets. Attackers slither in and then lie in wait for the perfect opportunity to steal data or encrypt vital data to collect ransoms.

Consumers and small businesses are roadkill on the Internet superhighway. We aren’t directly targeted. Instead, we suffer when there is a large-scale attack, such as malware lurking on a website we wander into. Small businesses can also be impacted by attacks on their vendors. For example, if a managed service provider used by your company is compromised, the damage can extend in your direction. The attackers know that by going after a company, they can wreak havoc on its customers.

One update on the list of known exploited vulnerabilities is quite old. CVE-2024-30088, reported in June 2024, must be patched and installed no later than November 5, 2024. The vulnerability is listed as follows:

Microsoft Windows Kernel contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.

This bug arose through an exploit bug bounty program from Trend Micro. Called Zero Day Initiative, its spokesperson is none other than Dustin Childs, who used to be part of Microsoft’s Trustworthy Computing initiative and was the voice of Microsoft’s security webcasts back when they were open to the public. (Now these security webcasts are available only in the European area.) The Zero Day Initiative team offers researchers the ability to get bug bounties and responsibly report the vulnerabilities to the vendor.

In this case, the researcher determined that:

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

With many of the exploited vulnerabilities these days, it’s not just one bug that allows the attacker access — it’s multiple vulnerabilities. We no longer have worm-like attacks that move quickly across the Internet. Instead, the attackers gain entrance, typically via phishing, and then launch the attacks.

On October 30, Microsoft will host a webinar covering its latest Digital Defense Report. This annual report showcases some of the threats and risks that Redmond sees on the rise. Nation-state attacks once again targeted IT sectors but also increased attacks on Education and Research in order to gain entry and collect intelligence. (See Figure 1.)

Figure 1. Targeted business sectors Source: Microsoft Digital Defense Report 2024

Amazingly, the number of firms impacted by ransomware has decreased. The number of individual attacks has increased, if you look at all attacks impacting at least one device in the network. It appears that measures taken to limit lateral movement of harvesting matching local administrator passwords, such as the Local Administrator Password Solution, may be helping to limit exposure. Please note that the LAPS toolkit is for businesses using Active Directory and is not meant for peer-to-peer networks.

Attackers are pivoting from malware and phishing to impersonating legitimate services, such as fake tech support and ads. I’ve seen these types of scams for years. Given the decrease in quality of Microsoft support offerings, it’s my theory that these scams have increased because it’s hard to find good support options.

Depending on your license with Microsoft 365, you may be able to see the latest threats and attacks on Microsoft’s Intel Explorer page (Figure 1).

Figure 1. Intel Explorer under Threat Intelligence in Microsoft Defender

Now that Microsoft is also protecting Macintosh and Linux, it is also tracking vulnerability issues such as a recent attack against Ubuntu when used in ATM machines. This is a new Linux variant of the FASTCash “payment switch” malware, which North Korean hackers are using to execute unauthorized ATM cash withdrawals.

One thing is very clear: your username and password are your entry point into nearly all cloud services. If that is the single credential you use to log in, and you do not have a multifactor authentication to add a layer of protection, you will be targeted or impacted by the constant attacks on cloud identity services. As Microsoft notes in the new Digital Defense report:

Microsoft Entra data shows password-based attacks make up over 99% of the 600 million daily identity attacks. Over the past year, Microsoft blocked 7,000 password attacks per second, highlighting the persistent and pervasive nature of these threats.

You must have two-factor authentication to better protect yourself.

Businesses are also seeing increases in denial-of-service attacks. I’m seeing more and more websites adding Cloudflare or the slightly annoying CAPTCHA processes in order to keep the site from being bombarded by attacks and bots.

Despite Microsoft’s touting how wonderful AI will be, its own report showcases the bad:

Russia, Iran, China, and other nation states are increasingly incorporating AI-generated or enhanced content into their influence operations in search of greater productivity, efficiency, and audience engagement.

This clickbait is not limited to the election. You should always layer on a dose of skepticism whenever there is any sort of trending national or international news story. If there is a means for the attackers to gain advantage or gain more money from influencing a topic, you can pretty much guarantee they will. I do believe that one day we will have a banking future that indeed has some sort of digital currency, but the current scam nature of many crypto offerings leaves me concerned about the trends in crypto.

Microsoft states:

AI enhances security operations by improving threat detection, response speed, and incident analysis, providing defenders with significant advantages against sophisticated attacks and enabling more efficient management of cybersecurity operations.

I’m still a doubting Thomas. AI makes too many mistakes and jumps to too many erroneous conclusions. It still takes a human brain to look at the information gathered by AI to determine whether its conclusion is proper. As an example, try the AI-powered search engine Perplexity.ai. It provides the resources and links that Perplexity examined to come to its conclusion. It allows you, the human, to make the final say. Although Copilot shows sources, Perplexity is not tied to my operating system; in my limited use, I have found it more accurate.

A recent presentation by Ross Bevington from Microsoft, given at July’s Bsides Exeter conference, detailed a honeypot in Azure designed for the express purpose of targeting attackers and learning more about their techniques. For years, researchers have done this with any number of on-premises servers or Web-based properties to better determine what is attacking us. In a consumer setting, it’s hard to have a similar setup. You must rely on reports from antivirus vendors and Microsoft to know what sort of attacks are prevalent.

For consumers, often the recommendation is to use a VPN to better protect yourself from the prying eyes of your ISP. But a word of warning: Not all VPNs are created equally and many of them — especially the free ones — will track you just as much as (or more than) your ISP. In addition, I know that many VPNs assign you an IP address previously used in attacks by other attackers. You therefore inherit the reputation of the previous users of that IP address. So be careful when using VPNs. They are not a panacea.

When SSL is employed, ISPs can’t see what you are doing on websites. They can see which URLs you visit, but not what you do on those pages. The same thing is true with VPN services — they can see where you go, but not what you do.

I urge you to use a password-manager application, or at least write your passwords down. I do not store passwords in my browser but rather in my password-manager application that is protected by a two-factor app or key fob (depending on my needs).

Be cautious about your use of social media and how it’s designed to lure you into its platform. If you use social media to share family-and-friends photos and information, think carefully about how you want to share that information. It doesn’t have to be with the public — you can limit your posts to just your selected friends.

You’ll find that on any social media platform, the algorithm is designed to offer up to you what you interact with. So if you click on X, you’ll get more of X, whether you like it or not. More and more locations are taking action to limit or ban addictive social media from teens. I’d argue that even adults need a time-out to ensure they don’t get burned out by these platforms.

From nation-states to social media, they are out to get us. I promise to do my best to warn you about who’s out to get you!

Resources

Contribute your thoughts in this article’s forum!

Susan Bradley is the publisher of the AskWoody newsletters.

ADVERTISEMENT

Enjoying the newsletter? Become a PLUS member and get it all!
	Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice. PLUS, these exclusive benefits: Every article, delivered to your inbox Four bonus issues per year, with original content MS-DEFCON Alerts, delivered to your inbox MS-DEFCON Alerts available via TEXT message Special Plus Alerts, delivered to your inbox Access to the complete archive of nearly two decades of newsletters Identification as a Plus member in our popular forums No ads We’re supported by donations — choose any amount of $6 or more for a one-year membership.