Tag: Windows 10

Patches and Data Theft

Posted on by Greg Price in Articles
Greg Price

If you use a Windows-based computer, you are aware of Patch Tuesday and also the dark side of Windows patching. To say Microsoft’s patching process is riddled with issues would be a kind gesture.

The last several Windows 10 updates were buggy, and, in some instances catastrophic if installed. I often envision the Microsoft patching process as a game of whack-a-mole: one issue is addressed, another bursts onto the scene and the cycle seems to loop continuously.

In October 2019, Microsoft released a new update that was designed to remedy a printer driver issue from the previous update. However, many users encountered the nightmare for all Windows users: The Blue Screen of Death. If you’re not familiar with the Blue Screen, I’ll summarize. Your PC stops functioning completely.

In October, those who encountered the dreaded Blue Screen had to roll back their machines to a previous version of Windows, if they did so within ten days of installing the update. As usual, miscellaneous applications and settings had to be restored, but at least you could resurrect your PC.

Fast forward a few months and Microsoft did it again; an update is causing major problems for some.

The February Windows 10 update, KB4532693, contains almost 100 different bug fixes and some enhancements to improve user interaction, but there’s another problem lurking among the update.

Your data is deleted.

Yeah, you read that correctly, not a Blue Screen of Death, arguably, something worse. Reports from many Windows forums reveal that Windows 10 will sometimes fail to load user profiles correctly following the installation of the February update. As a result, personal files and settings disappear. Some researchers suggest the issue is related to the mechanism Windows uses to install the update. A temporary user profile is created by the update process and the profile isn’t waived, rather, Windows gets “stuck” in the temporary profile, resulting in loss of data to your other profiles.

In the forums that I reviewed, users who experienced the issue didn’t lose all data; however, in all instances when the error occurred, all files saved to the Desktop, custom wallpapers and icons vanish.

Microsoft hasn’t issued a response to the complaints, yet. However, Windows 10’s rollback feature appears to address the problem.

If you observe the issue, I suggest rolling back to the most previous working version of Windows 10. The steps follow.

Click the Start button and select settings. Go to “Update & Security”, then select Recovery. Under “Go back to the previous version of Windows 10”, choose “Get started”. Follow the instructions. Eventually the PC will prompt for a restart, and, your device should revert.

But, please note, Windows 10 can only rollback within a ten-day window following an update – if you miss the timeframe, the rollback option is no longer available.

For me, I advocate for keeping devices updated. It’s a solid method for securing a device against known vulnerabilities and ensures that you have the latest features and functionality. Microsoft’s poor history with updates is disconcerting. Many people are afraid to enable auto-updates due to the continued failures, more strikingly, large organizations fear Microsoft patches – the looming concern of “breaking” the business is a palpable anxiety.

I don’t know how Microsoft tests and manages quality for the patches. I recognize that their software is wildly popular and testing every permutation and application isn’t a reasonable expectation; however, exposing users to a seemingly incompetent process only erodes confidence and instills a reticence to staying current. In fact, Windows users often litter discussion forums with questions of “who’s done it”, hoping to find the poor soul who jumped before looking.

Let’s hope Microsoft recognizes that new features don’t outweigh reliable, safe operations.

Shifting gears, a bit, MGM Resorts recently announced a data breach. The breach occurred in July 2019, resulting in data compromise of nearly 11 million guests.

MGM didn’t specifically express the number of affected guests; however, a cybercrime monitoring firm offered that 10.6 million people had their information breached.

According to a statement from MGM Resorts, they discovered the breach last summer. The stolen data was stored in a cloud server. Among the data were basic “phone book information”. Apparently, names, email addresses, phone numbers and physical addresses were the main items stored in the cloud server. A much smaller number of guests’ driver license, military ID and passport information were exposed.

ZDNet revealed the personal information theft, indicating that it was accessible on a hacking forum. After the ZDNet report, MGM Resorts published a statement in which they acknowledged the event. The statement indicated that they hired two cybersecurity companies to assist in the investigation and pledged to upgrade the security systems.

MGM Resorts further stated, “We are confident that no financial, payment card or password data was involved in this matter.” MGM indicated they notified guests according to state data breach laws. Law enforcement is also working the incident, no indication of the cybercriminal was offered, and, no one has overtly issued claim to the breach.

Given that most state data breach notification laws do not require victims to be notified when the stolen information is limited to basic data, such as directory information, it’s likely that many of those affected have no idea their information exists among the breached data.

If you’ve stayed at an MGM Resort property recently, I suggest you follow basic fraud monitoring techniques; even though no financial data seems to exist among the data, we only know what has been released and stated. Taking a few precautions isn’t a bad idea.

Check your financial accounts for fraudulent activity. If you observe something odd, contact your financial services provider and seek a review. If you employ credit monitoring, check your credit reports. If you don’t, request a free report. Again, if you notice something peculiar, report it.

And lastly, consider changing your passwords. Despite the relatively low quality of the data, password guessing success increases as the volume of pertinent data increases.

Watch those patches and check your financial records. Be safe.

Ransomware Strikes Again

Posted on by Greg Price in Articles
Greg Price

Various Federal and cybersecurity advocates have released numerous announcements this year, highlighting the increase in ransomware attacks in the United States. Many of the notices indicate that the rise in ransomware attacks is directly related to attacks on enterprises: the large targets are paying substantial amounts of money to regain access to their data. And, as a result, the cybercriminals are expanding their “business”.

While the increase in attacks is likely correct, the troubling issue is the continued increase in successful attacks. The bad guys are winning and gathering financial gain in the process.

On November 18, Louisiana found itself, once again, in a painful situation. Ransomware struck the state networks and resulted in a decision to shutter various agencies in order to reduce the spread of the ransomware. The governor’s office indicated that the Departments of Health, Children and Family Services, Motor Vehicles, Transportation and Governor John Edwards were closed as a result of the attack.

The state’s cybersecurity response team was activated and moved quickly to contain the ransomware. Based on various reports, the team isolated the malware and began an aggressive server restore process.

A statement indicated that no data loss occurred and no ransom was paid.

Several researchers revealed that the attack was similar to one on Louisiana’s public school systems in July. The ransomware was a variant of the popular Ryuk malware.

The real story here is Louisiana’s response: no ransom payment. The team was able to contain the situation, and, due to a careful eye to proper backups, restored operations. The disruption may have been annoying, perhaps inconvenient, but the message was very clear: the disaster recovery plans worked. As a result, the bad guys’ efforts were wasted. Chalk one for the good guys and adhering to good computing hygiene.

As I’ve mentioned before, sometimes the best practice is a solid, tested defense. Louisiana could have poured millions of dollars into the latest shiny object or expensive consultants. Instead, they created a method for containing cyber attacks and built a strong cyber hygiene program, all of which are predicated on two things: updating software and following a rigorous backup routine.

So, speaking of updates, the would-be bad guys are actively impersonating Microsoft.

According to online reports, a spam campaign has been launched, offering a Windows 10 update.

The malware is disguised within the fake Windows 10 update, likely the Cyborg ransomware. When installed, instead of Windows 10, you will have a locked PC and a demand for ransom.

Given that Microsoft releases patches routinely and aggressively pushes the Windows 10 platform, impersonating a Windows 10 update is a clever way to trick users.

But, here’s the thing. Microsoft never announces updates or provides downloads to its software through email links.

What should you do if you receive one of the Microsoft Windows 10 update email messages?

Delete it. Don’t forward it, don’t preview it, don’t open with your mobile device. Just delete it.

Despite the increased attacks to large enterprises, the largest volume of successful ransomware attacks continue to occur with individual users and small businesses.

So, how do you build a solid defense to ransomware?

Start with some basic computer hygiene.

Pay attention to email, avoid opening unsolicited attachments, don’t click on emailed links. Additionally, stop sharing data via fistfuls of thumb drives. There are many efficient and secure methods for sharing files: consider Microsoft’s OneDrive, Google Drive, Dropbox, as examples.

Next, avoid running pirated, or, stolen software.

If you download files via torrent sites or enjoy “borrowing” software from pirated software sites, you’re not only likely breaking many laws, but, you’re exposing yourself to untrusted software, all of which could be loaded with malware. Use licensed software or download open source tools from trusted sites.

And, of course, keep your software updated.

Backup your files frequently and properly. Most modern devices include an online backup service – enable the service for your devices and review that all of your important files are backing up correctly.

Despite all of our efforts to have a good defense and adhere to best practices, there is still a chance that we all can fall victim to a scam and end up with an infected or broken device. Having your files backed up properly is the best way to avoid losing your data or having to run the risk of paying a hefty ransom.

As the holiday season approaches, the scammers will be more vibrant than ever. Below are a few items to help you increase your awareness and hygiene to avoid the most common of email scams.

First, be cautious, even paranoid with links.

Don’t click on email links, especially if you find the content questionable or suspicious. Hover over the link and see if the link’s actual address matches its display name. Also, open a web browser and visit the site directly: type the link into the browser and avoid clicking the link completely.

Second, watch for grammar and typographical issues.

Since the beginning of phishing and scam messages, typos and grammar problems have drawn attention to the legitimacy of the messages. Old, or, dated images often suggest problems as well. Reputable companies don’t send poorly-written inquiries.

Lastly, use multi-factor authentication.

If you fall victim to an impersonation attack and offer your credentials, at least with two-factor, you will have a parachute, of sorts. If two-factor is available use it and pay close attention to the requests you receive for the second form of verification. If you receive one and you didn’t initiate the request, don’t approve it.
Pay attention to the basics and enjoy a safer computing experience.

Be safe.