Friday, December 23, 2016

Russian Hackers Exploit a Windows Flaw

Russian Hackers Exploit a Windows Flaw
We’ve heard a lot lately about Russian hackers. The CIA and the FBI said they were responsible for many of the election hacks. But how are they doing it? It’s suspected that the Russian hackers exploit a Windows flaw, as well as one in Adobe Flash. Our security experts at Cadamier Network Security in Denver stay on top of these concerns so we can protect our clients against hacking.

According to a CIO-Today article, Microsoft reported that a group they call Stronium has been linked to the Russian state-sponsored hacking and specifically the theft of Democratic National Committee emails during the election, and was behind recent cyberattacks targeting Windows users.

Microsoft security researchers didn’t directly connect Stronium to Russian state hacking, but the hacking group is also known in the security community as Fancy Bear or APT 28 and has been linked by others to Russian state hacking.

The Redmond company has identified a hacking campaign that exploited previously unknown vulnerabilities in Microsoft's Windows operating system and Adobe's Flash in a bold attempt to gain control of computers. The group behind the attacks are thought to have targeted a specific set of customers, according to Microsoft who would not identify the victims of the hack.

Microsoft has been relatively quiet, releasing only a blog post detailing the attacks. In November, Microsoft hustled to fix the Windows vulnerability in a patch. Adobe patched its flaw in Flash in October.

U.S. intelligence agencies are accusing Russia of hacking American political sites to try to interfere with the U.S. presidential election. After the DNC was hacked and 20,000 emails were stolen and released by WikiLeaks, they hired CrowdStrike, a cybersecurity firm. CrowdStrike confirmed Stronium was among the intruders into the DNC's computer systems. The group's cyber theft was thought to fit the pattern of Russian state-sponsored hacking, according to CrowdStrike.

Microsoft reported Stronium aims primarily at government bodies, diplomatic institutions, and military forces in NATO-member nations and Eastern European countries. Microsoft hasn't named Russia for the hacking attacks, but the listed targets line up with Russian state hacking.

Google disclosed the software flaws under attack. Their security researchers contacted Adobe and Microsoft in October to inform them of the flaws in their software. According to a Google blog post from security researchers, they stated that this vulnerability is particularly serious because it is being actively exploited. Their policy is to publicly disclose critical security flaws if there is no fix a week after informing the company that makes the software.

Window and Devices Executive Vice President Terry Myerson was mad at Google for disclosing the Windows flaws. He said, "We believe responsible technology industry participation puts the customer first and requires coordinated vulnerability disclosure. Google's decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing and puts customers at increased risk.”

Myerson explained that Windows users running the latest version of Windows 10 and Microsoft's Edge browser were protected from versions of the attacks Google had observed. Microsoft said the flaws disclosed recently were targeted in spear-phishing attacks which are designed to fool an email user into clicking on a malicious link or opening an attachment that grants the attacker access to the computer's functions.

Your company or organization might not be a target when Russian hackers exploit a Windows flaw, but other hackers may want to steal your information. Our security experts at Cadamier Network Security in Denver know what’s going on so we can protect our clients from cyber attacks. You need to make sure you can defend against all intrusions.