Malware attacks leveraging MS Word documents grew by 33% in Q4

Amidst a major rise in zero-day malware attacks in Q4 2017, researchers have observed how hackers are increasingly using Microsoft Office documents as carriers to deliver malicious payloads in enterprise systems while using phishing techniques to trick employees into downloading and opening malicious attachments in emails.

Proof of Concept (and Patch) for Critical Cisco IOS Vulnerability: CVE-2018-0171

Embedi, a security firm, has discovered a major security flaw in the Cisco Smart Install code. According to Embedi and Cisco, “A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.”

Why 2018 will be the year apps go to the edge

Jameson Toole is co-founder and CEO of Fritz, which helps developers optimize, deploy and manage machine learning models on mobile devices.

If you’re running a software company today, it’s almost a foregone conclusion that most or all of your apps will run in the cloud. Likely Amazon or Google’s. It’s hard to imagine that this wasn’t always the case, but there are still some late adopters migrating their own physical data centers into managed ones. And, as with all trends in technology, this too shall pass. Just when you were getting comfortable with containers and auto-scaling, a new architecture emerges, swinging the pendulum back to a truly distributed world.

IDG Contributor Network: The best cybersecurity analysts should play the part of detective

With an ever-growing threat from cyber attacks, we now live in a world where security operation centers (SOC) are the norm. These typically feature a number of cybersecurity analysts watching screens for alerts, and then following a play book for any alerts that occur. When done well, these operations will usually identify and remediate common attacks very quickly. For example, responding to an alert about a malware attack on a system, they would typically block the system from the network, and send field personnel to clean it up.

IDG Contributor Network: How important defense in depth will be as the lines between security layers blur

Defense in depth and layered security feel like terms from a much simpler era in information security. It was not too long ago when these concepts seemed more applicable during the dawn of the Internet age. At that time, web servers became the instrument to open up enterprises to the outside world. Firewalls, demilitarized zones (DMZs) and other network security techniques attempted to “keep the bad guys out.” Oh, how times have changed.

Verifying Vendors’ Security Programs

Organizations need to carefully assess – and then verify – the data security controls their existing and prospective vendors have implemented, says privacy and security expert Rebecca Herold. She offers a range of vendor management tips in an in-depth interview with Information Security Media Group.

CISO Perspective on the RSA Security Conference

I’ve spent a good amount of time talking to CISOs over the past few months to learn about their current priorities and how their jobs are changing. Of course, many of these security executives will be attending the RSA Conference in a few weeks.

Malicious gaming extensions: a child’s play to infection

Did you ever lend your laptop to a child to play a video game, only to get it back filled with advertisements? Our CEO knows a little bit about that predicament, having unknowingly infected his parents’ computer when he was a kid. But times have changed since then.

Let us play for you a modern-day scenario, then, to show how it’s a short trip from “I want to play this game” to “Hey, there’s adware on my laptop!”

How to get infected playing a video game

These days the coolest kids at school aren’t playing football—they’re playing video games. Of course, your kid wants to be the best in a popular game like Slither.io. So he grabs the family laptop and does a search for “always win slither.”

Look at the top search result: a YouTube video by a well-known YouTuber named Jelly, who has 7,866,496 subscribers tuning into his gaming channel. If you were a gaming portal, would you think it’s worth the investment to pay AdChoices to get a relevant advertisement on that page?

Well-placed advertising always pays off.

With its prominence and high potential for pay-off, the answer is decidedly “yes,” especially if your intentions are less than ethical. Normally, the game is free to play, but who is going to stop you from creating a landing page that says you have to install this browser extension before you can play?

Advertising networks certainly won’t. In order to advertise online, businesses must merely sign up with a network and then bid in real time to have their ads appear on popular websites. However, not all advertising networks have strict criteria for advertisers—ad sellers don’t always know the buyers. Not only that, but buying advertising space is increasingly being transacted automatically, which leaves the door open for further mischief.

Install the extension, even though the game is completely free, why don’t you?

So, back to our kid. Remember, he just learned how to beat all his friends, so he’s eager to get going. He downloads the extension at the upper right-hand side of the screen because it’s the closest thing resembling a “play” button. What harm is a little extension going to do?

All it can do is “Read and change all your data on the websites you visit,” after all.

Wait, what?

Yes, it knows which websites you visit, gathering all the data about your surfing behavior. And yes, it can use that information to insert relevant advertisements on those sites. And unfortunately, that’s exactly what these extensions do. So we have a question for your kid, who’s about to install this extension on your laptop:

Do you treat advertisements on the site of your favorite gaming portal with the same level of trust as the ones on a random Facebook page? Or do you trust one site’s ads over the other?

If the answer isn’t clear here, then we might need to supply further instruction on the psychology behind successful marketing: The power to insert advertisements on sites that your target audience trusts is a desirable one—one that cybercriminals would gladly pay for.

And pay they did, aiming their advertising campaigns at games that attract a relatively young audience, including Slither.io, HappyWheels, Paper.io, Subway Surfers, MineCraft, and BlockWorld, among others.

What does the malicious browser extension actually do?

Now that the line of infection is clear, let’s talk numbers.

Because their advertising landing pages are so prominent and well-placed, gaming extensions bring in a lot of traffic to Chrome’s Webstore. The GamerSuperstar extension, for example, has been installed almost 100,000 times.

If you download the extension directly from Webstore, you probably have a better idea of what its capabilities and permissions are by scrolling through the product descriptions and reading user reviews. This is not true, however, if you just click prompts from an advertising landing page. And that’s how these criminals pull the wool over users’ eyes, getting thousands to download without realizing what they are getting into.

And what they’re getting into is a whole lotta adware.

The extension does absolutely nothing to change the gameplay—it’s completely unnecessary. All you gain by installing most of these extensions is targeted advertising on the sites you visit. A select few also alter your search and newtab settings.

ArcadeTab comes with a search newtab

Other malicious gaming extensions

I wish we could say that GamerSuperStar was the only example of a malicious gaming extension that we have come across. Over the last few months, however, we’ve tracked quite a few of them.

  • Search Web by arcadetab.com: 1 million+ installs (and this one also qualifies as a search and newtab hijacker)
  • ArcadeFrontier Ads by arcadefrontier.com: 150,000+ installs
  • GamesChill Ads by gameschill.com: 100,000+ installs
  • PlayZiz Advertisements by playziz.com: 40,000+ installs
  • Gamerscan Ad by gamerscan.com: 25,000+ installs
  • ArcadeGala Advertising Offers by arcadegala.com: 5,000+ installs
  • VideoGameHub Advertising by videogaminghub.com: 1,500+ installs

One note about the above: Data for Chrome extensions are a lot easier to track down because of their Webstore listing. We know there are Firefox and Safari extensions as well, but we can only guess at the numbers for Firefox and Safari extensions that were installed.

So these other extensions—no way they could be more aggressive on permissions than GamerSuperStar, right? Wrong. It was among the least demanding extension of its kind.

This was the most demanding extension permissions list we saw.

Remediating the infection

Although thousands of people were fooled into downloading these data-gathering extensions, it’s easy enough to get rid of them. If you look at the uninstall page for GamerSuperStar on Chrome, you can see there are removal instructions for Firefox and Safari extensions as well.

In addition, Malwarebytes can block many of these kinds of extensions from being downloaded in the first place, since they fetch their advertisements from the cmptch.com servers, which have been at the top of our block list consistently for the last few weeks.

The paid version of Malwarebytes blocks the domain cmptch.com.

Malwarebytes also detects the extensions involved. Most of them are under the generic detection name Adware.Cmptch.Generic. You can find a removal guide for GamerSuperstar and a ArcadeTab on our forums.

Caught red-handed

The common pattern that we found for all these extensions is that they advertise their gaming portal heavily, and when clicking on the ads to arrive at the portal, you will instead be prompted to install an extension before you can play. If you visit the portal directly, however, you can jump straight in and start playing without being bothered.

Even though it’s hard to prove that these extensions are all coming from the same source, the similarities between the ways in which they are pushed and their target audience make us believe that they are at least closely-related. We also found similar domains and extensions acting suspiciously, but since we didn’t catch them in the act, we will not list them here.

But rest assured…we’re keeping an eye on them.

IOCs

Chrome extensions:

obpnlclobfjomjabiibfnbfmebenjedp peglehonblabfemopkgmfcpofbchegcl dehhfjanlmglmabomenmpjnnopigplae anaojjlbaalfefdgonnpmcpgpeafkdig eogmpgppidehapppmipeahegomlindkg piblbljcjideclibhpjobcaakomfcdnf kfljkfcdekakneakneabhomcpmgfpbdc flpdiedhjcapelfbeffompkoeilgmkhm

It’s time to rebuild the web

Anil Dash’s “The Missing Building Blocks of the Web” is an excellent article about the web as it was supposed to be, using technologies that exist but have been neglected or abandoned. It’s not his first take on the technologies the web has lost, or on the possibility of rebuilding the web, and I hope it’s not his last. And we have to ask ourselves what would happen if we brought back those technologies: would we have a web that’s more humane and better suited to the future we want to build?

How Fear Helps (and Hurts) Entrepreneurs

Executive Summary

Interviews with 65 entrepreneurs reveal the most common fears that startup founders share and also, somewhat surprisingly, that these fears can be helpful. While fear often does inhibit action, some fears can motivate us to work harder. The study found that worries concerning opportunity costs, financial security, or their ability to obtain funding were all positively associated with an entrepreneur’s persistence. In contrast, when entrepreneurs worried about the potential of their idea or their personal abilities, they became less proactive. Motivation from fear can also bring higher levels of stress, with potentially negative health consequences. So while fear is a natural state for an entrepreneur, the ability to anticipate and manage it is a vital skill.