Wednesday, September 30, 2020

Microsoft goes over the recent malware trends in its new "Digital Defense Report."

 



For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape.

While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report.

Just like the previous SIR reports, Microsoft has yet again delivered.

Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers.

The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft's main findings, and general threat landscape trends.

CYBERCRIME

2020 will, without a doubt, be remembered for the COVID-19 (coronavirus) pandemic. While some cybercrime groups used COVID-19 themes to lure and infect users, Microsoft says these operations were only a fraction of the general malware ecosystem, and the pandemic appears to have played a minimal role in this year's malware attacks.

Email phishing in the enterprise sector has also continued to grow and has become a dominant vector. Most phishing lures center around Microsoft and other SaaS providers, and the Top 5 most spoofed brands include Microsoft, UPS, Amazon, Apple, and Zoom.

Microsoft said it blocked over 13 billion malicious and suspicious mails in 2019, and out of these, more than 1 billion contained URLs that have been set up for the explicit purpose of launching a credential phishing attack.

Successful phishing operations are also often used as the first step in Business Email Compromise (BEC) scams. Microsoft said that crooks gain access to an executive's email inbox, watch email communications, and then spring in to trick the hacked users' business partners into paying invoices into wrong bank accounts.

msft-bec.png

Image: Microsoft

Per Microsoft, the most targeted accounts in BEC scams were the ones for C-suites and accounting and payroll employees.

But Microsoft also says that phishing isn't the only way into these accounts. Hackers are also starting to adopt password reuse and password spray attacks against legacy email protocols such as IMAP and SMTP. These attacks have been particularly popular in recent months as it allows attackers to also bypass multi-factor authentication (MFA) solutions, as logging in via IMAP and SMTP doesn't support this feature.

Furthermore, Microsoft says it's also seeing cybercrime groups that are increasingly abusing public cloud-based services to store artifacts used in their attacks, rather than using their own servers. Further, groups are also changing domains and servers much faster nowadays, primarily to avoid detection and remain under the radar.

RANSOMWARE GROUPS

But, by far, the most disruptive cybercrime threat of the past year have been ransomware gangs. Microsoft said that ransomware infections had been the most common reason behind the company's incident response (IR) engagements from October 2019 through July 2020.

And of all ransomware gangs, it's the groups known as "big game hunters" and "human-operated ransomware" that have given Microsoft the most headaches. These are groups that specifically target select networks belonging to large corporations or government organizations, knowing they stand to receive larger ransom payments.

Most of these groups operate either by using malware infrastructure provided by other cybercrime groups or by mass-scanning the internet for newly-disclosed vulnerabilities.

msft-ransomware.png

Image: Microsoft

In most cases, groups gain access to a system and maintain a foothold until they're ready to launch their attacks. However, Microsoft says that this year, these ransomware gangs have been particularly active and have reduced the time they need to launch attacks, and especially during the COVID-19 pandemic.

"Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim's system – compromising, exfiltrating data and, in some cases, ransoming quickly – apparently believing that there would be an increased willingness to pay as a result of the outbreak," Microsoft said today.

"In some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes."

SUPPLY-CHAIN SECURITY

Another major trend that Microsoft chose to highlight was the increased targeting of supply chains in recent months, rather than attacking a target directly.

This allows a threat actor to hack one target and then use the target's own infrastructure to attack all of its customers, either one by one, or all at the same time.

"Through its engagements in assisting customers who have been victims of cybersecurity intrusions, the Microsoft Detection and Response Team has observed an uptick in supply chain attacks between July 2019 and March 2020," Microsoft said.

But Microsoft noted that while "there was an increase, supply chain attacks represented a relatively small percentage of DART engagements overall."

Nonetheless, this doesn't diminish the importance of protecting the supply chain against possible compromises. Here, Microsoft highlights dangers coming from the networks of Managed Service Providers (MSPs, third-parties that provide a very specific service and are allowed to access a company's network), IoT devices (often installed and forgotten on a company's network), and open-source software libraries (which make up most of a company's software these days).

NATION-STATE GROUPS

As for nation-state hacking groups (also known as APTs, or advanced persistent threats), Microsoft said this year has been quite busy.

Microsoft said that between July 2019 and June 2020, it sent out more than 13,000 nation-state notification (NSN) to its customers via email.

According to Microsoft, most were sent for hacking operations linked back to Russian state-sponsored groups, while most of the victims were located in the US.

msft-apt-nsn.png

Image: Microsoft

These email notifications were sent for email phishing attacks against its customers. Microsoft said it tried to counter some of these attacks by using court orders to seize domains used in these attacks.

Over the past year, Microsoft seized domains previously operated by nation-state groups like Strontium (Russia), Barium (China), Phosphorus (Iran), and Thallium (North Korea).

Another interesting finding of the Microsoft Digital Defense Report is that the primary targets of APT attacks have been non-governmental organizations and the services industry.

This particular finding goes against the grain. Most industry experts often warn that APT groups prefer to target critical infrastructure, but Microsoft says its findings tell a different story.

"Nation state activity is more likely to target organizations outside of the critical infrastructure sectors by a significant measure, with over 90% of notifications served outside of these sectors," Microsoft said.

As for the techniques that have been preferred this past year (July 2019 to June 2020) by nation-state groups, Microsoft noted several interesting developments, with the rise of:

  • Password spraying (Phosphorus, Holmium, and Strontium)
  • Use of penetration testing tools (Holmium)
  • The use of ever-more-complex spear-phishing (Thallium)
  • The use of web shells to backdoor servers (Zinc, Krypton, Gallium)
  • The use of exploits targeting VPN servers (Manganese)
msft-apt.jpg

Image: Microsoft

All in all, Microsoft concludes that criminal groups have evolved their techniques over the past year to increase the success rates of their campaigns, as defenses have gotten better at blocking their past attacks.

Just like in years prior, the entire cybersecurity landscape appears to be sitting on a giant merry-go-round, and constant learning and monitoring is required from defenders to keep up with the ever-evolving attackers, may them be financially-motivated or nation-sponsored groups.




Windows 10 is pushing old drivers updates that you should avoid

 

Windows update is offering this optional update: INTEL - System - 7/18/1968 12:00:00 AM - 10.1.15.6 Intel System driver update released in September 2020.

Microsoft has created another mess of Windows Updates on Windows 10, although this time the update wasn’t botched. According to user reports, Microsoft has started rolling out old and inappropriate drivers to some machines, including one of our devices from Asus.

Users are reporting that inappropriate driver updates are getting pushed to Windows 10 devices which aren’t registered for the Insider program.

The update in the question is “Intel – System”, which was pushed out last week alongside other optional driver updates for Windows 10 version 2004 (May 2020 Update).

We’ve also observed users report another bug where the same driver update will reappear for download after successful installation.

“I installed the ‘Hewlett-Packard Development Company, L.P. – Keyboard – Standard 101/102-Key or Microsoft Natural PS/2 Keyboard for HP Hotkey Support” Optional Update that was available. Update History and Reliability Monitor confirm a successful update but it still shows up on the optional updates list,” one user noted in the Feedback Hub.

Windows 10 driver update problem

In some cases, Windows Update could also show old drivers, including drivers with a release date of 1968. Microsoft appears to be backdating drivers intentionally to avoid installation of Windows-provided driver when you have a custom manufacturer-provided driver.

If you do happen to see the ‘Intel – System’ or other inappropriate drivers displayed under “Optional Updates” section in the Windows Update page, don’t install it.

In case the update has already been pulled by Microsoft, you shouldn’t see it any longer anyway.

Unfortunately, if you’ve applied the driver updates, there’s a piece of bad news – your device driver has been downgraded and you’ll need to download the latest and most compatible version from the manufacturer’s website.

Going by reports across the forums, those folks who have uninstalled the driver or skipped the update, haven’t encountered any issues in doing so. Also, the update isn’t being forced, so users haven’t encountered any widespread problems.

That said, be careful when you use the Optional Updates screen in Windows Update and you’re obviously doing updates it at your own risk

Tuesday, September 29, 2020

Dark theme now available for Docs, Sheets, and Slides on iOS

 

Quick launch summary 

You can now use Dark theme with Google Docs, Sheets, and Slides on iOS devices. Dark theme is already available for Android users

Dark theme in Google Docs, Slides, and Sheets on iOS. 

You can also preview how your document will look in light theme for collaborators and viewers by selecting the three-dot “More” menu and toggling the “view in light theme” option.  

Getting started 

Rollout pace 

Availability 

  • Available to all G Suite customers and users with personal Google Accounts 

Google Meet attendance reports available now for education meetings

 

What’s changing 

Organizers of G Suite Enterprise for Education meetings will now receive an attendance report via email once the meeting is over. Attendance reports will be generated for web or mobile meetings with at least five (and no more than 250) participants and will contain the following information for each:
  • Participant’s name 
  • Participant’s email 
  • Length of time a participant was on the call, including when they joined and exited 
Once a meeting is finished, you’ll receive an attendance report via email.

The attendance report contains the names, email addresses, and duration of time participants were in the meeting.


Students who have the ability to create meetings will receive attendance reports as well. 

Who’s impacted 

End users 

Why you’d use it 

We hope attendance reports will help meeting organizers keep track of who attended their meetings and for how long, which can be challenging during larger meetings or while presenting. 

Additional details 

Recording attendance for ejected or dial-in participants 
We’ll record the attendance of any participants who chose to dial in. The obfuscated phone number and name displayed during the meeting will appear in the attendance report. 

If a meeting participant is ejected and re-admitted to the meeting, you’ll see the time they first joined and the time they last left. The total duration of their attendance will be a sum of their sessions. 

Getting started 

  • Admins: At this time, there is no admin control for this feature. We’re planning to introduce this setting later this year; stay tuned to the G Suite Updates blog to learn when it launches. 
  • End users: There is no end user setting for this feature. Attendance reports will automatically be sent to the meeting host. Visit the Help Center to learn more about attendance tracking

Rollout pace 

Availability 

  • Available to G Suite Enterprise for Education customers only at this time. 
  • Not available to G Suite Essentials, G Suite Basic, G Suite Business, G Suite for Education, G Suite Enterprise, and G Suite for Nonprofits customers. Stay tuned to the G Suite Updates blog for information when this launches to additional customers. 

Monday, September 28, 2020

Compare Meet features by G Suite edition for Basic & Nonprofit / Education Free / Business / Essentials / Enterprise & Enterprise for Education

 

Access to advanced Google Meet features

From March through September of 2020, all G Suite customers have had access to advanced Google Meet video conferencing features. These features include larger meetings, the ability to record meetings, and in-domain live streaming.

After September 30, 2020, access to advanced Meet features is determined by your G Suite account and edition. 

Compare Meet features by G Suite edition

Meet features

Basic  & Nonprofit 

EducationBusinessEssentialsEnterprise & Enterprise  for Education
Maximum number of participants per meeting100100150150250
Recording meetings & saving them to Drive✔*
In-domain live streaming (100,000 viewers)
Noise cancellation
Apps for Android & iOS
Presentations
External participants
Dial in (US & international numbers)
Secure meetings

* G Suite for Education customers can continue recording meetings until temporary recordings become available later in 2020. Temporary recordings will let any G Suite for Education meeting host record a meeting and share the recording within their organization for up to 30 days before the recording expires.

 

Wednesday, September 23, 2020

Host collaborative brainstorms with new digital whiteboarding integration in Google Meet

 

Quick launch summary

With the new Google Jamboard and Google Meet integration, you can now create or open an existing jam while on a Meet video call. This digital whiteboarding integration means you can use the Jamboard virtually to host collaborative brainstorming sessions with your coworkers or students in real-time, even when you can’t be in the same room.





You’ll also be able to save, share and continue the whiteboard at any time with Jamboard.

Note, you can only start or open a Jamboard during a Meet call if you joined the call on a computer. Video call participants on a mobile device or tablet will get a link to a Jamboard file and be directed to the Jamboard app.

Getting started

Admins: This feature will be ON by default for all domains with Jamboard enabled. Visit the Help Center to learn more about turning Jamboard on or off for your organization.

End users: There is no end user setting for this feature. Visit the Help Center to learn more about whiteboarding in Meet.

Resources

How to Make your Windows PC Run Faster?

This is a very common problem and is definitely not a new one. Over the course of time our new machine tends to become slow but do you know why is that and what can you do to resolve it?
Check out the video below to fix the issue and make it run faster.

Drop a comment if it did solve your issue.

Google’s Keep note-taking app is getting a new feature courtesy of Android 14 that’s a huge time-saver, even if Samsung got there first

  There’s a certain balance that needs to be achieved with lock screen functionality. You can’t give away too much because of, well, securit...