To this very moment, a Ransomware attack hits hundreds of businesses across the United States. The incident appears to be the result of a so-called supply chain attack; hackers were able to deliver malware to victims through legitimate computer management software from a company called Kaseya. To make matters worse, REvil ransomware operators are hitting so-called “managed service providers,” which provide IT infrastructure and support to companies that prefer to outsource this sort of thing. When hackers compromise an MSP, it’s usually a quick job to infect their customers as well, which makes the scale of this campaign “monumental,” in the words of one cybersecurity professional.
The severity of REvil’s strike was almost enough to make Microsoft’s particularly bad week forget it. Almost. In addition to a few high-profile cybersecurity incidents that we’ll cover in more detail below, the company has found itself in a self-generated controversy over which PCs will be allowed to run Windows 11. the new operating system will likely require a processor released no more than four years ago, which means many devices you can buy right now won’t qualify. Not only that, but Microsoft previously announced that it would end support for Windows 10 in 2025, which means many users only have a few years before they are forced to choose between losing the updates altogether. update security and buy a new PC, even if their current PC is working fine.
In other bad news from Microsoft, the same hackers behind SolarWinds’ devastating campaign turned out to have malware installed on a customer service employee’s device. Microsoft said three customers were affected by the hack, although it is not clear who or what information was stolen. It should never be surprising that Russian cyber spies engage in cyber espionage, but it is still alarming that they were able to achieve this level of access in a company as critical as Microsoft.
Another group of Russian hackers was also captured this week, causing problems as well. US and UK intelligence agencies have warned that the infamous The Fancy Bear group had tried to “brutally force” its way into hundreds of target networks. The technique is quite basic; it just means throwing passwords on an account until one of them works. That doesn’t make it any less worrying, however, especially as the campaign appears to be continuing.
Lastly, browser extensions are handy and fun, but they can also present a security risk if you install the wrong one. Here’s our guide to determining which ones you should keep and which ones you should ignore if you have privacy concerns (which you should have, in general).
And there’s more. Each week, we collect all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories and stay safe.
If your big new idea could also serve as the opening to a techno-dystopian thriller, maybe it’s better to put it aside? Just a thought in the wake of this week’s reveal of the Worldcoin Project, which proposes that a good and rational way to distribute new cryptocurrency is to sign people up in let a sphere the size of a basketball scan its iris. The ultimate goal is to establish some sort of universal basic income, and the founders of Worldcoin point out that they scan eyeballs with a large orb with the utmost care for privacy. But given the choice between looking into the crypto orb and do not doing this, we strongly suggest the latter.
There’s a bit of a mess in the Windows world this week, after a proof of concept exploit known as PrintNightmare leaked, effectively delivering an extremely hot zero-day vulnerability. PrintNightmare is serious, allowing remote code execution thanks to a flaw in Windows Print Spooler. Almost as unsettling as the feat itself, however, is the apparent neglect that led to its release. In June, Microsoft released a fix for what appeared to be this same problem. But a Chinese cybersecurity firm said this week that the problem was not entirely resolved; Soon after, two researchers from a separate Chinese company posted exploit code on GitHub, where it was quickly copied and distributed. While you are waiting for a fix that actually works, you can turn off the print spooler, but you will no longer be able to print from the server. So yes, a bit of a mess!
Using a VPN is always a bit of a roll of the dice; Best have been shown to keep your browsing as private as advertised, but there is often no way of knowing for sure. And then there are the VPNs that are said to be favored by ransomware gangs, to the point where an international consortium of law enforcement agencies is removing them altogether. This is what happened this week to DoubleVPN, whose domain and servers were seized by the Dutch National Police and authorities in the United States, Canada and elsewhere in Europe. In a statement, Europol said DoubleVPN “is being used to compromise networks around the world.” They have plenty of other VPNs left, of course, but anything that helps disrupt ransomware workflows – and potentially leads to the identification of who deploys them – is a welcome development.
Security researchers warned this week that Chinese hackers were carrying out a sophisticated phishing campaign, masquerading as the office of the Afghan president with the aim of delivering malware to members of the country’s National Security Council. The group used a Dropbox account to avoid raising suspicion during the data exfiltration, and it appears to have targeted other Central Asian countries.
More great WIRED stories