Category : Operating systems

17Nov 2022
Fake Windows update scams targeting companiesFake Windows update scams targeting companies

Fake Windows update scams targeting companies

We have seen a number of Windows update scams over the years, but according to McAfee, they are on the rise. The latest attack type is smarter and more effective than ever.

If you manage Windows machines, this is definitely something to watch out for!

A report published by McAfee throws new light on an old problem. A new type of scam targeted Windows users.

The problem is called Magniber and its ransomware disguised as a legitimate Windows update.

Magniber ransomware

The Magniber ransomware has been very cleverly designed. It hides its true purpose until the very last minute and only reveals itself once all your files are locked down and it makes its demands.

The good news is that it hasn’t integrated into Window’s built-in update mechanism and still depends on user action.

The bad news is that every aspect of the Magniber ransomware has been designed to quietly infiltrate user devices until it’s too late.

Machines are compromised when a user visits an infected website.

These websites include fake Windows 10 update links. Once the link is clicked, the malware will download a JavaScript file to the device and open in memory.

As not all antivirus or malware scanners monitor memory, it can be missed until it’s too late.

Once active, the malware encrypts all files on accessible drives and sets itself up as an administrator.

Once its work is complete, it will open a ransom window and demand payment in return for restoring access.

If you refuse to pay, data is deleted for good. If you do pay, presumably your files are restored.

As the malware sets itself up as an administrator, there’s nothing stopping a hacker gaining access to the device directly to plant more malware or copy data.

That’s much more involved than running the ransomware but there have been instances where hackers piggybacked malware to see what they can find.

Mitigating against Magniber ransomware

As we mentioned, the main weakness of Magniber ransomware is that it requires users to visit an infected website and click a download link.

This is where IT policies, staff training and awareness and internet security controls come in.

Teaching staff to not visit such websites and to never click links can be very effective.

As can showing staff how Windows update really works or that IT will take care of system updates so staff don’t have to.

This is your first line of defence.

A network security solution that can detect websites with infected links can also be useful.

This is your second line of defence.

Using a security solution that can scan device memory for malware is also valuable.

This is your third line of defence.

While prevention is always better than cure, its situations like this where backups prove their worth.

Backups are your final line of defence.

The power of backups against ransomware

Most ransomware will encrypt files and promise to unlock them in return for a crypto fee.

What we don’t know is the proportion of ransomware that actually unlocks those files once paid.

If we were betting people, we would bet on that being a relatively low number. Which means it’s likely to be futile to pay the hacker what they are asking for.

If you applied the rules of rational economics, the vast majority of ransomware payments would result in data being unlocked.

After all, if word got around that data was lost even after paying up, that revenue stream would soon dry up.

But, neither economics, nor malware is rational, so all bets are off.

This makes the case for regular backups.

Regular backups means if you don’t pay the ransom, you can wipe the infected system and rebuild it from backup.

At the most, you lose a few hours or a day of productivity.

As most backup solutions cost less than the average ransom and can cover any number of devices, it’s money well spent.

Staff education and training is a great preventative measure but nothing beats a strong secondary defence in IT policies and security solutions.

If you need help with any of that, Cloud Heroes are here to help.

Read More
14Oct 2022
Microsoft releases first major Windows 11 updateMicrosoft releases first major Windows 11 update

Microsoft releases first major Windows 11 update

Microsoft has released the first major update to Windows 11, update 22H2.

We have seen small updates and fixes ever since Windows 11 was released but this is the first major update we have seen.

There is a selection of feature and productivity updates in this new version. We have tested it here and it seems to work well, on our test machine anyway!

Windows 11 update 22H2

Windows 11 update 22H2 was released on 20th September 2022 and is gradually being made available across the world.

It’s a gradual update and Microsoft is watching carefully for feedback and issues before it makes it universally available.

Given some of the faux pas Microsoft has made over updates in recent times, we think this is a good idea.

Even though you can control Windows updates in enterprise, curious users always seem to find a way to update even when you don’t want them to!

So, what’s in Windows 11 update 22H2?

Microsoft Defender SmartScreen update

Microsoft Defender SmartScreen has been updated to add phishing protection. Phishing has become a primary attack vector at home and at work.

Any tangible improvement to protections has to be a good thing.

Windows 11 22H2 adds a check that monitors anywhere users add their Microsoft credentials.

For example, if a user visits a malicious website and enters their login details, the system will alert them and explain the potential threat.

Smart App Control is being updated to automatically block untrusted or unsigned apps.

It will also block those VBA office macros that were the cause of so much trouble earlier this year.

File Explorer tabs

File Explorer tabs is such a simple thing but we had had to wait years for it to arrive. Mac OS has had them for ages, now Windows users will too.

It’s an excellent feature addition that should make life much easier for system admins and general users alike.

Focus Sessions and Do Not Disturb

Focus Sessions and Do Not Disturb allow users to focus more on what they are doing and minimise distractions.

It won’t prevent colleagues coming up to your desk and interrupting you. It will suppress notifications and provide timers to help you concentrate on getting that presentation or content done on time though.

Clipchamp

Clipchamp is a new video editing tool for Windows 11. It’s a modern version of Windows Movie Maker that can help you design and edit videos for marketing or just for fun.

It’s no replacement for enterprise tools but if you want to quickly edit a video to add to content without having to pay for, or learn a new application, Clipchamp can help.

Windows Studio update

Windows Studio is a webcam app that adds backgrounds, blur effects, noise cancellation and other goodies to meetings.

There’s a new Eye Contact feature in this update that will somehow make it look as though you’re making eye contact even when you aren’t.

Windows Shell

Windows Shell is getting an update too. The new UI is more in keeping with Windows 11, the taskbar and Start menu are getting some attention and a new Suggested Actions menu will copy something from elsewhere.

There’s also a new snapping mechanism that makes it easier to place windows, tile them and snap them into place.

There are also improvements to the Windows Account page, Windows Update and new settings sprinkled liberally around the interface.

Task Manager

Task Manager is also getting a new look with a more Windows 11-like UI, a new side menu and a much clearer and cleaner way to access information.

While most users won’t get to see the new Task Manager, home users and admins will find it a much nicer place to be.

There is a lot to this update even though it isn’t quite the showstopper we saw with Windows 10. Nevertheless, the improvements all seem to be user-driven and offer proper benefits to home and business users.

Have you tried it yet? Have any opinions on it? Tell us about it if you have!

Read More