Jump to content

Cyberataques - Como defender


PunK_BoY
 Share

Recommended Posts

Ora bem, eu abro aqui este tópico com o objectivo de se informar quais as vulnerabilidades que podem estar a acontecer e como se defender delas.

Por exemplo está a acontecer desde há 2 dias um ataque de um ransomware chamado NotPetya/Petya/SortaPetya, que se veio agora a descobrir que de ransomware não tem nada porque depois de encriptar os ficheiros estes nunca mais dão para recuperar porque a própria chave de desencriptação é destruída.

Assim, quem se quiser proteger contra este pode fazer isto:

http://abertoatedemadrugada.com/2017/06/como-evitar-o-ransomware.html

 

Já agora, alguém sabe qual é a vulnerabilidade que este aproveita nos computadores para o infectar?

  • Like 1
Link to comment
Share on other sites

Tenho o software da Kaspersky gratuito que basicamente o que faz é impedir que qualquer software encripte ficheiros. Mesmo nós próprios se quisermos encriptar algo, temos de meter na whitelist do kaspersky.

  • Like 1
Link to comment
Share on other sites

7 minutes ago, PunK_BoY said:

Não encontro para sacar...

https://go.kaspersky.com/Anti-ransomware-tool.html

Também não me aparecia no site português, tive de ir ao site global.

EDIT:

Tentei instalar e não deixa, entra em conflito com o Anti-Virus, que também é Kaspersky (original, tenho key oficial).

Edited by Jokeman
  • Like 2
Link to comment
Share on other sites

Hoje ouvi esta.

"Sabes que o Benfica parou a 100% por causa do último ataque de ransomware?"
"É que lá a malta tem a mania de abrir emails com attachments duvidosos..."

 

 

BADUM--TCHHHHHHHH

Link to comment
Share on other sites

16 hours ago, PunK_BoY said:

E esta falha aproveita o que no sistema afinal? Há algum update a fazer para evitar isto ou não se pode fazer nada?

A infecção é feita através de um executável malicioso aberto localmente no equipamento.

A propagação na LAN é feita pelo exploit "EternalBlue". (Exploit do protocolo SMB, corrigido pelo boletim de segurança da Microsoft MS17-010, lançado em Março de 2017)

E sim, estamos a falar de uma variação do WCry. ;)

Link to comment
Share on other sites

Quem tem o update referido deixa de estar susceptível a que o seu PC receba o ataque via broadcast na rede LAN, sim.

Para proteger o próprio PC basta ter um AV minimamente decente, não precisa de ir para soluções anti-ransomware XPTO.

Sabiam que até o próprio Defender do Windows protege eficientemente o vosso PC contra o Wcry?

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

  • Like 1
Link to comment
Share on other sites

  • 2 months later...
Quote

Billions of devices imperiled by new clickless Bluetooth attack

BlueBorne exploit works against unpatched devices running Android, Linux, or Windows.

DAN GOODIN - 9/12/2017, 2:00 PM

Enlarge

Ford Asia Pacific

142

Over the past decade, Bluetooth has become almost the default way for billions of devices to exchange data over short distances, allowing PCs and tablets to transfer audio to speakers and phones to zap pictures to nearby computers. Now, researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows.

BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on. The exploit process is generally very fast, requiring no more than 10 seconds to complete, and it works even when the targeted device is already connected to another Bluetooth-enabled device.

"Just by having Bluetooth on, we can get malicious code on your device," Nadir Izrael, CTO and cofounder of security firm Armis, told Ars. "BlueBorne abuses the fact that when Bluetooth is on, all of these devices are always listening for connections."

Patch now, if you haven't already

Microsoft patched the vulnerabilities in July during the company's regularly scheduled Patch Tuesday. Company officials, however, didn't disclose the patch or the underlying vulnerabilities at the time. A Microsoft representative said Windows Phone was never vulnerable. Google, meanwhile, provided device manufacturers with a patch last month. It plans to make the patch available starting today for users of the Pixel XL and other Google-branded phones, but if past security bulletins are any guide, it may take weeks before over-the-air fixes are available to all users. Izrael said he expects Linux maintainers to release a fix soon. Apple's iOS prior to version 10 was also vulnerable.

The attack is most potent against Android and Linux devices, because the Bluetooth implementations in both operating systems are vulnerable to memory corruption exploits that execute virtually any code of the hacker's choosing. The Bluetooth functionality in both OSes also runs with high system privileges, allowing the resulting infection to access sensitive system resources and survive multiple reboots.

Surprisingly, the majority of Linux devices on the market today don't use address space layout randomization or similar protections to lessen the damage of BlueBorne's underlying buffer overflow exploit, Armis Head of Research Ben Seri said. That makes the code-execution attack on that OS "highly reliable." Android, by contrast, does use ASLR, but Armis was able to bypass the protection by exploiting a separate vulnerability in the Android implementation of Bluetooth that leaks memory locations where key processes are running. BlueBorne also massages Android memory in a way that further lessens the protection offered by ASLR. The result: Blueborne can carry out remote code-execution attacks on both OSes that are both stealthy and reliable.

Armis researchers haven't confirmed that code execution is possible against Windows' unpatched Bluetooth implementation, but they were able to carry out other attacks. The most significant one allows hackers to intercept all network traffic sent to and from the targeted Windows computer and to modify that data at will. That means attackers could use BlueBorne to bypass personal and corporate firewalls and exfiltrate sensitive data and possibly modify or otherwise tamper with it while it's in transit. The Android implementation is vulnerable to the same attack.

The following three videos demonstrate the attacks against Android, Linux, and Windows respectively:

BlueBorne—Android Take Over Demo.

Linux Take Over Demo.

BlueBorne - Windows MiTM Demo.

In all, Armis researchers uncovered eight Bluetooth-related vulnerabilities in Android, Linux, Windows, and iOS. The researchers consider three of the flaws to be critical. The researchers reported them to Google, Microsoft, and Apple in April and to Linux Maintainers in August. All parties agreed to keep the findings confidential until today's coordinated disclosure. The vulnerabilities for Android are indexed as CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785; the vulnerabilities for Linux are CVE-2017-1000251 and CVE-2017-1000250; the vulnerability for Windows is CVE-2017-8628; the designation for iOS vulnerability wasn't immediately available.

Up until now, Bluetooth has been notable for the dearth of critical vulnerabilities found in the specification or in its many implementations, with Armis being aware of only one code-execution flaw, in Windows, one that Microsoft fixed in 2011. The Armis researchers, however, said they believe there are likely many more overlooked critical bugs that remain to be found.

FURTHER READING

Broadcom chip bug opened 1 billion phones to a Wi-Fi-hopping worm attackThe vulnerabilities are coming to light a few months after two independent reports—one in April from Google's Project Zero and the other in July from Exodus Intelligence—exposed similarly critical vulnerabilities in Wi-Fi chips manufactured by Broadcom. They, too, allowed attacks that were transmitted wirelessly from device to device with no user interaction.

Typical of most proof-of-concept exploits, the BlueBorne attacks demonstrated in the videos are relatively simple. With more work, Armis researchers said they could probably develop a self-replicating worm that would spread from a single device to other nearby devices that had Bluetooth turned on, and from there those devices would infect other nearby devices in a chain reaction. Such self-replicating exploits could quickly take over huge numbers of devices at conferences, sporting events, or in work places. It has never been a bad idea to keep Bluetooth turned off by default and to turn it on only when needed—at least on Android phones, the large percentage of which still broadcast privacy-compromising MAC addresses for anyone within radio range to view. The vulnerabilities reported by Armis now reinforce the wisdom of that advice.

Dan Guido, a mobile security expert and the CEO of security firm Trail of Bits, told Ars such a worm might be hard to pull off because exploits would have to be customized for the hardware and operating system of each Bluetooth-enabled device. He also downplayed the likelihood of active BlueBorne attacks, noting that there's no indication either of the Broadcom chip vulnerabilities has ever been exploited in the wild.

Izrael confirmed that BlueBorne exploits would have to be customized for each platform but said the amount of work required to do so would be manageable. The Android exploit Armis has developed, for instance, already works on both a Pixel and Nexus phones.

"Any further customization for Android-based devices would be a very simple task," he said. What's more: "An attacker that would want to weaponize these exploits could achieve generic exploits with very little work."

https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.