GajShield Alert - KRACK WiFi WPA2 security vulnerability threatens all networks

Security researchers have found a devastating flaw in WPA2 WiFi encryption protocol that makes it possible for hackers to intercept your sensitive information. This vulnerability named KRACK (Key Reinstallation Attack) affects Wi-Fi protocol and not a specific product or impentation. An attacker within range of a victim can exploit these weaknesses.

KRACK targets the third step in a four-way authentication "handshake" performed when a WI-FI client attempts to connect to a protected network. This can lead to stealing of information by the attackers including your credit card and confidential data. 

To protect against this flaw, major OSes and routers are working round the clock to provide a patch. Apply the patch as soon as possible. Meanwhile, do not share any personal or confidential information on a non secure website and only use secure or HTTPS sites.

Also avoid using free hotspots or use a secure VPN or connection like GajShield Enterprise Cloud, if you must use a Wifi network. 

Our research team is working in our labs to gain more information about the latest KRACK attacks and will keep you updated on future course of action. Until then keep a close tab on any latest updates or patches released for your affected products and apply them as soon as possible

Latest information on Krack based on companies

Petya and EternalBlue: Spread of a deadly ransomware

EternalBlue was used in the propagtion of both WannyCry and Petya. It is believed that this exploit was developed by NSA and was leaked by Shadow Broker hacker group. 

EternalBlue exploits a vulnerability in Microsoft Windows SMB v1 service which allowed to execute arbritary code from a remote system on the target computer. Microsoft did release a patch for all of its operating system which had this vulnerability including unsupported Microsoft XP.

More details of the vulnerability can be found at the CVE and its catalogued as CVE-2017-0144 (https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144)

It is believed that Petya spread through a vulnerability in a third party software M.E. Doc used in Ukraine, which explains why it impacted Ukraine the most. Unlike WannyCry, Petya used multiple techniques to propogate. These included EthernalBlue, a technique used by Mimikatz and other tools leveraging lsadump to dump passwords from memory and it also used PSEXEC and WMIC to spread across the network.

It is advised that you patch your windows system, if they are not already patched. Like WannyCry, block SMB ports on your firewalls, disable local Administrative rights for users, do not reuse the same passwords across different system. If best pratices are followed, not only attacks like Petya, WannaCry but also future attacks be limited.

GajShield Security Alert - https://www.gajshield.com

Many firms across the world hit by global cyber-attacks

British, Russian and Dutch companies were among those targeted by the "powerful" hack, which is quickly spreading.  Major firms, airports and government departments in Ukraine have been struck by a massive cyber attack which began to spread across Europe.

In Ukraine, government departments, the central bank, a state-run aircraft manufacturer,  the airport in Kiev and  the metro network have all been paralysed by the hack. Advertising firm WPP of UK too have been affected by this attack. Maersk, a Danish transport too has been impacted by attack.

The attack seemed to be consistent with a ransomware described as a variant of a virus Petya or Petrwap. It is also believed that the malware uses a vulnerability in SMB file sharing system.

More information coming soon. 

GajShield Security Alert - https://www.gajshield.com

Cover Story on GajShield

Silicon India cover story on GajShield.

GajShield: Soaring Higher with Bleeding Edge Security Solutions that are Made in India

To reach the finish line amidst the fierce competition, IT organizations must dabble through the minefield crammed up cyber threats spawning abreast with dynamically changing trends, where newest technologies are capturing the hot seat from newer technologies frequently. As cyber criminals are creating more mines at full tilt to steal data, enterprises need blast-proof suits invented apace with technological evolution and more importantly, visibility through context-based solutions to ensure that they are running in the right track. Encompassing both these features is the next generation firewall suite of GajShield proudly made in India, which is comprised of a unique set of solutions such as context-based data leak prevention, cloud security for roaming users, application filtering and BYOD security among others. This Mumbai-based company stays one step ahead of its competitors by constantly innovating stronger shields that are quintessential to tackle the growing threats.

Click here for more details...

How to avoid WannaCry ransomware?

A malicious software has been used in a massive hacking attack, affecting tens of thousands of computers worldwide across multiple countries. It is estimated that at least 99 countries have been affected by it, right across Russia, Ukraine, Taiwan, Britain, Spain and many others.

The hack forced British hospitals to turn away patients, affected Spanish companies such as Telefonica, and threw other government agencies and businesses into chaos.

WannaCry is a ransomware which infects systems when a user clicks on a link and downloads a malicious software. This software then locks all the files on your system. This worm is also assumed to spread by infecting other systems on the network through Microsoft SMB vulnerability.

Though this ransomware has been accidentaly stopped in its path, researcher fear that a variant of this worm is expected.

Few steps can be taken to protect against this ransomware

  • Educate your users not to open any mail with suspicious content.

  • Block unwanted file downloads on the firewall.

  • Ensure that your antispam/anti-malware engine is enabled and updated.

  • It is advisable to  block all Microsoft SMB ports on windows system i.e. 445/137/138/139

  • Block the above ports on your firewall, in-bound and out-bound towards your network.

  • Microsoft has already released a patch to protect against NSA exploit of windows system. Ensure that your systems are updated with this patch.

  • Microsoft has also released a patch for non-supporting older Windows operating system. If you have any such systems, immediately apply the patch on such systems.

 GajShield Security Alert - https://www.gajshield.com

Page 1 of 5