Security Round-Up: WPA2 Vulnerability, Ransomware & More
Another new Ransomware attack was recently released and it contains a malicious VBS script. The purpose of the attack is to encrypt your files and prevent you from accessing them without paying for a decryption key. This attack can be devastating because it uses a common form of communication that many users expect at their workplace.
The unique aspect of this attack is that people receive emails disguised to look like they are being sent from an onsite multi-function printer. Users are sent emails with attachments using a subject of "Message from MC_C224e", appearing to come from a Konica Minolta C224e. Instead, the email includes a version of Locky Ransomware.
The scan to email feature on multi-function printers is a key feature for many users and companies. Since users can scan documents and select the recipient to receive the email with the attachment, and given how common this feature is utilized, it is easy to see how users could be tricked by this attack.
For more information about this attack, read the article at https://eyonic.com/1/?EA.
Secure Socket Layer Certifications, or SSL Certificates, are used to secure communication over the Internet and other computer networks. An SSL certificate verifies that content being received is from the correct sender. This means when you visit a webpage, the information displayed is indeed coming from where you expect it.
SSL is most notably in action when signing into banking sites, ordering online or filling out online forms. A secure webpage is denoted by the s following http at the beginning of a webpage URL, or universal resource locator. The lock next to the URL is another sign of a secure connection provided by an SSL certificate.
Until recently, SSL certificates could be purchased for periods up to 3 years in length. This allowed administrators of networks sufficient time to replace them, as replacement is a process with a specific set of steps and requires some time. Unfortunately, this longer period of time also delays widespread compliance with new guidelines, presenting security threats to end users. As a result, the length of time has been reduced to 2 years. This new regulation is effective beginning on March 1, 2018.
While this change presents more work for network administrators, it will increase the protection for all users. For more information about this new rule, read the article at https://eyonic.com/1/?ED.
In summary, there will always be new threats to the security of our devices, whether they are attacking physical components, applications or protocols. The WPA2 vulnerability affects nearly all wireless devices. Ransomware is an attack that encrypts all files on a device to prevent users from accessing their own documents. SSL certificates protect users when browsing the Internet and other networks but need to be updated more regularly to fully protect end users.
These examples are just a few of the attacks currently going on. As always, the more you know about what is out there, the better prepared you will be to protect yourself!