Scam of the day – July 21, 2016 – Hackers attack unpatched computers

by | Jul 21, 2016 | Scam of the day, Site Related

Recently it was disclosed by the security research firm Proofpoint that a twelve year old malware program known commonly as NetTraveler has been used by Chinese hackers against Russian and Eastern European targets exploiting a vulnerability in Microsoft Word designated as CVE-2012-0158.  This malware program enabled the hackers to infiltrate the computers of their victims who generally downloaded the malware as a result of clicking on links in spear phishing emails.  What is particularly significant about this cyberthreat is that this specific vulnerability was patched four years ago, but many people and companies have still not installed the patches necessary to defend against this particular malware thus leaving them needlessly vulnerable.  Similarly, ransomware, which has developed into a major threat to companies, governments and individuals by which their computer data is encrypted with the hacker threatening to destroy the data unless paid a ransom has turned into a huge worldwide problem.  However, the problem is somewhat bigger than it needs to be as some hackers are still using old ransomware programs for which security patches have already been issued, but failed to be installed by many companies, government agencies and individuals.

It is hard enough to defend yourself against the numerous zero day exploits which are the newer strains of malware exploiting vulnerabilities for which there are no existing security defenses.  Once discovered it can take thirty days or more for the security software companies to come up with a patch for the latest zero day exploits.  However,  no one should fall victim to a malware program for which there already exists a security patch.

TIPS

The solution to protecting yourself from various types of malware including ransomware is to first avoid them in the first place by avoiding spear phishing emails and text messages.  Don’t click on links unless you have absolutely confirmed that they are legitimate.  Installing anti-phishing security software is also advisable, but not totally effective so you should not entirely rely on it to screen all of your phishing emails. Secondly, you should install the latest security updates to all of your software programs as soon as they become available.  The best way to do this is to have updates installed automatically, but in any event, make sure you do not delay installing security updates and patches as soon as they become available.  Here at Scamicide we let you know when important new security updates are issued.