The Importance of Patching

This month we’re highlighting a few of these that have had big impacts, and outline some of the measures you can put in place to combat cyber risks. 

Acer Ransomware Attack: 

You may or may not be familiar with Acer, the hardware vendor provides laptop and desktop PC’s as well as other technology devices. It’s alleged they have recently been hit with a ransomware attack by a group known as REvil, with the hackers demanding a US$50 million ransom to decrypt the locked data. Acer apparently has until 28 March to pay the ransom, after which the price will double to $100 million. 

This goes to show that no business is safe if even the largest tech companies in the world can be hit by ransomware. 

Macs infected with Silver Sparrow: 

A new malware operation targeting Apple Mac devices has been spotted by security researchers and has silently infected almost 30,000 systems. 

Named Silver Sparrow by analysers from Red Canary, Malwarebytes and VMWare Carbon Black who also analysed the new malware. Silver Sparrow has infected 29,139 macOS systems across 153 countries as of February 17 according to the researchers. Despite the high number of infections, it’s unknown how the malware was distributed, which could have included malicious ads, pirated apps, or fake Flash updaters. The malware’s final goal is also unclear, indicating that the malware could be avoiding delivering its second-stage payload to these systems. 

Combined with the large number of infected systems, this clearly suggests that the malware is a very serious threat and not just a one-off test. 

Security updates have been released by Microsoft for Exchange Server to protect their users against vulnerabilities in the on-premises versions of the software. Chinse based state-sponsored hackers ‘Hafnium’ has been flagged as the primary group behind the exploits. Exchange Online is not affected so customers using Microsoft 365 are not at risk. 

The vulnerabilities affect on-premises Microsoft Exchange Server 2013, 2016 and 2019 and are aimed at making an untrusted connection onto the server for the hackers to gain access.  

It starts with the hacker gaining access to a server either with stolen passwords or via the vulnerabilities. This makes the hacker appear as someone with appropriate access, which they then use to control the compromised server remotely and using the access to steal data. 

The Importance of Patching: 

These are just some of the attacks that have been reported on so far this year. There is a constant threat of attack on your business from cyber-criminals, and cyber-security is something that all businesses should take very seriously. 

Application vulnerabilities will continue to be one of the most common external attack methods. Vendors constantly release new patches to cover up any security loopholes discovered in their systems by attackers. A lot of cyber-security breaches could be avoided by having an automated patch management solution like the one Computer Culture offers. 

Customers who utilise our managed services model to look after their systems and devices, benefit from a more secure environment as we manage and reduce the risk to your business from external threats. 

If you’re not currently using one of our Managed Services solutions and would like to find some further information on how it can benefit your business, get in touch with one of our friendly sales team.