2014 Vulnerabilities: CryptoWall, SHA1 Deprecation and POODLE/BEAST Exploits

Dan Carpenter November 3, 2014

2014 Vulnerabilities: CryptoWall, SHA1 Deprecation and POODLE/BEAST Exploits

Written by: Dan Carpenter

Over the course of 2014 and particularly the last few months, we have seen a level of high-profile exploits and vulnerabilities that has never really been in the public eye before.  Exploits have existed for as long as computer security has been a concern, but at this time this information is much more available to the general public, and many businesses are asking questions about them.  Below are descriptions of some of the biggest issues we are seeing right now and the actions you can take to reduce risks of being exposed to these vulnerabilities.

 

CryptoWall

CryptoWall and its many variants are malware that infects your computer and encrypts your files including those on mapped network drives.  There are many methods of infection such as email (via attachments, links and even the images included in emails) and through infected or compromised websites.  Once infected, the only way to recover your files is to either restore from backup or pay a ransom to the criminals behind the malware.  The ransoms are usually paid in Bitcoin amounts typically equivalent to about $500.  The process of paying the ransom and decrypting the files can take several days and is not 100% reliable. Preventing infections and having good backups are the best ways to protect your data.

 

SHA1 Deprecation

SHA1 is an encryption function used in SSL certificates which are commonly used to secure transactions with websites.  You may not even notice, but every site that users may enter important information into such as credit card/banking information, Social Security numbers, health information, and even usernames/passwords should use an SSL certificate to protect your data as it is transmitted across the internet.

 

Unfortunately, SHA1 has long been known to have a flaw where it would be possible to generate a fake SSL certificate that could be used to impersonate another site.  Though the issue has been known about since 2005, the expense that would be required to exploit this vulnerability was so great that it was generally not considered a high priority and SHA1 continues to be very widely used.  At this point, that expense has been reduced to the point where hackers may find this method of attack to be viable.  This could be a critical issue if hackers were to create fake sites that gathered personal information yet looked perfectly secure.

 

As of September 2014, Google announced that they would start giving warnings to users on sites in their Chrome browser that used SHA1 (and had expiration dates in 2016 or later) starting in Chrome 39 which is planned for release early in November 2014.  All of the major browser vendors are following suit though with generally less aggressive schedules.

 

POODLE/BEAST Exploits

POODLE and BEAST are strangely named exploits for the SSL 3.0 and TLS 1.0 encryption systems that could allow for someone to intercept and possibly change encrypted data as it travels over a network such as the Internet without the user’s knowledge.  This is known as a man in the middle attack.  SSL 3.0 is very rarely used at this time and would primarily be found in cases where a very old web browser such as Internet Explorer 6 was used.  TLS 1.0 still sees quite a bit of use even though it has been replaced by more secure versions such as TLS 1.2.

 

There are certain steps you can take reduce risk of POODLE and BEAST exploits such as retiring older operating systems and browsers—a huge component of any security plan.  Systems running Windows XP and older versions of Internet Explorer should be upgraded or replaced for many reasons including these exploits.  Most web browsers will allow you to block certain SSL protocols, but on an older operating system or browser, that is equivalent to closing a window on a sinking ship.

 

How do you reduce your risk?

The information technology world will probably never be free of nefarious people trying to steal or destroy data so ongoing prevention is the key.  Here are some proactive steps that everyone can take to ensure their data remains safe:

 

1. Perform regular backups and security audits of your system. Maintaining proper backups is vitally important not only in the fight against CryptoWall, but to keep your business running in case of any other critical errors. Backups and security audits can be complex undertakings, so it may be prudent to seek advice from information technology experts.

 

2. Be careful with what you do on your computers.  Do not open emails or click links received from people you don’t know or other emails that look suspicious.  In general, it’s a good idea to avoid personal email accounts and social media websites while in the office as they can be common ways for malware to spread.  If your business has not done so already, you may want to implement web filtering to block known malware sites.

 

3. Work to retire systems that are no longer supported by their manufacturers.  Microsoft stopped supporting Windows XP earlier this year and Server 2003 will be unsupported next year.  It is important that any systems running these operating systems be retired as soon as possible.  If there is something like a legacy application preventing these systems from being retired, it may be time to consider your plans to retire that legacy application so you can stay operational and secure.

 

Have you got experience with any of these vulneratbilities? Let us know in the comments below.

Want to learn more about how to keep your business safe from these vulnerabilities?

 





Leave Us a Comment

Your email address will not be published. Required fields are marked *

Do great things.

Get Started