GOT(IT) #28: Doppelgänging Ransomware, Pacemakers cybersecurity fragile, plus Android P blocks network monitoring.

This week we’re looking at new threats and security changes that could soon become day-to-day issues!

GOT(IT) #28 is here to shed some light on future tendencies that everyone at IT should stay on the lookout for! Smarter ransomware, IoT threats that might compromise one’s health, and a little extra privacy for our mobile devices.

New Ransomware Discovered Using Process Doppelgänging

Synack Ransomware

We have been following the slow demise of ransomware throughout the year knowing it wasn’t really what it looked like. Since the industry’s eyes are now focused on crypto-jacking, this threat has the time to develop new methods and test their reach without being tackled instantly.

And they did surprise us: Kaspersky Lab found a new variant of the SynAck ransomware that uses a technique called Process Doppelgänging in an attempt to avoid being detected by security tools.

This exploit utilizes a Windows function, NTFS transactions, and an outdated process loader to launch malicious processes that replace the memory of a legitimate process. This fools antivirus into thinking that the process running is a secure one, and lets the malicious one run freely.

Aside from the unique execution, we’re talking about the standard ransomware infection. Files are encrypted with the AES-256-ECB algorithm, and a ransom is requested.

Researchers are working on a counter-solution, so keep your AVs updated and watch out for any sketchy emails.


The Future of IoT Threats, Pacemakers Need Patching

Herzschrittmacher_auf_RoentgenbildIt’s no news that security is the top concern for the IoT industry. Well, it’s more like the world’s concern regarding the IoT industry, since most present security standards aren’t enough to calm an apocalyptic’s wildest thoughts on ultra-vulnerable devices.

Yes, connecting all new kinds of devices and gadgets can be extremely beneficial , but what happens when the wrong device gets breached? When medicine goes digital, a patient’s health becomes the risky target.

The US Food and Drug Administration (FDA) has recently approved a firmware patch for Abbott’s pacemakers, which are small devices implanted on patients to help treat irregular heartbeats.

These devices had an extremely basic 24-bit RSA authentication, and a hard-coded 3-byte fixed override code. That, combined with the fact that critical commands such as shocks, and updates can be sent remotely using Radio Frequency… certainly gives us the chills on possible remote attacks on one’s health. What’s more, the patch also addresses a risk of sudden battery loss that these devices suffered.

This vulnerability affected about 465,000 patients, who need to schedule a visit with their physician to update their device’s firmware. The models affected are the Current, Promote, Fortify, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura, Unify Quadra, Promote Quadra, and Ellipse.


Android P Will Block Apps from Monitoring Network Use

Android P privacy features block network monitoring

Android P is being developed with what it looks like a great focus on user Privacy, and yet another of its upcoming features surfaced: it will restrict apps from monitoring your phone’s network activity.

It’s a long-time flaw that allows any Android app to gain full access to all outgoing and incoming connections via TCP/UDP and determine which server you are connecting to.

This means any app can sniff which other app is connected to the internet, when they are connected, and where to.

Luckily, a commit showcased the ‘fix’ coming in Android P, which will lock down the proc/net, which contains outputs from the kernel regarding network activity. Great improvement on user privacy, and we hope the development continues to grow in tools that secure users beforehand.


 Ready-up for the future of IT security! It’s a never-ending circle, a new technology comes out, new flaws are discovered, and security patches are rushed.  

Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.