Blog Archives
Microsoft’s Tough Friday: Software giant battles hackers, malware, and a cloud outage
While workers at many companies were ending their work week Friday, Microsoft techs were scrambling to put out operational fires.
Late on Friday afternoon, Microsoft discovered that its worldwide Azure cloud service had gone offline when an expired security certificate prevented users from accessing the network.
Meanwhile, the company also discovered that a malware infection already discovered on internal computers at Facebook, Apple, and Twitter had crept into its in-house systems, too.
Azure fails
All encrypted traffic on Azure was disrupted when an SSL certificate expired, Microsoftexplained at a company website. Unencrypted traffic was unaffected by the certificate snafu, the company added.
![microsoft azure](https://i0.wp.com/images.techhive.com/images/article/2013/02/microsoft-azure-100026600-orig.jpg)
Service was almost totally restored by Saturday morning.
While the outage caused lots of grumbling on Microsoft’s online forums, contributor Brian Reischl accepted the mishap with a wry sense of humor.
“Might want to fix that, ASAP,” he wrote after a “certificate expired” message appeared on his computer screen. “It also wouldn’t hurt to put a sticky note on someone’s monitor so they remember to update that before it expires next time.
Outages aren’t new to Azure users. A year ago, the system went down. A certificate was the root cause of that outage, too. In addition, Western European users lost service due to a configuration issues in July 2012. Read More
World’s largest oil producer: 30K workstations fell victim to cyber attack
It’s nearly a plot line from the movies: World’s largest oil producer gets hit by a cyber-attack that threatens to wipe away all data from its internal computers. But largely, this is the situation Saudi Aramco described today.
The Saudi Arabia-based, industry leader released a statement confirming roughly 30,000 workstations were affected via cyber attack in mid-August. Details beyond that were scarce—Saudi Aramco said the virus “originated from external sources” and that their investigation into it was ongoing. There was no mention of whether this was related to this month’s Shamoon attacks.
The company said it cleansed its workstations and resumed operations for its internal network today. They also added that oil exploration and production were unaffected because those networks were separate systems. Reuters attempted to reach out to the company further but saw its e-mails bounced back. The news outlet also noticed one of the company’s sites taken down by attacks remained non-operational (aramaco.com).
The mid-August attack on Saudi Aramco came during the same week when security researchers identified the Shamoon attacks mentioned above. Researchers saw those as a copycat to a malware known as Wiper, which reportedly attacked Iran’s oil ministry in April. Researchers were reluctant name targets of the Shamoon attacks at that time however. Read More
Massive ‘Flame’ Malware Stealing Data Across Middle East
Researchers at Kaspersky Lab have uncovered a massive cyber threat, dubbed Flame, that is targeting “sensitive” information across the Middle East.
The malware, Kaspersky said, “might be the most sophisticated cyber weapon yet unleashed.”
Once deployed, Flame can sniff network traffic, take screenshots, record audio conversations, intercept a keyboard, and more, Kaspersky said. All of this data is then available via Flame’s command-and-control servers.
Iran has thus far been hardest hit by Flame, with at least 189 infections. Israel/Palestine came in second with 98, followed by Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10), and Egypt (5).
Kaspersky has not identified any specific organization that Flame is targeting. “From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence – emails, documents, messages, discussions inside sensitive locations, pretty much everything,” Kaspersky’s Alexander Gostev wrote in a blog post. “We have not seen any specific signs indicating a particular target such as the energy industry – making us believe it’s a complete attack toolkit designed for general cyber-espionage purposes.” Read More
Infected Computers to Lose Web Access When FBI Band-Aid Falls Off
Come July 9, about 350,000 computers in the United States alone may lose access to the Internet because they had previously been infected with DNSChanger malware.
The malware stealthily redirected victims accessing various websites to rogue servers controlled by a cybercriminal ring.
Six of the seven alleged cybercrooks were arrested in November as part of a two-year operation by the United States FBI and foreign law enforcement agencies. They have been charged in a New York court.
The FBI then obtained a court order authorizing the Internet Systems Consortium to deploy and maintain clean DNS servers until July 9.
It also took other actions, including setting up a page you can use to see whether your DNS address is among those affected.
Owners of computers at risk are mainly responsible for fixing the problem because “if a business or consumer doesn’t know there’s a problem, it’s a symptom of ignorance, and fixing the problem for them this time does nothing to address the long-term problem of failing to learn to use a computer securely,” Randy Abrams, an independent security consultant, told TechNewsWorld. Read More