Info Advantage Blog

One of the major arguments for die-hard Apple fans is that their devices are nearly invulnerable to the attacks that work their way into other operating systems, such as malware or viruses. While it is true that Apple has a much lower rate of malware infections, this does not make it impenetrable, and hackers are constantly looking for new ways to extort data. One newly discovered malware, known as Fruitfly, takes advantage of an antiquated code that allows it to run undetected on macOS systems.

What is Fruitfly?

Fruitfly is a newly discovered type of malware recently found by the team at Malwarebytes. While relatively harmless, this malware is able to hide inside of OS X without alerting the user of its presence. The malware communicates with two command-and-control servers, which allows it to perform actions such as typing, webcam and screen capture, and even moving and clicking the mouse. It can also map other devices and try to connect with them.

Where did Fruitfly come from?

There is a bit of mystery surrounding the origins of Fruitfly. According to Malwarebytes, Fruitfly may have been hiding in a OS X for several years, as much of its code indicates that it was adapted from OS X to Yosemite, making it at least three years old. However, there are also lines of code that rely on pre-OS X systems, and some open-source ‘libjpeg’ code, which hasn’t been updated since 1998. So far, most of the discovered instances of Fruitfly have been found on machines at biomedical research institutions.

What can I do to protect my device?

Luckily, it seems that most of the Fruitfly attacks are targeted, making them a minor threat to an everyday user. However, Apple has yet to release a patch against Fruitfly, so users should take caution and keep an eye out for any updates they release in the near future. One of the best ways to ensure that your device stays infection-free is through constant monitoring of your network. Keep an eye out for any irregularities, and don’t let anything go unreported.

Worried that your network is in danger of malware infection? Not sure what to look for when monitoring your network? Contact Info Advantage today at (585) 254-8710 to talk to an IT professional about how to keep your devices safe from harmful attacks.

Windows is perhaps the most widely-used computing tool in the workplace, and as such, it remains a huge target for hackers of all kinds. Criminals are always trying to uncover vulnerabilities in the operating system, but this time around, Microsoft has truly outdone themselves. Windows 10’s built-in security, according to hackers at the Black Hat conference in Las Vegas, allows for the most secure Windows operating system in several years.

It was expressed that, in comparison to its previous incarnations, Windows 10 is much more difficult to break into. That hasn’t stopped some hackers from trying, though. Among the Black Hat hackers at the convention were many who had tried to pinpoint potential outlets for malicious threats, and while they still managed to come up with a couple of solutions, it became clear that Windows 10 is much more challenging for hackers to infiltrate. Below are a few of the proposed attack models, and how Windows 10 challenges them.

Windows 10 Uses Built-In Anti-Malware Tools
Windows 10 uses what’s called the antimalware scan interface (AMSI), which is capable of identifying and capturing malicious scripts in memory. The idea is that applications can access this information, and any antivirus or antimalware program can process it. For example, Windows Defender and AVG use AMSI. The reason that this is such a huge problem for hackers is that many prefer to use script-based attacks. The kicker here is that while AMSI is a valuable tool to detect and prevent attacks, it requires secondary security protocol in order to be most effective. While it’s great for detecting scripts executed in PowerShell, since PowerShell records logs, it still requires someone to regularly monitor the logs in order for it to be most effective.

Active Directory
Active Directory is a crucial part of how Windows administration functions, and it’s useful for both managing workloads in the cloud, and controlling identity and authentication management on in-house networks. Microsoft Azure uses Active Directory, which can provide exceptional security for an Azure-based cloud computing platform. The problem that admins run into in most circumstances is that any user account can access Active Directory, unless the administrator removes those permissions. Therefore, it falls to your IT administrators to ensure that the credentials for your Active Directory authentication are secured, and to control user permissions to mitigate potential access to AD.

Virtualization
Virtualization-based security is a series of security features that are built into the hypervisor of Windows 10. In essence, Hyper-V can create a virtual machine that isn’t connected to the root partition. This virtual machine can then execute security commands as needed. The idea here is that Hyper-V creates a virtual machine that can’t be compromised, even if the root partition has been taken over. It’s a way of minimizing the extent of data breaches, should they happen in the first place. Of course, if the root contains credentials that allow hackers to access the virtual machine, it’s all over. Therefore, administrators need to take measures to ensure that hackers cannot access the VBS machine.

Of course, no matter how secure an OS is, hackers will always find a way to get in. One way or another, criminals who are determined to bypass defenses will create a way to do so. Microsoft patches known vulnerabilities as soon as they’re discovered to be active, so it comes down to outplaying the opponent. Hackers will inevitably find ways to crack Windows 10’s innate security, so it’s your responsibility to complement your OS’s security with your own solutions.

If you need assistance securing your Windows 10 devices, or any other workstations, servers, or network components, reach out to Info Advantage at (585) 254-8710.

Which database management system is running on your company’s server units? For end users, it’s not something that they put a whole lot of thought into. However, if you completely overlook your Microsoft SQL Server, you may end up running an expired version that puts your data at risk. Case in point, SQL Server 2005, which Microsoft recently ended support for.