Guest Post by Craig Petronella, President of Petronella Technology Group
Encryption of sensitive emails and web communications is an effective way to protect yourself against a cyber event.
But cyber thieves always seem to be a step ahead of the game. Even as you read this, they’re working on ways to crack encrypted code.
And they’re enjoying some success. An example: a recent outbreak of de-encryption malware has put anyone who uses Windows at risk.
For detail on this new threat, we turn to Craig Petronella, CEO of Petronella Technology Group Inc., a cyber-security expert who posted this recent blog:
“Researchers at Kaspersky have uncovered a new highly sophisticated, high impact malware threat that breaks encryption: Reductor. According to the researchers, the malware ‘compromises encrypted web communications in an impressive way’ and gives the threat actors behind it ‘capabilities that few other actors in the world have.’”
Want to learn more about cyber safety and social engineering trends? Attend our free one-hour CLE webinar coming up in December. Free webinars are just one of the many benefits of belonging to Alta Pro Lawyers RPG. You also get access to the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.
Insidious New Reductor Malware
From Petronella: “Reductor compromises the encrypted HTTPS communication, which enables the attacker to see all information and actions carried out by the web browser while leaving the victim completely unaware of the invasion.According to the Kaspersky researchers, Reductor avoids touching any network packets, which would raise a red flag with security protections in place, and instead patch the PRNG functions of your Chrome or Firefox browser in the process memory. It also installs rogue digital certificates. ‘This is another particularly clever move by the attackers, to mark the packets with a signature of their own but without touching the network packets at all,’ tweets John Opdenakker, Ethical Hacker. ‘It’s very hard to detect that the victims PRNG is manipulated by the attacker.’
Using the Kaspersky Attribution Engine, the researchers feel there is some evidence that Reductor uses the COMPfun Trojan as a downloader, and they have tentatively linked Reductor to Turla, an advanced espionage threat group also known as Venomous Bear or Snake. The group is known to target high profile groups such as government, military and large commercial targets.
Internet Download Manager, Office Activator and WinRAR, as well as other Windows products, have all been mentioned as being used as vehicles to distribute the malware.”
To minimize your risk:
- Only install what you need
- Only get your software directly from the vendor, developer or official market store
- Use antivirus protection software (Windows Defender is recommended)
Read Petronella’s original post here.
Are you a member of Alta Pro Lawyers RPG? If so, you get a 10% discount on Clio software and cloud-based products, not to mention free CLE webinars and 24/7 access to the Pro Practice Playbook. Not a member? Learn how to join here.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone 919-601-1601; Helpdesk support 919-422-2607 or 877-468-2721.
