Today’s topics include Intel’s promise of new processors that will permanently fix the Meltdown and Spectre vulnerabilities; cryptocurrency mining attacks on Google’s DoubleClick ad network; an unauthorized mining campaign affecting up to 30 million computer systems; and the addition of monitoring features to Microsoft’s Azure Site Recovery.
During the Intel earnings call on Jan. 25, CEO Brian Krzanich addressed questions about what company is going to do to fix security issues in Intel processors. He said Intel is focusing on delivering high-quality mitigations and that Intel would incorporate silicon-based changes into this year’s new processor designs to protect customers from the potential Meltdown and Spectre exploits.
When the mitigations or processors will appear is unclear. But Intel is also facing questions relating to reports that the company probably learned about the problems during the early summer of 2017, but only admitted to them when independent researchers went public. These rumors about Intel’s secrecy have been referred to as an information embargo, suggesting that there was a coordinated effort among several technology companies to keep the vulnerabilities under wraps.
On Jan. 24, the House Energy and Commerce Committee announced that it was sending a letter to executives at seven technology companies demanding more information on whether the embargo existed, why it took place and whether proper authorities were notified. The companies were Apple, AMD, Amazon, ARM, Google, Intel and Microsoft.
Researchers at Trend Micro Jan. 24 uncovered a malware campaign that used Google’s DoubleClick ad network to distribute crypto-currency miners on systems belonging to Internet users in France, Spain, Italy, Japan and other countries.
A Google spokesman told eWEEK, “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”
In this campaign, authors of the malware used Google’s DoubleClick ad network to distribute advertisements containing Coinhive, a mining tool for the Monero cryptocurrency, to users in multiple countries.
In a Jan. 24 report, the Palo Alto Networks Unit 42 security research group revealed that up to 30 million systems may be impacted a new cryptocurrency mining attack ongoing since October 2017. The attack payload installs the open-source XMRig mining software on a victim’s machine to consume CPU resources and mine the Monero cryptocurrency.
Josh Grunzweig, senior malware researcher at Palo Alto Networks, said “We can’t go into attribution, but the evidence is suggestive of a single threat actor or group. We saw evidence of the Russian language being used when we analyzed the malware.”
Rather than abusing a software vulnerability, attackers are using URL shorteners as the delivery mechanism for XMRig mining code. “What’s happening is users are being presented with AdFly ads, and those ads have the shortened URLs within them,” Grunzweig said.
Microsoft has added new monitoring and troubleshooting capabilities to Azure Site Recovery, including a new vault overview page, offering users clarity on how well their configurations will stand up to a mishap, along with expert guidance if they fall short.
Bharath Sivaraman, senior program manager of Azure Site Recovery at Microsoft, said the new dashboard “features recommendations based on best practices, and in-built tooling for troubleshooting issues that you may be facing.”
The tool also provides real-time replication health monitoring and a failover readiness model that helps users determine the status of their disaster preparedness. Plus, it promises a simplified troubleshooting experience, added Sivaraman, along with advanced anomaly-detection capabilities.