Tech
Antivirus vendors push fixes for EFS ransomware attack method – ZDNet
Researchers have disclosed how an EFS attack launched by ransomware leaves systems relying on signature-based antivirus solutions open to attack, with major vendors pushing fixes left, right, and center as a result.
On Tuesday, Amit Klein, the VP of Security Research at Safebreach Labs revealed an investigation into how the Windows Encrypting File System (EFS) can be abused by ransomware, a form of malware that encrypts systems and demands payment in return for the restoration of access.
A lab-based exploration of EFS, developed by Microsoft as an NTFS alternative to full disk encryption provided by BitLocker in order to encrypt individual files or directories, found that major antivirus solutions might not protect the system.
In a blog post, Safebreach Labs said that after testing three major anti-ransomware solutions offered by cybersecurity vendors, all three failed to stop attacks.
TechRepublic: Why baby boomers are looking to IoT and analytics to stay safe
The security solutions tested were ESET Internet Security 12.1.34.0, Kaspersky Anti Ransomware Tool for Business 4.0.0.861(a), and Microsoft Windows 10 Controlled Folder Access on Windows 10 64-bit version 1809 (Build 17763) using a virtual Windows 10 machine loaded up with a variety of different content and file types.
Safebreach Labs tested whether or not EFS could be exploited by creating its own ransomware variant employing tactics including the generation of keys and certificates. To begin the attack chain, the ransomware created both and then added the certificate to the personal certificate store, assigning the new key to act as the current EFS key, and invoked it on the files or folders destined for deletion.
The next step involved saving the key file to memory and deleting it from %APPDATA% MicrosoftCryptoRSA[user SID] and %ProgramData%MicrosoftCryptoRSAMachineKeys. EFS data was then flushed from memory, which made sure the “encrypted files become[s] unreadable to the user (and operating system),” according to the team.
See also: JhoneRAT exploits cloud services to attack Middle Eastern countries
If possible, the malware would then wipe slack parts of the disk, followed by the encryption of the key file data using a hard-wired public key in the ransomware. At this point, it could also be possible to send stolen information to an attacker’s command-and-control (C2) center.
According to the researchers, the encryption activities of EFS-based ransomware take place in the kernel and as the NTFS driver is in play, may also go unnoticed by file-system filter drivers. No human interaction or administration rights are required.
However, padlock icons are shown when files are encrypted — which may give victims an indication that all is not well — and if Data Recovery Agent is enabled, recovery can be “trivial,” the team says.
Safebreach Labs developed Proof of Concept (PoC) code and provided this, together with a report, to 17 cybersecurity vendors. As a result, the team realized more products were affected than originally thought.
Below is the rundown on each vendor, their susceptibility, and any actions taken:
- Avast, Antivirus: “We implemented a workaround for version 19.8.” Avast, too, provided the researchers with a $1000 bounty.
- Avira, Antivirus: “We have taken an exhaustive look at this potential vulnerability. While we value the reports of this potential vulnerability, we believe that this potential bypass which is dependent upon a customized use scenario is not a realistic ‘failure point.'”
- Bitdefender: “As of today [January 10], the fix started rolling out on Bitdefender Antivirus, Bitdefender Total Security and Bitdefender Internet Security on version 24.0.14.85. On Bitdefender Free Edition the fix is in reporting mode only, being necessary for fine-tuning in the future.”
- Check Point, SandBlast Agent | Zone Alarm: “Check Point has resolved the issue and the fix is currently available with the latest Corporate Endpoint Client E82.30 and will be available in the latest release of Zone Alarm Anti-Ransomware in the next couple of days.”
- D7xTech, CryptoPrevent Anti Malware: Vendor notified July 5th, status unknown.
- ESET, Ransomware Shield technology products: “In June of 2019, ESET was made aware of a possible security bypass of its consumer, business and server products for Windows via the standard Windows API EncryptFile. ESET was able to validate the underlying method used to administer this attack. We are now rolling out an update to mitigate the bypass and would like to kindly ask all customers to refer to Customer Advisory 2020-0002 for more information on mitigation options regarding the bypass published in this report.”
- F-Secure, Internet Security (with DeepGuard) | SAFE: Already detected as suspicious: W32/Malware!Online and Trojan.TR/Ransom.Gen.
- GridinSoft, GS Anti-Ransomware [beta]: “We have a free beta-test version of the program released in 2016. Since then it has not been updated and the main release version of the product has not been published. Since the program was last updated in 2016, it is more than logical that it protects against those ransomware families that were popular until 2016.”
- IObit, Malware Fighter: A fix is now available in version 7.2.
- Kaspersky (all): All the products were updated to protect against the technique.
- McAfee, Endpoint products: “McAfee released protection against the sample code provided by the reporter in the Anti-Virus (AV) DATs released on 10th January. This covers both our Enterprise and Consumer products. The AV DATs are automatically updated and Customers can check the version of the DATs through the product User Interface. Enterprise Customers using MVision EDR have a detection rule available from 10th January which will trigger when some variations of this Proof of Concept are executed. Through EDR the administrator can scan their machines for other instances of the malware and then block execution or delete the malware.”
- Microsoft, Windows Controlled Folder Access: “Microsoft considers Controlled Folder Access a defense-in-depth feature. We assessed this submittal to be a moderate class defense-in-depth issue, which does not meet the Microsoft Security Servicing Criteria for Windows. Microsoft may consider addressing this in a future product.”
- Panda Security, Panda Adaptive Defense | Panda Dome Advanced: “Our protection approach for the Panda Adaptive Defense product line is not based on patterns but on classifying all the files/processes running at the end-point. Thus, any attack using unknown files/processes will be detected and blocked.”
- Sophos, Intercept-X Endpoint | CryptoGuard: “We’ve updated Sophos Intercept X, and all customers using this product are protected.”
- Symantec, Endpoint Protection: “We pushed out two detection signatures to mitigate the issue. Both of these signatures have been pushed out to all endpoints via our live update.”
- TrendMicro, Apex One | RansomBuster: “Trend Micro is currently researching and working on implementing some enhancements to our endpoint protection products with anti-ransomware capabilities to try and prevent these types of attacks (ETA still in development). In the meantime, we recommend disabling EFS if it is not in [sic] use.”
- Webroot, SecureAnywhere AV: “We appreciate SafeBreach bringing this new technique to our attention. While we haven’t seen this technique used in the wild yet, we now can arm our threat researchers with intel to combat it in the future.”
CNET: NordVPN review: Still the best value for security and speed
A possible workaround is for administrators to change registry keys to turn off EFS, as well as use Group Policy in enterprise settings. However, if EFS is in active and legitimate use, then disabling the setting may impact required file protections.
“It is clear that in the face of the expected evolution of ransomware, that new anti-ransomware technologies need to be developed if the ransomware threat is to be contained and kept at bay,” the researchers say. “Signature-based solutions are not up to this job, heuristics-based (and even more so — generic technology-based) solutions seem more promising, but additional proactive research is required in order to “train” them against future threats.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
Sony has made it easy for Canadian consumers to preorder the PlayStation 5 Pro in Canada directly from PlayStation’s official website. Here’s how:
- Visit the Official Website: Go to direct.playstation.com and navigate to the PS5 Pro section once preorders go live on September 26, 2024.
- Create or Log in to Your PlayStation Account: If you don’t have a PlayStation account, you will need to create one. Existing users can simply log in to proceed.
- Place Your Preorder: Once logged in, follow the instructions to preorder your PS5 Pro. Ensure you have a valid payment method ready and double-check your shipping information for accuracy.
Preorder Through Major Canadian Retailers
While preordering directly from PlayStation is a popular option, you can also secure your PS5 Pro through trusted Canadian retailers. These retailers are expected to offer preorders on or after September 26:
- Best Buy Canada
- Walmart Canada
- EB Games (GameStop)
- Amazon Canada
- The Source
Steps to Preorder via Canadian Retailers:
- Visit Retailer Websites: Search for “PlayStation 5 Pro” on the website of your preferred retailer starting on September 26.
- Create or Log in to Your Account: If you’re shopping online, having an account with the retailer can speed up the preorder process.
- Preorder in Store: For those who prefer in-person shopping, check with local stores regarding availability and preorder policies.
3. Sign Up for Notifications
Many retailers and websites offer the option to sign up for notifications when the preorder goes live. If you’re worried about missing out due to high demand, this can be a useful option.
- Visit Retailer Sites: Look for a “Notify Me” or “Email Alerts” option and enter your email to stay informed.
- Use PlayStation Alerts: Sign up for notifications directly through Sony to be one of the first to know when preorders are available.
4. Prepare for High Demand
Preordering the PS5 Pro is expected to be competitive, with high demand likely to result in quick sellouts, just as with the initial release of the original PS5. To maximize your chances of securing a preorder:
- Act Quickly: Be prepared to place your order as soon as preorders open. Timing is key, as stock can run out within minutes.
- Double-Check Payment Information: Ensure your credit card or payment method is ready to go. Any delays during the checkout process could result in losing your spot.
- Stay Informed: Monitor PlayStation and retailer websites for updates on restocks or additional preorder windows.
Final Thoughts
The PlayStation 5 Pro is set to take gaming to the next level with its enhanced performance, graphics, and new features. Canadian gamers should be ready to act fast when preorders open on September 26, 2024, to secure their console ahead of the holiday season. Whether you choose to preorder through PlayStation’s official website or your preferred retailer, following the steps outlined above will help ensure a smooth and successful preorder experience.
For more details on the PS5 Pro and to preorder, visit direct.playstation.com or stay tuned to updates from major Canadian retailers.
Since the PlayStation 5 (PS5) launched four years ago, PlayStation has continuously evolved to meet the demands of its players. Today, we are excited to announce the next step in this journey: the PlayStation 5 Pro. Designed for the most dedicated players and game creators, the PS5 Pro brings groundbreaking advancements in gaming hardware, raising the bar for what’s possible.
Key Features of the PS5 Pro
The PS5 Pro comes equipped with several key performance enhancements, addressing the requests of gamers for smoother, higher-quality graphics at a consistent 60 frames per second (FPS). The console’s standout features include:
- Upgraded GPU: The PS5 Pro’s GPU boasts 67% more Compute Units than the current PS5, combined with 28% faster memory. This allows for up to 45% faster rendering speeds, ensuring a smoother gaming experience.
- Advanced Ray Tracing: Ray tracing capabilities have been significantly enhanced, with reflections and refractions of light being processed at double or triple the speed of the current PS5, creating more dynamic visuals.
- AI-Driven Upscaling: Introducing PlayStation Spectral Super Resolution, an AI-based upscaling technology that adds extraordinary detail to images, resulting in sharper image clarity.
- Backward Compatibility & Game Boost: More than 8,500 PS4 games playable on PS5 Pro will benefit from PS5 Pro Game Boost, stabilizing or enhancing performance. PS4 games will also see improved resolution on select titles.
- VRR & 8K Support: The PS5 Pro supports Variable Refresh Rate (VRR) and 8K gaming for the ultimate visual experience, while also launching with the latest wireless technology, Wi-Fi 7, in supported regions.
Optimized Games & Patches
Game creators have quickly embraced the new technology that comes with the PS5 Pro. Many games will receive free updates to take full advantage of the console’s new features, labeled as PS5 Pro Enhanced. Some of the highly anticipated titles include:
- Alan Wake 2
- Assassin’s Creed: Shadows
- Demon’s Souls
- Dragon’s Dogma 2
- Final Fantasy 7 Rebirth
- Gran Turismo 7
- Marvel’s Spider-Man 2
- Ratchet & Clank: Rift Apart
- Horizon Forbidden West
These updates will allow players to experience their favorite games at a higher fidelity, taking full advantage of the console’s improved graphics and performance.
Design & Compatibility
Maintaining consistency within the PS5 family, the PS5 Pro retains the same height and width as the original PS5 model. Players will also have the option to add an Ultra HD Blu-ray Disc Drive or swap console covers when available.
Additionally, the PS5 Pro is fully compatible with all existing PS5 accessories, including the PlayStation VR2, DualSense Edge, Pulse Elite, and Access controller. This ensures seamless integration into your current gaming setup.
Pricing & Availability
The PS5 Pro will be available starting November 7, 2024, at a manufacturer’s suggested retail price (MSRP) of:
- $699.99 USD
- $949.99 CAD
- £699.99 GBP
- €799.99 EUR
- ¥119,980 JPY
Each PS5 Pro comes with a 2TB SSD, a DualSense wireless controller, and a copy of Astro’s Playroom pre-installed. Pre-orders begin on September 26, 2024, and the console will be available at participating retailers and directly from PlayStation via direct.playstation.com.
The launch of the PS5 Pro marks a new chapter in PlayStation’s commitment to delivering cutting-edge gaming experiences. Whether players choose the standard PS5 or the PS5 Pro, PlayStation aims to provide the best possible gaming experience for everyone.
Preorder your PS5 Pro and step into the next generation of gaming this holiday season.
Google has launched its next generation of Pixel phones, setting the stage for a head-to-head competition with Apple as both tech giants aim to integrate more advanced artificial intelligence (AI) features into their flagship devices. The unveiling took place near Google’s Mountain View headquarters, marking an early debut for the Pixel 9 lineup, which is designed to showcase the latest advancements in AI technology.
The Pixel 9 series, although a minor player in global smartphone sales, is a crucial platform for Google to demonstrate the cutting-edge capabilities of its Android operating system. With AI at the core of its strategy, Google is positioning the Pixel 9 phones as vessels for the transformative potential of AI, a trend that is expected to revolutionize the way people interact with technology.
Rick Osterloh, Google’s senior vice president overseeing the Pixel phones, emphasized the company’s commitment to AI, stating, “We are obsessed with the idea that AI can make life easier and more productive for people.” This echoes the narrative Apple is likely to push when it unveils its iPhone 16, which is also expected to feature advanced AI capabilities.
The Pixel 9 lineup will be the first to fully integrate Google’s Gemini AI technology, designed to enhance user experience through more natural, conversational interactions. The Gemini assistant, which features 10 different human-like voices, can perform a wide array of tasks, particularly if users allow access to their emails and documents.
In an on-stage demonstration, the Gemini assistant showcased its ability to generate creative ideas and even analyze images, although it did experience some hiccups when asked to identify a concert poster for singer Sabrina Carpenter.
To support these AI-driven features, Google has equipped the Pixel 9 with a special chip that enables many AI processes to be handled directly on the device. This not only improves performance but also enhances user privacy and security by reducing the need to send data to remote servers.
Google’s aggressive push into AI with the Pixel 9 comes as Apple prepares to unveil its iPhone 16, which is expected to feature its own AI advancements. However, Google’s decision to offer a one-year free subscription to its advanced Gemini Assistant, valued at $240, may pressure Apple to reconsider any plans to charge for its AI services.
The standard Pixel 9 will be priced at $800, a $100 increase from last year, while the Pixel 9 Pro will range between $1,000 and $1,100, depending on the model. Google also announced the next iteration of its foldable Pixel phone, priced at $1,800.
In addition to the new Pixel phones, Google also revealed updates to its Pixel Watch and wireless earbuds, directly challenging Apple’s dominance in the wearable tech market. These products, like the Pixel 9, are designed to integrate seamlessly with Google’s AI-driven ecosystem.
Google’s event took place against the backdrop of a significant legal challenge, with a judge recently ruling that its search engine constitutes an illegal monopoly. This ruling could lead to further court proceedings that may force Google to make significant changes to its business practices, potentially impacting its Android software or other key components of its $2 trillion empire.
Despite these legal hurdles, Google is pressing forward with its vision of an AI-powered future, using its latest devices to showcase what it believes will be the next big leap in technology. As the battle for AI supremacy heats up, consumers can expect both Google and Apple to push the boundaries of what their devices can do, making the choice between them more compelling than ever.
RCMP investigating after three found dead in Lloydminster, Sask.
Three injured in Kingston, Ont., assault, police negotiating suspect’s surrender
Government intervention in Air Canada talks a threat to competition: Transat CEO
12 Bizarre Things People Did Just To Make Social Media Content
dynaCERT Inc. Invites You to Join Us at the Vancouver Resource Investment Conference | INN – Investing News Network
AP source: Bears acquiring quarterback Nick Foles from Jaguars – Sportsnet.ca
-
News18 hours agoSingh claps back at Poilievre ahead of House return
-
News24 hours ago
Arrest made in death of man whose body was found four years ago: police
-
News18 hours ago
More than 67 million people watched Donald Trump and Kamala Harris debate. That’s way up from June
-
News18 hours ago
Taxi driver suspected in fatal B.C. hit-and-run has left Canada: RCMP
-
News18 hours ago
The ancient jar smashed by a 4-year-old is back on display at an Israeli museum after repair
-
News7 hours ago
Reggie Bush was at his LA-area home when 3 male suspects attempted to break in
-
News18 hours ago
Mounties say there’s no evidence Lytton, B.C., wildfire was arson; cause unknown
-
News17 hours ago
Southern Baptist trustees back agency president but warn against needless controversy
