iGaming Business magazine iGB 112 Sept/Oct 2018 | Page 19

Tech & Innovation
released security updates for a long list of processors
going back to 2015.
The new attack dubbed Foreshadow by researchers
is similar in make up to Meltdown and Spectre. Intel has
named them L1 Terminal Fault (L1TF) bugs. Fixes for the
bugs should be sought through hardware and software
suppliers and should be applied as soon as possible.
The fixes involve disabling some of the chip’s features,
in much the same way as speculative operations were
disabled to mitigate prior chip flaws. There should be
little discernible impact on performance for any tasks
outside of extreme data centre type loads but bear in
mind that the features were introduced to increase
performance in the first place.
Note that all OS instances on cloud and virtual
machines need to have the patches applied to fully
protect the underlying hardware. Intel is expected to
release a new range of silicon that does not suffer from
the flaws discovered over the last few months a little later
in 2018.
Cisco has released three patches preventing denial of
service attacks in some of its product range. Two of the
patches cover a reload condition that can be executed
in Cisco AsyncOS Software for Cisco Web Security
Appliances and Cisco Adaptive Security Appliances.
The third issue affects XCP Router service of the
Cisco Unified Communications Manager IM and
Presence Service and the Cisco TelePresence Video
Communication Server and Expressway. If exploited a
malicious actor could cause a temporary service outage.
Malware
AZORult Stealer has received an update and is once
again proving to be a problem. The malware is regularly
altered, which is one of the reasons why it is so persistent.
The latest variant seems to be targeting a North
American audience at present and typically delivers a
password protected Word document.
Once the doc is opened using the password
contained in the email and the macros are enabled, the
AZORult payload is downloaded. The malware collects
information and can also be used in ransomware attacks.
Emails typically come out within a day of the malware
being updated. Naturally any unsolicited email (or emails
with attachments in general) should be treated with
caution. These latest AZORult mails seem to be on an
employment-related theme, containing resumes and job
candidate type attachments.
Marap is a new downloader malware being delivered
through the Necurs botnet. Recently discovered from
researchers at Proofpoint, the malware currently
contains fingerprinting modules, which look for
information such as username, domain name, IP address
and so on – common fingerprinting information that
could be used in future attacks. The researchers warn us
that Marap is capable of delivering additional payloads
in the future.
In the news
Def Con 2018 has thrown up some interesting
developments, from the smartphones that ship with
malware out of the box through to an attack on Amazon
Echo and the first concept piece of malware powered by
artificial intelligence.
DeepLocker is a truly worrying piece of research
brought to us by the people at IBM Research. The
researchers have designed malware powered by artificial
intelligence, creating what they call a “highly targeted
and evasive” piece of malicious code.
DeepLocker can leverage several attributes to
identify its target, including visual, audio, geolocation
and system-level features. In an example given by the
researchers these triggers could be set to only deliver
the malicious payload to a specific individual that the
malware recognises through facial recognition. For
example, it could bury itself in video conferencing code
and compare the feed to publicly available images of the
targeted individual before unleashing the malware.
DeepLocker is extremely difficult for analysts to detect
as it does not reveal what kind of target it is looking for:
a person or organisation, or indeed who the target is if it
is a person. Finally, as the attack remains fully encrypted
until the target is found it is impossible for analysts to
figure out how the attack will be executed.
Phones shipping with malware out of the box are
always a aconcern. Security researchers from US Mobile
and IoT security firm Kryptowire have highlighted
some 25 Android phones that they discovered had
shipped with malware in their default applications. The
researchers presented a list of these devices at DefCon.
They were predominately lesser-known models, though
devices from LG, Nokia and Sony were on the list.
Amazon Echo was shown to be compromised by
security researchers Wu Hui Yu and Qian Wenxiang.
The pair demonstrated how the Echo could be used to
eavesdrop on conversations without users knowing the
device was recording. Echo owners shouldn’t panic just
yet, however, as the researchers have already passed
their findings to Amazon. Furthermore, the attack also
requires the attacker to have compromised the WiFi
network that the Echo is on.
As always please stay vigilant, apply patches and
updates vigorously and, above all, stay safe.
i GamingBusiness | Issue 112 | September/October 2018
17