WINDOWS UPDATES AND THE SANDWORM ATTACK
by John Cockerham
If you’re like most Windows users, as soon as you see the little “Windows Update” icon in the corner of your desktop you immediately exit out of it. Even in doing so, you know it’s going to pop right back up before you want to see it again. Maybe you’ll postpone it for four hours, or just exit out of the window and freak out when you’re computer starts restarting on its own. The back and forth goes on and on. Perhaps, after days of postponing it, you’ll click the update just to stop seeing it on your computer, only to have another update come up within the next few days! We’ve all been here before, there’s no denying it! But are some of these updates actually worthwhile?
On the flip side of the typical apathy (or total frustration!) towards Microsoft’s Windows updates, oftentimes they are used as patches to fix potential security flaws. In these cases, it’s really important that you update as soon as possible. The most recent Windows security flaw was exposed by “Sandworm”, which is thought to be a cyber-espionage campaign backed by the Russian government. It is currently assumed to be Russian in origin due to the campaign’s focus on political issues surrounding the country and its use of sophisticated and organized methods that are more typical of governmental hacking approaches. While the attack mostly focuses on high-profile targets, such as NATO, Ukrainian government organizations, and even a US academic institution, it does have the potential to create vulnerabilities in anyone’s computer. The attack occurs when victims open tampered Microsoft Office files that allow additional files to be downloaded to the victim’s computer and executed. This leads to the hacker’s ability to “remotely execute arbitrary code”, according to the cyber threat intelligence company iSIGHT Partners. The attack is based around spear phishing, which relies on email fraud and compromised attached files.
Cue the latest set of Windows updates, which Microsoft has been working on with iSIGHT Partners since the first notice of the attacks. The patch
specifically focuses on the Sandworm cyber-attack, so as mentioned before, it’s best to update as soon as possible if you haven’t already. As always, you’d rather be safe than sorry when your computer’s security is at risk. So when it comes down to it, Windows updates may not always be resolving extremely important issues such as this one every time, but making sure you install them frequently and keeping up with what they actually do can be vital to keeping your computer safe. Ironically, this attack has occurred just in time for National Cyber Security Awareness Month, a campaign by the Department of Homeland Security to raise awareness surrounding computer security.
For more information about the Sandworm attacks, you can visit iSIGHT’s website here: http://www.isightpartners.com/2014/10/cve-2014-4114/
Image used is from iSIGHT Partners website and can be found at its original source in the link above.