In an unprecedented move by a Chinese National Hacking Group, called Hafnium, hundreds of thousands of Exchange servers have been compromised, with over 30,000 accounts hacked this week. Leo says it's worse than that Russian Solar Winds attack. The hack takes advantage of a quartette of "zero-day exploits" that take advantage of bugs in Microsoft's Exchange email servers. Microsoft has put out an emergency update to plug the holes, and users are advised to install the fix immediately.
zero day exploits
John just upgraded to Windows 10, does he still need an antivirus? His tech people say he should. Leo says it's not bad to have an antivirus, but Windows 10 already comes with one called Defender. So he won't really need anything else. But Leo also says that the best defense is good behavior. No antivirus is 100% effective...at best they are 50% accurate. Also, they don't guard against so-called Zero-Day attacks. So avoid clicking on links or opening attachments, and keep the OS updated.
Manny got a Tiny Hardware Firewall, and he really likes it for when he's on the road. It was recently updated by THF and he wants to know how often he has to send it in to get updated. Leo says that security flaws have to be acted upon by getting one to click on something so the malware can take advantage of it. Often, so-called zero-day exploits are designed around this, and people have no real way of knowing they've been hacked. But keeping a system and THF patched, will mitigate vulnerability, except for zero-day exploits, which are patched pretty quickly.
Rich wants to know if Webroot is a good antivirus utility. Leo says that Webroot is good, and they're a sponsor. They offer additional protections because they're cloud based. But he really doesn't need it. Windows has its own antivirus called Defender that's quite good. Also, the state of malware is such that most occur as 'zero day exploits' which an antivirus can't catch. But Webroot will protect him for the most part. He should remember that his number one defense is his online behavior.
Greg is worried he's going to be nailed by Cyptowall. If he were to be infected, would he have some warning? Leo says you can sometimes see it happening, but it doesn't give you a warning. It's not instant though, in that it takes time to encrypt the data and if he has a hot backup, always backing up, the encrypted files can infect the backup. Having an offline backup will guard against that.
Not long after Microsoft ended support for Windows XP, a "zero day exploit" was discovered in Internet Explorer versions 6 through 11. Microsoft immediately patched Windows 7 and 8, but not XP. There was an outcry about it, so Microsoft relented and made an exception by quickly pushing out a fix. Leo says that once Microsoft makes an exception, the customer base will expect more of them. Will Microsoft release any more? Likely not. But the precedent has been set.
Bob has a very old version of Microsoft Office and he wants to know if it's safe to continue using. Leo says that this week, a "zero day flaw" was found in Microsoft Office through the RTF rendering engine, and hackers have been taking advantage of that. So if there's an update, update it. Leo also says not to use Internet Explorer. Use Google Chrome instead. He should turn off the feature that automatically launches an app when he goes to a website as well. If he's careful, he should be able to keep using his version of Office, though.