Tag Archive for: Death

The Death of “Please Enable Macros” and What it Means

/in




February 14, 2022





On the 7th of February, Microsoft announced an impending change to its ubiquitous suite of Office apps. In Microsoft’s own words: “VBA macros obtained from the internet will now be blocked by default”. The change is expected to begin rolling out in early April.




Technically speaking, VBA macros were already “blocked by default” before. Upon opening a document containing such a macro, the user would be greeted with the following prompt:




And upon clicking this single button, Macros would be enabled. Following this change, for files that originated in the internet, the user would instead see this prompt:




The “learn more” button leads to a short article where Microsoft explains to the end user that macros “are often used by people with bad intentions to distribute malware to unsuspecting victims” and “aren’t required for everyday use like reading or editing a document in Word or using Excel workbooks”. Most importantly, the article stresses, “no legitimate company will make you open an Excel file to cancel an order and you don’t need macros just to read a document in Word”.




After all these admonitions, if the user is still interested in running the offending document macros, Microsoft provides a 4-step process under a collapsible. The process involves manually saving the file to the hard drive, then digging inside the file properties and explicitly clicking a checkmark box titled “unblock”.








This decision did not come about in a vacuum. Starting in the early 2010s, macros in MS-Word documents slowly gained ground and eventually became the most popular vector of infection for the average cybercriminal peddling commodity malware. This rise in popularity was preceded by a long and unusual history: in fact, like the cure for scurvy, VBA malware had to be discovered twice – having been forgotten and become lost to history after the first time. 




The first load-bearing document was a proof-of-concept created all the way back in 1994, during the stone age of POGs, Power Rangers, the Clinton Administration and dial-up internet. Up until then, it was…

Source…

Keenan: Beware the ransomware that could mean life or death

/in


Author of the article:

Tom Keenan

Publishing date:

Nov 13, 2021  •  22 minutes ago  •  4 minute read  •  Join the conversation

This Feb 23, 2019, file photo shows the inside of a computer in Jersey City, N.J.
This Feb 23, 2019, file photo shows the inside of a computer in Jersey City, N.J. Photo by Jenny Kane /THE ASSOCIATED PRESS

The major outage of health-care computer systems in Newfoundland and Labrador has undoubtedly damaged the health of ordinary citizens there and tarnished the province’s reputation. I have bad news for them, it could get much worse.

I speak with some authority on this matter. My academic research field is information security. I taught what I believe was Canada’s first course on that subject on Oct. 14, 1977. From an actuarial standpoint, the pool of people who can dispute that claim gets smaller every year.

In 1984, I helped to write our country’s first computer crime laws. I have even testified before the Supreme Court of Newfoundland and Labrador in a health privacy case and analyzed the very system, Meditech, that has been attacked in the current crisis.

It appears that ransomware is very much a guy thing. Almost all of the notorious ransomware criminals who have been identified are male. At least one study showed that men are also more likely to be victims. Researchers at the École Polytechnique de Montréal found that “being a male was identified as an independent risk factor” for falling victim to most malware attacks.

The crisis in Canada’s easternmost province concerns me greatly. Media reports say that people were sleeping on the floor in an overcrowded St. John’s emergency room. Urgent, life-saving surgeries had to be postponed.

Provincial authorities tried to be cagey about the attack. Health Minister John Haggie kept calling it “a possible cyber attack.” Deputy Premier Siobhán Coady dodged questions about whether this was ransomware in a Nov. 2 press conference. She simply repeated, three times, “We…

Source…

Security under spotlight after British MP stabbed to death

/in


posted October 16, 2021 at 08:30 pm

by 
AFP

The fatal stabbing of British lawmaker David Amess was a terrorist incident, police said Saturday, as MPs pressed for tougher security in the wake of the second killing of a UK politician while meeting constituents in just over five years.

Security under spotlight after British MP stabbed to death

Veteran Conservative MP David Amess, 69, was talking with voters at a church in the small town of Leigh-on-Sea east of London when he was stabbed to death on Friday.

Police said they arrested a 25-year-old suspect and were investigating “a potential motivation linked to Islamist extremism.”

Police have said the investigation is in the “very early stages,” though multiple UK media outlets, citing sources, reported that the suspect was believed to be a British national with Somali heritage.

Britain’s politicians were stunned by the highly public attack, which recalled the murder of a pro-EU lawmaker ahead of the Brexit referendum.

In June 2016, Labour MP Jo Cox was killed by a far-right extremist, prompting demands for action against what lawmakers said was “a rising tide” of public abuse and threats against elected representatives.

Cox’s sister Kim Leadbeater, who became an MP in the same constituency this year, said Amess’ death had left her “scared and frightened.”

“This is the risk we are all taking and so many MPs will be scared by this,” she added.

Home Secretary Priti Patel on Friday ordered police across the country to review security arrangements for all 650 MPs.

House of Commons Speaker Lindsay Hoyle promised no “knee-jerk reactions” but told Sky News: “We will take further measures if we need to”.

Labour MP Chris Bryant wrote in The Guardian that “sensible measures” were needed both in parliament, which is typically heavily guarded, and in constituencies, where MPs often hold meetings in locations such as church halls and high-street offices.

“We don’t want…

Source…

The case of the first alleged ransomware death

/in


For nearly eight days, computers had been disabled on every floor. A real-time wireless tracker that could locate medical staff around the hospital was down. Years of patient health records were inaccessible. And at the nurses’ desk in the labor and delivery unit, medical staff were cut off from the equipment that monitors fetal heartbeats in the 12 delivery rooms.

Doctors and nurses in the unit texted each other with updates. “We have no computer charting for I don’t know how long,” one manager informed a nurse in a message later filed in court. “They are printing out the labs in the laboratory and sending them by paper,” another worker wrote. One overwhelmed nurse texted, “I want to run away.”

Ms. Kidd’s daughter, Nicko Silar, was born with the umbilical cord wrapped around her neck. The condition triggers warning signs on the heart monitor when the squeezed cord cuts off the supply of blood and oxygen to the fetus. Nicko was diagnosed with severe brain damage. She died nine months later.

Amid the hack, fewer eyes were on the heart monitors—normally tracked on a large screen at the nurses’ station, in addition to inside the delivery room. Attending obstetrician Katelyn Parnell texted the nurse manager that she would have delivered the baby by caesarean section had she seen the monitor readout. “I need u to help me understand why I was not notified.” In another text, Dr. Parnell wrote: “This was preventable.”

Ms. Kidd has sued Springhill, alleging information about the baby’s condition never made it to Dr. Parnell because the hack wiped away the extra layer of scrutiny the heart rate monitor would have received at the nurses’ station. If proven in court, the case will mark the first confirmed death from a ransomware attack.

The hospital denies any wrongdoing. In an emailed statement to The Wall Street Journal, Springhill CEO Jeffrey St. Clair said the hospital handled the attack appropriately: “We stayed open and our dedicated healthcare workers continued to care for our patients because the patients needed us and we, along with the independent treating physicians who exercised their…

Source…