Why would you NOT trust automatic updates of your software?

Be it Windows, Antivirus or other kind’s of software that does it?

Why would you backup your entire system to a harddisk (Acronis10 or ShadowProtect or Veam (even free?) still works fine with Windows7, just rename Acronis.exe to Acronis_.exe) that you then carry home BEFORE doing the update? 😀 (paranoia level: maximum)

AutoUpdate servers are high value targets for hackers to spread ransomware.

The NSA – the biggest state sponsored hacking organization of this planet – used „SMB Remote Windows Kernel Pool Corruption“ EternalBlue for over a decade to spy on Windows dependent people (you really should try to boot IDEAL-Linux from a stick) – hackers used it to install Ransomware.

A group called ShadowBrokers made it public and wants to release more.

‚In a blog post written in their trademark broken English, the group said they had more so-called Ops Disks, which they said were also stolen from the NSA. They also claimed to have exploits for web browsers, routers, smartphones, data from the international money transfer network Swift and “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs”.‘

Accroding to TheGuardian.

Over 200,000 machines were infected with tools from this leak within the first two weeks[30] and in May 2017 the major WannaCry ransomware attack used the ETERNALBLUE attack on Server Message Block (SMB) to spread itself.[31] The exploit was also used to help carry out the 2017 Petya cyberattack on June 27, 2017.[32] (src)

EternalBlue contains kernel shellcode to load the non-persistent DoublePulsar backdoor.[33] This allows for the installation of the PEDDLECHEAP payload which would then be accessed by the attacker using the DanderSpritz Listening Post (LP) software.[34]

MeDoc provides periodic updates to its program through an update server. On the day of the attack, 27 June 2017, an update for MeDoc was pushed out by the update server, following which the ransomware attack began to appear.

British malware expert Marcus Hutchins claimed „It looks like the software’s automatic update system was compromised and used to download and run malware rather than updates for the software.“[2]

admin