Escaped the VENOMous snakes? Watch out for the LOGJAM

 In ITC's Threat of the Week

We wish we were talking about a Role Playing adventure Game, but unfortunately we’re not. LOGJAM is looking like the next ‘branded’ vulnerability and like FREAK, GHOST and HEARTBLEED is a throwback from over 20 years ago. Even if you are a lumberjack, it would appear that you are not OK.

Back in the day, shall we call it ‘Level 1’, the American government mandated something they called ‘Export Grade’ crypto. No prizes for guessing what ‘Export Grade’ means, and it is the total opposite of say Special Brew (also ‘Export Strength’), although both will get you into trouble, one way or another.

Yes, you guessed it, ‘Export Grade’ crypto is somewhat akin to the code books that came with Action Man (a=1,b=2 etc.). Actually it isn’t that bad, but it is the case that nation states can decrypt the Diffie-Hellman 512 bit keys in Export Grade as easily as Special Brew can lead you to the park bench.

So it transpires that a load of browser and server encryption stacks can be forced down to this low level of encryption allowing passive snooping with nothing up the stack noticing in a ‘man in the middle’ scenario. Which by a strange coincidence is the exact Modus Operandi described as being used by the lovely people at the NSA and GCHQ in one of the Snowden leaks. Eek.

We recommend that you look out for forthcoming Logjam related browser patches, disable legacy ‘export grade’ cipher suites on your services and regenerate 2048 bit Diffie-Helman keys as soon as you can.

This week’s fingers on the buzzer round is the discovery of a new piece of RansomWare themed on the Chicken and Meth emporium that is Pollos Hermanos from Breaking Bad. Called PolloCrypt this is a really nasty file encryption ransom affair. You have the option to pay a smaller amount now, or more later. Delivered predominately by Phishing emails, this one will be hard to avoid unless you educate your users. We recommend:

  • Have backup copies of all your data
  • Make sure AV is up to date
  • Tighten your anti-spam filters
  • Have a plan for isolating your stuff, should the chicken come to roost
  • Educate your people
  • DO NOT PAY THEM

ITC’s NetSure360◦ managed security platform can help identify vulnerable environments and even alert on the negotiation of weak cipher suites or unusual crypto activity like PolloCrypt. If you would like to discuss this with us, please contact us on: enquiries@itcsecure.com or call 020 7517 3900.

Jada Cyrus has compiled a fabulous toolkit for decrypting a lot of RansomWare. You can find it here: https://bitbucket.org/jadacyrus/ransomwareremovalkit/overview

If you don’t feel comfortable running these tools and have an issue, please contact us.

Our salutations, best wishes and thanks go out to Jada Cyrus.

 

Author: Kevin Whelan

Recent Posts

Leave a Comment