Cybercriminals Exploit CVE-2017-0199 to Deliver Fileless Remcos RAT Malware

Overview:

It is worth stating that millions of Windows users around the world are facing the Blue Screen of Death (BSOD) problem that makes systems shutdown or restart. This has been attributed to a CrowdStrike update that was released recently and has impacted many organizations, financial institutions, and government agencies across the globe. Indian airlines have also reported disruptions on X (formerly Twitter), informing passengers about the issue.

Understanding Blue Screen of Death:

Blue Screen errors, also known as black screen errors or STOP code errors, can occur due to critical issues forcing Windows to shut down or restart. You may encounter messages like "Windows has been shut down to prevent damage to your computer." These errors can be caused by hardware or software problems.

Impact on Industries

Some of the large U. S. airlines such as American Airlines, Delta Airlines, and United Airlines had to issue ground stops because of communication problems. Also, several airports on Friday suffered a massive technical issue in check-in kiosks for IndiGo, Akasa Air, SpiceJet, and Air India Express.

The Widespread Issue

The issue seems widespread and is causing disruption across the board as Windows PCs are deployed at workplaces and other public entities like airlines, banks, and even media companies. It has been pointed out that Windows PCs use a special cybersecurity solution from a company called CrowdStrike that seems to be the culprit for this outage, affecting most Windows PC users out there.

Microsoft's Response

The issue was acknowledged by Microsoft and the mitigations are underway. The company in its verified X handle Microsoft 365 status has shared a series information on the latest outage and they are looking into the matter. The issue is under investigation.

In one of the posts from Microsoft Azure, it is mentioned that they have become aware of an issue affecting Virtual Machines (VMs) running Windows Client and Windows Server with the CrowdStrike Falcon agent installed. These VMs may encounter a bug check (BSOD) and become stuck in a restarting state. Their analysis indicates that this issue started approximately at 19:00 UTC on July 18th. They have provided recommendations as follows:

Restore from Backup:   In case customers have available backups prior to 19:00 UTC on July 18th, they should recover VM data from the backups. If the customer is using Azure Backup, they can get exact steps on how to restore VM data in the Azure portal. here.

Offline OS Disk Repair: Alternatively, customers can attempt offline repair of the OS disk by attaching an unmanaged disk to the affected VM. Encrypted disks may require additional steps to unlock before repair. Once attached, delete the following file:

Windows/System/System32/Drivers/CrowdStrike/C00000291*.sys 

After deletion, reattach the disk to the original VM.

Microsoft Azure is actively investigating additional mitigation options for affected customers. We will provide updates as we gather more information.

Resolving Blue Screen Errors in Windows

Windows 11 & Windows 10:

Blue Screen errors can stem from both hardware and software issues. If new hardware was added before the error, try removing it and restarting your PC. If restarting is difficult, start your PC in Safe Mode.

To Start in Safe Mode:

From Settings:

Open Settings > Update & Security > Recovery.

Under "Advanced startup," select Restart now.

After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart.

After your PC restarts, you'll see a list of options. Select 4 or press F4 to start in Safe Mode. If you need to use the internet, select 5 or press F5 for Safe Mode with Networking.

From the Sign-in Screen:

Restart your PC. When you get to the sign-in screen, hold the Shift key down while you select Power > Restart.

After your PC restarts, follow the steps above.

From a Black or Blank Screen:

Press the power button to turn off your device, then turn it back on. Repeat this two more times.

After the third time, your device will start in the Windows Recovery Environment (WinRE).

From the Choose an option screen, follow the steps to enter Safe Mode.

Additional Help:

Windows Update: Ensure your system has the latest patches.

Blue Screen Troubleshooter: In Windows, open Get Help, type Troubleshoot BSOD error, and follow the guided walkthrough.

Online Troubleshooting: Visit Microsoft's support page and follow the recommendations under "Recommended Help."

If none of those steps help to resolve your Blue Screen error, please try the Blue Screen Troubleshooter in the Get Help app:

• In Windows, open Get Help.
• In the Get Help app, type Troubleshoot BSOD error.
• Follow the guided walkthrough in the Get Help app.

[Note: If you're not on a Windows device, you can run the Blue Screen Troubleshooter on your browser by going to Contact Microsoft Support and typing Troubleshoot BSOD error. Then follow the guided walkthrough under "Recommended Help."]

For detailed steps and further assistance, please refer to the Microsoft support portal or contact their support team.

CrowdStrike’s Response:

In the statement given by CrowdStrike, they have clearly mentioned it is not any cyberattack and their resources are working to fix the issue on Windows. Further, they have identified the deployment issue and fixed the same. Crowdstrike mentions about their problematic versions as follows:

• “Channel file "C-00000291*.sys" with timestamp of 0527 UTC or later is the reverted (good) version.
• Channel file "C-00000291*.sys" with timestamp of 0409 UTC is the problematic version.

Note: It is normal for multiple "C-00000291*.sys files to be present in the CrowdStrike directory - as long as one of the files in the folder has a timestamp of 0527 UTC or later, that will be the active content.”

The CrowdStrike will be providing latest updates on the same and advises their customers and organizations to contact their officials officially to get latest updates and accurate information. It is encouraged to refer to customer’s support portal for further help.

Stay safe and ensure regular backups to mitigate the impact of such issues.

References:

https://status.cloud.microsoft/

https://support.microsoft.com/en-us/windows/resolving-blue-screen-errors-in-windows-60b01860-58f2-be66-7516-5c45a66ae3c6

https://support.microsoft.com/en-gb/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234

https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/ 

‍

‍

‍

‍

‍Brief Overview of the EU AI Act

The EU AI Act, Regulation (EU) 2024/1689, was officially published in the EU Official Journal on 12 July 2024. This landmark legislation on Artificial Intelligence (AI) will come into force just 20 days after publication, setting harmonized rules across the EU. It amends key regulations and directives to ensure a robust framework for AI technologies.  The AI Act, a set of EU rules governing AI, has been in development for two years and now, the EU AI Act enters into force across all 27 EU Member States on 1 August 2024, with certain future deadlines tied up and the enforcement of the majority of its provisions will commence on 2 August 2026. The law prohibits certain uses of AI tools, including those that threaten citizens' rights, such as biometric categorization, untargeted scraping of faces, and systems that try to read emotions are banned in the workplace and schools, as are social scoring systems. It also prohibits the use of predictive policing tools in some instances. The law takes a phased approach to implementing the EU's AI rulebook, meaning there are various deadlines between now and then as different legal provisions will start to apply.

The framework puts different obligations on AI developers, depending on use cases and perceived risk. The bulk of AI uses will not be regulated as they are considered low-risk, but a small number of potential AI  use cases are banned under the law. High-risk use cases, such as biometric uses of AI or AI used in law enforcement, employment, education, and critical infrastructure, are allowed under the law but developers of such apps face obligations in areas like data quality and anti-bias considerations. A third risk tier also applies some lighter transparency requirements for makers of tools like AI chatbots.

In case of failure to comply with the Act, the companies in the EU providing, distributing, importing, and using AI systems and GPAI models, are subject to fines of up to EUR 35 million or seven per cent of the total worldwide annual turnover, whichever is higher.

Key highlights of EU AI Act Provisions

• The AI Act classifies AI according to its risk. It prohibits Unacceptable risks such as social scoring systems and manipulative AI. The regulation mostly addresses high-risk AI systems.
• Limited-risk AI systems are subject to lighter transparency obligations and according to the act, the developers and deployers must ensure that the end-users are aware that the interaction they are having is with AI such as Chatbots and Deepfakes. The AI Act allows the free use of minimal-risk AI. This includes the majority of AI applications currently available in the EU single market like AI-enabled video games, and spam filters, but with the advancement of Gen AI changes with regards to this might be done. The majority of obligations fall on providers (developers) of high-risk AI systems that intend to place on the market or put into service high-risk AI systems in the EU, regardless of whether they are based in the EU or a third country. And also, a third-country provider where the high-risk AI system’s output is used in the EU.
• Users are natural or legal persons who deploy an AI system in a professional capacity, not affected end-users. Users (deployers) of high-risk AI systems have some obligations, though less than providers (developers). This applies to users located in the EU, and third-country users where the AI system’s output is used in the EU.
• General purpose AI or GPAI model providers must provide technical documentation, and instructions for use, comply with the Copyright Directive, and publish a summary of the content used for training. Free and open license GPAI model providers only need to comply with copyright and publish the training data summary, unless they present a systemic risk. All providers of GPAI models that present a systemic risk – open or closed – must also conduct model evaluations, and adversarial testing, and track and report serious incidents and ensure cybersecurity protections.
• The Codes of Practice will account for international approaches. It will cover but not necessarily be limited to the obligations, particularly the relevant information to include in technical documentation for authorities and downstream providers, identification of the type and nature of systemic risks and their sources, and the modalities of risk management accounting for specific challenges in addressing risks due to the way they may emerge and materialize throughout the value chain. The AI Office may invite GPAI model providers, and relevant national competent authorities to participate in drawing up the codes, while civil society, industry, academia, downstream providers and independent experts may support the process.

Application & Timeline of Act

The EU AI Act will be fully applicable 24 months after entry into force, but some parts will be applicable sooner, for instance the ban on AI systems posing unacceptable risks will apply six months after the entry into force. The Codes of Practice will apply nine months after entry into force. Rules on general-purpose AI systems that need to comply with transparency requirements will apply 12 months after the entry into force. High-risk systems will have more time to comply with the requirements as the obligations concerning them will become applicable 36 months after the entry into force. The expected timeline for the same is:

• August 1st, 2024: The AI Act will enter into force.
• February 2025: Prohibition of certain AI systems - Chapters I (general provisions) & II (prohibited AI systems) will apply; Prohibition of certain AI systems.
• August 2025: Chapter III Section 4 (notifying authorities), Chapter V (general purpose AI models), Chapter VII (governance), Chapter XII (confidentiality and penalties), and Article 78 (confidentiality) will apply, except for Article 101 (fines for General Purpose AI providers); Requirements for new GPAI models. 
• August 2026: The whole AI Act applies, except for Article 6(1) & corresponding obligations (one of the categories of high-risk AI systems);
•  August 2027: Article 6(1) & corresponding obligations apply.

The AI Act sets out clear definitions for the different actors involved in AI, such as the providers, deployers, importers, distributors, and product manufacturers. This means all parties involved in the development, usage, import, distribution, or manufacturing of AI systems will be held accountable. Along with this, the AI Act also applies to providers and deployers of AI systems located outside of the EU, e.g., in Switzerland, if output produced by the system is intended to be used in the EU. The Act applies to any AI system within the EU that is on the market, in service, or in use, covering both AI providers (the companies selling AI systems) and AI deployers (the organizations using those systems).

In short, the AI Act will apply to different companies across the AI distribution chain, including providers, deployers, importers, and distributors (collectively referred to as “Operators”). The EU AI Act also has extraterritorial application and can also apply to companies not established in the EU, or providers outside the EU if they -make an AI system or GPAI model available on the EU market. Even if only the output generated by the AI system is used in the EU, the Act still applies to such providers and deployers. 

CyberPeace Outlook 

The EU AI Act, approved by EU lawmakers in 2024, is a landmark legislation designed to protect citizens' health, safety, and fundamental rights from potential harm caused by AI systems. The AI Act will apply to AI systems and GPAI models. The Act creates a tiered risk categorization system with various regulations and stiff penalties for noncompliance. The Act adopts a risk-based approach to AI governance, categorizing potential risks into four tiers: unacceptable, high, limited, and low. Violations of banned systems carry the highest fine: €35 million, or 7 percent of global annual revenue. It establishes transparency requirements for general-purpose AI systems. The regulation also provides specific rules for general-purpose AI (GPAI) models and lays down more stringent requirements for GPAI models with 'high-impact capabilities' that could pose a systemic risk and have a significant impact on the internal market. For high-risk AI systems, the AI Act addresses the issues of fundamental rights impact assessment and data protection impact assessment.

The EU AI Act aims to enhance trust in AI technologies by establishing clear regulatory standards governing AI. We encourage regulatory frameworks that strive to balance the desire to foster innovation with the critical need to prevent unethical practices that may cause user harm. The legislation can be seen as strengthening the EU's position as a global leader in AI innovation and developing regulatory frameworks for emerging technologies. It sets a global benchmark for regulating AI. The companies to which the act applies will need to make sure their practices align with the same. The act may inspire other nations to develop their own legislation contributing to global AI governance. The world of AI is complex and challenging, the implementation of regulatory checks, and compliance by the concerned companies, all pose a conundrum. However, in the end, balancing innovation with ethical considerations is paramount. 

At the same hand, the tech sector welcomes regulatory progress but warns that overly-rigid regulations could stifle innovation. Hence flexibility and adaptability are key to effective AI governance. The journey towards robust AI regulation has begun in major countries, and it is important that we find the right balance between safety and innovation and also take into consideration the industry reactions.

References: 

1. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689
2. https://www.theverge.com/2024/7/12/24197058/eu-ai-act-regulations-bans-deadline
3. https://techcrunch.com/2024/07/12/eus-ai-act-gets-published-in-blocs-official-journal-starting-clock-on-legal-deadlines/
4. https://www.wsgr.com/en/insights/eu-ai-act-to-enter-into-force-in-august.html
5. https://www.techtarget.com/searchenterpriseai/tip/Is-your-business-ready-for-the-EU-AI-Act
6. https://www.simmons-simmons.com/en/publications/clyimpowh000ouxgkw1oidakk/the-eu-ai-act-a-quick-guide

‍

Introduction

‍
As the calendar pages turn inexorably towards 2024, a question looms large on the horizon of our collective consciousness: Are we cyber-resilient? This is not a rhetorical flourish but a pragmatic inquiry, as the digital landscape we navigate is fraught with cyberattacks and disruptions that threaten to capsize our virtual vessels.

What, then, is Cyber Resilience? It is the capacity to prepare for, respond to, and recover from these cyber squalls. Picture, if you will, a venerable oak amid a howling gale. The roots, those unseen sinews, delve deep into the earth, anchoring the tree – this is preparation. The robust trunk and flexible branches, swaying yet unbroken, embody response. And the new growth that follows the storm's rage is recovery. Cyber resilience is the digital echo of this natural strength and flexibility.

The Need for Resilience

Why, you might ask, is Cyber Resilience of such paramount importance as we approach 2024? The answer lies in the stark reality of our times:

• A staggering half of businesses have been breached by cyberattacks in the past three years.
• The financial haemorrhage from these incursions is projected to exceed a mind-numbing $10 trillion by the end of 2024.
• The relentless march of technology has not only brought innovation but also escalated the arms race against cyber threats.
• Cyber resilience transcends mere cybersecurity; it is a holistic approach that weaves recovery and continuity into the fabric of digital defenses.
• The adaptability of organisations, often through measures such as remote working protocols, is a testament to the evolving strategies of cyber resilience.

• The advent of AI and Machine Learning heralds a new era of automated cyber defense, necessitating an integrated framework that marries security with continuity protocols.
• Societal awareness, particularly of social engineering tactics, and maintaining public relations during crises are now recognised as critical elements of resilience strategies.
• Cyber threats have evolved in sophistication, paralleling the intense competition to develop new AI-driven solutions.
• As we gaze towards the future, cyber resilience is expected to be a prominent trend in both business and consumer technology sectors throughout 2024.

The Virtues 

The benefits of cyber resilience for organisations are manifold, offering a bulwark against the digital onslaught:

• A reduction in the risk of data breaches, safeguarding sensitive information and customer data.
• Business continuity, ensuring operations persist with minimal disruption.
• Protection of reputation, as companies that demonstrate effective cyber resilience engender trust.
• Compliance with data protection and privacy regulations, thus avoiding fines and legal entanglements.
• Financial stability, as the costs associated with breaches can be mitigated or even prevented.
• Enhanced customer trust, as clients feel more secure with companies that take cybersecurity seriously.
• A competitive advantage in a market rife with cyber threats.
• Innovation and agility, as cyber-resilient companies can pivot and adapt without fear of digital disruptions.
• Employee confidence, leading to improved morale and productivity.
• Long-term savings by sidestepping the expenses of frequent or major cyber incidents.

As the year wanes, it is a propitious moment to evaluate your organisation's cyber resilience. In this edition, we will guide you through the labyrinth of cyber investment buy-in, tailored discussions with stakeholders, and the quintessential security tools for your 2024 cybersecurity strategy.

How to be more Resilient 

Cyber resilience is more than a shield; it is the preparedness to withstand and recover from a cyber onslaught. Let us explore the key steps to fortify your digital defenses:

• Know your risks: Map the terrain where you are most vulnerable, identify the treasures that could be plundered, and fortify accordingly.
• Get the technology right: Invest in solutions that not only detect threats with alacrity but also facilitate rapid recovery, all the while staying one step ahead of the cyber brigands.
• Involve your people: Embed cybersecurity awareness into the fabric of every role. Train your crew in the art of recognising and repelling digital dangers.
• Test your strategies: Regularly simulate incidents to stress-test your policies and procedures, honing your ability to contain and neutralise threats.
• Plan for the worst: Develop a playbook so that everyone knows their part in the grand scheme of damage control and communication in the event of a breach.
• Continually review: The digital seas are ever-changing; adjust your sails accordingly. Cyber resilience is not a one-time endeavour but a perpetual commitment.

Conclusion 

As we stand on the precipice of 2024, let us not be daunted by the digital storms that rage on the horizon. Instead, let us embrace the imperative of cyber resilience, for it is our steadfast companion in navigating the treacherous waters of the cyber world. Civil Society Organizations such as ‘CyberPeace Foundation’ playing a crucial role in promoting cyber resilience by bridging the gap between the public and cybersecurity complexities, conducting awareness campaigns, and advocating for robust policies to safeguard collective digital interests. Their active role is imperative in fostering a culture of cyber hygiene and vigilance.

References 

• https://www.loginradius.com/blog/identity/cybersecurity-trends-2024/
• https://ciso.economictimes.indiatimes.com/news/ciso-strategies/cisos-guide-to-2024-top-10-cybersecurity-trends/106293196