This week in security snacks:
- New CyberSpying Campaign Infiltrating Defense, Energy, and Financial Organizations
- Maximum Windows 10 Privacy Requires “Basic” Diagnostics Setting
- Chrome Private Browsing Results May Be Filtered but Do You Even Care?
Note that due to people like me going on vacation, Security Snacks will be on hiatus until January. Happy holidays and stay secure!!!
New Cyber-Spying Campaign Infiltrating Defense, Energy, and Financial Organizations
A new surveillance campaign targeting financial companies and infrastructure facilities uses a new implant method IT pros should be aware of.
Researchers at McAfee have detected Operation Sharpshooter, a spying campaign that uses an implant framework never before seen. The campaign is targeting nuclear, defense, energy, and financial companies. The implant has already appeared in 87 organizations worldwide.
Here’s how it works:
- Attackers: Share link to a Dropbox document
- Victims: Open a document
- Document runs shellcode via macros that downloads the malware (dubbed Rising Sun) as well as a decoy document from a control server
- Rising Sun then collects system data (network adapter, computer/ user name, IP address, OS, etc.), encrypts it, and sends it to a control server
- Rising Sun awaits further instruction
Maximum Windows 10 Privacy Requires “Basic” Diagnostics Setting
Windows 10 will record your activity history, and sync it to the cloud, even if this tracking is disabled in Privacy Settings—unless you set Windows to basic diagnostic level.
Reddit users discovered that when you tell Windows 10 to stop tracking your activity (i.e., apps used), it doesn’t. It will still record them and send them to the cloud.
This can be verified going to Settings > Privacy > Activity History and unchecking Let Windows synchronize my activities from this PC to the cloud. Application used activity will still show up in your privacy dashboard (https://account.microsoft.com/privacy).
Following a little bit of a kerfuffle, Microsoft responded by saying:
- The word activity was poorly chosen on their end because it can mean so many things, and they may rename
- The activity seen after disabling sync is merely diagnostics data allowed by setting Diagnostics & feedback to Full
To ensure that your data is not synced to Microsoft, you need to set the Windows 10 diagnostics level to Basic (or optionally Security if running Windows 10 Enterprise or Eduction editions).
A nice article from Chris Hoffman of How-To-Geek explains the whole drama and the solution in delightful technical detail with copious screenshots. Read Windows 10 Sends Your Activity History to Microsoft, Even if You Tell It Not To.
Chrome Private Browsing Results May Be Filtered but Do You Even Care?
If you think you have privacy by logging out of Google and using a private browsing Window, you might be right—but DuckDuckGo is challenging that assumption.
The phrase filter bubble refers to the custom results you get from Google queries based on browsing history, activity associated with your Google account, and countless other factors. The filter bubble should have less effect on search when not logged into Google, and none at all in private browsing mode.
New research suggests that’s not true. BIG BUT–this research comes from Google competitor DuckDuckGo. You can decide for yourself if you consider it credible or not.
What they did:
- Volunteers performed searches in private (normal) mode, logged out of Google, and in private browsing mode
- Organizers arranged testing from different locations within the US, but all ran searches at the exact same date/time
- Researchers compiled 87 complete result sets.
What they found:
- Google gave different results to different people who should have been equally anonymous/private.
Even if it’s true, it likely won’t matter to most people and organizations. If it worries you, conduct your own tests!
Learn more from the DuckDuckGo Blog, Measuring the “Filter Bubble”: How Google is influencing what you click.