Sam Stelfox

Smart home cybersecurity news roundup [October 2020]

This month’s cybersecurity news roundup features Zoom’s new E2EE feature, the Ryuk ransomware hitting hospitals across the U.S., and HP’s revocation of their certificate for printing by Apple.

Zoom rolls out end-to-end encryption feature for all users

Zoom has rolled out a new end-to-end encryption security feature for all of its users, both free and paid, which began last week. Initially available as a technical preview, Zoom will be looking for feedback from users enabling E2EE for 30 days.

In order to use E2EE for calls, users will need to enable it in their settings at the account level and opt-in for E2EE for every meeting. All users in a call will need to have E2EE enabled, or else they will not be able to join the virtual meeting. E2EE-enabled meetings will also not allow for dial-in options for phone users—participants must join from the Zoom desktop client, mobile app, or Zoom Rooms.

Screenshot of enabling E2EE in Zoom

Image credit: Zoom

Up to 200 participants can join an E2EE Zoom call, but some features will not be available initially as Zoom continues testing in the first 30 days. According to Zoom, joining before the meeting host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions will not be compatible features while E2EE is enabled.

Zoom says it has more security features in the works they’ll be rolling out throughout 2021.

Ryuk ransomware threatens hospitals with million-dollar ransoms

Hospitals in the United States are now facing a coordinated ransomware attack that has officials seriously worried about possible fatalities. On Oct. 28th, the U.S. government hosted an emergency call and issued an alert to warn healthcare providers of an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

Charles Carmakal, the senior VP and CTO of Mandiant, told BleepingComputer in an interview that they believe an Eastern-European group known as UNC1878 is responsible for the attacks—and that hundreds more hospitals could come under attack as well.

Earlier in the month, the U.S. Cyber Command paired with Microsoft in an attempt to stop the attacks from happening at the source. They sought to dismantle the network of the infected machines used to deploy the Ryuk ransomware and prevent the botnet from spreading to election-related systems in the days to come. However, the hacking group has utilized a new set of infected computers instead, with what Microsoft believes to be the rebuilding of their network.

Check Point released a recent report that states they’ve seen an increase of 71% in ransomware attacks in October alone targeting the U.S. healthcare sector.

Check Point research graph that shows number of hospitals targeted by Ryuk in the US

Although ransomware targeting hospitals is nothing new since the beginning of the pandemic, having one group behind six coordinated attacks in a 24-hour time period is certainly a “step-up” in tactics remarks Allan Liska, the Senior Solutions Architect at Recorded Future.

“If they can do this to six hospitals, there’s no reason they can’t do this to a dozen,” he said. “That means that patient care could be seriously impacted and people could die from something like that.”

Apple revoked HP certificate

macOS X users have been left without printing service to their HP printers after Apple was found to have blocked communications with a revoked print driver certificate. The print drivers were mistaken for malware on the operating system after the signature was no longer found to be valid.

While sending documents to be printed by HP printers, users found that their job would remain in their print queue and would not complete. Users complained about the problem on forums and social media, leading to the discovery of the issue: it stems from XProtect, a feature that allows Apple products to prevent applications from running that are no longer deemed as “trustworthy.”

“XProtect is the mechanism Apple uses to inform Macs to no longer trust and run certain programs, and it does this by revoking their code-signing certificates. There is no central database of certs cancelled by XProtect, there's one for each OS version it seems, and Catalina and Mojave were selected in particular,” explained Chris Williams from The Register. “Apple chose to revoke the HP driver cert, or perhaps was asked to do so by HP.”

To learn how to resolve the issue for your computer, visit Ax Sharma’s walkthrough on BleepingComputer.

Like this blog?

Subscribe to our newsletter.