If Your Business Network Uses Windows 10, It's Not As Secure As You Think
New attack technique called GhostHook renders the Windows security defense system useless once activated
Post the deadly WannaCry attacks most business received recommendations from Computer Emergency Response Team (CERT) to update their Windows systems to Windows 10 to ensure their data is safe and hack-proof as it has been regarded as Microsoft’s most secure OS till date. A recent source code leak coupled with a newly found vulnerability should, however, have businesses worried as their systems may not be completely safe.
What is The Latest Threat?
The latest threat is two-fold. First, a massive dump of Microsoft’s confidential files that leaks source codes pertaining to Windows 10 builds, and secondly a new attack technique called GhostHook that renders the Windows security defense system useless once activated.
Both vulnerabilities are independent of each other but were discovered around the same time with GhostHook being a post ‘post-exploitation’ attack, which means it requires hackers to already have control over a compromised system.
Exploits can be designed by hackers to work on almost all Windows 10 builds, including unreleased builds of Windows 10 and Windows Server 2016, which is widely used in offices. A source code is integral to any OS and at its heart does not change from version to version thereby exposing the entire Windows 10 clan.
GhostHook, on the other hand, can work on any system, post-Windows 2005.
Why Can the Threat Be Lethal?
While contents of the dump have been removed, it’s unclear how many people had already downloaded it. The data can be distributed via other methods to create exploits. Microsoft's source code package dubbed the ‘Shared Source Kit’ as the major leak in the dump, which includes data on USB, storage, Wi-Fi stacks, and most significantly for business networks Plug-and-Play system.
Most enterprising ventures, especially start-ups, rely on Plug-and-Play office spaces that already have established network connections. This means all communication support like WiFi network and the plug-ins on each workstation are pre-designated.
The data can be used by hackers to exploit any one or more than one of these exploits to launch a large-scale cyber attack on Windows systems across networks. Injection of malicious code on one PC can easily take down the whole network in this case.
Meanwhile, GhostHook requires hackers to have control of the system and then allows them to bypass Windows 10 PatchGuard and plant rootkits onto systems previously thought to be impenetrable. The technique worryingly grants admin rights to the hacker which means for businesses, having control of these rights will allow hackers to infiltrate any and every computer on the network.
What Should One Do If One's Business Runs on Windows 10 Machines?
At the moment it is unclear how big the threat may be in future as a result of these leaks but if you own a business that heavily relies on using Windows 10 machines, a full-scale scan is recommended for not just one machine, but the entire network. Anti-Viruses are not enough so if you haven’t invested in a good cyber security firm to check your network for threats then do so immediately. Most importantly make sure to secure a cloud backup of your integral files.
As for GhostHook, Microsoft does not consider issuing any patch to tackle this technique as it claims this can only be used when hackers already have control of the system. All it advises is to stay away from malicious sites and dodgy links. If your business operations contain handling sensitive data make sure to deny download rights to any machines preventing any malicious code injection.