Avoiding unwanted tracking online https://t.co/eXfz5QhZ1Y
News & Vacancies
Welcome to the Microtechs information portal. Here you can see the latest news and read through our current vacancies.
F-Secure warns sensitive data can be scalped from the RAM of lost, stolen or recycled laptops
Most modern computers have a weakness that allows hackers to steal encryption keys and other sensitive data, according to new research.
Cyber security firm F-Secure said it had managed to revive a decades-old attack that involves stealing user data during a computer's reboot process, warning that the majority of modern-day computers are vulnerable to the exploit.
The exploit, known as a cold-boot attack, which has been known to hackers since 2008, involves rebooting a computer without initiating a proper shutdown process, then scalping the residual data that briefly sits on the machine's RAM. While most modern laptops have been designed to overwrite this data by default, the research team was successfully able to disable this overwrite function.
Researchers warn that the attack could mean that businesses risk losing data through machines they have either lost or ditched in recent replacement cycles, and that current security measures are not good enough to protect against the exploit.
"Typically, organisations aren't prepared to protect themselves from an attacker that has physical possession of a company computer," said F-Secure principal security consultant Olle Segerdahl.
"When you have a security issue found in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they're not fully aware of or prepared to deal with."
F-Secure said that although the exploit requires some extra steps to the classic cold boot attack, it's proven to be effective against every modern laptop tested. It added that because the threat is typically used against devices that are stolen or lost, hackers have plenty of time to execute the attack.
Segerdahl also added that there's no reliable way for organisations to know their data is safe if a computer goes missing, and because nearly all company laptops will have things like access credentials for corporate networks, it gives attackers a consistent and reliable way to compromise corporate targets.
Rather worryingly, there is no easy fix for this issue either, but Segerdahl stressed the importance of invalidating access credentials once a machine is reported lost, stolen, or no longer in use.
When contacted by IT Pro, Microsoft senior director Jeff Jones said: "This technique requires physical access to a target device. We encourage customers to practice good security habits, including preventing unauthorized physical access to their device." Crucially, however, there was no mention of a potential fix for the problem.
F-Secure's advice is for businesses to configure laptops so they automatically shut down or hibernate instead of entering sleep mode, or require employees to enter an encrypted system's BitLocker PIN each time they boot up their machines.
Written by Bobby Hellard
Microtechs 24/7 UK White label support services
With more demands for 24/7 support and quality customer service in the forefront for many businesses, now may be an appropriate time to review how you deliver support and what it costs your business in resourcing, customer retention and new business wins.
Advantages of Outsourcing your support desk.
Microtechs can help.
We can provide a completely UK based support function for your customers or products whilst simultaneously saving you money and improving your service levels.
Office hours or 24/7
UK based from Guildford, Surrey
1st & 2nd line / NOC and incident management capabilities
Ability to learn and support bespoke applications
All white labelled to your brand
25-50% reduction in overheads
Pricing from £500 per month
Sole traders through to enterprise companies supported
"We transitioned our first line tech support for our entire subscriber base across to Microtechs in 2015 in order to offer a true 24/7 helpdesk service. Since that point, we have been delighted to see a huge reduction in calls unanswered together with a substantial increase in first time fixes and a subsequent dramatic increase in customer satisfaction levels and retention rates. Most noteworthy of all, we have also seen an overall reduction in cost to our business. It’s vanishingly rare to come across a service that is simultaneously more competent, more comprehensive and less costly – but that is exactly what Microtechs is currently providing to us"
Please contact us for further information on 01483 407417