Using Microsoft? Lucky You in 2023
December 14, 2022
Several days ago, I had a meeting with an executive representing a financial services firm. In the course of confirming the meeting, the person told me, “We use only Microsoft Teams. Our security group has banned our use of Zoom and other video chat services.”
That’s why I found myself sitting at a sticky table in a coffee shop talking with this executive about a notification procedure which caught my attention. In that meeting, I mentioned that for each email sent to my official email by this person I received a notice that the individual was out of the office until mid-September 2022. Since we were meeting in the first week of December 2022, I found the emails from this person confusing.
I asked, “Why are you sending me an email and when I reply, I receive a notification from your corporate email system which tells me you are out of the office until September 2022.”
The response was, “Really? I will get IT to help me.”
Wow. Really.
Many organizations have embraced Microsoft systems and services. My hunch is that people want to use Excel. With full time employees in corporate information technology departments getting crushed by fixes, user issues, and software which does not do what the IT professional expects, companies want an fix.
Enter the cloud, certified consultants who can arrive like Wonder Woman, and big time engineers from a regional office to make everything work. Perfect. What could go wrong?
I read an article which may be accurate or may be presenting an incomplete report. Let’s proceed assuming that there is a kernel of truth in “Ransomware Discovered Carrying Legitimate Windows Certificates.” The write up states:
Cyber security company Sophos has issued a warning over antivirus-nullifying malware it discovered bearing legitimate digital certificates, including signatures from Microsoft’s own digital verification service.
The drivers, found paired with a ‘loader’ executable that was used to install the driver, carried the digital signature of Windows Hardware Compatibility Program (WHCP), and appeared to be specially designed to limit the functions of endpoint detection and response (EDR) security programs. Code signatures are cryptographic certificates that indicate a program has not been altered since its release by its manufacturer. WHCP signatures are only intended to be given to software that Microsoft has checked over and given its personal seal of approval, and therefore seen as trustworthy files to run by Windows systems. Researchers say that the find shows that threat actors are working harder to move up the ‘trust chain’, employing increasingly sophisticated methods to sign malware with legitimate cryptographic signatures so that it can be installed on systems without detection.
The article is in my opinion content marketing; that is, the information is designed to cause someone to license Sophos technology.
The idea is that bad actors can exploit systems and methods set up my Microsoft to make certain their systems are secure. People have struggled with getting Windows to print; others have found that Exchange Server (probably the email system which baffled the financial executive) vulnerabilities have caused some sleepless nights.
Several observations are warranted in my view:
- Microsoft like Google is a Leviathan. It is a target, and is may be that the Softies are in over their heads. Perhaps too big to make secure?
- Users are baffled with fairly simple operations of widely used software. What interesting security issues does this pose? Phishing works for a reason: Users click without th8inking.
- Corporations perceive their decisions to be good ones. The continuing increase in cyber aggression is not something people want to discuss in a meeting of suits, sales professionals, and worker bees.
Net net: Good enough software and systems, PowerPoint presentations from certified partners, and customer cluelessness suggest an exciting 2023. Legitimate Windows Certificates? Oxymoron maybe?
Stephen E Arnold, December 14, 2022