The attack goes back to at least 2020 where you need a whole bloody list of updates to try and mitigate it.
Microsoft CVE-2020-0687: Microsoft Graphics Remote Code Execution Vulnerability
It's one of those things that A) require your user interaction to exploit and B) your anti-virus software and/or how you use the Internet and your computer.
The web and its code of JS, HTML, etc ALL have the potential of taking over your computer. Because I know this I run my browser's in something called a sandbox with a now free and open source program called Sandboxie which can be read about and downloaded at Github. It's something that has to be read about and it can be cumbersome to newcomers. But in the end you just potentially mitigated a lot of shenanigans because any malicious web code that renders in your browser will be deleted once you close the browser and Sandboxie deletes everything. When I use the operative word "potentially," it's because cybersecurity is pretty much a best effort practice. You'll never be 100% secure and know about all future attacks and what they entangle. But you can try and by that I like layers of cybersecurity. There are other programs similar to Sandboxie but for the whole OS entire like Shadow Defender and Time Freeze. However, they'll probably not work well with Sandboxie at the same time due to how they both function. I know because I tried years ago... Again, these too will be cumbersome. This is true for a lot of cybersecurity and the concept of security as a whole no matter what the subject is. Like presidential or VIP security or your own personal security.
The other avenue this attack executes is via a font. Whether downloaded and installed in your OS or rendered via the browser on some website. That's where Sandboxie can help with potential malicious website font code. I have always known fonts to be a candidate for malware so I always scanned them prior to install in Windows and at that only trusted certain website's and their font offerings. I also scan every single cotton picking file I download on the Internet at VirusTotal. The general consensus is four hits and you toss, but it depends on what it is. If you know how to understand the provided Relations and Behaviors at VirusTotal that will help. There are some free and open source fonts available on the Internet. Nevertheless, I'd still scan them at VirusTotal.
ALL servers can get hacked and their downloads infected...
There are many people that seem to think paying homage to the patch Tuesday God will somehow save them from unmitigated computing disaster. Nothing could be further from the truth when there are an untold amount of CVEs (Common Vulnerabilities and Exposures) cataloged everyday. Especially with bug bounty hunting where white hat ethical hackers get paid to find these vulnerabilities. So there's one CVE after another everyday and that's just the nature of computing. One day I'm sure deep learning AI will patch these things quicker then you can ever think possible. But that too could have its own set of vulnerabilities. Just hack the deep learning AI server/s and now spread the malware world-wide. This is done with some online advertisements now. You infected known Ads and that's it. It's called
malvertising. Just like how
IoT devices were (are) being used for DDoS attacks. These devices that everyone uses like NVRs (Network Video Recorder), smart speakers, cameras, doorbells, a freaking refrigerator or toaster are all connected to the Internet waiting to be taken over and used for malicious intent. What makes matters worse is that the manufactures of these IoT devices don't employ basic code signing with their firmware and have a lax stance on securing their products. (Products made by someone in a not so friendly to human rights country to the tune of a dollar and change an hour all to be showcased on Amazon for weeel over what it costs to make for the coveted BS 5 star rating. It'll take an act of Congress)... Which brings me to this: Everyone gets caught up in the patch Tuesday frenzy or this mantra that everyone absolutely needs to use the latest Windows edition or they're somehow "more vulnerable," don't understand the fact their very modem, router or IoT connected crap are probably
more vulnerable than their computer or smartphone. In fact, I just read that there's a Chinese initiated router/modem malware going around taking over modems/routers and last I heard we have yet to mitigate it other than using different router/modem hardware or perhaps open source firmware which is what I use. There's DD-WRT, Asus Merlin, Open WRT, etc.
All in all it really comes down to two things in my opinion:
1) Being computer centric and educated in cybersecurity so you know how to stay abreast of such things and 2) Not using the Internet like a chimp fresh out of the Pleistocene epoch. With point number 2 you find these chimps all over such places like the Pirate Bay et al... Especially more stupid than ever when there's SourceForge or Github and my favorite website Snapfiles. Alternative free and open source software is the way to go and there's the "Alternative To" website that will help find such software. Especially, ESPECIALLY if you can compile the source yourself so you know what you're getting and running on your own computer. You can even do that at the OS level with Gentoo Linux. Perfect example of me sticking it to "the man" is by ditching Authy (owned by
Twilio) for my 2FA needs and using Aegis on my phone and KeepassXC on the computer for 2FA TOTP instead. I now control my own base32 2FA codes, yo.
Addendum:
I should also mention that today's UEFI has its own built-in network stack and other shenanigans. So there's that... That's where learning how to use pfSense and steeping it up with Snort (supported in pfSense) goes a long way. But of course the aforementioned periodic disk clones are the rule and not the exception. And I'd keep at least three versions (clone versioning
) and those backups need to be tested. If not and you need it you're SOL if that backup can't be deployed when needed.
