Malicious Chrome Web Extensions | Cyber Insurers Collaborating with Security Vendors | Windows 11 SMB Signing

4 minute read

June 2023

by cybergrx

cybersecurity news headlines

In this episode of GRXcerpts: 

  • Malicious extensions found on the Chrome Web Store
  • Cyber insurers rely on security vendors for risk insights
  • Microsoft to make SMB signing the default setting on Windows 11
  • Iowa’s third third-party breach of the year 

Watch now:

Malicious Chrome Web Store Extensions

If you or your staff is taking advantage of the extensions available on the Chrome Web Store, beware. Security researchers recently detected over 30 malicious extensions on the Web Store, posing a potential threat to millions of users.

The initial discovery was made by security researcher Wladimir Palant, who noticed three weeks ago that a PDF Toolbox extension for Chrome contained hidden code enabling a third-party website to inject JavaScript code into any website visited by the user.

After receiving a tip about another extension making similar requests to the same third-party website, Palant further investigated the matter and discovered two additional code versions. In total, 34 extensions with this malicious code were identified within the Chrome web store. The combined user base of the extensions is estimated at 87 million installations. The most popular ones included Autoskip for Youtube, Soundboost, Crystal Ad Block, and Brisk VPN.

The purpose of the malicious code appears to be related to displaying unwanted ads and hijacking search results to display sponsored links, but security researchers have yet to analyze the full scope of the attack. Google has since removed the malicious extensions from the Chrome Web Store and reminds users that manually deleting the installed extensions is still required to remove the risk from browsers and devices.

Cyber Insurance Providers Turning to Security Vendors for Insight

Cyber insurance providers are acknowledging their lack of insight into the risks of applicants. As such, insurers are turning to security vendors to better understand the cybersecurity measures in place before approving new policy applications.

In recent years, insurers have been struggling to keep pace with the rapidly evolving threat landscape, including the rise in ransomware attacks. Additionally, insurers have been left with massive payouts as companies increasingly file claims following an incident. Despite rising premium costs, the demand for cyber insurance continues to surge.

By collaborating with a security vendor, insurers can better determine the relevant data and security information they should collect from applicants to assess their cybersecurity posture before their applications are approved.

Microsoft Windows 11 Adds SMB Signing as Default Requirement

Microsoft is taking proactive measures to defend against NTLM relay attacks. The tech giant announced that SMB signing, also known as security signatures, will now be the default requirement in Windows 11 Enterprise editions. In NTLM relay attacks, threat actors force network devices, including domain controllers, to authenticate to attacker-controlled servers, allowing attackers to impersonate and take over the entire domain.

SMB signing helps block malicious authentication requests by confirming the sender’s and receiver’s identities via signatures and hashes embedded at the end of each message.

Previously, Windows 10 and 11 only required SMB signing by default when connecting to shares named SYSVOL and NETLOGON. Active Directory domain controllers also mandated SMB signing when any client connected to them. However, Microsoft’s new update modifies this legacy behavior to enhance security measures in the Enterprise edition, which is being rolled out to insiders in the Canary Channel.

Microsoft expects the SMB signing default change to be applied to Pro, Education, and other Windows editions over the next few months and to Windows Server.

The updates also come with a performance warning, as SMB signing can result in slower SMB copy speeds. Microsoft recommends using more physical CPU cores, virtual CPUs, or newer, faster CPUs to mitigate performance issues. Additionally, admins will have the option to disable SMB signing on both client and server connections.

Iowa’s Third Third-Party Breach 

And finally, we close with news of Iowa’s third major health data breach since April. In this latest breach, the Iowa Department of Health and Human Services reported that hackers comprised the protected health information of nearly 234,000 Iowa residents as part of a larger incident that affected millions of Americans nationwide. The incident was traced back to a dental health provider who services multiple state Medicaid and children’s health insurance programs.  The three recent breaches, which all originated from a third party, illustrate the challenges many state agencies face, including the large number of third parties state agencies work with and the lengthy time to conduct risk assessments on each one. 

To all the state agencies and other organizations struggling with this dilemma- CyberGRX has a library of 13,000 attested assessments, 250,000 company profiles, and predictive risk data that can save you time and provide you with a more comprehensive risk view. We’d love to show you a more efficient way to manage your third-party risk and improve your cyber resiliency. Book a demo to learn more.

All information is current as of June 5, 2023. Subscribe to receive future episodes as they are released.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.