When Trusted Programs get Hacked: An Attacker May Be Putting Germs on Your Toothbrush
It is like someone borrowing your toothbrush without you knowing, and you get sick from their germs. Think of programs on computers as being something that can be used to make you sick. As 2018 continues, more attackers will use trusted software as a vector to infect networks.
What if your password manager is infiltrated by attackers? The concern that attackers may steal your passwords is eclipsed by the concern that attackers might use the password manager to gain access and take control of your network.
What if attackers spread viruses into your computer, using your favorite music program? Or a game? Or an add-on for your browser?
Attackers already infected the program called C-Cleaner, used by millions. Unfortunately, this tool became a powerful attack tool when attackers poisoned the update server.
As another example, some people believe that there is evidence that Kaspersky anti-virus software has been used to infiltrate computers.
By their nature, anti-virus programs need to have access to the deepest parts of computers in order to function properly. That makes them an appealing target for attackers. When an attacker can take over an antivirus program, of any brand, the attacker will have the same deep access to the victim’s computer.
Some people use an add-on program to help check their grammar in documents. This week, a patch was released to fix a bug that made it possible for attackers to access users’ private documents. Although the problem was fixed quickly once discovered, how much sensitive data was stolen before the discovery?
Talk to your IT Professionals and remove all software that is not essential to your business. Each program is a potential vector for attackers. If you need a program, keep it. The concern is that a program can be used as a pathway into your organization’s sensitive information, and to even give attackers the ability to take full control of your network.
Please forward this to your friends so they can re-think having non-essential programs installed on their network. The problem, of attackers using trusted programs to access networks, is trending in 2018 and is a growing threat to the security of all organizations.