Is That a Security Update or a Cyberattack?

Cybersecurity has been a hot topic in the news lately. The media is quick to report every detail of hot stories about nation-state threat actors, threats to infrastructure and record-setting ransoms. But they’re not so quick to pick up on a less glamorous risk that can be more dangerous and damaging than the cyberattacks covered breathlessly in headline stories – and this pitfall that could lead to disastrous outcomes like a data breach or even something worse. The villain? Malicious security updates 

How often do you keep up with routine maintenance? It’s not fun but applying patches, processing updates and general maintenance is a fact of life for IT teams. These tasks are often low on the priority list, and they’re frequently assigned to the least experienced staff members or even interns. But sometimes routine tasks like updating and patching software aren’t as simple as they seem – in fact, they’re fraught with risk and a golden opportunity for cybercriminals to strike at the heart of your business.  

Cybercriminals have used all manner of tricks to convince businesses that they were really sending out legitimate communications with important patches, new threat intelligence, functional updates and more. Elaborate cons including high-quality brand impersonation, spoofing and careful social engineering lure in the unwary. But in reality what they’re doing is luring technicians into downloading or installing ransomware, payment skimmers, keyloggers and other malicious software. In some cases, those bogus updates also create a backdoor into your systems that cybercriminals can use later. 

When it comes to cybercriminals creating and exploiting back doors, one of the most prominent examples of this scenario was played out for the world to see in one of the most significant cybersecurity disasters that the US government has ever experienced: the SolarWinds hack. Russian-aligned nation-state cyber criminals used phishing to get a foot in the door and enable themselves to access an upcoming patch that was in line to be sent to SolarWinds clients with devastating effects. 

The cybercriminals inserted malicious code into that update without anyone being the wiser. The routine patch was sent out as planned and as clients applied it, that little chunk of malicious code opened a back door that the hackers could use anytime they wished. In this case, those back doors into high-value defense, national security and business targets were available and used by Russian nation-state threat actors for months, enabling them to access sensitive data at will. Until they were finally unmasked by FireEye. 

3 Don’ts to Remember to Avoid Malicious Software Update Pitfalls

This is a pernicious problem that can produce devastating effects on a business, but there are a few sensible defensive measures that can be taken to keep systems and data safe from disaster. 

• Don’t Ignore Your Instincts. IT professionals see a huge quantity of assorted communications from vendors, service providers, software makers, hardware companies and all manner of tech firm communications. Why they may not scrutinize every piece, they do become familiar with the general look and feel of messages that they regularly receive. Does something about the latest message from Microsoft seem a little off? Does it smell just a little bit like phishing? Trust your instincts, because you’re always better safe than sorry. Scrutinize every message and the sites they send you to. If anything is even the smallest bit wonky, don’t engage with it. In fact, if the message is from Microsoft, one of the most imitated brands in the world, the company has resources available for IT pros to use when determining the authenticity of communications.  

• Don’t Fall for Their Tricks. One common thread with cyberattacks disguised as patches and updates is that they almost inevitably start with a humble phishing email. That’s what makes security awareness training that features phishing resistance so important. By making sure that everyone is watching out for suspicious messages, you’re assigning everyone to the security team and improving your chances of spotting and stopping threats. 

• Don’t Take Chances with Credentials. One of the most powerful tools a cybercriminal can obtain to use against your organization is a credential, especially a privileged administrator credential. Criminals have come up with many ways to capture them like fake security update requests, which lead to a spoofed phishing page. Protect your company from the dangers of credential compromise with secure identity and access management.

Fuente: ID Agent