4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

What happens when trusted software is the virus?

hacking-2300793_1280

 

Hackers have ingeniously struck again by adding a hidden backdoor into a popular maintenance and file clean-up tool, CCleaner for Windows. The hacked version of the tool allows for the malicious download of additional malware, meaning the hackers could do anything with those affected systems. According to Avast, the company that owns CCleaner, approximately 2.27 million systems ran the affected software.

On Sept. 18th, Forbes reported the hack.

It would be fair to assume that this type of hack is going to become more popular as time goes on. Adding backdoors to existing trusted software is a highly efficient way to rapidly distribute malware to millions of systems without detection, and only requires a hack in one place (the software manufacturer) to succeed. This type of hack is a good example of a potential data breach that is almost impossible to prevent or detect until some kind of public announcement has been made. At that point, from a cybersecurity perspective, it becomes a race against time, and the assumption has to be that any system with the hacked software might already be compromised with additional malware, and should be treated as a potentially hacked system.  This, by definition, is a mediation event.

The first step is to establish the scope of the potential breach by identifying every system that has the hacked software installed. The next step is to remove the offending software as quickly as possible from the entire environment. The final step requires that each of the identified systems be carefully scanned to confirm whether any additional malware was already downloaded and installed.  Another option for those environments that have imaging capabilities is simply to re-image all of the machines that had the hacked software installed. These three steps can be a daunting task for a busy IT department in a mid-market or larger organization, especially if the right IT management tools are not already in place.  This is where an integrated network management platform really helps in both reducing the amount of labor required to get these steps completed, but even more importantly, reducing the amount of time it takes to get it done.

Within 24 hours of the announcement, our Network Operations team was able to get all three of these steps completed on approximately 2600 managed nodes. The integration between the desktop/server management platform, the automated scripting engine, and the combination of anti-malware products that are completely integrated into the platform made all the difference.

The challenge with purchasing, installing, maintaining, and utilizing these types of tools is substantial, as they require a continuous investment in engineering labor to maintain them, and specialized expertise in software engineering to take maximum advantage of the automation built into the platform. As new IT management products are added the environment, ( i.e., malware detectors, threat intelligence engines, firewall, etc.) they need to be integrated into the management platform so that alerting and reporting are automated and workflow rules can be added to that the right people see the right alerts.

Effectively mediating a cyberattack (securing the environment after a breach) is going to increasingly become a more important component of the cybersecurity arsenal.

 

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft software Internet Business Computing Hackers Backup Productivity Hosted Solutions Business Management Managed Service Provider Google Malware IT Services Business Efficiency Windows IT Support Disaster Recovery Innovation Business Continuity Hardware Workplace Tips VoIP Mobile Devices User Tips Saving Money Computer Miscellaneous Virtualization Upgrade Windows 10 Mobile Device Management Network Security Data Server Mobile Computing Email Alert communications Save Money Microsoft Office Communication Network Social Media Quick Tips Small Business Smartphone Smartphones Information Technology BYOD Going Green Mobile Office Managed IT Services Outsourced IT Health Android Office Apps Operating System Chrome Application Ransomware Browser Gadgets Productivity Managed IT Cybersecurity Holiday Firewall The Internet of Things Avoiding Downtime Disaster Mobility Tablet WiFi Search Data Recovery Best Practice Data Management Passwords Cybercrime Data Backup Remote Computing Unified Threat Management IT Solutions Telephone Systems Risk Management Spam History BDR Hacking Apple VPN Marketing Vendor Management Facebook Employer-Employee Relationship Budget Hard Drives Saving Time Remote Monitoring Automation User Error Office Tips Collaboration Law Enforcement Wireless Technology Phishing Password Hosted Solution Computers Big Data Content Filtering Recovery Phone System iPhone Money Customer Relationship Management Proactive IT Lithium-ion battery Vulnerability Antivirus Shortcut Social Work/Life Balance Bring Your Own Device Current Events Office 365 Telephony Printer Humor USB Administration Analytics Encryption Wearable Technology Gmail Router Maintenance PowerPoint Government Virus Users SaaS Save Time Intranet Audit Bandwidth HaaS Windows 8 Printer Server Data Protection Laptop Business Intelligence OneNote Education Trending Net Neutrality Social Engineering Point of Sale IT COnsultant Politics Data Security Tech Support Computer Repair Personal Information Private Cloud Outlook Wireless Unsupported Software App Google Drive Cloud Computing Cost Management Internet Exlporer Excel Windows 10 Internet of Things Identity Theft Solid State Drive Sports Travel Flexibility Efficency Update Customer Service Data Storage Redundancy Biometrics Retail Virtual Reality Samsung Network Congestion Wi-Fi Meetings Emergency Artificial Intelligence Display Help Desk Applications Instant Messaging Augmented Reality Emails hacker Paperless Office HIPAA Transportation Entertainment Benefits DDoS Fax Server Computer Accessories Robot Computer Care Battery Workplace Mouse Compliance Streaming Media Automobile Social Networking End of Support Uninterrupted Power Supply IT Support online currency Two-factor Authentication Managing Stress Google Maps Surge Protector Uograde Value Legal Images Commerce Touchpad Mobile Device Television Cameras User Managed Security Regulation 3D Printing Science Scam Software as a Service Virtual Desktop Presentation Best Available Sync Bluetooth ISP IT Technicians Employer Employee Relationship Data Loss iOS Worker Commute Managed IT Service Operating Sysytem Adobe PDF Managed IT Services Wiring SharePoint Files Programming Blogging Google Docs Information Scalability Computer Fan Safety Licensing Debate Text Messaging Teamwork Chromecast Website Microsoft Excel Busines Continuity How To Dark Web Screen Mirroring Networking Upgrades Near Field Communication Administrator OneDrive Training File Sharing IT consulting Cast Colocation Amazon Human Resources Consultant Running Cable Co-managed IT The Blindside Of Windows 10s Access Company Culture systems Nokia Black Market Nanotechnology Reliable Computing Touchscreen IT Security Tablets Lifestyle Hard Disk Drive Ebay Bloatware Cleaning hack Root Cause Analysis Experience HBO Computing Keyboard NFL Avoid Downtime best practices Cortana CrashOverride Music IT Management Branding Distributed Denial of Service Hiring/Firing Word data breach Settings Data storage Legislation WIndows 7 Books WIndows Server 2008 eWaste Storage Smart Technology Windows Ink Inbound Marketing Video Games risk management Hard Drive Twitter Regulations Document Management Data Breach Patch Management Advertising Specifications Updates Sales Domains Managed Service Provder Taxes Conferencing Microsoft Word Webinar Gift Giving Supercomputer Gifts Device Security Electronic Medical Records Buisness IT Budget Devices Webinar Reputation Credit Cards Spyware Mobile IT solutions FAQ Professional Services Charger Shadow IT Relocation Wireless Charging WannaCry Tutorial Evernote Comparison Workers Microblogging Youtube IT service