16 Questions You MUST Ask Before Hiring Any IT Company
Cybersecurity has been a hot topic in the news lately. The media is quick to report every detail of hot stories about nation-state threat actors, threats to infrastructure and record-setting ransoms. But they’re not so quick to pick up on a less glamorous risk that can be more dangerous and damaging than the cyberattacks covered breathlessly in headline stories – and this pitfall that could lead to disastrous outcomes like a data breach or even something worse. The villain? Malicious security updates
How often do you keep up with routine maintenance? It’s not fun but applying patches, processing updates and general maintenance is a fact of life for IT teams. These tasks are often low on the priority list, and they’re frequently assigned to the least experienced staff members or even interns. But sometimes routine tasks like updating and patching software aren’t as simple as they seem – in fact, they’re fraught with risk and a golden opportunity for cybercriminals to strike at the heart of your business.
Cybercriminals have used all manner of tricks to convince businesses that they were really sending out legitimate communications with important patches, new threat intelligence, functional updates and more. Elaborate cons including high-quality brand impersonation, spoofing and careful social engineering lure in the unwary. But in reality what they’re doing is luring technicians into downloading or installing ransomware, payment skimmers, keyloggers and other malicious software. In some cases, those bogus updates also create a backdoor into your systems that cybercriminals can use later.
When it comes to cybercriminals creating and exploiting back doors, one of the most prominent examples of this scenario was played out for the world to see in one of the most significant cybersecurity disasters that the US government has ever experienced: the SolarWinds hack. Russian-aligned nation-state cyber criminals used phishing to get a foot in the door and enable themselves to access an upcoming patch that was in line to be sent to SolarWinds clients with devastating effects.
The cybercriminals inserted malicious code into that update without anyone being the wiser. The routine patch was sent out as planned and as clients applied it, that little chunk of malicious code opened a back door that the hackers could use anytime they wished. In this case, those back doors into high-value defense, national security and business targets were available and used by Russian nation-state threat actors for months, enabling them to access sensitive data at will. Until they were finally unmasked by FireEye.
This is a pernicious problem that can produce devastating effects on a business, but there are a few sensible defensive measures that can be taken to keep systems and data safe from disaster.
Fuente: ID Agent