Guardicore has uncovered and prevented a cyberattack on a medium-sized company in the medical technology sector. The crypto-miner attack was carried out using well-hidden malware that was infiltrated into the company network using an audio file. The target of the infection was Windows 7 systems that were attacked using the EternalBlue exploit.
After decoding the data communication, Guardicore Labs tracked down a readable powershell script that searched the IT system and read out the above-mentioned registration key. After saving via the Windows API function, the malware code was executed. The unknown attackers performed a full subnet scan on to install the malware on other hosts in the infected network using the EternalBlue exploit.
As a hint for a mode error, the blue colored notes are in themselves unsuspicious, but a more detailed analysis by the visibility tools of the Guardicore security platform brought worrying insights. One of the computers ran a long command line and changed data in the Windows. For the safe storage of log files, companies should forward the logs of the Windows computers to central, hardened servers. There are corresponding instructions from Microsoft for this – it also offers corresponding examples and auxiliary programs. Guardicore recommends a system configuration for the complete storage of crash dump files for further analysis of attacks and process errors. Microsoft also offers support on how to make these configuration settings.
Security And Convenience Suddenly Become A Contradiction In Terms
A current trend topic is fitness apps and wearables for checking one’s own state of health. The personal data is not only recorded automatically, but also forwarded to various cloud services. In contrast to other stored information from the areas of social media, gaming as well as photos and videos, this is a lot more personal and therefore worth protecting. However, for the sake of convenience, protecting this data is often not given the necessary higher priority. One cannot blame a user if he leaves the setting – Remember password activated. However, you have to point out that if the device is lost, whether physically or through a hack, this data is available to the new owner as on the presentation plate. Two-factor authentication already provides more security here. Because even if the attacker knows the password, he cannot use the device or the application without the second code.
