Ransomware is hitting governments hard. Besides the event that Prince Edward Island experienced, the Canadian territory of Nunavut also experienced a ransomware attack in November of 2019 that crippled systems ...
Information Security Justin Robinson todayApril 5, 2020
In a world where the Covid-19 virus is dominating and forcing businesses to shudder or employees to work from home, technology companies are stepping up in a big way to offer many of their services and products at reduced or no cost. This has made the forced transition to a primarily remote work force easier in so many regards, but it also adds an element of risk that some companies aren’t necessarily thinking about these days and I can’t blame them.
To understand the risk that software plays, it’s important to understand the multitude of ways that a bad actor can take advantage of companies offering free software to spread malware and possibly steal your data. When we talk about this type of risk we’re often talking about third-party risk. It’s third-party because you often don’t have the same control over the software as something that you might have developed in house.
Understanding the Software Supply-Chain
If you look at any piece of enterprise software in 2020 it will almost certainly be built with a number of frameworks like .NET, Node JS, and Ruby on Rails. These frameworks can save thousands of hours of development time by providing libraries of predefined code. In using these frameworks, you are likely NOT reviewing the code yourself, but are relying on the developers of these libraries to ensure that vulnerabilities don’t exist in their code.
A physical example of a supply-chain attack was the Target breach. A bad actor was able to take advantage of a flaw in the software of Target’s HVAC vendor. The vendor software that was running on the Target network had a vulnerability that allowed the bad actor to enter the network. Once inside the network they only need to find a way to move laterally to more important computers with more important information on them.
Free Software Makes Supply-Chain Attacks Easier
I love free software as much as the next guy, just make sure that you’re getting it from an appropriate source. A quick search on the very own Microsoft Store brought up a number of free software that was being peddled for cash. These are NOT official releases of this software, but they are certainly easier to access for any Windows user then the official (below the image I’ve provided the appropriate links to this FREE software. DO NOT DOWNLOAD THE BELOW SOFTWARE FROM THE MICROSOFT STORE USE THE LINKS BENEATH THE IMAGE.
There is simply no guarantee that the above publisher didn’t modify the software in some way that could track you, or steal data. In so many cases these publishers use Adware to make a quick buck.
Written by: Justin Robinson
Security News Justin Robinson
todayApril 19, 2021
As more and more employees are working from home, and may continue working from home even after Covid-19 restrictions let up, your home Internet as well as your home wireless [...]