720-891-1663
Return to the list of client alerts
As the Russians – and others – step up their cyber attack game, there is an important and unfortunately easy attack vector that hackers are leveraging. That vector is plugins and libraries.
Plugins have been around forever – and used as attack vectors for almost as long – on content management systems such as WordPress and Drupal. Usually, those systems are not connected to core internal networks, but not always.
If those systems – the ones running content management software – are not segmented, now would be a REALLY good time to do that.
But content management systems are not the only systems that use plugins.
Bitdefender reported last year that Autodesk’s 3Ds Max is being exploited by the dark side to compromise engineering workstations. Why try to get some random person to click on a link when you can get an engineer or other professional to install malware on their system intentionally. They don’t have to hack your network and they are much closer to the valuable information.
Create a really cool library or plugin – with actual functionality. Then add a back door to the software so that the hacker/developer can then reach into the user’s workstation, steal any data that is there, see what network assets that person has access to, see if they can use that connection to move elsewhere in the network and even, possibly, launch a ransomware attack.
This is real. This is happening. This is part of the supply chain risk that the new Cybersecurity EO spends a lot of time on.
If you need help sorting this out, please let us know.