This post is also available in: עברית (Hebrew)
The FBI and other U.S. agencies along with the Canadian Centre for Cyber Security have issued a joint advisory about increasing attacks from “Truebot” malware.
According to a report by CTV News, hackers are using a vulnerability in security software to access computer networks at organizations in Canada and the U.S. to steal sensitive data for financial gain. The company behind the compromised software says more than 7,000 organizations rely on what’s known as Netwrix Auditor, including clients from the insurance, financial, healthcare and legal sectors.
The Netwrix Auditor is a digital tool that organizations can use to “detect security threats, prove compliance and increase IT team efficiency.” Their website advertises that they “minimize IT risks and proactively spot threats.”
“A security program, in order for it to work, requires high levels of access, so if it gets compromised… the attackers won,” said an associate professor of computer science at Carleton University in Ottawa. “It’s the worst kind of vulnerability in very sensitive software that’s deployed in precisely those places where they care about security.”
Netwrix is urging its customers to upgrade their software and ensure that the systems that are running it are disconnected from the internet.
The company’s chief security officer Gerrit Lansing said- “This vulnerability may permit an attacker to execute arbitrary code on a Netwrix Auditor system that is exposed to the internet, contrary to deployment best practices. In turn, an attacker will be able to run enumeration attacks and conduct privilege escalation attempts in an infiltrated network. Both activities – enumeration and privilege escalation – are at the core of any cyber-attack.”
Anil Somayaji, an associate professor of computer science at Carleton University in Ottawa says that the very nature of the software and attack, known as a remote code execution, could give hackers access to entire computer systems and the type of sensitive data Netrix Auditor is designed to protect.
Somayaji also told CTV News that Netwrix isn’t the first security software company to face a breach like this. “If you look in the past, many security products have turned out to have major vulnerabilities. Some of this could be just people trying to make money, some of it could be intelligence organizations, some of it could be just random individuals who have an axe to grind.”