If you are teleworking from home or any telework center, you should be aware of a new vulnerability found in the tool you are using as the U.S. Homeland Security Department discovered that cyber criminals are able to exploit this software in order to break into your computer.
According to DHS, attackers can gain remote access to corporate networks by exploiting a telework software developed by major tech companies such as Google, Microsoft and Apple. Once attackers spot on this kind of tool, they launch malicious programs that would help them access corporate computer systems by guessing login usernames and passwords.
What we can glimpse from this discovery is the fact that ordinary network infrastructures remain lax in implementing robust security measures to ward off threats and eliminate vulnerabilities as computers are sloppily inter-connected.
Again, a network is just as strong as its weakest link, which is the human user who uses weak passwords and has little care for security. This kind of vulnerability is said to have brought about the recent cyber attacks on major retailers such as Target, Neiman Marcus, Michaels, and Goodwill Industries International.
According to researchers, the attack uses a malware dubbed Backoff that works to scrape off card information stored in cash register system memory. It also works to register key strokes when a user enters the PIN for the card. The stolen data is then to be transmitted to a command and control computer of the hackers to sell the sensitive information through underground markets.
Hackers also put a backdoor on the payment machine or point of sale terminal to gain secret access to the system even in cases of disruption or total damage.
The malicious operation works very stealthily and with a near-legitimate connection. Hackers would manipulate computer networks that are used to facilitate the daily operations of companies. So users are confident enough that such a connection is safe since there are no alarm signals raised by the IT department that is most of the time unaware of the crime being under way.
In order to mitigate such an attack, there is no need for a high-grade defense architecture. What needs to be done is only to reduce the attack software using appropriate tools that are not so expensive.
But the trouble with most computer security systems nowadays is the poor detection capabilities. Therefore, it is most likely unable to detect malware under its radar.