Please fill in the form below to subscribe to our blog

Is That a Security Update or a Cyberattack?

June 25, 2021

Hidden Dangers Can Lurk in Unexpected Places Like Malicious Security Updates

Cybersecurity has been a hot topic in the news lately. The media is quick to report every detail of hot stories about nation-state threat actors, threats to infrastructure and record-setting ransoms. But they’re not so quick to pick up on a less glamorous risk that can be more dangerous and damaging than the cyberattacks covered breathlessly in headline stories – and this pitfall that could lead to disastrous outcomes like a data breach or even something worse. The villain? Malicious security updates 

How often do you keep up with routine maintenance? It’s not fun but applying patches, processing updates and general maintenance is a fact of life for IT teams. These tasks are often low on the priority list, and they’re frequently assigned to the least experienced staff members or even interns. But sometimes routine tasks like updating and patching software aren’t as simple as they seem – in fact, they’re fraught with risk and a golden opportunity for cybercriminals to strike at the heart of your business.  

ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>

Malware Makes It Possible

Cybercriminals have used all manner of tricks to convince businesses that they were really sending out legitimate communications with important patches, new threat intelligence, functional updates and more. Elaborate cons including high-quality brand impersonation, spoofing and careful social engineering lure in the unwary. But in reality what they’re doing is luring technicians into downloading or installing ransomware, payment skimmers, key loggers and other malicious software. In some cases, those bogus updates also create a back door into your systems that cybercriminals can use later. 

When it comes to cybercriminals creating and exploiting back doors, one of the most prominent examples of this scenario was played out for the world to see in one of the most significant cybersecurity disasters that the US government has ever experienced: the SolarWinds hack. Russian-aligned nation-state cybercriminals used phishing to get a foot in the door and enable themselves to access an upcoming patch that was in line to be sent to SolarWinds clients with devastating effects. 

The cybercriminals inserted malicious code into that update without anyone being the wiser. The routine patch was sent out as planned and as clients applied it, that little chunk of malicious code opened a back door that the hackers could use anytime they wished. In this case, those back doors into high-value defense, national security and business targets were available and used by Russian nation-state threat actors for months, enabling them to access sensitive data at will. Until they were finally unmasked by FireEye. 

malicious insider threats can include cryptocurrency risk represented by a crime comic style blue eye looking through a peephole.

Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>

Danger is Hiding in Plain Sight

Brand impersonation is a powerful tool that cybercriminals can use to trick unsuspecting IT staffers into downloading malicious software disguised as a harmless update. Abundant ammunition to fuel those scams is all over the dark web. Sophisticated cybercriminal gangs go to a lot of trouble to pull these schemes off, but the payouts are handsome. Cybercriminals will craft highly believable messages that inform the targets that they need to download and install a seemingly routine file. Sometimes, the messaging is enhanced by social engineering techniques to create a sense of urgency in the target. 

The goal of those clever phishing messages is to direct the victim to visit a landing page or a carefully disguised website. Cybercriminals will take every precaution to make that site look unremarkable and completely authentic by perfectly replicating the logo, branding, themes, fonts and images that would be commonly featured on the dummy company’s legitimate website. Once the hapless victim takes the bait and goes to the website, they’re then instructed to download the “patch” or “update” It’s given an innocuous name that matches the real company’s naming conventions, making it seem like something perfectly safe. This is also commonly done to imitate government communications.

But it’s actually a trap, and that download is really a ticket to a world of expensive damage. For example, victims may be directed to download a file called “KittyCat_Ransomware_Update.exe” and then install it in order to protect their systems and data from the new, dangerous KittyCat ransomware. Except there’s no such thing as KittyCat ransomware and that file isn’t an important security update. Instead, the victim has actually installed a penetration tool that malicious actors use to install malware, including their own ransomware. 

global year in breach depicted as a printed report.

Give your clients the cold, hard facts that tell the tale of exactly how much danger their business is in. GET THIS FREE BOOK>>

3 Don’ts to Remember to Avoid Malicious Software Update Pitfalls

This is a pernicious problem that can produce devastating effects on a business, but there are a few sensible defensive measures that can be taken to keep systems and data safe from disaster. 

Don’t Ignore Your Instincts 

IT professionals see a huge quantity of assorted communications from vendors, service providers, software makers, hardware companies and all manner of tech firm communications. Why they may not scrutinize every piece, they do become familiar with the general look and feel of messages that they regularly receive. Does something about the latest message from Microsoft seem a little off? Does it smell just a little bit like phishing? Trust your instincts, because you’re always better safe than sorry. Scrutinize every message and the sites they send you to. If anything is even the smallest bit wonky, don’t engage with it. In fact, if the message is from Microsoft, one of the most imitated brands in the world, the company has resources available for IT pros to use when determining the authenticity of communications.  

Don’t Fall for Their Tricks 

One common thread with cyberattacks disguised as patches and updates is that they almost inevitably start with a humble phishing email. That’s what makes security awareness training that features phishing resistance so important. By making sure that everyone is watching out for suspicious messages, you’re assigning everyone to the security team and improving your chances of spotting and stopping threats. BullPhish ID is the ideal solution for training employees at every level. Trainers can choose from over 100 premade plug-and-play phishing simulation kits or create their own custom training materials to better reflect the real threats that employees face every day. LEARN MORE>> 

Don’t Take Chances with Credentials 

One of the most powerful tools a cybercriminal can obtain to use against your organization is a credential, especially a privileged administrator credential. Criminals have come up with many ways to capture them like fake security update requests, which lead to a spoofed phishing page. Protect your company from the dangers of credential compromise with secure identity and access management through Passly. This dynamic solution packs a punch to fight intrusions including multifactor authentication, a tool that Microsoft says stops 99% of password-based cybercrime. SEE IT IN ACTION>>

Cybercrime risk like this are escalating daily. You need strong solutions and expert advice on how to deploy them effectively. We can help. Contact an ID Agent expert today and let’s get started. BOOK A MEETING WITH US>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!