The Network: A technology provider with an on-site IT team. The EventTracker SIEMphonic service supplements this team.
The Expectation: Robust and up-to-date (anti-virus, next-gen firewall) prevention mechanisms thwart most common attacks, but since perfect protection is not practical, monitoring is also necessary. Users are educated and will make sensible decisions.
The Catch: EventTracker analysts detected that a freeware program CCleaner was running on a desktop of a user in the Sales Processing department. This program is billed as “the world’s most popular PC cleaner”. A freeware program, it ostensibly cleans up cookies and junk program so that your PC can run faster. The problem? This program has been compromised as reported on USAToday and TechCrunch. Up to 2.27 million users have been compromised.
The Find: On publication of this threat advisory, SIEMphonic analysts began monitoring our customers environments for any instance of CCleaner executables and noticed it on this desktop.
The Fix: The analyst immediately notified the customer IT team who quickly removed this “unauthorized” program from the user’s desktop. The user was provided a refresher on downloading “free” programs. User permissions were reviewed and adjusted to “least privilege”.
The Lesson: Threats are lurking everywhere. TANSTAAFL.