Brian Krebs, whom we believe to be the Bob Woodward of cyber security and bank account hacking reporting, broke a pretty amazing story yesterday about how hard it is for companies to effectively secure (and keep secure) their network endpoints. It’s a tale of a big breach at a sophisticated firm that SPECIALIZES in remote network and PC employee security. Yes, that’s right. A protector against remote hacking was hacked at the endpoint in a BIG way.
Here’s Krebs’ headline with a link to the story.
Breach at IT Automation Firm LANDESK
Here’s how Krebs sets up the story:
LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information. But LANDESK employees contacted by this author say the breach may go far deeper for the company and its customers.
To give the story its full justice we encourage you to read Krebs’ telling of it. But, in terms of major bullet points consider the following:
- LANDESK ended up having to report the breach to current and former employees. According to them, personal details could have been stolen. This attack had been in progress for 17 months! During this time, they uncovered remotely hosted agents accessing server builds and other areas of Landesk’s proprietary software.This means…there’s a very strong chance that in the past 17 months these hackers have added backdoors to LANDESK’s global architecture, possibly giving them access to 1000s of computers.
The big question is, how did these hackers break through LANDESK’s endpoint? There are many ways, starting with social engineering all the way through metamorphic viruses, possibly detouring to a Man-in-the-Middle/Browser attack, too.
The big point we need to make here is this: ANY fully booted Windows PC endpoint is highly vulnerable to compromise, regardless of the security software being used to protect it. The ONLY way to do secure endpoint transactions on the web is to bypass the PC OS and use technology like BankVault = one-time use virtual machines that retain no history.