Canadian cybersecurity agency and FBI issue advisory over rising 'Truebot' cyber attacks
CTV
The Canadian Centre for Cyber Security has issued a joint advisory with the FBI and other U.S. agencies about increasing attacks from 'Truebot' malware.
The Canadian Centre for Cyber Security has issued a joint advisory with the FBI and other U.S. agencies about increasing attacks from "Truebot" malware.
According to the July 6 alert, hackers are using a vulnerability in security software to access computer networks at organizations in Canada and the U.S. in order to steal sensitive data for financial gain. The company behind the compromised software says more than 7,000 organizations rely on what's known as Netwrix Auditor, including clients from the insurance, financial, healthcare and legal sectors.
"A security program, in order for it to work, requires high levels of access, so if it gets compromised… the attackers won," Anil Somayaji, an associate professor of computer science at Carleton University in Ottawa, told CTVNews.ca over the phone on Thursday. "It's the worst kind of vulnerability in very sensitive software that's deployed in precisely those places where they care about security."
Texas-based Netwrix is urging customers to upgrade the software and ensure that systems running it are disconnected from the internet.
"This vulnerability may permit an attacker to execute arbitrary code on a Netwrix Auditor system that is exposed to the internet, contrary to deployment best practices," Netwrix chief security officer Gerrit Lansing said in a statement to CTVNews.ca. "In turn, an attacker will be able to run enumeration attacks and conduct privilege escalation attempts in an infiltrated network. Both activities – enumeration and privilege escalation – are at the core of any cyber-attack."
The Netwrix Auditor is marketed as a digital tool that organizations can use to "detect security threats, prove compliance and increase IT team efficiency."
"Minimize IT risks and proactively spot threats," the Netwrix Auditor website advertises. "Reduce the risk to your critical assets by identifying your top data and infrastructure security gaps and exposing loose permissions."
