An advanced malware dubbed “Shadow Pad” has been found to be embedded in 5 of the NetSaragng’s software which are used by businesses and banks worldwide. Kaspersky labs uncovered the infection when a financial organisation reported suspicious activity to the security solutions provider.
The malware allows an attacker to gain complete remote access to bank servers allowing the hacker to download and execute malicious code while staying undetected by conventional security solutions.
Ankush Johar, Director at Bugsbounty.com – a crowdsourced security platform for ethical hackers and businesses commented, “This incident clearly highlights that threats may be lurking in the background, and may not be your fault at all. This is a clear third party threat. The only thing a security-conscious enterprise can undertake is to deploy ‘intrusion-aware’ and ‘intrusion-prevention’ tools, open-source or paid, to avert any such debacles.”
BugsBounty.com (BB) is a community of ethical hackers and the fourth ever such community in the world. BB works with over 100 clients including banks and media companies to simulate real world hacking situations, with the best hackers the world has to offer.
“Large software companies whose tools and solutions are being used by critical sectors, need to up the ante on their own security. They carry significant risk, which needs to be mitigated by incorporating crowd-security, the ultimate form of cyber security, before every public release. In-sourcing and outsourcing are clearly not enough,” Ankush Also said, “Crowd-Sourcing unlocks the power of multiple creative minds to think of solving the security challenge, compared to the traditional model of just a handful of security experts.”
As a preparation for such attacks it is advised that organisations should instantly update any NetSarang software they are using (if any) and also make sure that the antimalware solutions are equipped with the latest updates too.
“India, with its excessive use of pirated software, needs to be even more cautious of such incidents. One machine could prove to be the Achilles heal for the entire organisation,” Ankush Johar concluded.