How Businesses Limit Damage from Toxic Plugins, Software & Hardware

The tech services giant, IBM Corporation, suffered a recent embarrassment when it was forced to issue an alert on its support site notifying its customers that it had shipped malware-infected USB flash drives. The fact that this problem hit a large company like IBM made it a newsworthy story, but the reality is that infected USB drives, Remote Access Trojan (RAT) hijackings of webcams, and clickable scams are more common than you might imagine.

These infections, hijackings and scams are a growing source of danger for every business. Consider, for example:

• Cybersecurity expert, Mikko Hypponen, notes that, “Once you gain access to somebody’s system it’s trivial to turn on the webcam and record whatever they’re doing, or to just turn on the microphone and record whatever is being spoken around the infected laptop.” Hackers can gain that access through malware inserted into a link or an email attachment sent to an employee. Hackers can then use the webcam to record everything that is discussed in a business.

• Almost 10 years ago, a cybersecurity company determined that one-fourth of all USB drives contained infected code and that the majority of new malware was being written to propagate through USB drives. Employees routinely receive drives as promotional items at trade shows and from vendors; so if a company with as many resources as IBM cannot prevent malware from infecting USB drives that it distributes, it is likely that smaller companies will have similar problems.

• Computer users have become accustomed to seeing frequent notifications to update flash players and other software. In 2016, hackers relied on this to propagate malware through counterfeit flash player update notices that targeted Mac desktop systems. The fake update installed unwanted plugins on the devices when users clicked on the update link.

Browser plugins from legitimate and trusted sources do have valuable uses. A plugin, for example, can integrate a real-time spell checker, or it can perform auto-complete tasks that make it easier to enter data into browser applications. Unauthorized plugins, however, can have more nefarious purposes. They may be merely bothersome, for example, by directing a browser to go to a site that advertises products or services. They can also co-opt a computer into spying on its users by recording sound and video, or through keystroke monitoring that can divulge confidential passwords and personal information.

Businesses should take every precaution to deter employees from installing deceptive plugins into their browsers. Ideally, all browser modification and all software changes and updates should be centralized into an information technology department that is trained to distinguish authentic from fake update notices. For third-party products that are not sourced from the browser’s original author or distributor, this might include verifying the source and authorship of any plugins and researching the plugin’s history and ratings on message boards.

If a business suspects that one or more of its machines has been co-opted to spy on the business’s activities, that machine should be taken offline immediately and analyzed to determine what information it might have provided to an outside source. If customer information was compromised, the customers should be promptly notified of the potential for theft of their financial or personal information.

A good cyber insurance policy can help a business cover the costs and liabilities that inevitably flow from a toxic plugin attack. That policy might cover the costs of replacing affected machines, as well as liabilities to third parties and fines from regulatory authorities that can be levied if the business is deemed to have ignored cyber threats or failed to adequately protect third-party information. In every case, a cyber insurance policy is often the last line of protection against losses from toxic plugins and their malware kin.

Photo Credit: Visual Content