Cybersecurity and Free Software
Free software with a side of malware
by Charles Parker
We all like free software. We find what we want on the internet and download it. Generally, there isn’t an issue. You can download Nmap, Kali Linux, and others with no issue. There is, however, always the anomaly or edge case when there is a problem. A recent issue occurred at a medical institute.
In this instance, a student was working at a biomolecular institute in Europe. The institute happened to allow personal computers on their network. You can guess what happened next. The facility, which was not named, allowed the student on their network with the student’s personal computer. The student happened to have downloaded free software (data visualization software). A little bit of malware piggy backed its way onto the personal computer and then into the network. The student attempted to download the software, which was blocked by Windows Defender. Not taking the hint, the student disabled the service, and then downloaded the software.
Fortunately, the institute had back-ups to use. These were not fully up-to-date, but viable. Recreating a week’s worth of data is painful, but workable. As a wrinkle, the institute also had to rebuild the entity of the computer and server files prior to the data being uploaded.
This attack is a lesson in allowing unknown or tested equipment on the network. Without a NAC or other tools in place, anyone’s personal computer and all the issues associated with it are also invited into the network. There are several tools available to assist with securing this portion of network control along with policies to be implemented.