Skip to content

How Everyday IT Tools Can Offer ‘God Mode’ to Devilish Hackers

security-g72e396420_1280

SO, if you geek out on Mr. Robot even half as much as we did, it’s pretty amazing to consider how art imitates life — and how life imitates art. In the premiere of season 2 of Mr. Robot, the society hackers made good on their threat to bring down the evil E Corp. With a few strokes of the keyboard, a USB stick, and Elliot’s state-of-the-art hacking, E Corp was infected with ransomware, and the stuff hit the fan. 

Unfortunately, these scenarios can happen in real life too, causing billions of dollars worth of damage and headaches for anyone and everyone involved. 

Recent headline-making hacks

Just this month, one of the most significant ransomware attacks in history went down. The ransomware hackers known as REvil (a nod to Mr. Robot’s Evil Corp?) spread malware to as many as 1,500 businesses and organizations worldwide.

From a Chinese state-sponsored supply chain compromise to the Colonial Pipeline attack—and many hacks in between—we’re seeing more breaches that rely on remote management tools to wreak havoc on systems. 

The same tools that let administrators efficiently manage large networks can also give hackers similar superpowers. “The piece of your infrastructure that manages the rest of your infrastructure is the crown jewels. It’s the most pivotal. If an attacker has that, it’s game over,” says Luke Roberts, in an article in Wired Magazine. “The reason that ransomware actors are going after things like Kaseya is that they offer complete access. They are like the gods of the environments. If they have something over one of these platforms, they get whatever they want to get.”

Motivations for hacking

Some hacking organizations, such as DarkSide, claim to have ethical reasons for wreaking the havoc they have wreaked, such as when they shut down the Colonial Pipeline. CNBC reports that DarkSide also maintains that it will donate a portion of its profits to charities. However, some of the charities have turned down the contributions.

“No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the hackers wrote. “Today we sent [sic] the first donations.”

CNBC also reports that according to Boston-based Cybereason, DarkSide is an organized group of hackers set up along the “ransomware as a service” business model, or RaaS. “Meaning the DarkSide hackers develop and market ransomware hacking tools, and sell them to other criminals who then carry out attacks. Think of it as the evil twin of a Silicon Valley software start-up.” 

Hackers are catching on to the exponential power of tools that administrators use to manage IT systems remotely. They are starting to grasp that once you get the keys to that palace, you can have the run of the whole kingdom. 

How hackers are letting themselves in

So, precisely what are these everyday tools that hackers are taking advantage of to infiltrate systems and cause holy hell? 

The colossal REvil hack that took place this month infiltrated the security behemoth Kaseya. The Kaseya website states: “Providing you with best-in-breed technologies that allow you to efficiently manage, secure and backup IT under a single pane of glass.”

Well, that glass shattered in a big way. 

Back in April, prior to the massive hack, researchers from the Dutch Institute for Vulnerability Disclosure identified major cracks in Kaseya’s system. Kaseya patched four of the seven in the ensuing days and weeks, but three remained. 

Jamf is another popular tool providing security, primarily focused on Macs rather than Windows machines. White-hat hackers have infiltrated Jamf and proven that the same tools administrators use to manage large networks give hackers the superpowers they need to blast ransomware. 

As Andy Greenberg writes in Wired, “In one case, the researchers demonstrated that if they simply alter one line in a configuration file on a PC that runs Jamf, they can cause it to connect to their own malicious Jamf server rather than the target organization’s legitimate one.” Yikes. 

Going in god mode

Apart from Kaseya, there are dozens of other tools out there that are targeted by criminals, including inTune, ManageEngine, DameWare, NetSarang, TeamViewer, and GoToMyPC. By design, they are able to install programs on large numbers of machines and they are often exempted from antivirus scans. As Jake Williams, a former NSA hacker points out, “Why are they so nice to exploit? You’re getting access to everything they manage. You’re in god mode.”

Another tool, Orion, was hacked by Russian spies to infiltrate US government organizations. Though Orion is not management software, it has similar features. 

In another incredibly concerning breach, hackers used TeamViewer, a remote access and management tool to break into the systems of a small water treatment plant in Oldsmar, Florida. Luckily, this attempt failed because the hackers’ disturbing end goal was to dump lye into the city’s water supply. 

White-hat hackers to the rescue

At the end of the day, companies may be wondering what can be done. For example, suppose they can’t afford in-house security, and they need to rely on these big systems. How can they be sure there aren’t vulnerabilities that hackers can penetrate? 

The only way to combat bad actors is for the Kaseyas of the world to bring in top-of-the-class white-hat hackers. Remember, not all hackers have bad intentions. When talented hackers find the vulnerabilities in time, they can patch the system so that it is not hijacked by those who want to break in, steal information, and demand ransom in return. 

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
  • Uncategorized

The New Privacy Features of Google Chrome 92

As the most popular web browser in the world, Google Chrome needs to keep up its security…

[Read More]

Red Team vs. Blue Team: Cybersecurity Color Wars

When you hear red team vs. blue team you might think of those old games of capture…

[Read More]

Enabling and Disabling Geolocation on Your Browser

How often do websites ask you for your location? Probably more often than you think. By changing…

[Read More]

Is your Smartwatch Secure, or Could It Make You a Target for Cybercriminals?

Smartwatches became all the rage with tech-savvy consumers when they hit the market in 2015. With all…

[Read More]

8 Settings to Change on Your Router Before You Even Turn it On

You can have the most secure device, be committed to cybersecurity, and still get hacked. Why? It…

[Read More]

The Safest Way to Back Up Your Phone Data

When it comes to losing your phone or having your personal data stolen, you probably think, “That’s…

[Read More]