Too many attacks are made possible because of the open nature of applications, and employees’ freedom to download and use what they choose.

Speaking at the Black Hat conference in London, Danny Jenkins, CEO and co-founder of ThreatLocker, said there is a problem with what he called ‘unintentional back door’ and he said he could name several that were put into software.

“The idea of someone intentionally getting into your business like that through a backdoor is something that should keep you up at night,” he said, especially where there are vulnerabilities.

Pointing at the Follina vulnerability, Jenkins said vulnerabilities that can be “exploited later” and “weaponisation of features” was a big concern.

“I would say most ransomware we see recently is using Powershell, 7Zip, Winrar, built-in tools of the software you run, rather than being an executable itself,” he said. “People often Overlook that you don't need to do something malicious on the machine or run something malicious, because there's enough programs on the machine that can cause the problems and do damage right out of the box.”

He went on to say that whenever you run software inside your organisation, any program on your computer has access to everything that you have access to as a user. With users given freedom to download and use apps of their choosing, this is leading to more vulnerability potential as they can be exploited, and attackers hop on to legitimate software.

He said if an application can see Powershell and there is a vulnerability along the line, then Powershell can be exploited.

“Now in order for a vulnerability to be exploited, you have to do one of two things: you have to have an open port as Exchange on the internet is an open port, or it has to ingest data,” he said. 

Connect to Servers

Saying most companies “have probably got 500 applications running on your machine,” he said any of them can be compromised and now they can potentially connect to servers.

Speaking to SC UK, Jenkins says the “success of computers is a result of them being so easy to deploy apps, and so easy to make software and so easy to solve problems.”

“It has also become the downfall of computers,” he says. “There's a balance where you say ‘where do I allow my my users to be free and where do I not allow them to be free’ and the problem now is when any employee you can click on something and destroy your business.”

Assume Breach

To better control environments, Jenkins recommended an ‘assume breach’ stance, where you assume something you're running either has a backdoor or is going to be used against you because at some point.

“You want to limit the amount of damage that can do,” he said. “Does that mean game over? No, what it means is how do we limit the damage, and the first thing we should be doing is block untrusted software.

“This does two things: one is it stops users running programs that you don't know about. It's bad enough all of the programs you trust could be exploited, could have backdoors in them, but if your users can download any PDF reader, they want, if they can download any free software games, coupon clippers, you're just making that surface area attack massive.”

Admitting it may sound difficult, Jenkins pointed out is it “not 1995 anymore, or even 2005,” and also recommended whitelisting where you deploy an agent which learns the software you use, which matches with built-in and known applications.

Finally he also recommended password rotation, as if you rotate your passwords regularly and if someone does get onto one of your machines and they do get data, they can't move around. 

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.