Hackers managed to infiltrate the systems of a Ukrainian utility company after an employee downloaded and installed a pirated copy of Microsoft Office that contained malware.
This anonymized case study serves as a reminder of the dangers of using pirated programs on corporate networks and why having a robust shadow IT policy is essential.
The background
At some time in January 2023, an employee of the Ukrainian utility company used the torrenting site toloka.to to download a copy of Microsoft Office 2019 whilst connected to the business network.
Within the software, cybercriminals had embedded DarkCrystal RAT (remote access trojan) malware and the DWAgent remote administration tool. This allowed them unauthorized access to the utility firm’s information and communication systems.
The Computer Emergency Response Team of Ukraine (CERT-UA) detected the breach, but not until March 2023, two months after the hackers had first entered the network. The response team attributed the attack to a group it refers to under the code name UAC-0145.
Potential fallout
Although there is no specific detail as to the results of the data breach, with two months of unfettered access to the company’s systems, it is possible that the hackers could have caused a large amount of damage, and they could have accessed sensitive business information and personal data.
This can lead to a loss of revenue, loss of data, compliance failings that lead to regulatory sanctions, damage to systems, and other detrimental outcomes that could affect the company’s ability to serve its customers. There will also have been significant downtime to allow experts to contain and eradicate the threat, as well as to repair the damage afterward.
What can we learn?
This case shows the dangers of using unlicensed or cracked software within business networks. This shadow IT often creates vulnerabilities in business systems and allows access to bad actors via malware.
You should implement a policy for employees that requires workers to use only approved programs from verified sources in their daily work. If they need access to software, they should go through the IT department to find the correct solution instead of relying on pirated programs for which they cannot guarantee security.
In addition to this, holding regular IT security training sessions allows you to make sure that employees understand the dangers of shadow IT and the use of pirated software, as well as the importance of keeping software and operating systems up to date.
How Vaultry helps
Vaultry helps you to monitor all of the devices on your systems for shadow IT. It alerts you to its presence immediately, allowing you to remove it before it embeds in your network. This means you avoid a situation like the Ukrainian utility company faced, where hackers were allowed access to the company’s systems for two months.
Get started with Vaultry today to protect your business.
