This behavior is particularly alarming, as an infected USB drive could compromise an air-gapped government network. Ramnit has been used in sophisticated data exfiltration attacks and spreads by embedding itself in removable drives and files that may be shared with others. 43 of these tools indicated that the file contained malware, specifically the Ramnit worm. He instead uploaded the file to Virustotal, which scanned the file for malware with 63 different antivirus tools. The contractor followed this instruction and found drivers for the device on Saicoo’s website, but didn’t install them right away. Windows advised that he find newer drivers on the vendor’s website. However, when the contractor plugged the device into his computer running Windows 10, he was met with a message saying that the device’s drivers weren’t functioning properly. The device has 4.5/5 stars and 11,700 ratings and appears in the sponsored listing section at the top of the Amazon search results for “PIV (Personal Identity Verification) card reader” or “CAC card reader.” The listing and reviews would suggest that this particular CAC reader is a safe and reputable device. The contractor purchased a $15 card reader sold by Saicoo on Amazon. As a result, government employees and contractors often turn to the internet to find compatible card readers.Īlarmingly, a contractor found that one such device is a vector for malware. However, approved card readers aren’t standard issue devices for cardholders. Many employees and contractors need to access their email remotely, which requires CAC authentication. Cardholders don’t just use these cards onsite. A government defense contractor relayed this discovery to Brian Krebs of KrebsOnSecurity, who published the details.ĭoD employees and contractors, along with military personal, use ID cards known as Common Access Cards (CAC) to access controlled spaces, as well as computer systems and networks.
A recent discovery demonstrates how cyberattacks can be indirect and come from unexpected sources.
The DoD is a high value target with an extensive attack surface due to its size and complexity. Thankfully, the DoD caught the cybercriminals and recovered the money, but this incident highlights the need for strong cybersecurity practices at the DoD and among its contractors. Earlier this month, we reported on a phishing attack that stole $23.5 million from the US Department of Defense (DoD).
0 kommentar(er)
