Thursday, January 4, 2018

[Cybersecurity Awareness Series] The Free Gift


Anjali was sitting and surfing the internet on the computer at her desk when the phone rang. Startled, she picked it up and heard a rough voice at the other side. “Is this Miss Anjali?” asked the rough voice. “Yes, this is” answered Anjali. “There is a parcel for you in the mail room. Collect it as soon as possible” and the phone hung up.

Anjali was disgusted by the voice and the manner of this person. Surprised as to who would have sent her a package, she dragged herself to the mail room. She reached the mail room and asked the fat lady at the desk to give her the package. “Name Please,” asked the lady to which Anjali replied her name. She pulled the package from the drawer at her side and handed over the box.

The parcel read: “To, Ms. Anjali Mathur, ILoveIT Solutions, New Delhi”, “ From Security Conference, New Delhi”. Anjali worked as a Security Analyst in her company ILoveIT solutions and had attended a security conference last week. Well, it was quite natural for vendors to send out various pamphlets and product demo /trial coupons post the conference. Anjali too had dropped her visiting card at this conference.

She came back to her desk and started opening the package. The package came from a very well-known vendor “ILoveAntivirus” solutions. The vendor had provided a pamphlet and a CD for a new solution which they would be launching on the market next month. As a goodwill gesture, the vendor had provided a free one-month access to Anjali and her organization.  Anjali was elated at this free trial version and early access to her organization.

She took the CD provided by the vendor, pressed the button on the CPU to pull the CD/DVD tray and inserted the CD. The CD slipped inside and the software asked Anjali’s permission to install the setup. Anjali immediately clicked on the next button and completed the installation process. The anti-virus solution requested for a completed scan of her system to which Anjali clicked in affirmative.
It was around 1.00pm and Anjali thought to have a quick lunch till the time system was getting scanned.

1.30pm:
“Our web server is not responding and its rebooting again and again” shouted the data administrator to the network administrator. “The network is being bombarded from packets from an unknown IP and I have been locked out of the corporate firewall” boomed the network’s administrator voice in the IT area.

1.40pm:
All users were locked out of their systems and no one was able to understand the issue.

1.41pm:
The chief security officer calls up the Anjali to understand the situation from her aspect. Anjali however, unaware of the situation just came back from lunch. She was surprised to see that call.
She picked up the call and was flabbergasted to hear as to what had happened in just 40 minutes.

1.45pm:
The network and the web server team disconnected all their devices from the network and made all the systems offline to understand the problem.

1.50pm:
Anjali went to the network and the web server team to help them understand the problem. Both the team were wondering as to how were they locked out of their own systems. They were wondering as to how to resolve the issue at hand when someone suggested rescanning all the systems for a virus. Anjali just arrived at the tech team’s office bay and tried to understand the current issue at hand.
When someone suggested rescanning all the systems, Anjali immediately offered the tech team the new antivirus solution which she had received an hour earlier. The teams were surprised to learn about this new solution as the vendor had not communicated any such development to the tech team.

1.55pm:
Anjali rushed back and brought back the CD which she had received from the vendor. The team analyzed and scanned the CD on a standalone system using their current antivirus. They were shocked to see the results. Anjali felt as if she had been slapped in the face. The scan reported an extremely dangerous virus which was present on the CD.

2.00pm:
Anjali explained as to how had she had attended the security conference last week and received a package today offering her a free trial for an upcoming anti-virus solution.

2.15pm:
After understanding the complete scenario, the CSO and the tech team decide to rescan all the devices and bring them online by reinstalling factory software and backup from the backup tapes.


This activity took around 2 days and the company suffered a loss of more than 20,000$ per day. Since the web server was also affected, the brand image of the company also took a hit.
Upon further investigation, it was found that such a courier was sent by a hacker hired by a competitor firm. The hacker had met Anjali at the conference and noticed her moves at the conference. He noticed that she had shared her contact details with a security vendor which had promised to send free gifts to her. Taking advantage of what he had heard during the conference, he devised a plan to introduce the virus through a free gift sent to her. The competitor firm wanted to gain market share and poach users.


As an individual, it is imperative for us to understand that we should not blindly install anything in our organization’s or personal systems. We must install software or antivirus solutions from the original vendor's website and must check the hash values before installing. If possible , install them on standalone systems rather than directly on the production servers.

Do share your valuable feedback on this.


No comments: