Employees should never be downloading torrent files at work, nor should they be torrenting on computers used to access sensitive work files. A new malware named Sathurbot shows exactly why torrenting can be a threat to small business cyber security.
Sathurbot installs itself from fake torrent files claiming to be illegal copies of popular shows like Game of Thrones or movies like Wonder Woman. After these files are downloaded, the malware embeds itself on the downloader’s system and then spreads through some interesting protocols.
One of these protocols actively searches Google for high-ranking sites based on movie-related keywords. It then identifies sites running WordPress and runs coordinated brute force attacks to hijack them. Once the site is compromised, the malware will host hidden pages touting torrent downloads of popular movies and shows. The cycle repeats.
This sophisticated attack pattern should serve as a warning both to businesses running WordPress on their site and to employers concerned about employees’ online activities. Simply put: torrenting copyrighted materials is not only illegal in itself, but it also invites risks from malicious people willing to take advantage of someone looking for a free movie.
Learn more about the Sathurbot threat and how it may affect your organization by reading on.
A Torrent of Bad Decisions for Small Business Cyber Security
While legal streaming through services like Netflix has curbed the demand for illegal torrent downloads, torrent sites still remain a popular destination to online browsers. In fact, even after a rocky bout of prosecution and legislation action, The Pirate Bay has still resurfaced as one of the 100 most visited sites in the past few weeks.
Sites like The Pirate Bay host links to torrent files, which are used to download larger files. These files often contain illegal copies of movies and software. For instance, someone trying to download Wonder Woman will search “Wonder Woman torrent” on Google and find a site hosting — or supposedly hosting — a torrent for a copy of the film. Opening the torrent file within a client like BitTorrent allows users to download a copy of Wonder Woman in small packets from hundreds or even thousands of other users. When the download for Wonder Woman is complete, the torrent client can then start providing uploads for other users looking for their own copy.
So, essentially, torrenting involves downloading from and uploading to thousands of anonymous users. One can quickly see how this arrangement might invite huge cyber security risks!
Sathurbot is one of the worst of these risks seen recently. It’s transferred through fake copies of popular movies or shows and, once embedded on a computer, it will connect with a command and control (C&C) server that sends it instructions.
The C&C server can instruct the instance of Sathurbot to download further malware, but it can also crowdsource a way to identify victim sites running WordPress. Once a site is identified, a secondary server sends brute force attacks to take it over with a series of bots that try to guess the site’s password. Infiltrated sites are then forced to host pages that have a high chance of showing up on Google to searchers looking for torrent files.
Protecting Your Business From Cyber Security Threats Like Sathurbot
Companies must set firm policies against illegal downloads or the use of risky applications. Compromised workstations can be used to spread malware further, and they may also provide a way for intruders to obtain sensitive information like employee SSNs.
Unfortunately, policies are usually not enough to prevent intrusion. Companies must also audit their current network and continuously monitor it for threats. They must take proactive actions and should strongly consider enlisting the expertise of a Stamford cyber security company. With the help of a cyber security expert, they can begin to identify threat risks and prevent them from compromising their most important systems.
So, stop employees from making risky downloads, and consider your business’s needs for a more comprehensive cyber security solution to prevent risks like Sathurbot from compromising your business.