Summary
- A former employee of a cybersecurity company has shared an account of how easily they were able to bypass their former employer’s security during a zoom call.
- The employee used Notepad and a broken PowerShell window to access the CFO’s emails, backdoor the payroll system, and schedule a fake calendar invite for the entire C-suite.
- The action went unpunished due to the company’s EDR (endpoint detection and response) tools being ineffective.
- These tools are like a “participation trophy” because while they can detect random .exe files, they ignore most threats, deeming them legitimate.
- This incident raises concerns about the effectiveness of EDR tools in detecting and stopping cyber attacks.
- Many believe that the employee purposely orchestrated the attack to occur during their lunch break, as 4 hours is a long time for a laboriously slow process to occur unless the employee was engaged in other tasks as well.
The article concludes by stressing the need for more effective cybersecurity measures and cautioning that, in the hands of a motivated attacker, every system can be defeated.